diff options
| author | Kinglong Mee <kinglongmee@gmail.com> | 2018-08-07 09:30:37 +0800 |
|---|---|---|
| committer | Amar Tumballi <amarts@redhat.com> | 2018-08-27 03:26:02 +0000 |
| commit | 7f89cff0cdc63c4b6734bd2e3c56ee0e70957813 (patch) | |
| tree | e7ab52e6cbe64da957ab9ab853b1194f6695b668 | |
| parent | 30e46a9b3cef868e5c781044c99c3d5b066d4760 (diff) | |
posix-acl: skip acl_permits check when the owner setting GF_POSIX_ACL_xxxx
Change-Id: Iaeea470d040587027f37e0760ae27c4fc205a189
fixes: bz#1613098
Signed-off-by: Kinglong Mee <mijinlong@open-fs.com>
| -rw-r--r-- | tests/basic/gfapi/bug1613098.c | 95 | ||||
| -rwxr-xr-x | tests/basic/gfapi/bug1613098.t | 22 | ||||
| -rw-r--r-- | xlators/system/posix-acl/src/posix-acl.c | 19 |
3 files changed, 127 insertions, 9 deletions
diff --git a/tests/basic/gfapi/bug1613098.c b/tests/basic/gfapi/bug1613098.c new file mode 100644 index 00000000000..cdb69fdedfa --- /dev/null +++ b/tests/basic/gfapi/bug1613098.c @@ -0,0 +1,95 @@ +#include <inttypes.h> +#include <stdio.h> +#include <string.h> +#include <errno.h> + +#include <glusterfs/api/glfs.h> +#include <glusterfs/api/glfs-handles.h> + +#define ACL_TYPE_ACCESS (0x8000) + +#define VALIDATE_AND_GOTO_LABEL_ON_ERROR(func, ret, label) do { \ + if (ret < 0) { \ + fprintf (stderr, "%s : returned error %d (%s)\n", \ + func, ret, strerror (errno)); \ + goto label; \ + } \ + } while (0) + +int +main (int argc, char *argv[]) +{ + int ret = -1; + int flags = O_RDWR|O_SYNC; + glfs_t *fs = NULL; + glfs_fd_t *fd = NULL; + char *volname = NULL; + char *logfile = NULL; + const char *filename = "file_tmp"; + struct glfs_object *object = NULL; + acl_t acl = NULL; + struct stat sb; + + if (argc != 3) { + fprintf (stderr, "Invalid argument\n"); + return 1; + } + + volname = argv[1]; + logfile = argv[2]; + + fs = glfs_new (volname); + if (!fs) + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_new", ret, out); + + ret = glfs_set_volfile_server (fs, "tcp", "localhost", 24007); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_set_volfile_server", ret, out); + + ret = glfs_set_logging (fs, logfile, 7); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_set_logging", ret, out); + + ret = glfs_init (fs); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_init", ret, out); + + fd = glfs_creat(fs, filename, flags, 0044); + if (fd == NULL) { + ret = -1; + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_creat", ret, out); + } + glfs_close(fd); + + object = glfs_h_lookupat(fs, NULL, filename, NULL, 0); + if (object == NULL) { + ret = -1; + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_h_lookupat", ret, out); + } + + ret = glfs_chown(fs, filename, 99, 99); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_chown", ret, out); + + ret = glfs_setfsuid(99); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_setfsuid", ret, out); + + ret = glfs_setfsgid(99); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_setfsgid", ret, out); + + acl = glfs_h_acl_get(fs, object, ACL_TYPE_ACCESS); + if (acl == NULL) { + ret = -1; + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_h_acl_get", ret, out); + } + + ret = glfs_h_acl_set(fs, object, ACL_TYPE_ACCESS, acl); + VALIDATE_AND_GOTO_LABEL_ON_ERROR ("glfs_h_acl_get", ret, out); +out: + glfs_setfsuid(0); + glfs_setfsgid(0); + + if (object) + glfs_h_close(object); + + if (fs) + glfs_fini(fs); + + return ret; +} diff --git a/tests/basic/gfapi/bug1613098.t b/tests/basic/gfapi/bug1613098.t new file mode 100755 index 00000000000..e4acc2b76bf --- /dev/null +++ b/tests/basic/gfapi/bug1613098.t @@ -0,0 +1,22 @@ +#!/bin/bash + +. $(dirname $0)/../../include.rc +. $(dirname $0)/../../volume.rc + +TEST glusterd + +TEST $CLI volume create $V0 ${H0}:$B0/brick1; +EXPECT 'Created' volinfo_field $V0 'Status'; + +TEST $CLI volume start $V0; +EXPECT 'Started' volinfo_field $V0 'Status'; + +logdir=`gluster --print-logdir` + +build_tester $(dirname $0)/bug1613098.c -lgfapi + +TEST ./$(dirname $0)/bug1613098 $V0 $logdir/bug1613098.log + +cleanup_tester $(dirname $0)/bug1613098 + +cleanup; diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c index ccede3b1e8b..dd01d3e0f38 100644 --- a/xlators/system/posix-acl/src/posix-acl.c +++ b/xlators/system/posix-acl/src/posix-acl.c @@ -2010,13 +2010,10 @@ setxattr_scrutiny (call_frame_t *frame, inode_t *inode, dict_t *xattr) if (!ctx) return EIO; - if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR)) { - found = 1; - if (!frame_is_user (frame, ctx->uid)) - return EPERM; - } - - if (dict_get (xattr, POSIX_ACL_DEFAULT_XATTR)) { + if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get (xattr, POSIX_ACL_DEFAULT_XATTR) || + dict_get (xattr, GF_POSIX_ACL_ACCESS) || + dict_get (xattr, GF_POSIX_ACL_DEFAULT)) { found = 1; if (!frame_is_user (frame, ctx->uid)) return EPERM; @@ -2176,7 +2173,9 @@ posix_acl_setxattr (call_frame_t *frame, xlator_t *this, loc_t *loc, if (op_errno != 0) goto red; - posix_acl_setxattr_update (this, loc->inode, xattr); + if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get (xattr, POSIX_ACL_DEFAULT_XATTR)) + posix_acl_setxattr_update (this, loc->inode, xattr); /* * inode is required in call back function to update the context @@ -2214,7 +2213,9 @@ posix_acl_fsetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd, if (op_errno != 0) goto red; - posix_acl_setxattr_update (this, fd->inode, xattr); + if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get (xattr, POSIX_ACL_DEFAULT_XATTR)) + posix_acl_setxattr_update (this, fd->inode, xattr); STACK_WIND (frame, posix_acl_fsetxattr_cbk, FIRST_CHILD(this), FIRST_CHILD(this)->fops->fsetxattr, |