diff options
author | Shehjar Tikoo <shehjart@gluster.com> | 2010-04-07 07:25:39 +0000 |
---|---|---|
committer | Anand V. Avati <avati@dev.gluster.com> | 2010-04-08 03:08:11 -0700 |
commit | e78fb59b75a455127c004dd751ebcc4af1b14124 (patch) | |
tree | 3d9c6eaacad6726bc2ac64404b1a434a0b2fdb14 /xlators/nfs/server/src/nfs3-helpers.c | |
parent | 3642cd246ea598d7a72dff74f49b78964678719c (diff) |
nfs3: Allow all access to superuser except execute at all times
During building glusterfs from source, the make phase fails because the
access test by super user actually returns the access test bits using
only the user, group and other, without accounting for the special
status of super-user.
This results in a permission denied for the super-user.
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>
BUG: 807 (GlusterFS compilation fails on NFS Client)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=807
Diffstat (limited to 'xlators/nfs/server/src/nfs3-helpers.c')
-rw-r--r-- | xlators/nfs/server/src/nfs3-helpers.c | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/xlators/nfs/server/src/nfs3-helpers.c b/xlators/nfs/server/src/nfs3-helpers.c index 04454ee192c..93731ae4d88 100644 --- a/xlators/nfs/server/src/nfs3-helpers.c +++ b/xlators/nfs/server/src/nfs3-helpers.c @@ -619,6 +619,37 @@ nfs3_other_accessbits (ia_prot_t prot, ia_type_t type, uint32_t request) uint32_t +nfs3_superuser_accessbits (ia_prot_t prot, ia_type_t type, uint32_t request) +{ + uint32_t accresult = 0; + + if (request & ACCESS3_READ) + accresult |= ACCESS3_READ; + + if (request & ACCESS3_LOOKUP) + if (IA_ISDIR (type)) + accresult |= ACCESS3_LOOKUP; + + if (request & ACCESS3_MODIFY) + accresult |= ACCESS3_MODIFY; + + if (request & ACCESS3_EXTEND) + accresult |= ACCESS3_EXTEND; + + /* ACCESS3_DELETE is ignored for now since that requires + * knowing the permissions on the parent directory. + */ + + if (request & ACCESS3_EXECUTE) + if ((IA_PROT_XOTH (prot) || IA_PROT_XUSR (prot) || + IA_PROT_XGRP (prot)) && (!IA_ISDIR (type))) + accresult |= ACCESS3_EXECUTE; + + return accresult; +} + + +uint32_t nfs3_stat_to_accessbits (struct iatt *buf, uint32_t request, uid_t uid, gid_t gid) { @@ -629,7 +660,9 @@ nfs3_stat_to_accessbits (struct iatt *buf, uint32_t request, uid_t uid, prot = buf->ia_prot; type = buf->ia_type; - if (buf->ia_uid == uid) + if (uid == 0) + accresult = nfs3_superuser_accessbits (prot, type, request); + else if (buf->ia_uid == uid) accresult = nfs3_owner_accessbits (prot, type, request); else if (buf->ia_gid == gid) accresult = nfs3_group_accessbits (prot, type, request); |