From 36cedb338ec1d021e189379f30100f0d983e3e01 Mon Sep 17 00:00:00 2001 From: Rajesh Amaravathi Date: Tue, 6 Dec 2011 11:35:33 +0530 Subject: core/setxattr: prevent users from setting glusterfs xattrs * Each xlator prevents the user from setting glusterfs-internal xattrs like trusted.gfid by handling it in respective setxattr functions. The speacial case of trusted.gfid is handled in fuse (Not in posix because posix_setxattr is used to set gfid). * For xlators which did not define setxattr and/or fsetxattr, the functions have been implemented with appropriate checks. xlator | fops-added _______________|__________________________ | 1. afr | fsetxattr 2. stripe | setxatrr and fsetxattr 3. quota | setxattr and fsetxattr Change-Id: Ib62abb7067415b23a708002f884d30e8866fbf48 BUG: 765487 Signed-off-by: Rajesh Amaravathi Reviewed-on: http://review.gluster.com/685 Tested-by: Gluster Build System Reviewed-by: Amar Tumballi --- xlators/features/quota/src/quota.c | 72 +++++++++++++++++++++++++++++++++++++- 1 file changed, 71 insertions(+), 1 deletion(-) (limited to 'xlators/features/quota/src/quota.c') diff --git a/xlators/features/quota/src/quota.c b/xlators/features/quota/src/quota.c index 3d147bdb2..b2f53048f 100644 --- a/xlators/features/quota/src/quota.c +++ b/xlators/features/quota/src/quota.c @@ -17,6 +17,8 @@ . */ +#include + #include "quota.h" #include "common-utils.h" #include "defaults.h" @@ -2650,6 +2652,72 @@ err: return 0; } +int +quota_setxattr_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int op_ret, int op_errno) +{ + QUOTA_STACK_UNWIND (setxattr, frame, op_ret, op_errno); + return 0; +} + +int +quota_setxattr (call_frame_t *frame, xlator_t *this, + loc_t *loc, dict_t *dict, int flags) +{ + data_pair_t *trav = NULL; + int op_errno = EINVAL; + int op_ret = -1; + + VALIDATE_OR_GOTO (frame, err); + VALIDATE_OR_GOTO (this, err); + VALIDATE_OR_GOTO (loc, err); + + GF_IF_INTERNAL_XATTR_GOTO ("trusted.glusterfs.quota*", dict, + trav, op_errno, err); + + STACK_WIND (frame, quota_setxattr_cbk, + FIRST_CHILD(this), + FIRST_CHILD(this)->fops->setxattr, + loc, dict, flags); + return 0; +err: + QUOTA_STACK_UNWIND (setxattr, frame, op_ret, op_errno); + return 0; +} + +int +quota_fsetxattr_cbk (call_frame_t *frame, void *cookie, + xlator_t *this, int op_ret, int op_errno) +{ + QUOTA_STACK_UNWIND (fsetxattr, frame, op_ret, op_errno); + return 0; +} + +int +quota_fsetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd, + dict_t *dict, int flags) +{ + data_pair_t *trav = NULL; + int32_t op_ret = -1; + int32_t op_errno = EINVAL; + + VALIDATE_OR_GOTO (frame, err); + VALIDATE_OR_GOTO (this, err); + VALIDATE_OR_GOTO (fd, err); + + GF_IF_INTERNAL_XATTR_GOTO ("trusted.glusterfs.quota*", dict, + trav, op_errno, err); + + STACK_WIND (frame, quota_fsetxattr_cbk, + FIRST_CHILD(this), + FIRST_CHILD(this)->fops->fsetxattr, + fd, dict, flags); + return 0; + err: + QUOTA_STACK_UNWIND (fsetxattr, frame, op_ret, op_errno); + return 0; +} + int32_t quota_statfs_cbk (call_frame_t *frame, void *cookie, xlator_t *this, @@ -2950,7 +3018,9 @@ struct xlator_fops fops = { .fsync = quota_fsync, .setattr = quota_setattr, .fsetattr = quota_fsetattr, - .mknod = quota_mknod + .mknod = quota_mknod, + .setxattr = quota_setxattr, + .fsetxattr = quota_fsetxattr }; struct xlator_cbks cbks = { -- cgit