glusterfs.git/xlators/system, branch v3.3.0qa12 posix-acl: configurable super user ID 2011-09-08T14:08:13+00:00 Anand Avati avati@gluster.com 2011-08-31T17:27:34+00:00 4d2afaae2f3c42b710acf8c7ebdb4b50d502b813 In configurations with a uid mapper, super user ID could be mapped to a non-zero value. Hence making it configurable in access control would be necessary for proper super-user semantics. Change-Id: I51e8e0395680e9b96a99657a0af547659bd9affe BUG: 2815 Reviewed-on: http://review.gluster.com/332 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com> 
In configurations with a uid mapper, super user ID could be mapped
to a non-zero value. Hence making it configurable in access control
would be necessary for proper super-user semantics.

Change-Id: I51e8e0395680e9b96a99657a0af547659bd9affe
BUG: 2815
Reviewed-on: http://review.gluster.com/332
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
Save the mode flags set by the application when ACLs are in use 2011-09-08T07:20:21+00:00 Pavan T C tcp@gluster.com 2011-09-07T12:35:57+00:00 51138e1cbf602e16011768040440cf829367c40c While inheriting the ACLs from a directory that has default ACLs, make sure that the mode flags set by the application are saved. It is required to inherit only the Read, Write and Execute permissions while leaving the others viz. setuid, setgid and sticky bit untouched hence honouring the requests made by the application during create operations (mknod, mkdir et al). For a description of the problem, root cause and evaluation, refer: http://bugs.gluster.com/show_bug.cgi?id=3522 Change-Id: I994077fb321a35d8254f0cc5a7de99a17ec40c47 BUG: 3522 Reviewed-on: http://review.gluster.com/368 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com> 
While inheriting the ACLs from a directory that has default ACLs, make sure
that the mode flags set by the application are saved. It is required to
inherit only the Read, Write and Execute permissions while leaving the others
viz. setuid, setgid and sticky bit untouched hence honouring the requests made
by the application during create operations (mknod, mkdir et al).

For a description of the problem, root cause and evaluation, refer:
http://bugs.gluster.com/show_bug.cgi?id=3522

Change-Id: I994077fb321a35d8254f0cc5a7de99a17ec40c47
BUG: 3522
Reviewed-on: http://review.gluster.com/368
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
Eliminate many "var set but not used" warnings with newer gcc. 2011-09-08T06:48:01+00:00 Jeff Darcy jdarcy@redhat.com 2011-09-08T00:03:24+00:00 694ef54978f382507a5127ce66da7770929ba2c2 This fixes ~200 such warnings, but leaves three categories untouched. (1) Rpcgen code. (2) Macros which set variables in the outer (calling function) scope. (3) Variables which are set via function calls which may have side effects. Change-Id: I6554555f78ed26134251504b038da7e94adacbcd BUG: 2550 Reviewed-on: http://review.gluster.com/371 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com> 
This fixes ~200 such warnings, but leaves three categories untouched.

(1) Rpcgen code.

(2) Macros which set variables in the outer (calling function) scope.

(3) Variables which are set via function calls which may have side effects.

Change-Id: I6554555f78ed26134251504b038da7e94adacbcd
BUG: 2550
Reviewed-on: http://review.gluster.com/371
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
posix-acl: disable permission checks for fd based ops 2011-08-11T05:06:56+00:00 Anand Avati avati@gluster.com 2011-08-10T17:41:36+00:00 5ce1b5c357d490f68ae89bfd3ce31326a81a1183 If write calls are coming in through an fd with O_RDWR or O_WRONLY flag then a permission check is unnecessary. However writes from NFS ideally need a "stateless" check in each call and this results in a permission failure due to the read-only mode (disregarding the FD's writeability). For now it is acceptable to disable write checks as almost always the NFS client would already be doing such basic access control. Also because the previous access-control translator (prior to posix ACL introduction) too was permitting writes and reads unconditionally. In fact the Linux KNFS server too assumes the NFS client would have done the permission check. Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba BUG: 3388 Reviewed-on: http://review.gluster.com/208 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com> 
If write calls are coming in through an fd with O_RDWR or O_WRONLY
flag then a permission check is unnecessary. However writes from
NFS ideally need a "stateless" check in each call and this results
in a permission failure due to the read-only mode (disregarding the
FD's writeability).

For now it is acceptable to disable write checks as almost always
the NFS client would already be doing such basic access control.
Also because the previous access-control translator (prior to
posix ACL introduction) too was permitting writes and reads
unconditionally.

In fact the Linux KNFS server too assumes the NFS client would have
done the permission check.

Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba
BUG: 3388
Reviewed-on: http://review.gluster.com/208
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
LICENSE: s/GNU Affero General Public/GNU General Public/ 2011-08-06T13:33:52+00:00 Pranith Kumar K pranithk@gluster.com 2011-08-06T08:30:03+00:00 0cf100b58c34b40eb7f35fa6913996539e0e3aa9 Change-Id: I3914467611e573cccee0d22df93920cf1b2eb79f BUG: 3348 Reviewed-on: http://review.gluster.com/182 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com> 
Change-Id: I3914467611e573cccee0d22df93920cf1b2eb79f
BUG: 3348
Reviewed-on: http://review.gluster.com/182
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
posix-acl: perform access checks on read/write/truncate for NFS calls 2011-07-13T10:00:51+00:00 Anand Avati avati@gluster.com 2011-07-13T03:34:02+00:00 c77014be787a1d8ff23923b53b39054da35785de Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815 Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815 
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 2815 (Server-enforced ACLs)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
access-control: Handle F_OK in perm check, and O_APPEND, O_TRUNC in open 2011-07-13T10:00:45+00:00 shishir gowda shishirng@gluster.com 2011-07-13T03:33:47+00:00 e27c4da87295a210e77ca13ff23a24078abc25c0 Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057

BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
access-control: NFS access control expects a return of valid mode 2011-07-13T10:00:29+00:00 shishir gowda shishirng@gluster.com 2011-07-13T03:32:41+00:00 9388760b9aad1ae2512eb108a4ca6b5c8638ea07 The permission check is same as that of posix. We break the requests into single checks, aggregate all the valid modes and return in reply. Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3057 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 
The permission check is same as that of posix. We break the requests
into single checks, aggregate all the valid modes and return in reply.

Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>

BUG: 3057 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
access-control: Save group permissions returned from backend 2011-07-13T10:00:23+00:00 shishir gowda shishirng@gluster.com 2011-07-13T03:32:02+00:00 9f2adc333dad1beb17b81bd55f5e32366320a4dc The backend permissions returned in stat for group is already masked value. Use the xattr value Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3102 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3102 (Read calls go ahead even when the group has no permissions) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102 
The backend permissions returned in stat for group is already masked
value. Use the xattr value

Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>

BUG: 3102 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 3102 (Read calls go ahead even when the group has no permissions)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102
access-control: Return mode part of NFS access control request 2011-07-13T10:00:17+00:00 shishir gowda shishirng@gluster.com 2011-07-13T03:31:47+00:00 843ffc77e0f1ba6cc1b2332f0a57e2fa339c9f4c Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3057 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@gluster.com>

BUG: 3057 ()
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 3057 (acl permissions don't work on nfs mount)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057