summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPranith K <pranithk@gluster.com>2011-01-24 01:49:23 +0000
committerAnand V. Avati <avati@dev.gluster.com>2011-01-26 23:42:21 -0800
commit40cdb88962cff1d32cd46cb089ad8bcd9be3d62d (patch)
tree44690b776d266e1253a9d84f714e6d72013713fd
parent945ac04532d5efeeef324be485dcf2bade41708e (diff)
features/access-control: skip access-tests if the call is from fuse
Fuse cant send aux gids. So access-control checks treat non-primary-group membership of user as "other". So skip access-control checks if the call is from fuse. We added a hack to treat all calls with pid set to 1 as calls from nfs. So for calls with pid not 1 we skip the access-control checks on all fops. Signed-off-by: Pranith Kumar K <pranithk@gluster.com> Signed-off-by: Anand V. Avati <avati@dev.gluster.com> BUG: 2296 (svn / subversion fails on gluster volume (replicated and non-replicated)) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2296
-rw-r--r--libglusterfs/src/stack.c11
-rw-r--r--libglusterfs/src/stack.h3
-rw-r--r--xlators/features/access-control/src/access-control.c76
-rw-r--r--xlators/nfs/server/src/nfs-fops.c1
4 files changed, 90 insertions, 1 deletions
diff --git a/libglusterfs/src/stack.c b/libglusterfs/src/stack.c
index b2659c57fe3..53c21f7c625 100644
--- a/libglusterfs/src/stack.c
+++ b/libglusterfs/src/stack.c
@@ -163,3 +163,14 @@ gf_proc_dump_pending_frames (call_pool_t *call_pool)
UNLOCK (&(call_pool->lock));
}
+gf_boolean_t
+__is_fuse_call (call_frame_t *frame)
+{
+ gf_boolean_t is_fuse_call = _gf_false;
+ GF_ASSERT (frame);
+ GF_ASSERT (frame->root);
+
+ if (NFS_PID != frame->root->pid)
+ is_fuse_call = _gf_true;
+ return is_fuse_call;
+}
diff --git a/libglusterfs/src/stack.h b/libglusterfs/src/stack.h
index b06470bf5fc..f06267c3848 100644
--- a/libglusterfs/src/stack.h
+++ b/libglusterfs/src/stack.h
@@ -45,6 +45,7 @@ typedef struct _call_pool_t call_pool_t;
#include "common-utils.h"
#include "globals.h"
+#define NFS_PID 1
typedef int32_t (*ret_fn_t) (call_frame_t *frame,
call_frame_t *prev_frame,
xlator_t *this,
@@ -363,4 +364,6 @@ create_frame (xlator_t *xl, call_pool_t *pool)
void
gf_proc_dump_pending_frames(call_pool_t *call_pool);
+gf_boolean_t
+__is_fuse_call (call_frame_t *frame);
#endif /* _STACK_H */
diff --git a/xlators/features/access-control/src/access-control.c b/xlators/features/access-control/src/access-control.c
index 802d7cf6f7f..7b5689dace6 100644
--- a/xlators/features/access-control/src/access-control.c
+++ b/xlators/features/access-control/src/access-control.c
@@ -52,7 +52,6 @@ __get_frame_stub (call_frame_t *fr)
return st;
}
-
int
ac_test_owner_access (struct iatt *ia, uid_t uid, int accesstest)
{
@@ -372,6 +371,10 @@ ac_truncate (call_frame_t *frame, xlator_t *this, loc_t *loc, off_t offset)
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ac_truncate_resume (frame, this, loc, offset);
+ return 0;
+ }
stub = fop_truncate_stub (frame, ac_truncate_resume, loc, offset);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -459,6 +462,10 @@ ac_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int32_t mask)
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ac_access_resume (frame, this, loc, mask);
+ return 0;
+ }
stub = fop_access_stub (frame, ac_access_resume, loc, mask);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -524,6 +531,10 @@ ac_readlink (call_frame_t *frame, xlator_t *this, loc_t *loc, size_t size)
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ac_readlink_resume (frame, this, loc, size);
+ return 0;
+ }
stub = fop_readlink_stub (frame, ac_readlink_resume, loc, size);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -594,6 +605,10 @@ ac_mknod (call_frame_t *frame, xlator_t *this, loc_t *loc, mode_t mode,
int ret = -EFAULT;
loc_t parentloc = {0, };
+ if (__is_fuse_call (frame)) {
+ ac_mknod_resume (frame, this, loc, mode, rdev, params);
+ return 0;
+ }
stub = fop_mknod_stub (frame, ac_mknod_resume, loc, mode, rdev, params);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -679,6 +694,10 @@ ac_mkdir (call_frame_t *frame, xlator_t *this, loc_t *loc, mode_t mode,
int ret = -EFAULT;
loc_t parentloc = {0, };
+ if (__is_fuse_call (frame)) {
+ ac_mkdir_resume (frame, this, loc, mode, params);
+ return 0;
+ }
stub = fop_mkdir_stub (frame, ac_mkdir_resume, loc, mode, params);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -757,6 +776,10 @@ ac_unlink (call_frame_t *frame, xlator_t *this, loc_t *loc)
int ret = -EFAULT;
loc_t parentloc = {0, };
+ if (__is_fuse_call (frame)) {
+ ac_unlink_resume (frame, this, loc);
+ return 0;
+ }
stub = fop_unlink_stub (frame, ac_unlink_resume, loc);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -834,6 +857,10 @@ ac_rmdir (call_frame_t *frame, xlator_t *this, loc_t *loc, int flags)
int ret = -EFAULT;
loc_t parentloc = {0, };
+ if (__is_fuse_call (frame)) {
+ ac_rmdir_resume (frame, this, loc, flags);
+ return 0;
+ }
stub = fop_rmdir_stub (frame, ac_rmdir_resume, loc, flags);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -914,6 +941,10 @@ ac_symlink (call_frame_t *frame, xlator_t *this, const char *linkname,
int ret = -EFAULT;
loc_t parentloc = {0, };
+ if (__is_fuse_call (frame)) {
+ ac_symlink_resume (frame, this, linkname, loc, params);
+ return 0;
+ }
stub = fop_symlink_stub (frame, ac_symlink_resume, linkname, loc,
params);
if (!stub) {
@@ -1040,6 +1071,10 @@ ac_rename (call_frame_t *frame, xlator_t *this, loc_t *oldloc, loc_t *newloc)
int ret = -EFAULT;
loc_t parentloc = {0, };
+ if (__is_fuse_call (frame)) {
+ ac_rename_resume (frame, this, oldloc, newloc);
+ return 0;
+ }
stub = fop_rename_stub (frame, ac_rename_resume, oldloc, newloc);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -1125,6 +1160,10 @@ ac_link (call_frame_t *frame, xlator_t *this, loc_t *oldloc, loc_t *newloc)
int ret = -EFAULT;
loc_t parentloc = {0, };
+ if (__is_fuse_call (frame)) {
+ ac_link_resume (frame, this, oldloc, newloc);
+ return 0;
+ }
stub = fop_link_stub (frame, ac_link_resume, oldloc, newloc);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -1207,6 +1246,10 @@ ac_create (call_frame_t *frame, xlator_t *this, loc_t *loc, int32_t flags,
int ret = -EFAULT;
loc_t parentloc = {0, };
+ if (__is_fuse_call (frame)) {
+ ac_create_resume (frame, this, loc, flags, mode, fd, params);
+ return 0;
+ }
stub = fop_create_stub (frame, ac_create_resume, loc, flags, mode,
fd, params);
if (!stub) {
@@ -1366,6 +1409,11 @@ ac_open (call_frame_t *frame, xlator_t *this, loc_t *loc, int32_t flags,
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ret = ac_open_resume (frame, this, loc, flags, fd, wbflags);
+ return 0;
+ }
+
stub = fop_open_stub (frame, ac_open_resume, loc, flags, fd, wbflags);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -1443,6 +1491,11 @@ ac_readv (call_frame_t *frame, xlator_t *this, fd_t *fd, size_t size,
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ret = ac_readv_resume (frame, this, fd, size, offset);
+ return 0;
+ }
+
stub = fop_readv_stub (frame, ac_readv_resume, fd, size, offset);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -1514,6 +1567,12 @@ ac_writev (call_frame_t *frame, xlator_t *this, fd_t *fd, struct iovec *vector,
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ret = ac_writev_resume (frame, this, fd, vector, count,
+ offset, iobref);
+ return 0;
+ }
+
stub = fop_writev_stub (frame, ac_writev_resume, fd, vector, count,
offset, iobref);
if (!stub) {
@@ -1578,6 +1637,11 @@ ac_opendir (call_frame_t *frame, xlator_t *this, loc_t *loc, fd_t *fd)
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ret = ac_opendir_resume (frame, this, loc, fd);
+ return 0;
+ }
+
stub = fop_opendir_stub (frame, ac_opendir_resume, loc, fd);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -1683,6 +1747,11 @@ ac_setattr (call_frame_t *frame, xlator_t *this, loc_t *loc, struct iatt *buf,
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ret = ac_setattr_resume (frame, this, loc, buf, valid);
+ return 0;
+ }
+
stub = fop_setattr_stub (frame, ac_setattr_resume, loc, buf, valid);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
@@ -1789,6 +1858,11 @@ ac_fsetattr (call_frame_t *frame, xlator_t *this, fd_t *fd, struct iatt *buf,
call_stub_t *stub = NULL;
int ret = -EFAULT;
+ if (__is_fuse_call (frame)) {
+ ret = ac_fsetattr_resume (frame, this, fd, buf, valid);
+ return 0;
+ }
+
stub = fop_fsetattr_stub (frame, ac_fsetattr_resume, fd, buf, valid);
if (!stub) {
gf_log (this->name, GF_LOG_ERROR, "cannot create call stub: "
diff --git a/xlators/nfs/server/src/nfs-fops.c b/xlators/nfs/server/src/nfs-fops.c
index cf74708f886..068d08cf3b5 100644
--- a/xlators/nfs/server/src/nfs-fops.c
+++ b/xlators/nfs/server/src/nfs-fops.c
@@ -122,6 +122,7 @@ nfs_create_frame (xlator_t *xl, nfs_user_t *nfu)
frame = create_frame (xl, (call_pool_t *)xl->ctx->pool);
if (!frame)
goto err;
+ frame->root->pid = NFS_PID;
frame->root->uid = nfu->uid;
frame->root->gid = nfu->gids[NFS_PRIMGID_IDX];
if (nfu->ngrps == 1)