summaryrefslogtreecommitdiffstats
path: root/xlators/nfs/server
diff options
context:
space:
mode:
authorSantosh Kumar Pradhan <spradhan@redhat.com>2013-09-19 12:01:38 +0530
committerAnand Avati <avati@redhat.com>2013-09-29 16:54:37 -0700
commite9554f7792d893f0ea8afe368829f9944ef52bdf (patch)
tree465039c76a2c87e2029c93c2fa3f288e7795254b /xlators/nfs/server
parent84fa8af38d2eab0f72349abb8136811bd3e96570 (diff)
gNFS: Incorrect NFS ACL encoding for XFS
Problem: Incorrect NFS ACL encoding causes "system.posix_acl_default" setxattr failure on bricks on XFS file system. XFS (potentially others?) doesn't understand when the 0x10 prefix is added to the ACL type field for default ACLs (which the Linux NFS client adds) which causes setfacl()->setxattr() to fail silently. NFS client adds NFS_ACL_DEFAULT(0x1000) for default ACL. FIX: Mask the prefix (added by NFS client) OFF, so the setfacl is not rejected when it hits the FS. Original patch by: "Richard Wareing" Change-Id: I17ad27d84f030cdea8396eb667ee031f0d41b396 BUG: 1009210 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-on: http://review.gluster.org/5980 Reviewed-by: Amar Tumballi <amarts@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators/nfs/server')
-rw-r--r--xlators/nfs/server/src/acl3.c79
-rw-r--r--xlators/nfs/server/src/acl3.h17
2 files changed, 69 insertions, 27 deletions
diff --git a/xlators/nfs/server/src/acl3.c b/xlators/nfs/server/src/acl3.c
index 9e98124fe..bb3b95216 100644
--- a/xlators/nfs/server/src/acl3.c
+++ b/xlators/nfs/server/src/acl3.c
@@ -246,9 +246,9 @@ acl3_getacl_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
getaclreply->daclentry.daclentry_val = cs->daclentry;
/* FIXME: use posix_acl_from_xattr() */
- data = dict_get (dict, "system.posix_acl_access");
+ data = dict_get (dict, POSIX_ACL_ACCESS_XATTR);
if (data && (p = data_to_bin (data))) {
- /* POSIX_ACL_XATTR_VERSION */
+ /* POSIX_ACL_VERSION */
p++;
while ((char *)p < (data->data + data->len)) {
getaclreply->aclentry.aclentry_val[i].type = *(*(short **)&p)++;
@@ -260,9 +260,9 @@ acl3_getacl_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
}
i = 0;
- data = dict_get (dict, "system.posix_acl_default");
+ data = dict_get (dict, POSIX_ACL_DEFAULT_XATTR);
if (data && (p = data_to_bin (data))) {
- /* POSIX_ACL_XATTR_VERSION */
+ /* POSIX_ACL_VERSION */
p++;
while ((char *)p < (data->data + data->len)) {
getaclreply->daclentry.daclentry_val[i].type = *(*(short **)&p)++;
@@ -443,11 +443,11 @@ acl3_setacl_resume (void *carg)
nfs_request_user_init (&nfu, cs->req);
xattr = dict_new();
if (cs->aclcount)
- ret = dict_set_static_bin (xattr, "system.posix_acl_access", cs->aclxattr,
+ ret = dict_set_static_bin (xattr, POSIX_ACL_ACCESS_XATTR, cs->aclxattr,
cs->aclcount * 8 + 4);
if (cs->daclcount)
- ret = dict_set_static_bin (xattr, "system.posix_acl_default", cs->daclxattr,
- cs->daclcount * 8 + 4);
+ ret = dict_set_static_bin (xattr, POSIX_ACL_DEFAULT_XATTR,
+ cs->daclxattr, cs->daclcount * 8 + 4);
ret = nfs_setxattr (cs->nfsx, cs->vol, &nfu, &cs->resolvedloc, xattr,
0, NULL, acl3_setacl_cbk, cs);
@@ -481,7 +481,9 @@ acl3svc_setacl (rpcsvc_request_t *req)
setaclargs setaclargs;
aclentry *aclentry = NULL;
struct aclentry *daclentry = NULL;
- int *p = NULL, i = 0;
+ int i = 0;
+ struct posix_acl_xattr_header *bufheader = NULL;
+ struct posix_acl_xattr_entry *bufentry = NULL;
if (!req)
return ret;
@@ -525,19 +527,58 @@ acl3svc_setacl (rpcsvc_request_t *req)
(cs->daclcount > NFS_ACL_MAX_ENTRIES))
goto acl3err;
/* FIXME: use posix_acl_to_xattr() */
- p = (int *)cs->aclxattr;
- *(*(int **)&p)++ = POSIX_ACL_XATTR_VERSION;
+ /* Populate xattr buffer for user ACL */
+ bufheader = (struct posix_acl_xattr_header *)(cs->aclxattr);
+ bufheader->version = htole32(POSIX_ACL_VERSION);
+ bufentry = bufheader->entries;
for (i = 0; i < cs->aclcount; i++) {
- *(*(short **)&p)++ = aclentry[i].type;
- *(*(short **)&p)++ = aclentry[i].perm;
- *(*(int **)&p)++ = aclentry[i].uid;
+ int uaceuid;
+ const struct aclentry *uace = &aclentry[i];
+ switch (uace->type) {
+ case POSIX_ACL_USER:
+ case POSIX_ACL_GROUP:
+ uaceuid = uace->uid;
+ break;
+ default:
+ uaceuid = POSIX_ACL_UNDEFINED_ID;
+ break;
+ }
+ bufentry->tag = htole16(uace->type);
+ bufentry->perm = htole16(uace->perm);
+ bufentry->id = htole32(uaceuid);
+
+ bufentry++;
}
- p = (int *)cs->daclxattr;
- *(*(int **)&p)++ = POSIX_ACL_XATTR_VERSION;
+
+ /* Populate xattr buffer for Default ACL */
+ bufheader = (struct posix_acl_xattr_header *)(cs->aclxattr);
+ bufheader->version = htole32(POSIX_ACL_VERSION);
+ bufentry = bufheader->entries;
for (i = 0; i < cs->daclcount; i++) {
- *(*(short **)&p)++ = daclentry[i].type;
- *(*(short **)&p)++ = daclentry[i].perm;
- *(*(int **)&p)++ = daclentry[i].uid;
+ int daceuid;
+ int dacetype;
+ const struct aclentry *dace = &daclentry[i];
+ /*
+ * For "default ACL", NFSv3 handles the 'type' differently
+ * i.e. by logical OR'ing 'type' with NFS_ACL_DEFAULT.
+ * Which the backend File system does not understand and
+ * that needs to be masked OFF.
+ */
+ dacetype = (dace->type & ~(NFS_ACL_DEFAULT));
+ switch (dacetype) {
+ case POSIX_ACL_USER:
+ case POSIX_ACL_GROUP:
+ daceuid = dace->uid;
+ break;
+ default:
+ daceuid = POSIX_ACL_UNDEFINED_ID;
+ break;
+ }
+ bufentry->tag = htole16(dacetype);
+ bufentry->perm = htole16(dace->perm);
+ bufentry->id = htole32(daceuid);
+
+ bufentry++;
}
@@ -577,7 +618,7 @@ rpcsvc_actor_t acl3svc_actors[ACL3_PROC_COUNT] = {
rpcsvc_program_t acl3prog = {
.progname = "ACL3",
.prognum = ACL_PROGRAM,
- .progver = ACL_V3,
+ .progver = ACLV3_VERSION,
.progport = GF_NFS3_PORT,
.actors = acl3svc_actors,
.numactors = ACL3_PROC_COUNT,
diff --git a/xlators/nfs/server/src/acl3.h b/xlators/nfs/server/src/acl3.h
index b668723c8..e0e61281a 100644
--- a/xlators/nfs/server/src/acl3.h
+++ b/xlators/nfs/server/src/acl3.h
@@ -11,18 +11,19 @@
#ifndef _ACL3_H
#define _ACL3_H
+#include "glusterfs-acl.h"
+
#define GF_ACL3_PORT 38469
#define GF_ACL GF_NFS"-ACL"
-#define ACL_PROGRAM 100227
-#define ACL_V3 3
-
-#define ACL_USER_OBJ 0x1
-#define ACL_GROUP_OBJ 0x4
-#define ACL_OTHER_OBJ 0x20
+/*
+ * NFSv3, identifies the default ACL by NFS_ACL_DEFAULT. Gluster
+ * NFS needs to mask it OFF before sending it upto POSIX layer
+ * or File system layer.
+ */
+#define NFS_ACL_DEFAULT 0x1000
-#define POSIX_ACL_XATTR_VERSION 0x0002
-#define NFS_ACL_MAX_ENTRIES 1024
+#define NFS_ACL_MAX_ENTRIES 1024
rpcsvc_program_t *
acl3svc_init(xlator_t *nfsx);