fuse: introduce "noacl" option to disable ACL checks

Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
author: Anand Avati <avati@gluster.com> 2011-07-08 03:23:08 +0000
committer: Anand Avati <avati@gluster.com> 2011-07-08 02:25:59 -0700
commit: 54aaf46e5b6e95fe9df257728b76f67bdb5dd17c (patch)
tree: fc402c9a91ff17bbd8bc99a8f83ea2ccadeaa41e
parent: 8af1177029b7103ba84bc59eb58d7c5c8635e6cd (diff)
2 files changed, 51 insertions, 11 deletions
diff --git a/xlators/mount/fuse/src/fuse-bridge.c b/xlators/mount/fuse/src/fuse-bridge.c
index 70078286fdd..7a78ef277a7 100644
--- a/xlators/mount/fuse/src/fuse-bridge.c
+++ b/xlators/mount/fuse/src/fuse-bridge.c
@@ -2329,11 +2329,14 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
         struct fuse_setxattr_in *fsi = msg;
         char         *name = (char *)(fsi + 1);
         char         *value = name + strlen (name) + 1;
+        struct fuse_private *priv = NULL;
 
         fuse_state_t *state = NULL;
         char         *dict_value = NULL;
         int32_t       ret = -1;
 
+        priv = this->private;
+
 #ifdef GF_DARWIN_HOST_OS
         if (fsi->position) {
                 gf_log ("glusterfs-fuse", GF_LOG_WARNING,
@@ -2346,8 +2349,17 @@ fuse_setxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
         }
 #endif
 
-#ifdef DISABLE_POSIX_ACL
-        if (!strncmp (name, "system.", 7)) {
+        if (!priv->acl) {
+                if ((strcmp (name, "system.posix_acl_access") == 0) ||
+                    (strcmp (name, "system.posix_acl_default") == 0)) {
+                        send_fuse_err (this, finh, EOPNOTSUPP);
+                        GF_FREE (finh);
+                        return;
+                }
+        }
+
+#ifdef DISABLE_SELINUX
+        if (!strncmp (name, "security.", 9)) {
                 send_fuse_err (this, finh, EOPNOTSUPP);
                 GF_FREE (finh);
                 return;
@@ -2540,6 +2552,9 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
 
         fuse_state_t *state = NULL;
         int32_t       ret = -1;
+        struct fuse_private *priv = NULL;
+
+        priv = this->private;
 
 #ifdef GF_DARWIN_HOST_OS
         if (fgxi->position) {
@@ -2561,8 +2576,17 @@ fuse_getxattr (xlator_t *this, fuse_in_header_t *finh, void *msg)
         }
 #endif
 
-#ifdef DISABLE_POSIX_ACL
-        if (!strncmp (name, "system.", 7)) {
+        if (!priv->acl) {
+                if ((strcmp (name, "system.posix_acl_access") == 0) ||
+                    (strcmp (name, "system.posix_acl_default") == 0)) {
+                        send_fuse_err (this, finh, ENOTSUP);
+                        GF_FREE (finh);
+                        return;
+                }
+        }
+
+#ifdef DISABLE_SELINUX
+        if (!strncmp (name, "security.", 9)) {
                 send_fuse_err (this, finh, ENODATA);
                 GF_FREE (finh);
                 return;
@@ -3589,6 +3613,14 @@ init (xlator_t *this_xl)
                 GF_ASSERT (ret == 0);
         }
 
+        priv->acl = 0;
+        ret = dict_get_str (options, "acl", &value_string);
+        if (ret == 0) {
+                ret = gf_string2boolean (value_string, &priv->acl);
+                GF_ASSERT (ret == 0);
+        }
+
+
         priv->fuse_dump_fd = -1;
         ret = dict_get_str (options, "dump-fuse", &value_string);
         if (ret == 0) {
@@ -3638,10 +3670,18 @@ init (xlator_t *this_xl)
                 fsname = "glusterfs";
 
 
-        priv->fd = gf_fuse_mount (priv->mount_point, fsname,
-                                  "allow_other,default_permissions,"
-                                  "max_read=131072",
-                                  sync_mtab ? &ctx->mtab_pid : NULL);
+        if (priv->acl) {
+                priv->fd = gf_fuse_mount (priv->mount_point, fsname,
+                                          "allow_other,"
+                                          "max_read=131072",
+                                          sync_mtab ? &ctx->mtab_pid : NULL);
+        } else {
+                priv->fd = gf_fuse_mount (priv->mount_point, fsname,
+                                          "allow_other,default_permissions,"
+                                          "max_read=131072",
+                                          sync_mtab ? &ctx->mtab_pid : NULL);
+        }
+
         if (priv->fd == -1)
                 goto cleanup_exit;
 
diff --git a/xlators/mount/fuse/src/fuse-bridge.h b/xlators/mount/fuse/src/fuse-bridge.h
index b1e7637c1a2..163bc888109 100644
--- a/xlators/mount/fuse/src/fuse-bridge.h
+++ b/xlators/mount/fuse/src/fuse-bridge.h
@@ -55,9 +55,6 @@
 #include "list.h"
 #include "dict.h"
 
-/* TODO: when supporting posix acl, remove this definition */
-#define DISABLE_POSIX_ACL
-
 #if defined(GF_LINUX_HOST_OS) || defined(__NetBSD__)
 #define FUSE_OP_HIGH (FUSE_POLL + 1)
 #endif
@@ -68,6 +65,8 @@
 
 #define MAX_FUSE_PROC_DELAY 1
 
+#define DISABLE_SELINUX 1
+
 typedef struct fuse_in_header fuse_in_header_t;
 typedef void (fuse_handler_t) (xlator_t *this, fuse_in_header_t *finh,
                                void *msg);
@@ -107,6 +106,7 @@ struct fuse_private {
 
         pid_t                client_pid;
         gf_boolean_t         client_pid_set;
+        gf_boolean_t         acl;
 };
 typedef struct fuse_private fuse_private_t;
author	Anand Avati <avati@gluster.com>	2011-07-08 03:23:08 +0000
committer	Anand Avati <avati@gluster.com>	2011-07-08 02:25:59 -0700
commit	54aaf46e5b6e95fe9df257728b76f67bdb5dd17c (patch)
tree	fc402c9a91ff17bbd8bc99a8f83ea2ccadeaa41e
parent	8af1177029b7103ba84bc59eb58d7c5c8635e6cd (diff)