diff options
author | Raghavendra Bhat <raghavendra@redhat.com> | 2013-02-08 11:44:41 +0530 |
---|---|---|
committer | Anand Avati <avati@redhat.com> | 2013-02-17 12:01:55 -0800 |
commit | 614529c59123d3f2a20a6ee9a99d362a7d35e5b1 (patch) | |
tree | 5d84b15487aef4342b0737abdd1e442bb2b4f5de /rpc/rpc-lib/src/rpcsvc-auth.c | |
parent | 5b8cb263756a9d2beb5e70dca0b652286c7e6b67 (diff) |
rpc: bring in root-squashing behavior in rpc
* requests coming in as root are converted to nfsnobody
* with open-behind some acl checks wont happen and nfsnobody
can read the file "whose owner is root and other users do not
have permission to read the file". This is becasue open-behind
does not send the open to the brick and sends success to the
application, thus the acl related tests on the file wont happen
which would have prevented the file from being opened.
Change-Id: I73afbfd904f0beb3a2ebe807b938ac2fecd4976b
BUG: 887145
Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com>
Reviewed-on: http://review.gluster.org/4516
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'rpc/rpc-lib/src/rpcsvc-auth.c')
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc-auth.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c index 3a46cc498e5..907ae1ec9af 100644 --- a/rpc/rpc-lib/src/rpcsvc-auth.c +++ b/rpc/rpc-lib/src/rpcsvc-auth.c @@ -204,6 +204,21 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options) } int +rpcsvc_set_root_squash (rpcsvc_t *svc, dict_t *options) +{ + GF_ASSERT (svc); + GF_ASSERT (options); + + if (dict_get_str_boolean (options, "root-squash", 0)) + svc->root_squash = _gf_true; + + if (svc->root_squash) + gf_log (GF_RPCSVC, GF_LOG_DEBUG, "root squashing enabled "); + + return 0; +} + +int rpcsvc_auth_init (rpcsvc_t *svc, dict_t *options) { int ret = -1; @@ -212,6 +227,7 @@ rpcsvc_auth_init (rpcsvc_t *svc, dict_t *options) return -1; (void) rpcsvc_set_allow_insecure (svc, options); + (void) rpcsvc_set_root_squash (svc, options); ret = rpcsvc_auth_add_initers (svc); if (ret == -1) { gf_log (GF_RPCSVC, GF_LOG_ERROR, "Failed to add initers"); |