diff options
author | Vijaykumar M <vmallika@redhat.com> | 2013-12-12 11:40:36 +0530 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2013-12-16 06:54:26 -0800 |
commit | a9623ada6f7b39ac2d567f66a496072487d8e6ec (patch) | |
tree | 0231e694085a22c79c90ba407ec04baa8a33f4af | |
parent | 40e13bc5b44d0b0cdaf7833c848d4a52352e0a13 (diff) |
pathinfo: Provide user namespace access.
Locality can be now queried by unprivileged users with
key "glusterfs.pathinfo".
Setting both "glusterfs.pathinfo" and "trusted.glusterfs.pathinfo"
on disk is prevented with this patch.
Original Author: Vijay Bellur <vbellur@redhat.com>
Change-Id: I4f7a0db8ad59165c4aeda04b23173255157a8b79
Signed-off-by: Vijaykumar M <vmallika@redhat.com>
Reviewed-on: http://review.gluster.org/5101
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
-rw-r--r-- | libglusterfs/src/glusterfs.h | 9 | ||||
-rw-r--r-- | xlators/cluster/afr/src/afr-inode-read.c | 3 | ||||
-rw-r--r-- | xlators/cluster/dht/src/dht-common.c | 4 | ||||
-rw-r--r-- | xlators/cluster/stripe/src/stripe.c | 7 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix-helpers.c | 5 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix.c | 6 |
6 files changed, 18 insertions, 16 deletions
diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h index dfe443016fc..ed483d19cf9 100644 --- a/libglusterfs/src/glusterfs.h +++ b/libglusterfs/src/glusterfs.h @@ -84,15 +84,18 @@ #define GF_XATTR_NODE_UUID_KEY "trusted.glusterfs.node-uuid" #define GF_XATTR_VOL_ID_KEY "trusted.glusterfs.volume-id" #define GF_XATTR_LOCKINFO_KEY "trusted.glusterfs.lockinfo" -#define GF_XATTR_GET_REAL_FILENAME_KEY "user.glusterfs.get_real_filename:" +#define GF_XATTR_GET_REAL_FILENAME_KEY "glusterfs.get_real_filename:" +#define GF_XATTR_USER_PATHINFO_KEY "glusterfs.pathinfo" #define QUOTA_LIMIT_KEY "trusted.glusterfs.quota.limit-set" #define GF_READDIR_SKIP_DIRS "readdir-filter-directories" #define BD_XATTR_KEY "user.glusterfs" -#define XATTR_IS_PATHINFO(x) (strncmp (x, GF_XATTR_PATHINFO_KEY, \ - strlen (GF_XATTR_PATHINFO_KEY)) == 0) +#define XATTR_IS_PATHINFO(x) ((strncmp (x, GF_XATTR_PATHINFO_KEY, \ + strlen (x)) == 0) || \ + (strncmp (x, GF_XATTR_USER_PATHINFO_KEY, \ + strlen (x)) == 0)) #define XATTR_IS_NODE_UUID(x) (strncmp (x, GF_XATTR_NODE_UUID_KEY, \ strlen (GF_XATTR_NODE_UUID_KEY)) == 0) #define XATTR_IS_LOCKINFO(x) (strncmp (x, GF_XATTR_LOCKINFO_KEY, \ diff --git a/xlators/cluster/afr/src/afr-inode-read.c b/xlators/cluster/afr/src/afr-inode-read.c index 3e80129f935..0cfebcb9d55 100644 --- a/xlators/cluster/afr/src/afr-inode-read.c +++ b/xlators/cluster/afr/src/afr-inode-read.c @@ -1410,7 +1410,8 @@ afr_is_special_xattr (const char *name, fop_getxattr_cbk_t *cbk, goto out; } - if (!strcmp (name, GF_XATTR_PATHINFO_KEY)) { + if (!strcmp (name, GF_XATTR_PATHINFO_KEY) || + !strcmp (name, GF_XATTR_USER_PATHINFO_KEY)) { if (is_fgetxattr) { *cbk = afr_fgetxattr_pathinfo_cbk; } else { diff --git a/xlators/cluster/dht/src/dht-common.c b/xlators/cluster/dht/src/dht-common.c index ed4babd328c..f59bc96670c 100644 --- a/xlators/cluster/dht/src/dht-common.c +++ b/xlators/cluster/dht/src/dht-common.c @@ -2161,7 +2161,7 @@ dht_getxattr (call_frame_t *frame, xlator_t *this, * (until inode_link() happens) */ if (key && DHT_IS_DIR(layout) && - ((strcmp (key, GF_XATTR_PATHINFO_KEY) == 0) + (XATTR_IS_PATHINFO (key) || (strcmp (key, GF_XATTR_NODE_UUID_KEY) == 0))) { (void) strncpy (local->xsel, key, 256); cnt = local->call_cnt = layout->cnt; @@ -2176,7 +2176,7 @@ dht_getxattr (call_frame_t *frame, xlator_t *this, /* node-uuid or pathinfo for files */ if (key && ((strcmp (key, GF_XATTR_NODE_UUID_KEY) == 0) - || (strcmp (key, GF_XATTR_PATHINFO_KEY) == 0))) { + || XATTR_IS_PATHINFO (key))) { cached_subvol = local->cached_subvol; (void) strncpy (local->xsel, key, 256); diff --git a/xlators/cluster/stripe/src/stripe.c b/xlators/cluster/stripe/src/stripe.c index 8ac14cb3a87..c981262251f 100644 --- a/xlators/cluster/stripe/src/stripe.c +++ b/xlators/cluster/stripe/src/stripe.c @@ -5548,9 +5548,7 @@ stripe_getxattr (call_frame_t *frame, xlator_t *this, return 0; } - if (name && - ((strncmp (name, GF_XATTR_PATHINFO_KEY, - strlen (GF_XATTR_PATHINFO_KEY)) == 0))) { + if (name && (XATTR_IS_PATHINFO (name))) { if (IA_ISREG (loc->inode->ia_type)) { ret = inode_ctx_get (loc->inode, this, (uint64_t *) &local->fctx); @@ -5637,8 +5635,7 @@ stripe_is_special_xattr (const char *name) if (!strncmp (name, GF_XATTR_LOCKINFO_KEY, strlen (GF_XATTR_LOCKINFO_KEY)) - || !strncmp (name, GF_XATTR_PATHINFO_KEY, - strlen (GF_XATTR_PATHINFO_KEY))) + || XATTR_IS_PATHINFO (name)) is_spl = _gf_true; out: return is_spl; diff --git a/xlators/storage/posix/src/posix-helpers.c b/xlators/storage/posix/src/posix-helpers.c index 0e187e0200d..86ce08cb300 100644 --- a/xlators/storage/posix/src/posix-helpers.c +++ b/xlators/storage/posix/src/posix-helpers.c @@ -781,7 +781,10 @@ posix_handle_pair (xlator_t *this, const char *real_path, int sys_ret = -1; int ret = 0; - if (ZR_FILE_CONTENT_REQUEST(key)) { + if (XATTR_IS_PATHINFO (key)) { + ret = -EACCES; + goto out; + } else if (ZR_FILE_CONTENT_REQUEST(key)) { ret = posix_set_file_contents (this, real_path, key, value, flags); } else { diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c index 1ebf42150a7..7695289fae4 100644 --- a/xlators/storage/posix/src/posix.c +++ b/xlators/storage/posix/src/posix.c @@ -3430,8 +3430,7 @@ posix_getxattr (call_frame_t *frame, xlator_t *this, } goto done; } - if (loc->inode && name && - (strcmp (name, GF_XATTR_PATHINFO_KEY) == 0)) { + if (loc->inode && name && (XATTR_IS_PATHINFO (name))) { if (LOC_HAS_ABSPATH (loc)) MAKE_REAL_PATH (rpath, this, loc->path); else @@ -3451,8 +3450,7 @@ posix_getxattr (call_frame_t *frame, xlator_t *this, goto done; } size = strlen (dyn_rpath) + 1; - ret = dict_set_dynstr (dict, GF_XATTR_PATHINFO_KEY, - dyn_rpath); + ret = dict_set_dynstr (dict, (char *)name, dyn_rpath); if (ret < 0) { gf_log (this->name, GF_LOG_WARNING, "could not set value (%s) in dictionary", |