diff options
author | Sachin Pandit <spandit@redhat.com> | 2014-11-25 07:20:38 +0530 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2014-12-01 08:04:06 -0800 |
commit | eee41566697583f74784d9f9ff78651535d6eb91 (patch) | |
tree | b84841671ca459ae8e3e07999d4eb37999af0f9d | |
parent | a93164cd2a7f7ec37cf30d52b1a73fdc211981c3 (diff) |
USS : fill proper uid and gid during a access call from nfs
Problem : when an user tries to access a file/folder for which
he does not have a proper permission required then fuse gives out
a proper error "Permission denied", but nfs does not give out that
error, rather he can access the file/folder. The reason being uid and
gid of call frame stack takes a default value of uid and gid which
point to root permission.
Solution : Set a proper uid and gid during a access call from nfs
Change-Id: Ib060706fde66ec7e60f242fab1f3e59122ed2245
BUG: 1167580
Signed-off-by: Sachin Pandit <spandit@redhat.com>
Reviewed-on: http://review.gluster.org/9194
Reviewed-by: Vijaikumar Mallikarjuna <vmallika@redhat.com>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
-rw-r--r-- | tests/bugs/bug-1167580-set-proper-uid-and-gid-during-nfs-access.t | 201 | ||||
-rw-r--r-- | xlators/features/snapview-server/src/snapview-server.c | 7 |
2 files changed, 207 insertions, 1 deletions
diff --git a/tests/bugs/bug-1167580-set-proper-uid-and-gid-during-nfs-access.t b/tests/bugs/bug-1167580-set-proper-uid-and-gid-during-nfs-access.t new file mode 100644 index 00000000000..1eb3d55e36c --- /dev/null +++ b/tests/bugs/bug-1167580-set-proper-uid-and-gid-during-nfs-access.t @@ -0,0 +1,201 @@ +#!/bin/bash +. $(dirname $0)/../include.rc +. $(dirname $0)/../nfs.rc +. $(dirname $0)/../volume.rc +. $(dirname $0)/../snapshot.rc + +# This function returns a value "Y" if user can execute +# the given command. Else it will return "N" +# @arg-1 : Name of the user +# @arg-2 : Path of the file +# @arg-3 : command to be executed +function check_if_permitted () { + local usr=$1 + local path=$2 + local cmd=$3 + local var + local ret + var=$(su - $usr -c "$cmd $path") + ret=$? + + if [ "$cmd" == "cat" ] + then + if [ "$var" == "Test" ] + then + echo "Y" + else + echo "N" + fi + else + if [ "$ret" == "0" ] + then + echo "Y" + else + echo "N" + fi + fi +} + +# Create a directory in /tmp to specify which directory to make +# as home directory for user +home_dir=$(cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w 8 | head -n 1) +home_dir="/tmp/bug-1167580-$home_dir" +mkdir $home_dir + +function get_new_user() { + local temp=$(cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w 8 | head -n 1) + id $temp + if [ "$?" == "0" ] + then + get_new_user + else + echo $temp + fi +} + +function create_user() { + local user=$1 + local group=$2 + + if [ "$group" == "" ] + then + useradd -d $home_dir/$user $user + else + useradd -d $home_dir/$user -G $group $user + fi + + return $? +} + +cleanup; + +TEST setup_lvm 1 +TEST glusterd + +TEST $CLI volume create $V0 $H0:$L1 +TEST $CLI volume start $V0 + +# Mount the volume as both fuse and nfs mount +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available +TEST glusterfs -s $H0 --volfile-id $V0 $M0 +TEST mount_nfs $H0:/$V0 $N0 nolock + +# Create 2 user +user1=$(get_new_user) +create_user $user1 +user2=$(get_new_user) +create_user $user2 + +# create a file for which only user1 has access +echo "Test" > $M0/README +chown $user1 $M0/README +chmod 700 $M0/README + +# enable uss and take a snapshot +TEST $CLI volume set $V0 uss enable +TEST $CLI snapshot config activate-on-create on +TEST $CLI snapshot create snap1 $V0 + +# try to access the file using user1 account. +# It should succeed with both normal mount and snapshot world. +# There is time delay in which snapd might not have got the notification +# from glusterd about snapshot create hence using "EXPECT_WITHIN" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" check_if_permitted $user1 $M0/README cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" check_if_permitted $user1 $N0/README cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" check_if_permitted $user1 $M0/.snaps/snap1/README cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" check_if_permitted $user1 $N0/.snaps/snap1/README cat + + +# try to access the file using user2 account +# It should fail from both normal mount and snapshot world +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user2 $M0/README cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user2 $N0/README cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user2 $M0/.snaps/snap1/README cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user2 $N0/.snaps/snap1/README cat + +# We need to test another scenario where user belonging to one group +# tries to access files from user belonging to another group +# instead of using the already created users and making the test case look complex +# I thought of using two different users. + +# The test case written below does the following things +# 1) Create 2 users (user{3,4}), belonging to 2 different groups (group{3,4}) +# 2) Take a snapshot "snap2" +# 3) Create a file for which only users belonging to group3 have +# permission to read +# 4) Test various combinations of Read-Write, Fuse-NFS mount, User{3,4,5} +# from both normal mount, and USS world. + +echo "Test" > $M0/file3 + +chmod 740 $M0/file3 + +group3=$(get_new_user) +groupadd $group3 + +group4=$(get_new_user) +groupadd $group4 + +user3=$(get_new_user) +create_user $user3 $group3 + +user4=$(get_new_user) +create_user $user4 $group4 + +user5=$(get_new_user) +create_user $user5 + +chgrp $group3 $M0/file3 + +TEST $CLI snapshot create snap2 $V0 + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" check_if_permitted $user3 $M0/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" check_if_permitted $user3 $M0/.snaps/snap2/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user3 $M0/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user3 $M0/.snaps/snap2/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" check_if_permitted $user3 $N0/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" check_if_permitted $user3 $N0/.snaps/snap2/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user3 $N0/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user3 $N0/.snaps/snap2/file3 "echo Hello >" + + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user4 $M0/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user4 $M0/.snaps/snap2/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user4 $M0/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user4 $M0/.snaps/snap2/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user4 $N0/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user4 $N0/.snaps/snap2/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user4 $N0/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user4 $N0/.snaps/snap2/file3 "echo Hello >" + +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user5 $M0/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user5 $M0/.snaps/snap2/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user5 $M0/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user5 $M0/.snaps/snap2/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user5 $N0/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user5 $N0/.snaps/snap2/file3 cat +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user5 $N0/file3 "echo Hello >" +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "N" check_if_permitted $user5 $N0/.snaps/snap2/file3 "echo Hello >" + +# cleanup +/usr/sbin/userdel -f -r $user1 +/usr/sbin/userdel -f -r $user2 +/usr/sbin/userdel -f -r $user3 +/usr/sbin/userdel -f -r $user4 +/usr/sbin/userdel -f -r $user5 + +#cleanup all the home directory which is created as part of this test case +if [ -d "$home_dir" ] +then + rm -rf $home_dir +fi + + +groupdel $group3 +groupdel $group4 + +TEST $CLI snapshot delete all + +cleanup; + + diff --git a/xlators/features/snapview-server/src/snapview-server.c b/xlators/features/snapview-server/src/snapview-server.c index d66150e769a..8655bf5636c 100644 --- a/xlators/features/snapview-server/src/snapview-server.c +++ b/xlators/features/snapview-server/src/snapview-server.c @@ -2016,8 +2016,13 @@ svs_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask, fuse and nfs. So set frame->root->pid as fspid of the syncop if the call came from nfs */ - if (!is_fuse_call) + if (!is_fuse_call) { syncopctx_setfspid (&frame->root->pid); + syncopctx_setfsuid (&frame->root->uid); + syncopctx_setfsgid (&frame->root->gid); + syncopctx_setfsgroups (frame->root->ngrps, + frame->root->groups); + } ret = glfs_h_access (fs, object, mask); if (ret < 0) { |