diff options
author | Kotresh HR <khiremat@redhat.com> | 2017-07-10 10:31:27 -0400 |
---|---|---|
committer | Shyamsundar Ranganathan <srangana@redhat.com> | 2017-07-31 15:05:23 +0000 |
commit | d446c0defab52977cfc6460c0bde0fde0f61e314 (patch) | |
tree | 55f6ead1a0626e1bdad3e4f83a6e7b949df5940a | |
parent | 4f0939bcc0ce3ea536ae705684769c714aa04a72 (diff) |
posix/gfid2path: Block access to gfid2path xattr via mount
gfid2path xattr is an internal xattr and should not be
allowed to modify by other applications from gluster
mount. This patch blocks the same.
> Updates: #139
> Change-Id: Id2cb29797ee1bd77e0e0d2203a47469fd7203355
> Signed-off-by: Kotresh HR <khiremat@redhat.com>
> Reviewed-on: https://review.gluster.org/17744
> Smoke: Gluster Build System <jenkins@build.gluster.org>
> Reviewed-by: Prashanth Pai <ppai@redhat.com>
> Reviewed-by: Raghavendra Bhat <raghavendra@redhat.com>
> Reviewed-by: Aravinda VK <avishwan@redhat.com>
> CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
(cherry picked from commit 96eece8abbb9c06f0b91f37e718ac9e337a3f714)
Updates: #139
Change-Id: Id2cb29797ee1bd77e0e0d2203a47469fd7203355
Signed-off-by: Kotresh HR <khiremat@redhat.com>
Reviewed-on: https://review.gluster.org/17869
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Prashanth Pai <ppai@redhat.com>
Reviewed-by: Aravinda VK <avishwan@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Shyamsundar Ranganathan <srangana@redhat.com>
-rw-r--r-- | libglusterfs/src/glusterfs.h | 1 | ||||
-rw-r--r-- | tests/gfid2path/block-mount-access.t | 54 | ||||
-rw-r--r-- | tests/volume.rc | 6 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix-gfid-path.c | 17 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix-gfid-path.h | 2 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix-helpers.c | 10 | ||||
-rw-r--r-- | xlators/storage/posix/src/posix.c | 17 |
7 files changed, 105 insertions, 2 deletions
diff --git a/libglusterfs/src/glusterfs.h b/libglusterfs/src/glusterfs.h index a8c94837635..fd659293504 100644 --- a/libglusterfs/src/glusterfs.h +++ b/libglusterfs/src/glusterfs.h @@ -122,6 +122,7 @@ #define GFID_XATTR_KEY "trusted.gfid" #define PGFID_XATTR_KEY_PREFIX "trusted.pgfid." #define GFID2PATH_XATTR_KEY_PREFIX "trusted.gfid2path." +#define GFID2PATH_XATTR_KEY_PREFIX_LENGTH 18 #define VIRTUAL_GFID_XATTR_KEY_STR "glusterfs.gfid.string" #define VIRTUAL_GFID_XATTR_KEY "glusterfs.gfid" #define UUID_CANONICAL_FORM_LEN 36 diff --git a/tests/gfid2path/block-mount-access.t b/tests/gfid2path/block-mount-access.t new file mode 100644 index 00000000000..2130927504a --- /dev/null +++ b/tests/gfid2path/block-mount-access.t @@ -0,0 +1,54 @@ +#!/bin/bash + +. $(dirname $0)/../include.rc +. $(dirname $0)/../volume.rc +. $(dirname $0)/../afr.rc + +cleanup; + +TEST glusterd +TEST pidof glusterd + +## Create a 2*2 volume +TEST $CLI volume create $V0 replica 2 $H0:$B0/${V0}{0,1} +EXPECT "$V0" volinfo_field $V0 'Volume Name'; +EXPECT 'Created' volinfo_field $V0 'Status'; + +## Start the volume +TEST $CLI volume start $V0 +EXPECT_WITHIN $PROCESS_UP_TIMEOUT "Y" glustershd_up_status +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" afr_child_up_status_in_shd $V0 0 +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" afr_child_up_status_in_shd $V0 1 +TEST $GFS --volfile-id=$V0 --volfile-server=$H0 $M0; + +## enable gfid2path +TEST $CLI volume set $V0 gfid2path enable + +## Mount the volume +TEST $GFS --volfile-server=$H0 --volfile-id=$V0 $M0; + +#CREATE +fname=$M0/file1 +touch $fname; +backpath=$B0/${V0}1/file1 + +pgfid="00000000-0000-0000-0000-000000000001" + +#Check for the presence of xattr +key="trusted.gfid2path" +gfid2path_xattr=$(getfattr -h -d -m. $backpath 2>/dev/null | grep -a $key | cut -f1 -d'=') + +#Check getxattr +TEST ! getfattr -h -n $gfid2path_xattr $M0/file1 + +#Check listgetxattr +EXPECT_NOT $gfid2path_xattr get_xattr_key $key $M0/file1 + +#Check removexattr +TEST ! setfattr -h -x $gfid2path_xattr $M0/file1 + +#Check setxattr +TEST ! setfattr -h -n "trusted.gfid2path.d16e15bafe6e4257" -v "$pgfid/file2" $M0/file1 + +#Cleanup +cleanup; diff --git a/tests/volume.rc b/tests/volume.rc index 935382b8531..402bb9dbf19 100644 --- a/tests/volume.rc +++ b/tests/volume.rc @@ -359,6 +359,12 @@ function get_text_xattr { getfattr -h -d -m. -e text $path 2>/dev/null | grep -a $key | cut -f2 -d'=' } +function get_xattr_key { + local key=$1 + local path=$2 + getfattr -h -d -m. -e text $path 2>/dev/null | grep -a $key | cut -f1 -d'=' +} + function gf_check_file_opened_in_brick { vol=$1 host=$2 diff --git a/xlators/storage/posix/src/posix-gfid-path.c b/xlators/storage/posix/src/posix-gfid-path.c index 500f4d81c24..7529f559fc7 100644 --- a/xlators/storage/posix/src/posix-gfid-path.c +++ b/xlators/storage/posix/src/posix-gfid-path.c @@ -32,7 +32,8 @@ posix_set_gfid2path_xattr (xlator_t *this, const char *path, uuid_t pgfid, bname); gf_xxh64_wrapper ((unsigned char *) pgfid_bname, strlen(pgfid_bname), GF_XXHSUM64_DEFAULT_SEED, xxh64); - key_size = strlen(GFID2PATH_XATTR_KEY_PREFIX) + GF_XXH64_DIGEST_LENGTH*2+1; + key_size = GFID2PATH_XATTR_KEY_PREFIX_LENGTH + + GF_XXH64_DIGEST_LENGTH*2 + 1; key = alloca (key_size); snprintf (key, key_size, GFID2PATH_XATTR_KEY_PREFIX"%s", xxh64); @@ -68,7 +69,8 @@ posix_remove_gfid2path_xattr (xlator_t *this, const char *path, bname); gf_xxh64_wrapper ((unsigned char *) pgfid_bname, strlen(pgfid_bname), GF_XXHSUM64_DEFAULT_SEED, xxh64); - key_size = strlen(GFID2PATH_XATTR_KEY_PREFIX) + GF_XXH64_DIGEST_LENGTH*2+1; + key_size = GFID2PATH_XATTR_KEY_PREFIX_LENGTH + + GF_XXH64_DIGEST_LENGTH*2 + 1; key = alloca (key_size); snprintf (key, key_size, GFID2PATH_XATTR_KEY_PREFIX"%s", xxh64); @@ -83,3 +85,14 @@ posix_remove_gfid2path_xattr (xlator_t *this, const char *path, err: return -1; } + +gf_boolean_t +posix_is_gfid2path_xattr (const char *name) +{ + if (name && strncmp (GFID2PATH_XATTR_KEY_PREFIX, name, + GFID2PATH_XATTR_KEY_PREFIX_LENGTH) == 0) { + return _gf_true; + } else { + return _gf_false; + } +} diff --git a/xlators/storage/posix/src/posix-gfid-path.h b/xlators/storage/posix/src/posix-gfid-path.h index dbe0c59540d..b1a23752e8f 100644 --- a/xlators/storage/posix/src/posix-gfid-path.h +++ b/xlators/storage/posix/src/posix-gfid-path.h @@ -22,4 +22,6 @@ posix_set_gfid2path_xattr (xlator_t *, const char *, uuid_t, int32_t posix_remove_gfid2path_xattr (xlator_t *, const char *, uuid_t, const char *); +gf_boolean_t +posix_is_gfid2path_xattr (const char *name); #endif /* _POSIX_GFID_PATH_H */ diff --git a/xlators/storage/posix/src/posix-helpers.c b/xlators/storage/posix/src/posix-helpers.c index 1047c2d6247..e4cd5d6050b 100644 --- a/xlators/storage/posix/src/posix-helpers.c +++ b/xlators/storage/posix/src/posix-helpers.c @@ -50,6 +50,7 @@ #include "glusterfs3-xdr.h" #include "hashfn.h" #include "glusterfs-acl.h" +#include "posix-gfid-path.h" #include "events.h" #include "glusterfsd.h" #include <sys/types.h> @@ -756,6 +757,9 @@ _handle_list_xattr (dict_t *xattr_req, const char *real_path, int fdnum, if (posix_handle_georep_xattrs (NULL, key, NULL, _gf_false)) goto next; + if (posix_is_gfid2path_xattr (key)) + goto next; + if (dict_get (filler->xattr, key)) goto next; @@ -1139,6 +1143,9 @@ posix_handle_pair (xlator_t *this, const char *real_path, if (XATTR_IS_PATHINFO (key)) { ret = -EACCES; goto out; + } else if (posix_is_gfid2path_xattr (key)) { + ret = -ENOTSUP; + goto out; } else if (ZR_FILE_CONTENT_REQUEST(key)) { ret = posix_set_file_contents (this, real_path, key, value, flags); @@ -1198,6 +1205,9 @@ posix_fhandle_pair (xlator_t *this, int fd, if (XATTR_IS_PATHINFO (key)) { ret = -EACCES; goto out; + } else if (posix_is_gfid2path_xattr (key)) { + ret = -ENOTSUP; + goto out; } else if (!strncmp(key, POSIX_ACL_ACCESS_XATTR, strlen(key)) && stbuf && IS_DHT_LINKFILE_MODE (stbuf)) { goto out; diff --git a/xlators/storage/posix/src/posix.c b/xlators/storage/posix/src/posix.c index e8ef510ea07..dc8a129cacb 100644 --- a/xlators/storage/posix/src/posix.c +++ b/xlators/storage/posix/src/posix.c @@ -4516,6 +4516,12 @@ posix_getxattr (call_frame_t *frame, xlator_t *this, goto out; } + if (name && posix_is_gfid2path_xattr (name)) { + op_ret = -1; + op_errno = ENOATTR; + goto out; + } + if (loc->inode && IA_ISDIR(loc->inode->ia_type) && name && ZR_FILE_CONTENT_REQUEST(name)) { ret = posix_get_file_contents (this, loc->gfid, &name[15], @@ -4862,6 +4868,11 @@ posix_getxattr (call_frame_t *frame, xlator_t *this, _gf_false); if (ret == -1) goto ignore; + + if (posix_is_gfid2path_xattr (keybuffer)) { + goto ignore; + } + memset (value_buf, '\0', sizeof(value_buf)); have_val = _gf_false; size = sys_lgetxattr (real_path, keybuffer, value_buf, @@ -5422,6 +5433,12 @@ posix_common_removexattr (call_frame_t *frame, loc_t *loc, fd_t *fd, inode = fd->inode; } + if (posix_is_gfid2path_xattr (name)) { + op_ret = -1; + *op_errno = ENOATTR; + goto out; + } + if (gf_get_index_by_elem (disallow_removexattrs, (char *)name) >= 0) { gf_msg (this->name, GF_LOG_WARNING, 0, P_MSG_XATTR_NOT_REMOVED, "Remove xattr called on %s for file/dir %s with gfid: " |