summaryrefslogtreecommitdiffstats
path: root/xlators/nfs/server
diff options
context:
space:
mode:
authorShehjar Tikoo <shehjart@gluster.com>2010-12-20 00:24:33 +0000
committerAnand V. Avati <avati@dev.gluster.com>2010-12-27 20:51:05 -0800
commit48f3faaa492b7a6f93e1f3d79cb66b34fd080468 (patch)
treeb33be507c9ce669a85fed66feaa9de9ef0ea2ae6 /xlators/nfs/server
parentd0fff8965875ed7e7cee223bd2c7b12df10cb6d7 (diff)
nfs3: Access cbk must account for auxgids on group access checks
Signed-off-by: Shehjar Tikoo <shehjart@gluster.com> Signed-off-by: Anand V. Avati <avati@dev.gluster.com> BUG: 2045 (Write permission denied for non-primary group membership) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2045
Diffstat (limited to 'xlators/nfs/server')
-rw-r--r--xlators/nfs/server/src/nfs3-helpers.c21
-rw-r--r--xlators/nfs/server/src/nfs3-helpers.h2
-rw-r--r--xlators/nfs/server/src/nfs3.c6
3 files changed, 23 insertions, 6 deletions
diff --git a/xlators/nfs/server/src/nfs3-helpers.c b/xlators/nfs/server/src/nfs3-helpers.c
index dabcdc82ea7..a74a9041290 100644
--- a/xlators/nfs/server/src/nfs3-helpers.c
+++ b/xlators/nfs/server/src/nfs3-helpers.c
@@ -677,20 +677,33 @@ nfs3_superuser_accessbits (ia_prot_t prot, ia_type_t type, uint32_t request)
uint32_t
nfs3_stat_to_accessbits (struct iatt *buf, uint32_t request, uid_t uid,
- gid_t gid)
+ gid_t gid, gid_t *auxgids, int gids)
{
uint32_t accresult = 0;
ia_prot_t prot = {0, };
ia_type_t type = 0;
+ int testgid = -1;
+ int x = 0;
prot = buf->ia_prot;
type = buf->ia_type;
+ if (buf->ia_gid == gid)
+ testgid = gid;
+ else {
+ for (; x < gids; ++x) {
+ if (buf->ia_gid == auxgids[x]) {
+ testgid = buf->ia_gid;
+ break;
+ }
+ }
+ }
+
if (uid == 0)
accresult = nfs3_superuser_accessbits (prot, type, request);
else if (buf->ia_uid == uid)
accresult = nfs3_owner_accessbits (prot, type, request);
- else if (buf->ia_gid == gid)
+ else if ((testgid != -1) && (buf->ia_gid == testgid))
accresult = nfs3_group_accessbits (prot, type, request);
else
accresult = nfs3_other_accessbits (prot, type, request);
@@ -702,7 +715,7 @@ nfs3_stat_to_accessbits (struct iatt *buf, uint32_t request, uid_t uid,
void
nfs3_fill_access3res (access3res *res, nfsstat3 status, struct iatt *buf,
uint32_t accbits, uid_t uid, gid_t gid,
- uint64_t deviceid)
+ uint64_t deviceid, gid_t *gidarr, int gids)
{
post_op_attr objattr;
uint32_t accres = 0;
@@ -714,7 +727,7 @@ nfs3_fill_access3res (access3res *res, nfsstat3 status, struct iatt *buf,
nfs3_map_deviceid_to_statdev (buf, deviceid);
objattr = nfs3_stat_to_post_op_attr (buf);
- accres = nfs3_stat_to_accessbits (buf, accbits, uid, gid);
+ accres = nfs3_stat_to_accessbits (buf, accbits, uid, gid, gidarr, gids);
res->access3res_u.resok.obj_attributes = objattr;
res->access3res_u.resok.access = accres;
diff --git a/xlators/nfs/server/src/nfs3-helpers.h b/xlators/nfs/server/src/nfs3-helpers.h
index 7281dbb7d24..8fb11ff15d1 100644
--- a/xlators/nfs/server/src/nfs3-helpers.h
+++ b/xlators/nfs/server/src/nfs3-helpers.h
@@ -101,7 +101,7 @@ nfs3_prep_access3args (access3args *args, struct nfs3_fh *fh);
extern void
nfs3_fill_access3res (access3res *res, nfsstat3 status, struct iatt *buf,
uint32_t accbits, uid_t uid, gid_t gid,
- uint64_t deviceid);
+ uint64_t deviceid, gid_t *auxgids, int gids);
extern char *
nfs3_fhcache_getpath (struct nfs3_state *nfs3, struct nfs3_fh *fh);
diff --git a/xlators/nfs/server/src/nfs3.c b/xlators/nfs/server/src/nfs3.c
index 443ec5265d8..46f7f7c5ce2 100644
--- a/xlators/nfs/server/src/nfs3.c
+++ b/xlators/nfs/server/src/nfs3.c
@@ -1320,11 +1320,15 @@ nfs3_access_reply (rpcsvc_request_t *req, nfsstat3 status, struct iatt *buf,
{
access3res res;
uint64_t deviceid = 0;
+ gid_t *gidarr = NULL;
+ int gids = 0;
deviceid = nfs3_request_xlator_deviceid (req);
+ gidarr = nfs_rpcsvc_auth_unix_auxgids (req, &gids);
nfs3_fill_access3res (&res, status, buf, accbits,
nfs_rpcsvc_request_uid (req),
- nfs_rpcsvc_request_gid (req), deviceid);
+ nfs_rpcsvc_request_gid (req), deviceid, gidarr,
+ gids);
nfs3svc_submit_reply (req, &res,
(nfs3_serializer)xdr_serialize_access3res);
return 0;