summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAnand Avati <avati@gluster.com>2011-07-01 16:55:08 +0000
committerAnand Avati <avati@gluster.com>2011-07-01 15:58:27 -0700
commit9f7c50da005fc73a211bb8255b75cd014e0eff75 (patch)
tree4cb951224e594d2fac7d6b9bc27e6dff14d86b59
parentd8c7cdc7341a1e1119efc8502b9a5cf90210ddae (diff)
storage/posix: set ACL keys during new entry/inode creations
honor "system.posix_acl_access" and "system.posix_acl_default" keys in params dict to setxattr into the backend while creating new entry/inodes Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
-rw-r--r--xlators/storage/posix/src/posix.c63
1 files changed, 63 insertions, 0 deletions
diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c
index f6b99025557..6121b5f5a1c 100644
--- a/xlators/storage/posix/src/posix.c
+++ b/xlators/storage/posix/src/posix.c
@@ -472,6 +472,40 @@ out:
}
+int
+posix_acl_xattr_set (xlator_t *this, const char *path, dict_t *xattr_req)
+{
+ int ret = 0;
+ data_t *data = NULL;
+ struct stat stat = {0, };
+
+ if (!xattr_req)
+ goto out;
+
+ if (sys_lstat (path, &stat) != 0)
+ goto out;
+
+ data = dict_get (xattr_req, "system.posix_acl_access");
+ if (data) {
+ ret = sys_lsetxattr (path, "system.posix_acl_access",
+ data->data, data->len, 0);
+ if (ret != 0)
+ goto out;
+ }
+
+ data = dict_get (xattr_req, "system.posix_acl_default");
+ if (data) {
+ ret = sys_lsetxattr (path, "system.posix_acl_default",
+ data->data, data->len, 0);
+ if (ret != 0)
+ goto out;
+ }
+
+out:
+ return ret;
+}
+
+
int32_t
posix_lookup (call_frame_t *frame, xlator_t *this,
loc_t *loc, dict_t *xattr_req)
@@ -1200,6 +1234,13 @@ posix_mknod (call_frame_t *frame, xlator_t *this,
}
#endif
+ op_ret = posix_acl_xattr_set (this, real_path, params);
+ if (op_ret) {
+ gf_log (this->name, GF_LOG_ERROR,
+ "setting ACLs on %s failed (%s)", loc->path,
+ strerror (errno));
+ }
+
op_ret = posix_lstat_with_gfid (this, real_path, &stbuf);
if (op_ret == -1) {
op_errno = errno;
@@ -1465,6 +1506,13 @@ posix_mkdir (call_frame_t *frame, xlator_t *this,
}
#endif
+ op_ret = posix_acl_xattr_set (this, real_path, params);
+ if (op_ret) {
+ gf_log (this->name, GF_LOG_ERROR,
+ "setting ACLs on %s failed (%s)", loc->path,
+ strerror (errno));
+ }
+
op_ret = posix_lstat_with_gfid (this, real_path, &stbuf);
if (op_ret == -1) {
op_errno = errno;
@@ -1769,6 +1817,14 @@ posix_symlink (call_frame_t *frame, xlator_t *this,
goto out;
}
#endif
+
+ op_ret = posix_acl_xattr_set (this, real_path, params);
+ if (op_ret) {
+ gf_log (this->name, GF_LOG_ERROR,
+ "setting ACLs on %s failed (%s)", loc->path,
+ strerror (errno));
+ }
+
op_ret = posix_lstat_with_gfid (this, real_path, &stbuf);
if (op_ret == -1) {
op_errno = errno;
@@ -2192,6 +2248,13 @@ posix_create (call_frame_t *frame, xlator_t *this,
}
#endif
+ op_ret = posix_acl_xattr_set (this, real_path, params);
+ if (op_ret) {
+ gf_log (this->name, GF_LOG_ERROR,
+ "setting ACLs on %s failed (%s)", loc->path,
+ strerror (errno));
+ }
+
op_ret = posix_fstat_with_gfid (this, _fd, &stbuf);
if (op_ret == -1) {
op_errno = errno;