diff options
Diffstat (limited to 'xlators/system')
-rw-r--r-- | xlators/system/posix-acl/src/posix-acl-xattr.c | 229 | ||||
-rw-r--r-- | xlators/system/posix-acl/src/posix-acl.c | 3373 |
2 files changed, 1738 insertions, 1864 deletions
diff --git a/xlators/system/posix-acl/src/posix-acl-xattr.c b/xlators/system/posix-acl/src/posix-acl-xattr.c index 3c8826568ca..73f22dabc3d 100644 --- a/xlators/system/posix-acl/src/posix-acl-xattr.c +++ b/xlators/system/posix-acl/src/posix-acl-xattr.c @@ -14,167 +14,160 @@ #include "posix-acl.h" #include "posix-acl-xattr.h" - int -posix_ace_cmp (const void *val1, const void *val2) +posix_ace_cmp(const void *val1, const void *val2) { - const struct posix_ace *ace1 = NULL; - const struct posix_ace *ace2 = NULL; - int ret = 0; + const struct posix_ace *ace1 = NULL; + const struct posix_ace *ace2 = NULL; + int ret = 0; - ace1 = val1; - ace2 = val2; + ace1 = val1; + ace2 = val2; - ret = (ace1->tag - ace2->tag); - if (!ret) - ret = (ace1->id - ace2->id); + ret = (ace1->tag - ace2->tag); + if (!ret) + ret = (ace1->id - ace2->id); - return ret; + return ret; } - void -posix_acl_normalize (xlator_t *this, struct posix_acl *acl) +posix_acl_normalize(xlator_t *this, struct posix_acl *acl) { - qsort (acl->entries, acl->count, sizeof (struct posix_ace *), - posix_ace_cmp); + qsort(acl->entries, acl->count, sizeof(struct posix_ace *), posix_ace_cmp); } - struct posix_acl * -posix_acl_from_xattr (xlator_t *this, const char *xattr_buf, int xattr_size) +posix_acl_from_xattr(xlator_t *this, const char *xattr_buf, int xattr_size) { - struct posix_acl_xattr_header *header = NULL; - struct posix_acl_xattr_entry *entry = NULL; - struct posix_acl *acl = NULL; - struct posix_ace *ace = NULL; - int size = 0; - int count = 0; - int i = 0; + struct posix_acl_xattr_header *header = NULL; + struct posix_acl_xattr_entry *entry = NULL; + struct posix_acl *acl = NULL; + struct posix_ace *ace = NULL; + int size = 0; + int count = 0; + int i = 0; - size = xattr_size; + size = xattr_size; - if (size < sizeof (*header)) - return NULL; - - size -= sizeof (*header); + if (size < sizeof(*header)) + return NULL; - if (size % sizeof (*entry)) - return NULL; + size -= sizeof(*header); - count = size / sizeof (*entry); + if (size % sizeof(*entry)) + return NULL; - header = (struct posix_acl_xattr_header *) (xattr_buf); - entry = (struct posix_acl_xattr_entry *) (header + 1); + count = size / sizeof(*entry); - if (header->version != htole32 (POSIX_ACL_XATTR_VERSION)) - return NULL; + header = (struct posix_acl_xattr_header *)(xattr_buf); + entry = (struct posix_acl_xattr_entry *)(header + 1); - acl = posix_acl_new (this, count); - if (!acl) - return NULL; + if (header->version != htole32(POSIX_ACL_XATTR_VERSION)) + return NULL; - ace = acl->entries; + acl = posix_acl_new(this, count); + if (!acl) + return NULL; - for (i = 0; i < count; i++) { - ace->tag = letoh16 (entry->tag); - ace->perm = letoh16 (entry->perm); + ace = acl->entries; - switch (ace->tag) { - case POSIX_ACL_USER_OBJ: - case POSIX_ACL_MASK: - case POSIX_ACL_OTHER: - ace->id = POSIX_ACL_UNDEFINED_ID; - break; + for (i = 0; i < count; i++) { + ace->tag = letoh16(entry->tag); + ace->perm = letoh16(entry->perm); - case POSIX_ACL_GROUP: - case POSIX_ACL_USER: - case POSIX_ACL_GROUP_OBJ: - ace->id = letoh32 (entry->id); - break; + switch (ace->tag) { + case POSIX_ACL_USER_OBJ: + case POSIX_ACL_MASK: + case POSIX_ACL_OTHER: + ace->id = POSIX_ACL_UNDEFINED_ID; + break; - default: - goto err; - } + case POSIX_ACL_GROUP: + case POSIX_ACL_USER: + case POSIX_ACL_GROUP_OBJ: + ace->id = letoh32(entry->id); + break; - ace++; - entry++; + default: + goto err; } - posix_acl_normalize (this, acl); + ace++; + entry++; + } + + posix_acl_normalize(this, acl); - return acl; + return acl; err: - posix_acl_destroy (this, acl); - return NULL; + posix_acl_destroy(this, acl); + return NULL; } - int -posix_acl_to_xattr (xlator_t *this, struct posix_acl *acl, char *xattr_buf, - int xattr_size) +posix_acl_to_xattr(xlator_t *this, struct posix_acl *acl, char *xattr_buf, + int xattr_size) { - int size = 0; - struct posix_acl_xattr_header *header = NULL; - struct posix_acl_xattr_entry *entry = NULL; - struct posix_ace *ace = NULL; - int i = 0; - - size = sizeof (*header) + (acl->count * sizeof (*entry)); - - if (xattr_size < size) - return size; - - header = (struct posix_acl_xattr_header *) (xattr_buf); - entry = (struct posix_acl_xattr_entry *) (header + 1); - ace = acl->entries; - - header->version = htole32 (POSIX_ACL_XATTR_VERSION); - - for (i = 0; i < acl->count; i++) { - entry->tag = htole16 (ace->tag); - entry->perm = htole16 (ace->perm); - - switch (ace->tag) { - case POSIX_ACL_USER: - case POSIX_ACL_GROUP: - entry->id = htole32 (ace->id); - break; - default: - entry->id = POSIX_ACL_UNDEFINED_ID; - break; - } - - ace++; - entry++; + int size = 0; + struct posix_acl_xattr_header *header = NULL; + struct posix_acl_xattr_entry *entry = NULL; + struct posix_ace *ace = NULL; + int i = 0; + + size = sizeof(*header) + (acl->count * sizeof(*entry)); + + if (xattr_size < size) + return size; + + header = (struct posix_acl_xattr_header *)(xattr_buf); + entry = (struct posix_acl_xattr_entry *)(header + 1); + ace = acl->entries; + + header->version = htole32(POSIX_ACL_XATTR_VERSION); + + for (i = 0; i < acl->count; i++) { + entry->tag = htole16(ace->tag); + entry->perm = htole16(ace->perm); + + switch (ace->tag) { + case POSIX_ACL_USER: + case POSIX_ACL_GROUP: + entry->id = htole32(ace->id); + break; + default: + entry->id = POSIX_ACL_UNDEFINED_ID; + break; } - return 0; -} + ace++; + entry++; + } + return 0; +} int -posix_acl_matches_xattr (xlator_t *this, struct posix_acl *acl, const char *buf, - int size) +posix_acl_matches_xattr(xlator_t *this, struct posix_acl *acl, const char *buf, + int size) { - struct posix_acl *acl2 = NULL; - int ret = 1; + struct posix_acl *acl2 = NULL; + int ret = 1; - acl2 = posix_acl_from_xattr (this, buf, size); - if (!acl2) - return 0; + acl2 = posix_acl_from_xattr(this, buf, size); + if (!acl2) + return 0; - if (acl->count != acl2->count) { - ret = 0; - goto out; - } + if (acl->count != acl2->count) { + ret = 0; + goto out; + } - if (memcmp (acl->entries, acl2->entries, - (acl->count * sizeof (struct posix_ace)))) - ret = 0; + if (memcmp(acl->entries, acl2->entries, + (acl->count * sizeof(struct posix_ace)))) + ret = 0; out: - posix_acl_destroy (this, acl2); + posix_acl_destroy(this, acl2); - return ret; + return ret; } - diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c index dd01d3e0f38..9183105ca00 100644 --- a/xlators/system/posix-acl/src/posix-acl.c +++ b/xlators/system/posix-acl/src/posix-acl.c @@ -21,2071 +21,1976 @@ #define UINT64(ptr) ((uint64_t)((long)(ptr))) #define PTR(num) ((void *)((long)(num))) - int32_t -mem_acct_init (xlator_t *this) +mem_acct_init(xlator_t *this) { - int ret = -1; + int ret = -1; - if (!this) - return ret; + if (!this) + return ret; - ret = xlator_mem_acct_init (this, gf_posix_acl_mt_end + 1); - - if (ret != 0) { - gf_log(this->name, GF_LOG_ERROR, "Memory accounting init" - "failed"); - return ret; - } + ret = xlator_mem_acct_init(this, gf_posix_acl_mt_end + 1); + if (ret != 0) { + gf_log(this->name, GF_LOG_ERROR, + "Memory accounting init" + "failed"); return ret; + } + + return ret; } static uid_t -r00t () +r00t() { - struct posix_acl_conf *conf = NULL; + struct posix_acl_conf *conf = NULL; - conf = THIS->private; + conf = THIS->private; - return conf->super_uid; + return conf->super_uid; } - int -whitelisted_xattr (const char *key) +whitelisted_xattr(const char *key) { - if (!key) - return 0; - - if (strcmp (POSIX_ACL_ACCESS_XATTR, key) == 0) - return 1; - if (strcmp (POSIX_ACL_DEFAULT_XATTR, key) == 0) - return 1; - if (strcmp (GF_POSIX_ACL_ACCESS, key) == 0) - return 1; - if (strcmp (GF_POSIX_ACL_DEFAULT, key) == 0) - return 1; + if (!key) return 0; -} + if (strcmp(POSIX_ACL_ACCESS_XATTR, key) == 0) + return 1; + if (strcmp(POSIX_ACL_DEFAULT_XATTR, key) == 0) + return 1; + if (strcmp(GF_POSIX_ACL_ACCESS, key) == 0) + return 1; + if (strcmp(GF_POSIX_ACL_DEFAULT, key) == 0) + return 1; + return 0; +} int -frame_is_user (call_frame_t *frame, uid_t uid) +frame_is_user(call_frame_t *frame, uid_t uid) { - return (frame->root->uid == uid); + return (frame->root->uid == uid); } - int -frame_is_super_user (call_frame_t *frame) +frame_is_super_user(call_frame_t *frame) { - int ret; + int ret; - ret = frame_is_user (frame, r00t()); - if (!ret) - ret = frame_is_user (frame, 0); + ret = frame_is_user(frame, r00t()); + if (!ret) + ret = frame_is_user(frame, 0); - return ret; + return ret; } - int -frame_in_group (call_frame_t *frame, gid_t gid) +frame_in_group(call_frame_t *frame, gid_t gid) { - int i = 0; + int i = 0; - if (frame->root->gid == gid) - return 1; + if (frame->root->gid == gid) + return 1; - for (i = 0; i < frame->root->ngrps; i++) - if (frame->root->groups[i] == gid) - return 1; - return 0; + for (i = 0; i < frame->root->ngrps; i++) + if (frame->root->groups[i] == gid) + return 1; + return 0; } - mode_t -posix_acl_access_set_mode (struct posix_acl *acl, struct posix_acl_ctx *ctx) -{ - struct posix_ace *ace = NULL; - struct posix_ace *group_ce = NULL; - struct posix_ace *mask_ce = NULL; - int count = 0; - int i = 0; - mode_t mode = 0; - int mask = 0; - - count = acl->count; - - ace = acl->entries; - for (i = 0; i < count; i++) { - switch (ace->tag) { - case POSIX_ACL_USER_OBJ: - mask |= S_IRWXU; - mode |= (ace->perm << 6); - break; - case POSIX_ACL_GROUP_OBJ: - group_ce = ace; - break; - case POSIX_ACL_MASK: - mask_ce = ace; - break; - case POSIX_ACL_OTHER: - mask |= S_IRWXO; - mode |= (ace->perm); - break; - } - ace++; - } - - if (mask_ce) { - mask |= S_IRWXG; - mode |= (mask_ce->perm << 3); - } else { - if (!group_ce) - goto out; - mask |= S_IRWXG; - mode |= (group_ce->perm << 3); +posix_acl_access_set_mode(struct posix_acl *acl, struct posix_acl_ctx *ctx) +{ + struct posix_ace *ace = NULL; + struct posix_ace *group_ce = NULL; + struct posix_ace *mask_ce = NULL; + int count = 0; + int i = 0; + mode_t mode = 0; + int mask = 0; + + count = acl->count; + + ace = acl->entries; + for (i = 0; i < count; i++) { + switch (ace->tag) { + case POSIX_ACL_USER_OBJ: + mask |= S_IRWXU; + mode |= (ace->perm << 6); + break; + case POSIX_ACL_GROUP_OBJ: + group_ce = ace; + break; + case POSIX_ACL_MASK: + mask_ce = ace; + break; + case POSIX_ACL_OTHER: + mask |= S_IRWXO; + mode |= (ace->perm); + break; } + ace++; + } + + if (mask_ce) { + mask |= S_IRWXG; + mode |= (mask_ce->perm << 3); + } else { + if (!group_ce) + goto out; + mask |= S_IRWXG; + mode |= (group_ce->perm << 3); + } out: - ctx->perm = (ctx->perm & ~mask) | mode; + ctx->perm = (ctx->perm & ~mask) | mode; - return mode; + return mode; } - static int -sticky_permits (call_frame_t *frame, inode_t *parent, inode_t *inode) +sticky_permits(call_frame_t *frame, inode_t *parent, inode_t *inode) { - struct posix_acl_ctx *par = NULL; - struct posix_acl_ctx *ctx = NULL; + struct posix_acl_ctx *par = NULL; + struct posix_acl_ctx *ctx = NULL; - if ((0 > frame->root->pid) || frame_is_super_user (frame)) - return 1; + if ((0 > frame->root->pid) || frame_is_super_user(frame)) + return 1; - par = posix_acl_ctx_get (parent, frame->this); - if (par == NULL) - return 0; + par = posix_acl_ctx_get(parent, frame->this); + if (par == NULL) + return 0; - ctx = posix_acl_ctx_get (inode, frame->this); - if (ctx == NULL) - return 0; + ctx = posix_acl_ctx_get(inode, frame->this); + if (ctx == NULL) + return 0; - if (!(par->perm & S_ISVTX)) - return 1; + if (!(par->perm & S_ISVTX)) + return 1; - if (frame_is_user (frame, par->uid)) - return 1; + if (frame_is_user(frame, par->uid)) + return 1; - if (frame_is_user (frame, ctx->uid)) - return 1; + if (frame_is_user(frame, ctx->uid)) + return 1; - return 0; + return 0; } static gf_boolean_t -_does_acl_exist (struct posix_acl *acl) +_does_acl_exist(struct posix_acl *acl) { - if (acl && (acl->count > POSIX_ACL_MINIMAL_ACE_COUNT)) - return _gf_true; - return _gf_false; + if (acl && (acl->count > POSIX_ACL_MINIMAL_ACE_COUNT)) + return _gf_true; + return _gf_false; } static void -posix_acl_get_acl_string (call_frame_t *frame, struct posix_acl *acl, - char **acl_str) -{ - int i = 0; - size_t size_acl = 0; - size_t offset = 0; - struct posix_ace *ace = NULL; - char tmp_str[1024] = {0}; -#define NON_GRP_FMT "(tag:%"PRIu16",perm:%"PRIu16",id:%"PRIu32")" -#define GRP_FMT "(tag:%"PRIu16",perm:%"PRIu16",id:%"PRIu32",in-groups:%d)" - - if (!_does_acl_exist (acl)) - goto out; - - ace = acl->entries; - for (i = 0; i < acl->count; i++) { - if (ace->tag != POSIX_ACL_GROUP) { - size_acl += snprintf (tmp_str, sizeof tmp_str, - NON_GRP_FMT, ace->tag, ace->perm, ace->id); - } else { - size_acl += snprintf (tmp_str, sizeof tmp_str, - GRP_FMT, ace->tag, - ace->perm, ace->id, - frame_in_group (frame, ace->id)); - } +posix_acl_get_acl_string(call_frame_t *frame, struct posix_acl *acl, + char **acl_str) +{ + int i = 0; + size_t size_acl = 0; + size_t offset = 0; + struct posix_ace *ace = NULL; + char tmp_str[1024] = {0}; +#define NON_GRP_FMT "(tag:%" PRIu16 ",perm:%" PRIu16 ",id:%" PRIu32 ")" +#define GRP_FMT "(tag:%" PRIu16 ",perm:%" PRIu16 ",id:%" PRIu32 ",in-groups:%d)" + + if (!_does_acl_exist(acl)) + goto out; - ace++; + ace = acl->entries; + for (i = 0; i < acl->count; i++) { + if (ace->tag != POSIX_ACL_GROUP) { + size_acl += snprintf(tmp_str, sizeof tmp_str, NON_GRP_FMT, ace->tag, + ace->perm, ace->id); + } else { + size_acl += snprintf(tmp_str, sizeof tmp_str, GRP_FMT, ace->tag, + ace->perm, ace->id, + frame_in_group(frame, ace->id)); } - *acl_str = GF_CALLOC (1, size_acl + 1, gf_posix_acl_mt_char); - if (!*acl_str) - goto out; + ace++; + } - ace = acl->entries; - for (i = 0; i < acl->count; i++) { - if (ace->tag != POSIX_ACL_GROUP) { - offset += snprintf (*acl_str + offset, - size_acl - offset, - NON_GRP_FMT, ace->tag, ace->perm, ace->id); - } else { - offset += snprintf (*acl_str + offset, - size_acl - offset, - GRP_FMT, ace->tag, ace->perm, ace->id, - frame_in_group (frame, ace->id)); - } + *acl_str = GF_CALLOC(1, size_acl + 1, gf_posix_acl_mt_char); + if (!*acl_str) + goto out; - ace++; + ace = acl->entries; + for (i = 0; i < acl->count; i++) { + if (ace->tag != POSIX_ACL_GROUP) { + offset += snprintf(*acl_str + offset, size_acl - offset, + NON_GRP_FMT, ace->tag, ace->perm, ace->id); + } else { + offset += snprintf(*acl_str + offset, size_acl - offset, GRP_FMT, + ace->tag, ace->perm, ace->id, + frame_in_group(frame, ace->id)); } -out: - return; -} -static void -posix_acl_log_permit_denied (call_frame_t *frame, inode_t *inode, int want, - struct posix_acl_ctx *ctx, struct posix_acl *acl) -{ - char *acl_str = NULL; - client_t *client = NULL; - - if (!frame || !inode || !ctx || !frame->root) - goto out; - - client = frame->root->client; - posix_acl_get_acl_string (frame, acl, &acl_str); - - gf_msg (frame->this->name, GF_LOG_INFO, EACCES, POSIX_ACL_MSG_EACCES, - "client: %s, gfid: %s, req(uid:%d,gid:%d,perm:%d," - "ngrps:%"PRIu16"), ctx(uid:%d,gid:%d,in-groups:%d,perm:%d%d%d," - "updated-fop:%s, acl:%s)", client ? client->client_uid : "-", - uuid_utoa (inode->gfid), frame->root->uid, frame->root->gid, - want, frame->root->ngrps, ctx->uid, ctx->gid, - frame_in_group (frame, ctx->gid), (ctx->perm & S_IRWXU) >> 6, - (ctx->perm & S_IRWXG) >> 3, ctx->perm & S_IRWXO, - gf_fop_string (ctx->fop), acl_str ? acl_str : "-"); + ace++; + } out: - GF_FREE (acl_str); - return; + return; } -static int -acl_permits (call_frame_t *frame, inode_t *inode, int want) +static void +posix_acl_log_permit_denied(call_frame_t *frame, inode_t *inode, int want, + struct posix_acl_ctx *ctx, struct posix_acl *acl) { - int verdict = 0; - struct posix_acl *acl = NULL; - struct posix_ace *ace = NULL; - struct posix_acl_ctx *ctx = NULL; - struct posix_acl_conf *conf = NULL; - int i = 0; - int perm = 0; - int found = 0; - int acl_present = 0; + char *acl_str = NULL; + client_t *client = NULL; - conf = frame->this->private; + if (!frame || !inode || !ctx || !frame->root) + goto out; - if ((0 > frame->root->pid) || frame_is_super_user (frame)) - goto green; + client = frame->root->client; + posix_acl_get_acl_string(frame, acl, &acl_str); + + gf_msg(frame->this->name, GF_LOG_INFO, EACCES, POSIX_ACL_MSG_EACCES, + "client: %s, gfid: %s, req(uid:%d,gid:%d,perm:%d," + "ngrps:%" PRIu16 + "), ctx(uid:%d,gid:%d,in-groups:%d,perm:%d%d%d," + "updated-fop:%s, acl:%s)", + client ? client->client_uid : "-", uuid_utoa(inode->gfid), + frame->root->uid, frame->root->gid, want, frame->root->ngrps, + ctx->uid, ctx->gid, frame_in_group(frame, ctx->gid), + (ctx->perm & S_IRWXU) >> 6, (ctx->perm & S_IRWXG) >> 3, + ctx->perm & S_IRWXO, gf_fop_string(ctx->fop), + acl_str ? acl_str : "-"); +out: + GF_FREE(acl_str); + return; +} - ctx = posix_acl_ctx_get (inode, frame->this); - if (!ctx) +static int +acl_permits(call_frame_t *frame, inode_t *inode, int want) +{ + int verdict = 0; + struct posix_acl *acl = NULL; + struct posix_ace *ace = NULL; + struct posix_acl_ctx *ctx = NULL; + struct posix_acl_conf *conf = NULL; + int i = 0; + int perm = 0; + int found = 0; + int acl_present = 0; + + conf = frame->this->private; + + if ((0 > frame->root->pid) || frame_is_super_user(frame)) + goto green; + + ctx = posix_acl_ctx_get(inode, frame->this); + if (!ctx) + goto red; + + posix_acl_get(inode, frame->this, &acl, NULL); + if (!acl) { + acl = posix_acl_ref(frame->this, conf->minimal_acl); + } + + ace = acl->entries; + + if (_does_acl_exist(acl)) + acl_present = 1; + + for (i = 0; i < acl->count; i++) { + switch (ace->tag) { + case POSIX_ACL_USER_OBJ: + perm = ((ctx->perm & S_IRWXU) >> 6); + if (frame_is_user(frame, ctx->uid)) + goto perm_check; + break; + case POSIX_ACL_USER: + perm = ace->perm; + if (frame_is_user(frame, ace->id)) + goto mask_check; + break; + case POSIX_ACL_GROUP_OBJ: + if (acl_present) + perm = ace->perm; + else + perm = ((ctx->perm & S_IRWXG) >> 3); + if (frame_in_group(frame, ctx->gid)) { + found = 1; + if ((perm & want) == want) + goto mask_check; + } + break; + case POSIX_ACL_GROUP: + perm = ace->perm; + if (frame_in_group(frame, ace->id)) { + found = 1; + if ((perm & want) == want) + goto mask_check; + } + break; + case POSIX_ACL_MASK: + break; + case POSIX_ACL_OTHER: + perm = (ctx->perm & S_IRWXO); + if (!found) + goto perm_check; + /* fall through */ + default: goto red; - - posix_acl_get (inode, frame->this, &acl, NULL); - if (!acl) { - acl = posix_acl_ref (frame->this, conf->minimal_acl); } - ace = acl->entries; - - if (_does_acl_exist (acl)) - acl_present = 1; - - for (i = 0; i < acl->count; i++) { - switch (ace->tag) { - case POSIX_ACL_USER_OBJ: - perm = ((ctx->perm & S_IRWXU) >> 6); - if (frame_is_user (frame, ctx->uid)) - goto perm_check; - break; - case POSIX_ACL_USER: - perm = ace->perm; - if (frame_is_user (frame, ace->id)) - goto mask_check; - break; - case POSIX_ACL_GROUP_OBJ: - if (acl_present) - perm = ace->perm; - else - perm = ((ctx->perm & S_IRWXG) >> 3); - if (frame_in_group (frame, ctx->gid)) { - found = 1; - if ((perm & want) == want) - goto mask_check; - } - break; - case POSIX_ACL_GROUP: - perm = ace->perm; - if (frame_in_group (frame, ace->id)) { - found = 1; - if ((perm & want) == want) - goto mask_check; - } - break; - case POSIX_ACL_MASK: - break; - case POSIX_ACL_OTHER: - perm = (ctx->perm & S_IRWXO); - if (!found) - goto perm_check; - /* fall through */ - default: - goto red; - } - - ace++; - } + ace++; + } mask_check: - ace = acl->entries; + ace = acl->entries; - for (i = 0; i < acl->count; i++, ace++) { - if (ace->tag != POSIX_ACL_MASK) - continue; - if ((ace->perm & perm & want) == want) { - goto green; - } - goto red; + for (i = 0; i < acl->count; i++, ace++) { + if (ace->tag != POSIX_ACL_MASK) + continue; + if ((ace->perm & perm & want) == want) { + goto green; } + goto red; + } perm_check: - if ((perm & want) == want) { - goto green; - } else { - goto red; - } + if ((perm & want) == want) { + goto green; + } else { + goto red; + } green: - verdict = 1; - goto out; + verdict = 1; + goto out; red: - verdict = 0; - posix_acl_log_permit_denied (frame, inode, want, ctx, acl); + verdict = 0; + posix_acl_log_permit_denied(frame, inode, want, ctx, acl); out: - if (acl) - posix_acl_unref (frame->this, acl); + if (acl) + posix_acl_unref(frame->this, acl); - return verdict; + return verdict; } - struct posix_acl_ctx * -__posix_acl_ctx_get (inode_t *inode, xlator_t *this, gf_boolean_t create) +__posix_acl_ctx_get(inode_t *inode, xlator_t *this, gf_boolean_t create) { - struct posix_acl_ctx *ctx = NULL; - uint64_t int_ctx = 0; - int ret = 0; + struct posix_acl_ctx *ctx = NULL; + uint64_t int_ctx = 0; + int ret = 0; - ret = __inode_ctx_get (inode, this, &int_ctx); - if ((ret == 0) && (int_ctx)) - return PTR(int_ctx); + ret = __inode_ctx_get(inode, this, &int_ctx); + if ((ret == 0) && (int_ctx)) + return PTR(int_ctx); - if (create == _gf_false) - return NULL; + if (create == _gf_false) + return NULL; - ctx = GF_CALLOC (1, sizeof (*ctx), gf_posix_acl_mt_ctx_t); - if (!ctx) - return NULL; + ctx = GF_CALLOC(1, sizeof(*ctx), gf_posix_acl_mt_ctx_t); + if (!ctx) + return NULL; - ret = __inode_ctx_put (inode, this, UINT64 (ctx)); - if (ret) { - GF_FREE (ctx); - ctx = NULL; - } + ret = __inode_ctx_put(inode, this, UINT64(ctx)); + if (ret) { + GF_FREE(ctx); + ctx = NULL; + } - return ctx; + return ctx; } struct posix_acl_ctx * -posix_acl_ctx_new (inode_t *inode, xlator_t *this) +posix_acl_ctx_new(inode_t *inode, xlator_t *this) { - struct posix_acl_ctx *ctx = NULL; + struct posix_acl_ctx *ctx = NULL; - if (inode == NULL) { - gf_log_callingfn (this->name, GF_LOG_WARNING, "inode is NULL"); - return NULL; - } + if (inode == NULL) { + gf_log_callingfn(this->name, GF_LOG_WARNING, "inode is NULL"); + return NULL; + } - LOCK (&inode->lock); - { - ctx = __posix_acl_ctx_get (inode, this, _gf_true); - } - UNLOCK (&inode->lock); + LOCK(&inode->lock); + { + ctx = __posix_acl_ctx_get(inode, this, _gf_true); + } + UNLOCK(&inode->lock); - if (ctx == NULL) - gf_log_callingfn (this->name, GF_LOG_ERROR, "creating inode ctx" - "failed for %s", uuid_utoa (inode->gfid)); - return ctx; + if (ctx == NULL) + gf_log_callingfn(this->name, GF_LOG_ERROR, + "creating inode ctx" + "failed for %s", + uuid_utoa(inode->gfid)); + return ctx; } struct posix_acl_ctx * -posix_acl_ctx_get (inode_t *inode, xlator_t *this) +posix_acl_ctx_get(inode_t *inode, xlator_t *this) { - struct posix_acl_ctx *ctx = NULL; + struct posix_acl_ctx *ctx = NULL; - if (inode == NULL) { - gf_log_callingfn (this->name, GF_LOG_WARNING, "inode is NULL"); - return NULL; - } + if (inode == NULL) { + gf_log_callingfn(this->name, GF_LOG_WARNING, "inode is NULL"); + return NULL; + } - LOCK (&inode->lock); - { - ctx = __posix_acl_ctx_get (inode, this, _gf_false); - } - UNLOCK (&inode->lock); + LOCK(&inode->lock); + { + ctx = __posix_acl_ctx_get(inode, this, _gf_false); + } + UNLOCK(&inode->lock); - if (ctx == NULL) - gf_log_callingfn (this->name, GF_LOG_ERROR, "inode ctx is NULL " - "for %s", uuid_utoa (inode->gfid)); - return ctx; + if (ctx == NULL) + gf_log_callingfn(this->name, GF_LOG_ERROR, + "inode ctx is NULL " + "for %s", + uuid_utoa(inode->gfid)); + return ctx; } int -__posix_acl_set_specific (inode_t *inode, xlator_t *this, - gf_boolean_t is_access, struct posix_acl *acl) +__posix_acl_set_specific(inode_t *inode, xlator_t *this, gf_boolean_t is_access, + struct posix_acl *acl) { - int ret = 0; - struct posix_acl_ctx *ctx = NULL; + int ret = 0; + struct posix_acl_ctx *ctx = NULL; - ctx = posix_acl_ctx_get (inode, this); - if (!ctx) { - ret = -1; - goto out; - } + ctx = posix_acl_ctx_get(inode, this); + if (!ctx) { + ret = -1; + goto out; + } - if (is_access) - ctx->acl_access = acl; - else - ctx->acl_default = acl; + if (is_access) + ctx->acl_access = acl; + else + ctx->acl_default = acl; out: - return ret; + return ret; } int -__posix_acl_set (inode_t *inode, xlator_t *this, struct posix_acl *acl_access, - struct posix_acl *acl_default) +__posix_acl_set(inode_t *inode, xlator_t *this, struct posix_acl *acl_access, + struct posix_acl *acl_default) { - int ret = 0; - struct posix_acl_ctx *ctx = NULL; + int ret = 0; + struct posix_acl_ctx *ctx = NULL; - ctx = posix_acl_ctx_get (inode, this); - if (!ctx) - goto out; + ctx = posix_acl_ctx_get(inode, this); + if (!ctx) + goto out; - ctx->acl_access = acl_access; - ctx->acl_default = acl_default; + ctx->acl_access = acl_access; + ctx->acl_default = acl_default; out: - return ret; + return ret; } - int -__posix_acl_get (inode_t *inode, xlator_t *this, struct posix_acl **acl_access_p, - struct posix_acl **acl_default_p) +__posix_acl_get(inode_t *inode, xlator_t *this, struct posix_acl **acl_access_p, + struct posix_acl **acl_default_p) { - int ret = 0; - struct posix_acl_ctx *ctx = NULL; + int ret = 0; + struct posix_acl_ctx *ctx = NULL; - ctx = posix_acl_ctx_get (inode, this); - if (!ctx) - goto out; + ctx = posix_acl_ctx_get(inode, this); + if (!ctx) + goto out; - if (acl_access_p) - *acl_access_p = ctx->acl_access; - if (acl_default_p) - *acl_default_p = ctx->acl_default; + if (acl_access_p) + *acl_access_p = ctx->acl_access; + if (acl_default_p) + *acl_default_p = ctx->acl_default; out: - return ret; + return ret; } - struct posix_acl * -posix_acl_new (xlator_t *this, int entrycnt) +posix_acl_new(xlator_t *this, int entrycnt) { - struct posix_acl *acl = NULL; - struct posix_ace *ace = NULL; + struct posix_acl *acl = NULL; + struct posix_ace *ace = NULL; - acl = GF_CALLOC (1, sizeof (*acl) + (entrycnt * sizeof (*ace)), - gf_posix_acl_mt_posix_ace_t); - if (!acl) - return NULL; + acl = GF_CALLOC(1, sizeof(*acl) + (entrycnt * sizeof(*ace)), + gf_posix_acl_mt_posix_ace_t); + if (!acl) + return NULL; - acl->count = entrycnt; + acl->count = entrycnt; - posix_acl_ref (this, acl); + posix_acl_ref(this, acl); - return acl; + return acl; } - void -posix_acl_destroy (xlator_t *this, struct posix_acl *acl) +posix_acl_destroy(xlator_t *this, struct posix_acl *acl) { - GF_FREE (acl); + GF_FREE(acl); - return; + return; } - struct posix_acl * -posix_acl_ref (xlator_t *this, struct posix_acl *acl) +posix_acl_ref(xlator_t *this, struct posix_acl *acl) { - struct posix_acl_conf *conf = NULL; + struct posix_acl_conf *conf = NULL; - conf = this->private; + conf = this->private; - LOCK(&conf->acl_lock); - { - acl->refcnt++; - } - UNLOCK(&conf->acl_lock); + LOCK(&conf->acl_lock); + { + acl->refcnt++; + } + UNLOCK(&conf->acl_lock); - return acl; + return acl; } - struct posix_acl * -posix_acl_dup (xlator_t *this, struct posix_acl *acl) +posix_acl_dup(xlator_t *this, struct posix_acl *acl) { - struct posix_acl *dup = NULL; + struct posix_acl *dup = NULL; - dup = posix_acl_new (this, acl->count); - if (!dup) - return NULL; + dup = posix_acl_new(this, acl->count); + if (!dup) + return NULL; - memcpy (dup->entries, acl->entries, - sizeof (struct posix_ace) * acl->count); + memcpy(dup->entries, acl->entries, sizeof(struct posix_ace) * acl->count); - return dup; + return dup; } - void -posix_acl_unref (xlator_t *this, struct posix_acl *acl) +posix_acl_unref(xlator_t *this, struct posix_acl *acl) { - struct posix_acl_conf *conf = NULL; - int refcnt = 0; + struct posix_acl_conf *conf = NULL; + int refcnt = 0; - conf = this->private; - if (!conf) - goto out; + conf = this->private; + if (!conf) + goto out; - LOCK(&conf->acl_lock); - { - refcnt = --acl->refcnt; - } - UNLOCK(&conf->acl_lock); + LOCK(&conf->acl_lock); + { + refcnt = --acl->refcnt; + } + UNLOCK(&conf->acl_lock); out: - if (!refcnt) - posix_acl_destroy (this, acl); + if (!refcnt) + posix_acl_destroy(this, acl); } int -posix_acl_set_specific (inode_t *inode, xlator_t *this, struct posix_acl *acl, - gf_boolean_t is_access) +posix_acl_set_specific(inode_t *inode, xlator_t *this, struct posix_acl *acl, + gf_boolean_t is_access) { - int ret = 0; - int oldret = 0; - struct posix_acl *old_acl = NULL; - struct posix_acl_conf *conf = NULL; + int ret = 0; + int oldret = 0; + struct posix_acl *old_acl = NULL; + struct posix_acl_conf *conf = NULL; - conf = this->private; + conf = this->private; - LOCK (&conf->acl_lock); - { - if (is_access) - oldret = __posix_acl_get (inode, this, &old_acl, NULL); - else - oldret = __posix_acl_get (inode, this, NULL, &old_acl); - if (acl) - acl->refcnt++; - ret = __posix_acl_set_specific (inode, this, is_access, acl); - } - UNLOCK (&conf->acl_lock); + LOCK(&conf->acl_lock); + { + if (is_access) + oldret = __posix_acl_get(inode, this, &old_acl, NULL); + else + oldret = __posix_acl_get(inode, this, NULL, &old_acl); + if (acl) + acl->refcnt++; + ret = __posix_acl_set_specific(inode, this, is_access, acl); + } + UNLOCK(&conf->acl_lock); - if (oldret == 0) { - if (old_acl) - posix_acl_unref (this, old_acl); - } + if (oldret == 0) { + if (old_acl) + posix_acl_unref(this, old_acl); + } - return ret; + return ret; } int -posix_acl_set (inode_t *inode, xlator_t *this, struct posix_acl *acl_access, - struct posix_acl *acl_default) +posix_acl_set(inode_t *inode, xlator_t *this, struct posix_acl *acl_access, + struct posix_acl *acl_default) { - int ret = 0; - int oldret = 0; - struct posix_acl *old_access = NULL; - struct posix_acl *old_default = NULL; - struct posix_acl_conf *conf = NULL; + int ret = 0; + int oldret = 0; + struct posix_acl *old_access = NULL; + struct posix_acl *old_default = NULL; + struct posix_acl_conf *conf = NULL; - conf = this->private; + conf = this->private; - LOCK(&conf->acl_lock); - { - oldret = __posix_acl_get (inode, this, &old_access, - &old_default); - if (acl_access) - acl_access->refcnt++; - if (acl_default) - acl_default->refcnt++; + LOCK(&conf->acl_lock); + { + oldret = __posix_acl_get(inode, this, &old_access, &old_default); + if (acl_access) + acl_access->refcnt++; + if (acl_default) + acl_default->refcnt++; - ret = __posix_acl_set (inode, this, acl_access, acl_default); - } - UNLOCK(&conf->acl_lock); + ret = __posix_acl_set(inode, this, acl_access, acl_default); + } + UNLOCK(&conf->acl_lock); - if (oldret == 0) { - if (old_access) - posix_acl_unref (this, old_access); - if (old_default) - posix_acl_unref (this, old_default); - } + if (oldret == 0) { + if (old_access) + posix_acl_unref(this, old_access); + if (old_default) + posix_acl_unref(this, old_default); + } - return ret; + return ret; } - int -posix_acl_get (inode_t *inode, xlator_t *this, struct posix_acl **acl_access_p, - struct posix_acl **acl_default_p) +posix_acl_get(inode_t *inode, xlator_t *this, struct posix_acl **acl_access_p, + struct posix_acl **acl_default_p) { - struct posix_acl_conf *conf = NULL; - struct posix_acl *acl_access = NULL; - struct posix_acl *acl_default = NULL; - int ret = 0; + struct posix_acl_conf *conf = NULL; + struct posix_acl *acl_access = NULL; + struct posix_acl *acl_default = NULL; + int ret = 0; - conf = this->private; + conf = this->private; - LOCK(&conf->acl_lock); - { - ret = __posix_acl_get (inode, this, &acl_access, &acl_default); + LOCK(&conf->acl_lock); + { + ret = __posix_acl_get(inode, this, &acl_access, &acl_default); - if (ret != 0) - goto unlock; + if (ret != 0) + goto unlock; - if (acl_access && acl_access_p) - acl_access->refcnt++; - if (acl_default && acl_default_p) - acl_default->refcnt++; - } + if (acl_access && acl_access_p) + acl_access->refcnt++; + if (acl_default && acl_default_p) + acl_default->refcnt++; + } unlock: - UNLOCK(&conf->acl_lock); + UNLOCK(&conf->acl_lock); - if (acl_access_p) - *acl_access_p = acl_access; - if (acl_default_p) - *acl_default_p = acl_default; + if (acl_access_p) + *acl_access_p = acl_access; + if (acl_default_p) + *acl_default_p = acl_default; - return ret; + return ret; } mode_t -posix_acl_inherit_mode (struct posix_acl *acl, mode_t modein) -{ - struct posix_ace *ace = NULL; - int count = 0; - int i = 0; - mode_t newmode = 0; - mode_t mode = 0; - struct posix_ace *mask_ce = NULL; - struct posix_ace *group_ce = NULL; - - newmode = mode = modein; - - count = acl->count; - - ace = acl->entries; - for (i = 0; i < count; i++) { - switch (ace->tag) { - case POSIX_ACL_USER_OBJ: - ace->perm &= (mode >> 6) | ~S_IRWXO; - mode &= (ace->perm << 6) | ~S_IRWXU; - break; - case POSIX_ACL_GROUP_OBJ: - group_ce = ace; - break; - case POSIX_ACL_MASK: - mask_ce = ace; - break; - case POSIX_ACL_OTHER: - ace->perm &= (mode) | ~S_IRWXO; - mode &= (ace->perm) | ~S_IRWXO; - break; - } - ace++; +posix_acl_inherit_mode(struct posix_acl *acl, mode_t modein) +{ + struct posix_ace *ace = NULL; + int count = 0; + int i = 0; + mode_t newmode = 0; + mode_t mode = 0; + struct posix_ace *mask_ce = NULL; + struct posix_ace *group_ce = NULL; + + newmode = mode = modein; + + count = acl->count; + + ace = acl->entries; + for (i = 0; i < count; i++) { + switch (ace->tag) { + case POSIX_ACL_USER_OBJ: + ace->perm &= (mode >> 6) | ~S_IRWXO; + mode &= (ace->perm << 6) | ~S_IRWXU; + break; + case POSIX_ACL_GROUP_OBJ: + group_ce = ace; + break; + case POSIX_ACL_MASK: + mask_ce = ace; + break; + case POSIX_ACL_OTHER: + ace->perm &= (mode) | ~S_IRWXO; + mode &= (ace->perm) | ~S_IRWXO; + break; } + ace++; + } - if (mask_ce) { - mask_ce->perm &= (mode >> 3) | ~S_IRWXO; - mode &= (mask_ce->perm << 3) | ~S_IRWXG; - } else if (group_ce) { - group_ce->perm &= (mode >> 3) | ~S_IRWXO; - mode &= (group_ce->perm << 3) | ~S_IRWXG; - } + if (mask_ce) { + mask_ce->perm &= (mode >> 3) | ~S_IRWXO; + mode &= (mask_ce->perm << 3) | ~S_IRWXG; + } else if (group_ce) { + group_ce->perm &= (mode >> 3) | ~S_IRWXO; + mode &= (group_ce->perm << 3) | ~S_IRWXG; + } - newmode = ((modein & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX)) | - (mode & (S_IRWXU|S_IRWXG|S_IRWXO))); + newmode = ((modein & (S_IFMT | S_ISUID | S_ISGID | S_ISVTX)) | + (mode & (S_IRWXU | S_IRWXG | S_IRWXO))); - return newmode; + return newmode; } - mode_t -posix_acl_inherit (xlator_t *this, loc_t *loc, dict_t *params, mode_t mode, - int32_t umask, int is_dir) -{ - int ret = 0; - struct posix_acl *par_default = NULL; - struct posix_acl *acl_default = NULL; - struct posix_acl *acl_access = NULL; - struct posix_acl_ctx *ctx = NULL; - char *xattr_default = NULL; - char *xattr_access = NULL; - int size_default = 0; - int size_access = 0; - mode_t retmode = 0; - int16_t tmp_mode = 0; - mode_t client_umask = 0; - - retmode = mode; - client_umask = umask; - ret = dict_get_int16 (params, "umask", &tmp_mode); +posix_acl_inherit(xlator_t *this, loc_t *loc, dict_t *params, mode_t mode, + int32_t umask, int is_dir) +{ + int ret = 0; + struct posix_acl *par_default = NULL; + struct posix_acl *acl_default = NULL; + struct posix_acl *acl_access = NULL; + struct posix_acl_ctx *ctx = NULL; + char *xattr_default = NULL; + char *xattr_access = NULL; + int size_default = 0; + int size_access = 0; + mode_t retmode = 0; + int16_t tmp_mode = 0; + mode_t client_umask = 0; + + retmode = mode; + client_umask = umask; + ret = dict_get_int16(params, "umask", &tmp_mode); + if (ret == 0) { + client_umask = (mode_t)tmp_mode; + dict_del(params, "umask"); + ret = dict_get_int16(params, "mode", &tmp_mode); if (ret == 0) { - client_umask = (mode_t)tmp_mode; - dict_del (params, "umask"); - ret = dict_get_int16 (params, "mode", &tmp_mode); - if (ret == 0) { - retmode = (mode_t)tmp_mode; - dict_del (params, "mode"); - } else { - gf_log (this->name, GF_LOG_ERROR, - "client sent umask, but not the original mode"); - } + retmode = (mode_t)tmp_mode; + dict_del(params, "mode"); + } else { + gf_log(this->name, GF_LOG_ERROR, + "client sent umask, but not the original mode"); } + } - ret = posix_acl_get (loc->parent, this, NULL, &par_default); + ret = posix_acl_get(loc->parent, this, NULL, &par_default); - if (!par_default) - goto out; - - ctx = posix_acl_ctx_new (loc->inode, this); + if (!par_default) + goto out; - acl_access = posix_acl_dup (this, par_default); - if (!acl_access) - goto out; + ctx = posix_acl_ctx_new(loc->inode, this); - client_umask = 0; // No umask if we inherit an ACL - retmode = posix_acl_inherit_mode (acl_access, retmode); - ctx->perm = retmode; + acl_access = posix_acl_dup(this, par_default); + if (!acl_access) + goto out; - size_access = posix_acl_to_xattr (this, acl_access, NULL, 0); - xattr_access = GF_CALLOC (1, size_access, gf_posix_acl_mt_char); - if (!xattr_access) { - gf_log (this->name, GF_LOG_ERROR, "out of memory"); - ret = -1; - goto out; - } - posix_acl_to_xattr (this, acl_access, xattr_access, size_access); - - ret = dict_set_bin (params, POSIX_ACL_ACCESS_XATTR, xattr_access, - size_access); - if (ret) { - gf_log (this->name, GF_LOG_ERROR, "out of memory"); - GF_FREE (xattr_access); - ret = -1; - goto out; - } + client_umask = 0; // No umask if we inherit an ACL + retmode = posix_acl_inherit_mode(acl_access, retmode); + ctx->perm = retmode; - if (!is_dir) - goto set; + size_access = posix_acl_to_xattr(this, acl_access, NULL, 0); + xattr_access = GF_CALLOC(1, size_access, gf_posix_acl_mt_char); + if (!xattr_access) { + gf_log(this->name, GF_LOG_ERROR, "out of memory"); + ret = -1; + goto out; + } + posix_acl_to_xattr(this, acl_access, xattr_access, size_access); + + ret = dict_set_bin(params, POSIX_ACL_ACCESS_XATTR, xattr_access, + size_access); + if (ret) { + gf_log(this->name, GF_LOG_ERROR, "out of memory"); + GF_FREE(xattr_access); + ret = -1; + goto out; + } + if (!is_dir) + goto set; - acl_default = posix_acl_ref (this, par_default); + acl_default = posix_acl_ref(this, par_default); - size_default = posix_acl_to_xattr (this, acl_default, NULL, 0); - xattr_default = GF_CALLOC (1, size_default, gf_posix_acl_mt_char); - if (!xattr_default) { - gf_log (this->name, GF_LOG_ERROR, "out of memory"); - ret = -1; - goto out; - } - posix_acl_to_xattr (this, acl_default, xattr_default, size_default); - - ret = dict_set_bin (params, POSIX_ACL_DEFAULT_XATTR, xattr_default, - size_default); - if (ret) { - gf_log (this->name, GF_LOG_ERROR, "out of memory"); - GF_FREE (xattr_default); - ret = -1; - goto out; - } + size_default = posix_acl_to_xattr(this, acl_default, NULL, 0); + xattr_default = GF_CALLOC(1, size_default, gf_posix_acl_mt_char); + if (!xattr_default) { + gf_log(this->name, GF_LOG_ERROR, "out of memory"); + ret = -1; + goto out; + } + posix_acl_to_xattr(this, acl_default, xattr_default, size_default); + + ret = dict_set_bin(params, POSIX_ACL_DEFAULT_XATTR, xattr_default, + size_default); + if (ret) { + gf_log(this->name, GF_LOG_ERROR, "out of memory"); + GF_FREE(xattr_default); + ret = -1; + goto out; + } set: - ret = posix_acl_set (loc->inode, this, acl_access, acl_default); - if (ret != 0) - goto out; + ret = posix_acl_set(loc->inode, this, acl_access, acl_default); + if (ret != 0) + goto out; out: - retmode &= ~client_umask; + retmode &= ~client_umask; - if (par_default) - posix_acl_unref (this, par_default); - if (acl_access) - posix_acl_unref (this, acl_access); - if (acl_default) - posix_acl_unref (this, acl_default); + if (par_default) + posix_acl_unref(this, par_default); + if (acl_access) + posix_acl_unref(this, acl_access); + if (acl_default) + posix_acl_unref(this, acl_default); - return retmode; + return retmode; } - mode_t -posix_acl_inherit_dir (xlator_t *this, loc_t *loc, dict_t *params, mode_t mode, - int32_t umask) +posix_acl_inherit_dir(xlator_t *this, loc_t *loc, dict_t *params, mode_t mode, + int32_t umask) { - mode_t retmode = 0; + mode_t retmode = 0; - retmode = posix_acl_inherit (this, loc, params, mode, umask, 1); + retmode = posix_acl_inherit(this, loc, params, mode, umask, 1); - return retmode; + return retmode; } - mode_t -posix_acl_inherit_file (xlator_t *this, loc_t *loc, dict_t *params, mode_t mode, - int32_t umask) +posix_acl_inherit_file(xlator_t *this, loc_t *loc, dict_t *params, mode_t mode, + int32_t umask) { - mode_t retmode = 0; + mode_t retmode = 0; - retmode = posix_acl_inherit (this, loc, params, mode, umask, 0); + retmode = posix_acl_inherit(this, loc, params, mode, umask, 0); - return retmode; + return retmode; } int -posix_acl_ctx_update (inode_t *inode, xlator_t *this, struct iatt *buf, - glusterfs_fop_t fop) +posix_acl_ctx_update(inode_t *inode, xlator_t *this, struct iatt *buf, + glusterfs_fop_t fop) { - struct posix_acl_ctx *ctx = NULL; - struct posix_acl *acl = NULL; - struct posix_ace *ace = NULL; - struct posix_ace *mask_ce = NULL; - struct posix_ace *group_ce = NULL; - int ret = 0; - int i = 0; - - LOCK(&inode->lock); - { - ctx = __posix_acl_ctx_get (inode, this, _gf_true); - if (!ctx) { - ret = -1; - goto unlock; - } + struct posix_acl_ctx *ctx = NULL; + struct posix_acl *acl = NULL; + struct posix_ace *ace = NULL; + struct posix_ace *mask_ce = NULL; + struct posix_ace *group_ce = NULL; + int ret = 0; + int i = 0; - ctx->uid = buf->ia_uid; - ctx->gid = buf->ia_gid; - ctx->perm = st_mode_from_ia (buf->ia_prot, buf->ia_type); - ctx->fop = fop; - - acl = ctx->acl_access; - if (!_does_acl_exist (acl)) - goto unlock; - - /* This is an extended ACL (not minimal acl). In case we - are only refreshing from iatt and not ACL xattrs (for - e.g. from postattributes of setattr() call, we need to - update the corresponding ACEs as well. - */ - ace = acl->entries; - for (i = 0; i < acl->count; i++) { - switch (ace->tag) { - case POSIX_ACL_USER_OBJ: - ace->perm = (ctx->perm & S_IRWXU) >> 6; - break; - case POSIX_ACL_USER: - case POSIX_ACL_GROUP: - break; - case POSIX_ACL_GROUP_OBJ: - group_ce = ace; - break; - case POSIX_ACL_MASK: - mask_ce = ace; - break; - case POSIX_ACL_OTHER: - ace->perm = (ctx->perm & S_IRWXO); - break; - } - ace++; - } - - if (mask_ce) - mask_ce->perm = (ctx->perm & S_IRWXG) >> 3; - else if (group_ce) - group_ce->perm = (ctx->perm & S_IRWXG) >> 3; - else - ret = -1; + LOCK(&inode->lock); + { + ctx = __posix_acl_ctx_get(inode, this, _gf_true); + if (!ctx) { + ret = -1; + goto unlock; } -unlock: - UNLOCK(&inode->lock); - return ret; -} -int -posix_acl_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, inode_t *inode, - struct iatt *buf, dict_t *xattr, struct iatt *postparent) -{ - struct posix_acl *acl_access = NULL; - struct posix_acl *acl_default = NULL; - struct posix_acl *old_access = NULL; - struct posix_acl *old_default = NULL; - struct posix_acl_ctx *ctx = NULL; - data_t *data = NULL; - int ret = 0; - dict_t *my_xattr = NULL; + ctx->uid = buf->ia_uid; + ctx->gid = buf->ia_gid; + ctx->perm = st_mode_from_ia(buf->ia_prot, buf->ia_type); + ctx->fop = fop; - if (op_ret != 0) - goto unwind; + acl = ctx->acl_access; + if (!_does_acl_exist(acl)) + goto unlock; - ctx = posix_acl_ctx_new (inode, this); - if (!ctx) { - op_ret = -1; - op_errno = ENOMEM; - goto unwind; + /* This is an extended ACL (not minimal acl). In case we + are only refreshing from iatt and not ACL xattrs (for + e.g. from postattributes of setattr() call, we need to + update the corresponding ACEs as well. + */ + ace = acl->entries; + for (i = 0; i < acl->count; i++) { + switch (ace->tag) { + case POSIX_ACL_USER_OBJ: + ace->perm = (ctx->perm & S_IRWXU) >> 6; + break; + case POSIX_ACL_USER: + case POSIX_ACL_GROUP: + break; + case POSIX_ACL_GROUP_OBJ: + group_ce = ace; + break; + case POSIX_ACL_MASK: + mask_ce = ace; + break; + case POSIX_ACL_OTHER: + ace->perm = (ctx->perm & S_IRWXO); + break; + } + ace++; } - ret = posix_acl_get (inode, this, &old_access, &old_default); - - if (xattr == NULL) - goto acl_set; - - data = dict_get (xattr, POSIX_ACL_ACCESS_XATTR); - if (!data) - goto acl_default; + if (mask_ce) + mask_ce->perm = (ctx->perm & S_IRWXG) >> 3; + else if (group_ce) + group_ce->perm = (ctx->perm & S_IRWXG) >> 3; + else + ret = -1; + } +unlock: + UNLOCK(&inode->lock); + return ret; +} - if (old_access && - posix_acl_matches_xattr (this, old_access, data->data, - data->len)) { - acl_access = posix_acl_ref (this, old_access); - } else { - acl_access = posix_acl_from_xattr (this, data->data, - data->len); - } +int +posix_acl_lookup_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, inode_t *inode, struct iatt *buf, + dict_t *xattr, struct iatt *postparent) +{ + struct posix_acl *acl_access = NULL; + struct posix_acl *acl_default = NULL; + struct posix_acl *old_access = NULL; + struct posix_acl *old_default = NULL; + struct posix_acl_ctx *ctx = NULL; + data_t *data = NULL; + int ret = 0; + dict_t *my_xattr = NULL; + + if (op_ret != 0) + goto unwind; + + ctx = posix_acl_ctx_new(inode, this); + if (!ctx) { + op_ret = -1; + op_errno = ENOMEM; + goto unwind; + } + + ret = posix_acl_get(inode, this, &old_access, &old_default); + + if (xattr == NULL) + goto acl_set; + + data = dict_get(xattr, POSIX_ACL_ACCESS_XATTR); + if (!data) + goto acl_default; + + if (old_access && + posix_acl_matches_xattr(this, old_access, data->data, data->len)) { + acl_access = posix_acl_ref(this, old_access); + } else { + acl_access = posix_acl_from_xattr(this, data->data, data->len); + } acl_default: - data = dict_get (xattr, POSIX_ACL_DEFAULT_XATTR); - if (!data) - goto acl_set; + data = dict_get(xattr, POSIX_ACL_DEFAULT_XATTR); + if (!data) + goto acl_set; - if (old_default && - posix_acl_matches_xattr (this, old_default, data->data, - data->len)) { - acl_default = posix_acl_ref (this, old_default); - } else { - acl_default = posix_acl_from_xattr (this, data->data, - data->len); - } + if (old_default && + posix_acl_matches_xattr(this, old_default, data->data, data->len)) { + acl_default = posix_acl_ref(this, old_default); + } else { + acl_default = posix_acl_from_xattr(this, data->data, data->len); + } acl_set: - posix_acl_ctx_update (inode, this, buf, GF_FOP_LOOKUP); + posix_acl_ctx_update(inode, this, buf, GF_FOP_LOOKUP); - ret = posix_acl_set (inode, this, acl_access, acl_default); - if (ret) - gf_log (this->name, GF_LOG_WARNING, - "failed to set ACL in context"); + ret = posix_acl_set(inode, this, acl_access, acl_default); + if (ret) + gf_log(this->name, GF_LOG_WARNING, "failed to set ACL in context"); unwind: - my_xattr = frame->local; - frame->local = NULL; - STACK_UNWIND_STRICT (lookup, frame, op_ret, op_errno, inode, buf, xattr, - postparent); + my_xattr = frame->local; + frame->local = NULL; + STACK_UNWIND_STRICT(lookup, frame, op_ret, op_errno, inode, buf, xattr, + postparent); - if (acl_access) - posix_acl_unref (this, acl_access); - if (acl_default) - posix_acl_unref (this, acl_default); - if (old_access) - posix_acl_unref (this, old_access); - if (old_default) - posix_acl_unref (this, old_default); - if (my_xattr) - dict_unref (my_xattr); + if (acl_access) + posix_acl_unref(this, acl_access); + if (acl_default) + posix_acl_unref(this, acl_default); + if (old_access) + posix_acl_unref(this, old_access); + if (old_default) + posix_acl_unref(this, old_default); + if (my_xattr) + dict_unref(my_xattr); - return 0; + return 0; } - int -posix_acl_lookup (call_frame_t *frame, xlator_t *this, loc_t *loc, - dict_t *xattr) +posix_acl_lookup(call_frame_t *frame, xlator_t *this, loc_t *loc, dict_t *xattr) { - int ret = 0; - dict_t *my_xattr = NULL; + int ret = 0; + dict_t *my_xattr = NULL; - if (!loc->parent) - /* lookup of / is always permitted */ - goto green; + if (!loc->parent) + /* lookup of / is always permitted */ + goto green; - if (acl_permits (frame, loc->parent, POSIX_ACL_EXECUTE)) - goto green; - else - goto red; + if (acl_permits(frame, loc->parent, POSIX_ACL_EXECUTE)) + goto green; + else + goto red; green: - if (xattr) { - my_xattr = dict_ref (xattr); - } else { - my_xattr = dict_new (); - } - - ret = dict_set_int8 (my_xattr, POSIX_ACL_ACCESS_XATTR, 0); - if (ret) - gf_log (this->name, GF_LOG_WARNING, "failed to set key %s", - POSIX_ACL_ACCESS_XATTR); - - ret = dict_set_int8 (my_xattr, POSIX_ACL_DEFAULT_XATTR, 0); - if (ret) - gf_log (this->name, GF_LOG_WARNING, "failed to set key %s", - POSIX_ACL_DEFAULT_XATTR); - - frame->local = my_xattr; - STACK_WIND (frame, posix_acl_lookup_cbk, - FIRST_CHILD (this), FIRST_CHILD (this)->fops->lookup, - loc, my_xattr); - return 0; + if (xattr) { + my_xattr = dict_ref(xattr); + } else { + my_xattr = dict_new(); + } + + ret = dict_set_int8(my_xattr, POSIX_ACL_ACCESS_XATTR, 0); + if (ret) + gf_log(this->name, GF_LOG_WARNING, "failed to set key %s", + POSIX_ACL_ACCESS_XATTR); + + ret = dict_set_int8(my_xattr, POSIX_ACL_DEFAULT_XATTR, 0); + if (ret) + gf_log(this->name, GF_LOG_WARNING, "failed to set key %s", + POSIX_ACL_DEFAULT_XATTR); + + frame->local = my_xattr; + STACK_WIND(frame, posix_acl_lookup_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->lookup, loc, my_xattr); + return 0; red: - STACK_UNWIND_STRICT (lookup, frame, -1, EACCES, NULL, NULL, NULL, - NULL); - - return 0; -} - - -int -posix_acl_access (call_frame_t *frame, xlator_t *this, loc_t *loc, int mask, - dict_t *xdata) -{ - int op_ret = 0; - int op_errno = 0; - int perm = 0; - int mode = 0; - int is_fuse_call = 0; - - is_fuse_call = __is_fuse_call (frame); - - if (mask & R_OK) - perm |= POSIX_ACL_READ; - if (mask & W_OK) - perm |= POSIX_ACL_WRITE; - if (mask & X_OK) - perm |= POSIX_ACL_EXECUTE; - if (!mask) { - goto unwind; + STACK_UNWIND_STRICT(lookup, frame, -1, EACCES, NULL, NULL, NULL, NULL); + + return 0; +} + +int +posix_acl_access(call_frame_t *frame, xlator_t *this, loc_t *loc, int mask, + dict_t *xdata) +{ + int op_ret = 0; + int op_errno = 0; + int perm = 0; + int mode = 0; + int is_fuse_call = 0; + + is_fuse_call = __is_fuse_call(frame); + + if (mask & R_OK) + perm |= POSIX_ACL_READ; + if (mask & W_OK) + perm |= POSIX_ACL_WRITE; + if (mask & X_OK) + perm |= POSIX_ACL_EXECUTE; + if (!mask) { + goto unwind; + } + if (!perm) { + op_ret = -1; + op_errno = EINVAL; + goto unwind; + } + + if (is_fuse_call) { + mode = acl_permits(frame, loc->inode, perm); + if (mode) { + op_ret = 0; + op_errno = 0; + } else { + op_ret = -1; + op_errno = EACCES; } - if (!perm) { - op_ret = -1; - op_errno = EINVAL; - goto unwind; + } else { + if (perm & POSIX_ACL_READ) { + if (acl_permits(frame, loc->inode, POSIX_ACL_READ)) + mode |= POSIX_ACL_READ; } - if (is_fuse_call) { - mode = acl_permits (frame, loc->inode, perm); - if (mode) { - op_ret = 0; - op_errno = 0; - } else { - op_ret = -1; - op_errno = EACCES; - } - } else { - if (perm & POSIX_ACL_READ) { - if (acl_permits (frame, loc->inode, POSIX_ACL_READ)) - mode |= POSIX_ACL_READ; - } - - if (perm & POSIX_ACL_WRITE) { - if (acl_permits (frame, loc->inode, POSIX_ACL_WRITE)) - mode |= POSIX_ACL_WRITE; - } + if (perm & POSIX_ACL_WRITE) { + if (acl_permits(frame, loc->inode, POSIX_ACL_WRITE)) + mode |= POSIX_ACL_WRITE; + } - if (perm & POSIX_ACL_EXECUTE) { - if (acl_permits (frame, loc->inode, POSIX_ACL_EXECUTE)) - mode |= POSIX_ACL_EXECUTE; - } + if (perm & POSIX_ACL_EXECUTE) { + if (acl_permits(frame, loc->inode, POSIX_ACL_EXECUTE)) + mode |= POSIX_ACL_EXECUTE; } + } unwind: - if (is_fuse_call) - STACK_UNWIND_STRICT (access, frame, op_ret, op_errno, NULL); - else - STACK_UNWIND_STRICT (access, frame, 0, mode, NULL); - return 0; + if (is_fuse_call) + STACK_UNWIND_STRICT(access, frame, op_ret, op_errno, NULL); + else + STACK_UNWIND_STRICT(access, frame, 0, mode, NULL); + return 0; } - int -posix_acl_truncate_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, struct iatt *prebuf, - struct iatt *postbuf, dict_t *xdata) +posix_acl_truncate_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iatt *prebuf, + struct iatt *postbuf, dict_t *xdata) { - STACK_UNWIND_STRICT (truncate, frame, op_ret, op_errno, prebuf, - postbuf, xdata); + STACK_UNWIND_STRICT(truncate, frame, op_ret, op_errno, prebuf, postbuf, + xdata); - return 0; + return 0; } - int -posix_acl_truncate (call_frame_t *frame, xlator_t *this, loc_t *loc, off_t off, - dict_t *xdata) +posix_acl_truncate(call_frame_t *frame, xlator_t *this, loc_t *loc, off_t off, + dict_t *xdata) { - struct posix_acl_ctx *ctx = NULL; + struct posix_acl_ctx *ctx = NULL; - if (acl_permits (frame, loc->inode, POSIX_ACL_WRITE)) - goto green; - /* NFS does a truncate through SETATTR, the owner does not need write - * permissions for this. Group permissions and root are checked above. - */ - else if (frame->root->pid == NFS_PID) { - ctx = posix_acl_ctx_get (loc->inode, frame->this); + if (acl_permits(frame, loc->inode, POSIX_ACL_WRITE)) + goto green; + /* NFS does a truncate through SETATTR, the owner does not need write + * permissions for this. Group permissions and root are checked above. + */ + else if (frame->root->pid == NFS_PID) { + ctx = posix_acl_ctx_get(loc->inode, frame->this); - if (ctx && frame_is_user (frame, ctx->uid)) - goto green; - } + if (ctx && frame_is_user(frame, ctx->uid)) + goto green; + } - /* fail by default */ - STACK_UNWIND_STRICT (truncate, frame, -1, EACCES, NULL, NULL, NULL); - return 0; + /* fail by default */ + STACK_UNWIND_STRICT(truncate, frame, -1, EACCES, NULL, NULL, NULL); + return 0; green: - STACK_WIND (frame, posix_acl_truncate_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->truncate, - loc, off, xdata); - return 0; + STACK_WIND(frame, posix_acl_truncate_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->truncate, loc, off, xdata); + return 0; } - int -posix_acl_open_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, fd_t *fd, dict_t *xdata) +posix_acl_open_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, fd_t *fd, dict_t *xdata) { - STACK_UNWIND_STRICT (open, frame, op_ret, op_errno, fd, xdata); + STACK_UNWIND_STRICT(open, frame, op_ret, op_errno, fd, xdata); - return 0; + return 0; } - int -posix_acl_open (call_frame_t *frame, xlator_t *this, loc_t *loc, int flags, - fd_t *fd, dict_t *xdata) +posix_acl_open(call_frame_t *frame, xlator_t *this, loc_t *loc, int flags, + fd_t *fd, dict_t *xdata) { - int perm = 0; + int perm = 0; - switch (flags & O_ACCMODE) { + switch (flags & O_ACCMODE) { case O_RDONLY: - perm = POSIX_ACL_READ; + perm = POSIX_ACL_READ; - /* If O_FMODE_EXEC is present, its good enough - to have '--x' perm, and its not covered in - O_ACCMODE bits */ - if (flags & O_FMODE_EXEC) - perm = POSIX_ACL_EXECUTE; + /* If O_FMODE_EXEC is present, its good enough + to have '--x' perm, and its not covered in + O_ACCMODE bits */ + if (flags & O_FMODE_EXEC) + perm = POSIX_ACL_EXECUTE; - break; + break; case O_WRONLY: - perm = POSIX_ACL_WRITE; - break; + perm = POSIX_ACL_WRITE; + break; case O_RDWR: - perm = POSIX_ACL_READ|POSIX_ACL_WRITE; - break; - } + perm = POSIX_ACL_READ | POSIX_ACL_WRITE; + break; + } - if (flags & (O_TRUNC | O_APPEND)) - perm |= POSIX_ACL_WRITE; + if (flags & (O_TRUNC | O_APPEND)) + perm |= POSIX_ACL_WRITE; - if (acl_permits (frame, loc->inode, perm)) - goto green; - else - goto red; + if (acl_permits(frame, loc->inode, perm)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_open_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->open, - loc, flags, fd, xdata); - return 0; + STACK_WIND(frame, posix_acl_open_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->open, loc, flags, fd, xdata); + return 0; red: - STACK_UNWIND_STRICT (open, frame, -1, EACCES, NULL, NULL); - return 0; + STACK_UNWIND_STRICT(open, frame, -1, EACCES, NULL, NULL); + return 0; } - int -posix_acl_readv_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, struct iovec *vector, - int count, struct iatt *stbuf, struct iobref *iobref, - dict_t *xdata) +posix_acl_readv_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iovec *vector, int count, + struct iatt *stbuf, struct iobref *iobref, dict_t *xdata) { - STACK_UNWIND_STRICT (readv, frame, op_ret, op_errno, vector, count, - stbuf, iobref, xdata); - return 0; + STACK_UNWIND_STRICT(readv, frame, op_ret, op_errno, vector, count, stbuf, + iobref, xdata); + return 0; } - int -posix_acl_readv (call_frame_t *frame, xlator_t *this, fd_t *fd, - size_t size, off_t offset, uint32_t flags, dict_t *xdata) +posix_acl_readv(call_frame_t *frame, xlator_t *this, fd_t *fd, size_t size, + off_t offset, uint32_t flags, dict_t *xdata) { - if (__is_fuse_call (frame)) - goto green; + if (__is_fuse_call(frame)) + goto green; - if (acl_permits (frame, fd->inode, POSIX_ACL_READ)) - goto green; - else - goto red; + if (acl_permits(frame, fd->inode, POSIX_ACL_READ)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_readv_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->readv, - fd, size, offset, flags, xdata); - return 0; + STACK_WIND(frame, posix_acl_readv_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->readv, fd, size, offset, flags, xdata); + return 0; red: - STACK_UNWIND_STRICT (readv, frame, -1, EACCES, NULL, 0, NULL, NULL, - NULL); - return 0; + STACK_UNWIND_STRICT(readv, frame, -1, EACCES, NULL, 0, NULL, NULL, NULL); + return 0; } - int -posix_acl_writev_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, - struct iatt *prebuf, struct iatt *postbuf, dict_t *xdata) +posix_acl_writev_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iatt *prebuf, + struct iatt *postbuf, dict_t *xdata) { - STACK_UNWIND_STRICT (writev, frame, op_ret, op_errno, - prebuf, postbuf, xdata); - return 0; + STACK_UNWIND_STRICT(writev, frame, op_ret, op_errno, prebuf, postbuf, + xdata); + return 0; } - int -posix_acl_writev (call_frame_t *frame, xlator_t *this, fd_t *fd, - struct iovec *vector, int count, off_t offset, - uint32_t flags, struct iobref *iobref, dict_t *xdata) +posix_acl_writev(call_frame_t *frame, xlator_t *this, fd_t *fd, + struct iovec *vector, int count, off_t offset, uint32_t flags, + struct iobref *iobref, dict_t *xdata) { - if (__is_fuse_call (frame)) - goto green; + if (__is_fuse_call(frame)) + goto green; - if (acl_permits (frame, fd->inode, POSIX_ACL_WRITE)) - goto green; - else - goto red; + if (acl_permits(frame, fd->inode, POSIX_ACL_WRITE)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_writev_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->writev, - fd, vector, count, offset, flags, iobref, xdata); - return 0; + STACK_WIND(frame, posix_acl_writev_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->writev, fd, vector, count, offset, + flags, iobref, xdata); + return 0; red: - STACK_UNWIND_STRICT (writev, frame, -1, EACCES, NULL, NULL, NULL); - return 0; + STACK_UNWIND_STRICT(writev, frame, -1, EACCES, NULL, NULL, NULL); + return 0; } - - int -posix_acl_ftruncate_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, struct iatt *prebuf, - struct iatt *postbuf, dict_t *xdata) +posix_acl_ftruncate_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iatt *prebuf, + struct iatt *postbuf, dict_t *xdata) { - STACK_UNWIND_STRICT (ftruncate, frame, op_ret, op_errno, - prebuf, postbuf, xdata); - return 0; + STACK_UNWIND_STRICT(ftruncate, frame, op_ret, op_errno, prebuf, postbuf, + xdata); + return 0; } - int -posix_acl_ftruncate (call_frame_t *frame, xlator_t *this, fd_t *fd, - off_t offset, dict_t *xdata) +posix_acl_ftruncate(call_frame_t *frame, xlator_t *this, fd_t *fd, off_t offset, + dict_t *xdata) { - if (__is_fuse_call (frame)) - goto green; + if (__is_fuse_call(frame)) + goto green; - if (acl_permits (frame, fd->inode, POSIX_ACL_WRITE)) - goto green; - else - goto red; + if (acl_permits(frame, fd->inode, POSIX_ACL_WRITE)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_ftruncate_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->ftruncate, - fd, offset, xdata); - return 0; + STACK_WIND(frame, posix_acl_ftruncate_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->ftruncate, fd, offset, xdata); + return 0; red: - STACK_UNWIND_STRICT (ftruncate, frame, -1, EACCES, NULL, NULL, NULL); - return 0; + STACK_UNWIND_STRICT(ftruncate, frame, -1, EACCES, NULL, NULL, NULL); + return 0; } - int -posix_acl_opendir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, fd_t *fd, dict_t *xdata) +posix_acl_opendir_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, fd_t *fd, dict_t *xdata) { - STACK_UNWIND_STRICT (opendir, frame, op_ret, op_errno, fd, xdata); + STACK_UNWIND_STRICT(opendir, frame, op_ret, op_errno, fd, xdata); - return 0; + return 0; } - int -posix_acl_opendir (call_frame_t *frame, xlator_t *this, loc_t *loc, fd_t *fd, dict_t *xdata) +posix_acl_opendir(call_frame_t *frame, xlator_t *this, loc_t *loc, fd_t *fd, + dict_t *xdata) { - if (acl_permits (frame, loc->inode, POSIX_ACL_READ)) - goto green; - else - goto red; + if (acl_permits(frame, loc->inode, POSIX_ACL_READ)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_opendir_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->opendir, - loc, fd, xdata); - return 0; + STACK_WIND(frame, posix_acl_opendir_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->opendir, loc, fd, xdata); + return 0; red: - STACK_UNWIND_STRICT (opendir, frame, -1, EACCES, NULL, NULL); - return 0; + STACK_UNWIND_STRICT(opendir, frame, -1, EACCES, NULL, NULL); + return 0; } - int -posix_acl_mkdir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, inode_t *inode, struct iatt *buf, - struct iatt *preparent, struct iatt *postparent, - dict_t *xdata) +posix_acl_mkdir_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, inode_t *inode, struct iatt *buf, + struct iatt *preparent, struct iatt *postparent, + dict_t *xdata) { - if (op_ret != 0) - goto unwind; + if (op_ret != 0) + goto unwind; - posix_acl_ctx_update (inode, this, buf, GF_FOP_MKDIR); + posix_acl_ctx_update(inode, this, buf, GF_FOP_MKDIR); unwind: - STACK_UNWIND_STRICT (mkdir, frame, op_ret, op_errno, inode, buf, - preparent, postparent, xdata); - return 0; + STACK_UNWIND_STRICT(mkdir, frame, op_ret, op_errno, inode, buf, preparent, + postparent, xdata); + return 0; } - int -posix_acl_mkdir (call_frame_t *frame, xlator_t *this, loc_t *loc, mode_t mode, - mode_t umask, dict_t *xdata) +posix_acl_mkdir(call_frame_t *frame, xlator_t *this, loc_t *loc, mode_t mode, + mode_t umask, dict_t *xdata) { - mode_t newmode = 0; + mode_t newmode = 0; - newmode = mode; - if (acl_permits (frame, loc->parent, POSIX_ACL_WRITE|POSIX_ACL_EXECUTE)) - goto green; - else - goto red; + newmode = mode; + if (acl_permits(frame, loc->parent, POSIX_ACL_WRITE | POSIX_ACL_EXECUTE)) + goto green; + else + goto red; green: - newmode = posix_acl_inherit_dir (this, loc, xdata, mode, umask); + newmode = posix_acl_inherit_dir(this, loc, xdata, mode, umask); - STACK_WIND (frame, posix_acl_mkdir_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->mkdir, - loc, newmode, umask, xdata); - return 0; + STACK_WIND(frame, posix_acl_mkdir_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->mkdir, loc, newmode, umask, xdata); + return 0; red: - STACK_UNWIND_STRICT (mkdir, frame, -1, EACCES, NULL, NULL, NULL, NULL, - NULL); - return 0; + STACK_UNWIND_STRICT(mkdir, frame, -1, EACCES, NULL, NULL, NULL, NULL, NULL); + return 0; } - int -posix_acl_mknod_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, inode_t *inode, struct iatt *buf, - struct iatt *preparent, struct iatt *postparent, - dict_t *xdata) +posix_acl_mknod_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, inode_t *inode, struct iatt *buf, + struct iatt *preparent, struct iatt *postparent, + dict_t *xdata) { - if (op_ret != 0) - goto unwind; + if (op_ret != 0) + goto unwind; - posix_acl_ctx_update (inode, this, buf, GF_FOP_MKNOD); + posix_acl_ctx_update(inode, this, buf, GF_FOP_MKNOD); unwind: - STACK_UNWIND_STRICT (mknod, frame, op_ret, op_errno, inode, buf, - preparent, postparent, xdata); - return 0; + STACK_UNWIND_STRICT(mknod, frame, op_ret, op_errno, inode, buf, preparent, + postparent, xdata); + return 0; } - int -posix_acl_mknod (call_frame_t *frame, xlator_t *this, loc_t *loc, mode_t mode, - dev_t rdev, mode_t umask, dict_t *xdata) +posix_acl_mknod(call_frame_t *frame, xlator_t *this, loc_t *loc, mode_t mode, + dev_t rdev, mode_t umask, dict_t *xdata) { - mode_t newmode = 0; + mode_t newmode = 0; - newmode = mode; - if (acl_permits (frame, loc->parent, POSIX_ACL_WRITE|POSIX_ACL_EXECUTE)) - goto green; - else - goto red; + newmode = mode; + if (acl_permits(frame, loc->parent, POSIX_ACL_WRITE | POSIX_ACL_EXECUTE)) + goto green; + else + goto red; green: - newmode = posix_acl_inherit_file (this, loc, xdata, mode, umask); + newmode = posix_acl_inherit_file(this, loc, xdata, mode, umask); - STACK_WIND (frame, posix_acl_mknod_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->mknod, - loc, newmode, rdev, umask, xdata); - return 0; + STACK_WIND(frame, posix_acl_mknod_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->mknod, loc, newmode, rdev, umask, + xdata); + return 0; red: - STACK_UNWIND_STRICT (mknod, frame, -1, EACCES, NULL, NULL, NULL, NULL, - NULL); - return 0; + STACK_UNWIND_STRICT(mknod, frame, -1, EACCES, NULL, NULL, NULL, NULL, NULL); + return 0; } - int -posix_acl_create_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, fd_t *fd, inode_t *inode, - struct iatt *buf, struct iatt *preparent, - struct iatt *postparent, dict_t *xdata) +posix_acl_create_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, fd_t *fd, inode_t *inode, + struct iatt *buf, struct iatt *preparent, + struct iatt *postparent, dict_t *xdata) { - if (op_ret != 0) - goto unwind; + if (op_ret != 0) + goto unwind; - posix_acl_ctx_update (inode, this, buf, GF_FOP_CREATE); + posix_acl_ctx_update(inode, this, buf, GF_FOP_CREATE); unwind: - STACK_UNWIND_STRICT (create, frame, op_ret, op_errno, fd, inode, buf, - preparent, postparent, xdata); - return 0; + STACK_UNWIND_STRICT(create, frame, op_ret, op_errno, fd, inode, buf, + preparent, postparent, xdata); + return 0; } - int -posix_acl_create (call_frame_t *frame, xlator_t *this, loc_t *loc, int flags, - mode_t mode, mode_t umask, fd_t *fd, dict_t *xdata) +posix_acl_create(call_frame_t *frame, xlator_t *this, loc_t *loc, int flags, + mode_t mode, mode_t umask, fd_t *fd, dict_t *xdata) { - mode_t newmode = 0; + mode_t newmode = 0; - newmode = mode; - if (acl_permits (frame, loc->parent, POSIX_ACL_WRITE|POSIX_ACL_EXECUTE)) - goto green; - else - goto red; + newmode = mode; + if (acl_permits(frame, loc->parent, POSIX_ACL_WRITE | POSIX_ACL_EXECUTE)) + goto green; + else + goto red; green: - newmode = posix_acl_inherit_file (this, loc, xdata, mode, umask); + newmode = posix_acl_inherit_file(this, loc, xdata, mode, umask); - STACK_WIND (frame, posix_acl_create_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->create, - loc, flags, newmode, umask, fd, xdata); - return 0; + STACK_WIND(frame, posix_acl_create_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->create, loc, flags, newmode, umask, fd, + xdata); + return 0; red: - STACK_UNWIND_STRICT (create, frame, -1, EACCES, NULL, NULL, NULL, - NULL, NULL, NULL); - return 0; + STACK_UNWIND_STRICT(create, frame, -1, EACCES, NULL, NULL, NULL, NULL, NULL, + NULL); + return 0; } - int -posix_acl_symlink_cbk (call_frame_t *frame, void *cookie, xlator_t *this, +posix_acl_symlink_cbk(call_frame_t *frame, void *cookie, xlator_t *this, int op_ret, int op_errno, inode_t *inode, struct iatt *buf, struct iatt *preparent, struct iatt *postparent, dict_t *xdata) { - if (op_ret != 0) - goto unwind; + if (op_ret != 0) + goto unwind; - posix_acl_ctx_update (inode, this, buf, GF_FOP_SYMLINK); + posix_acl_ctx_update(inode, this, buf, GF_FOP_SYMLINK); unwind: - STACK_UNWIND_STRICT (symlink, frame, op_ret, op_errno, inode, buf, - preparent, postparent, xdata); - return 0; + STACK_UNWIND_STRICT(symlink, frame, op_ret, op_errno, inode, buf, preparent, + postparent, xdata); + return 0; } - int -posix_acl_symlink (call_frame_t *frame, xlator_t *this, const char *linkname, - loc_t *loc, mode_t umask, dict_t *xdata) +posix_acl_symlink(call_frame_t *frame, xlator_t *this, const char *linkname, + loc_t *loc, mode_t umask, dict_t *xdata) { - if (acl_permits (frame, loc->parent, POSIX_ACL_WRITE|POSIX_ACL_EXECUTE)) - goto green; - else - goto red; + if (acl_permits(frame, loc->parent, POSIX_ACL_WRITE | POSIX_ACL_EXECUTE)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_symlink_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->symlink, - linkname, loc, umask, xdata); - return 0; + STACK_WIND(frame, posix_acl_symlink_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->symlink, linkname, loc, umask, xdata); + return 0; red: - STACK_UNWIND_STRICT (symlink, frame, -1, EACCES, NULL, NULL, NULL, - NULL, NULL); - return 0; + STACK_UNWIND_STRICT(symlink, frame, -1, EACCES, NULL, NULL, NULL, NULL, + NULL); + return 0; } - int -posix_acl_unlink_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, struct iatt *preparent, - struct iatt *postparent, dict_t *xdata) +posix_acl_unlink_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iatt *preparent, + struct iatt *postparent, dict_t *xdata) { - STACK_UNWIND_STRICT (unlink, frame, op_ret, op_errno, - preparent, postparent, xdata); - return 0; + STACK_UNWIND_STRICT(unlink, frame, op_ret, op_errno, preparent, postparent, + xdata); + return 0; } - int -posix_acl_unlink (call_frame_t *frame, xlator_t *this, loc_t *loc, int xflag, - dict_t *xdata) +posix_acl_unlink(call_frame_t *frame, xlator_t *this, loc_t *loc, int xflag, + dict_t *xdata) { - if (!sticky_permits (frame, loc->parent, loc->inode)) - goto red; + if (!sticky_permits(frame, loc->parent, loc->inode)) + goto red; - if (acl_permits (frame, loc->parent, POSIX_ACL_WRITE|POSIX_ACL_EXECUTE)) - goto green; - else - goto red; + if (acl_permits(frame, loc->parent, POSIX_ACL_WRITE | POSIX_ACL_EXECUTE)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_unlink_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->unlink, - loc, xflag, xdata); - return 0; + STACK_WIND(frame, posix_acl_unlink_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->unlink, loc, xflag, xdata); + return 0; red: - STACK_UNWIND_STRICT (unlink, frame, -1, EACCES, NULL, NULL, NULL); - return 0; + STACK_UNWIND_STRICT(unlink, frame, -1, EACCES, NULL, NULL, NULL); + return 0; } - int -posix_acl_rmdir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, - struct iatt *preparent, struct iatt *postparent, dict_t *xdata) +posix_acl_rmdir_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iatt *preparent, + struct iatt *postparent, dict_t *xdata) { - STACK_UNWIND_STRICT (rmdir, frame, op_ret, op_errno, - preparent, postparent, xdata); - return 0; + STACK_UNWIND_STRICT(rmdir, frame, op_ret, op_errno, preparent, postparent, + xdata); + return 0; } - int -posix_acl_rmdir (call_frame_t *frame, xlator_t *this, loc_t *loc, int flags, dict_t *xdata) +posix_acl_rmdir(call_frame_t *frame, xlator_t *this, loc_t *loc, int flags, + dict_t *xdata) { - if (!sticky_permits (frame, loc->parent, loc->inode)) - goto red; + if (!sticky_permits(frame, loc->parent, loc->inode)) + goto red; - if (acl_permits (frame, loc->parent, POSIX_ACL_WRITE|POSIX_ACL_EXECUTE)) - goto green; - else - goto red; + if (acl_permits(frame, loc->parent, POSIX_ACL_WRITE | POSIX_ACL_EXECUTE)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_rmdir_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->rmdir, - loc, flags, xdata); - return 0; + STACK_WIND(frame, posix_acl_rmdir_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->rmdir, loc, flags, xdata); + return 0; red: - STACK_UNWIND_STRICT (rmdir, frame, -1, EACCES, NULL, NULL, NULL); - return 0; + STACK_UNWIND_STRICT(rmdir, frame, -1, EACCES, NULL, NULL, NULL); + return 0; } - int -posix_acl_rename_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, struct iatt *buf, - struct iatt *preoldparent, struct iatt *postoldparent, - struct iatt *prenewparent, struct iatt *postnewparent, - dict_t *xdata) +posix_acl_rename_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iatt *buf, + struct iatt *preoldparent, struct iatt *postoldparent, + struct iatt *prenewparent, struct iatt *postnewparent, + dict_t *xdata) { - STACK_UNWIND_STRICT (rename, frame, op_ret, op_errno, buf, - preoldparent, postoldparent, - prenewparent, postnewparent, xdata); - return 0; + STACK_UNWIND_STRICT(rename, frame, op_ret, op_errno, buf, preoldparent, + postoldparent, prenewparent, postnewparent, xdata); + return 0; } - int -posix_acl_rename (call_frame_t *frame, xlator_t *this, loc_t *old, loc_t *new, dict_t *xdata) +posix_acl_rename(call_frame_t *frame, xlator_t *this, loc_t *old, loc_t *new, + dict_t *xdata) { - if (!acl_permits (frame, old->parent, POSIX_ACL_WRITE)) - goto red; + if (!acl_permits(frame, old->parent, POSIX_ACL_WRITE)) + goto red; - if (!acl_permits (frame, new->parent, POSIX_ACL_WRITE)) - goto red; + if (!acl_permits(frame, new->parent, POSIX_ACL_WRITE)) + goto red; - if (!sticky_permits (frame, old->parent, old->inode)) - goto red; + if (!sticky_permits(frame, old->parent, old->inode)) + goto red; - if (new->inode) { - if (!sticky_permits (frame, new->parent, new->inode)) - goto red; - } + if (new->inode) { + if (!sticky_permits(frame, new->parent, new->inode)) + goto red; + } - STACK_WIND (frame, posix_acl_rename_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->rename, - old, new, xdata); - return 0; + STACK_WIND(frame, posix_acl_rename_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->rename, old, new, xdata); + return 0; red: - STACK_UNWIND_STRICT (rename, frame, -1, EACCES, NULL, NULL, NULL, NULL, - NULL, NULL); - return 0; + STACK_UNWIND_STRICT(rename, frame, -1, EACCES, NULL, NULL, NULL, NULL, NULL, + NULL); + return 0; } - int -posix_acl_link_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, inode_t *inode, struct iatt *buf, - struct iatt *preparent, struct iatt *postparent, dict_t *xdata) +posix_acl_link_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, inode_t *inode, struct iatt *buf, + struct iatt *preparent, struct iatt *postparent, + dict_t *xdata) { - STACK_UNWIND_STRICT (link, frame, op_ret, op_errno, inode, buf, - preparent, postparent, xdata); - return 0; + STACK_UNWIND_STRICT(link, frame, op_ret, op_errno, inode, buf, preparent, + postparent, xdata); + return 0; } - int -posix_acl_link (call_frame_t *frame, xlator_t *this, loc_t *old, loc_t *new, dict_t *xdata) +posix_acl_link(call_frame_t *frame, xlator_t *this, loc_t *old, loc_t *new, + dict_t *xdata) { - struct posix_acl_ctx *ctx = NULL; - int op_errno = 0; + struct posix_acl_ctx *ctx = NULL; + int op_errno = 0; - ctx = posix_acl_ctx_get (old->inode, this); - if (!ctx) { - op_errno = EIO; - goto red; - } + ctx = posix_acl_ctx_get(old->inode, this); + if (!ctx) { + op_errno = EIO; + goto red; + } - if (!acl_permits (frame, new->parent, POSIX_ACL_WRITE)) { - op_errno = EACCES; - goto red; - } + if (!acl_permits(frame, new->parent, POSIX_ACL_WRITE)) { + op_errno = EACCES; + goto red; + } - if (!sticky_permits (frame, new->parent, new->inode)) { - op_errno = EACCES; - goto red; - } + if (!sticky_permits(frame, new->parent, new->inode)) { + op_errno = EACCES; + goto red; + } - STACK_WIND (frame, posix_acl_link_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->link, - old, new, xdata); - return 0; + STACK_WIND(frame, posix_acl_link_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->link, old, new, xdata); + return 0; red: - STACK_UNWIND_STRICT (link, frame, -1, op_errno, NULL, NULL, NULL, NULL, - NULL); + STACK_UNWIND_STRICT(link, frame, -1, op_errno, NULL, NULL, NULL, NULL, + NULL); - return 0; + return 0; } - int -posix_acl_readdir_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, gf_dirent_t *entries, - dict_t *xdata) +posix_acl_readdir_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, gf_dirent_t *entries, + dict_t *xdata) { - STACK_UNWIND_STRICT (readdir, frame, op_ret, op_errno, entries, xdata); - return 0; + STACK_UNWIND_STRICT(readdir, frame, op_ret, op_errno, entries, xdata); + return 0; } - int -posix_acl_readdir (call_frame_t *frame, xlator_t *this, fd_t *fd, size_t size, - off_t offset, dict_t *xdata) +posix_acl_readdir(call_frame_t *frame, xlator_t *this, fd_t *fd, size_t size, + off_t offset, dict_t *xdata) { - if (acl_permits (frame, fd->inode, POSIX_ACL_READ)) - goto green; - else - goto red; + if (acl_permits(frame, fd->inode, POSIX_ACL_READ)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_readdir_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->readdir, - fd, size, offset, xdata); - return 0; + STACK_WIND(frame, posix_acl_readdir_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->readdir, fd, size, offset, xdata); + return 0; red: - STACK_UNWIND_STRICT (readdir, frame, -1, EACCES, NULL, NULL); + STACK_UNWIND_STRICT(readdir, frame, -1, EACCES, NULL, NULL); - return 0; + return 0; } - int -posix_acl_readdirp_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, gf_dirent_t *entries, - dict_t *xdata) +posix_acl_readdirp_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, gf_dirent_t *entries, + dict_t *xdata) { - gf_dirent_t *entry = NULL; - struct posix_acl *acl_access = NULL; - struct posix_acl *acl_default = NULL; - struct posix_acl_ctx *ctx = NULL; - data_t *data = NULL; - int ret = 0; + gf_dirent_t *entry = NULL; + struct posix_acl *acl_access = NULL; + struct posix_acl *acl_default = NULL; + struct posix_acl_ctx *ctx = NULL; + data_t *data = NULL; + int ret = 0; - if (op_ret <= 0) - goto unwind; + if (op_ret <= 0) + goto unwind; - list_for_each_entry (entry, &entries->list, list) { - /* Update the inode ctx */ - if (!entry->dict || !entry->inode) - continue; + list_for_each_entry(entry, &entries->list, list) + { + /* Update the inode ctx */ + if (!entry->dict || !entry->inode) + continue; - ctx = posix_acl_ctx_new (entry->inode, this); - if (!ctx) { - op_ret = -1; - op_errno = ENOMEM; - goto unwind; - } + ctx = posix_acl_ctx_new(entry->inode, this); + if (!ctx) { + op_ret = -1; + op_errno = ENOMEM; + goto unwind; + } - ret = posix_acl_get (entry->inode, this, - &acl_access, &acl_default); + ret = posix_acl_get(entry->inode, this, &acl_access, &acl_default); - data = dict_get (entry->dict, POSIX_ACL_ACCESS_XATTR); - if (!data) - goto acl_default; + data = dict_get(entry->dict, POSIX_ACL_ACCESS_XATTR); + if (!data) + goto acl_default; - if (acl_access && - posix_acl_matches_xattr (this, acl_access, data->data, - data->len)) - goto acl_default; + if (acl_access && + posix_acl_matches_xattr(this, acl_access, data->data, data->len)) + goto acl_default; - if (acl_access) - posix_acl_unref(this, acl_access); + if (acl_access) + posix_acl_unref(this, acl_access); - acl_access = posix_acl_from_xattr (this, data->data, - data->len); + acl_access = posix_acl_from_xattr(this, data->data, data->len); - acl_default: - data = dict_get (entry->dict, POSIX_ACL_DEFAULT_XATTR); - if (!data) - goto acl_set; + acl_default: + data = dict_get(entry->dict, POSIX_ACL_DEFAULT_XATTR); + if (!data) + goto acl_set; - if (acl_default && - posix_acl_matches_xattr (this, acl_default, data->data, - data->len)) - goto acl_set; + if (acl_default && + posix_acl_matches_xattr(this, acl_default, data->data, data->len)) + goto acl_set; - if (acl_default) - posix_acl_unref(this, acl_default); + if (acl_default) + posix_acl_unref(this, acl_default); - acl_default = posix_acl_from_xattr (this, data->data, - data->len); + acl_default = posix_acl_from_xattr(this, data->data, data->len); - acl_set: - posix_acl_ctx_update (entry->inode, this, &entry->d_stat, - GF_FOP_READDIRP); + acl_set: + posix_acl_ctx_update(entry->inode, this, &entry->d_stat, + GF_FOP_READDIRP); - ret = posix_acl_set (entry->inode, this, - acl_access, acl_default); - if (ret) - gf_log (this->name, GF_LOG_WARNING, - "failed to set ACL in context"); + ret = posix_acl_set(entry->inode, this, acl_access, acl_default); + if (ret) + gf_log(this->name, GF_LOG_WARNING, "failed to set ACL in context"); - if (acl_access) - posix_acl_unref(this, acl_access); - if (acl_default) - posix_acl_unref(this, acl_default); - } + if (acl_access) + posix_acl_unref(this, acl_access); + if (acl_default) + posix_acl_unref(this, acl_default); + } unwind: - STACK_UNWIND_STRICT (readdirp, frame, op_ret, op_errno, entries, xdata); - return 0; + STACK_UNWIND_STRICT(readdirp, frame, op_ret, op_errno, entries, xdata); + return 0; } - int -posix_acl_readdirp (call_frame_t *frame, xlator_t *this, fd_t *fd, size_t size, - off_t offset, dict_t *dict) +posix_acl_readdirp(call_frame_t *frame, xlator_t *this, fd_t *fd, size_t size, + off_t offset, dict_t *dict) { - int ret = 0; - dict_t *alloc_dict = NULL; + int ret = 0; + dict_t *alloc_dict = NULL; - if (acl_permits (frame, fd->inode, POSIX_ACL_READ)) - goto green; - else - goto red; + if (acl_permits(frame, fd->inode, POSIX_ACL_READ)) + goto green; + else + goto red; green: - if (!dict) - dict = alloc_dict = dict_new (); - - if (dict) { - ret = dict_set_int8 (dict, POSIX_ACL_ACCESS_XATTR, 0); - if (ret) - gf_log (this->name, GF_LOG_WARNING, - "failed to set key %s", - POSIX_ACL_ACCESS_XATTR); - - ret = dict_set_int8 (dict, POSIX_ACL_DEFAULT_XATTR, 0); - if (ret) - gf_log (this->name, GF_LOG_WARNING, - "failed to set key %s", - POSIX_ACL_DEFAULT_XATTR); - } + if (!dict) + dict = alloc_dict = dict_new(); + + if (dict) { + ret = dict_set_int8(dict, POSIX_ACL_ACCESS_XATTR, 0); + if (ret) + gf_log(this->name, GF_LOG_WARNING, "failed to set key %s", + POSIX_ACL_ACCESS_XATTR); - STACK_WIND (frame, posix_acl_readdirp_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->readdirp, - fd, size, offset, dict); + ret = dict_set_int8(dict, POSIX_ACL_DEFAULT_XATTR, 0); + if (ret) + gf_log(this->name, GF_LOG_WARNING, "failed to set key %s", + POSIX_ACL_DEFAULT_XATTR); + } - if (alloc_dict) - dict_unref (alloc_dict); - return 0; + STACK_WIND(frame, posix_acl_readdirp_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->readdirp, fd, size, offset, dict); + + if (alloc_dict) + dict_unref(alloc_dict); + return 0; red: - STACK_UNWIND_STRICT (readdirp, frame, -1, EACCES, NULL, NULL); + STACK_UNWIND_STRICT(readdirp, frame, -1, EACCES, NULL, NULL); - return 0; + return 0; } - int -setattr_scrutiny (call_frame_t *frame, inode_t *inode, struct iatt *buf, - int valid) +setattr_scrutiny(call_frame_t *frame, inode_t *inode, struct iatt *buf, + int valid) { - struct posix_acl_ctx *ctx = NULL; - - if (frame_is_super_user (frame)) - return 0; + struct posix_acl_ctx *ctx = NULL; - ctx = posix_acl_ctx_get (inode, frame->this); - if (!ctx) - return EIO; - - if (valid & GF_SET_ATTR_MODE) { -/* - The effective UID of the calling process must match the owner of the - file, or the process must be privileged -*/ - if (!frame_is_user (frame, ctx->uid)) - return EPERM; -/* - If the calling process is not privileged (Linux: does not have the - CAP_FSETID capability), and the group of the file does not match the - effective group ID of the process or one of its supplementary group - IDs, the S_ISGID bit will be turned off, but this will not cause an - error to be returned. + if (frame_is_super_user(frame)) + return 0; -*/ - if (!frame_in_group (frame, ctx->gid)) - buf->ia_prot.sgid = 0; - } + ctx = posix_acl_ctx_get(inode, frame->this); + if (!ctx) + return EIO; - if (valid & (GF_SET_ATTR_ATIME | GF_SET_ATTR_MTIME)) { -/* - Changing timestamps is permitted when: either the process has appropri? - ate privileges, or the effective user ID equals the user ID of the - file, or times is NULL and the process has write permission for the - file. -*/ - if (!frame_is_user (frame, ctx->uid) && - !acl_permits (frame, inode, POSIX_ACL_WRITE)) - return EACCES; - } + if (valid & GF_SET_ATTR_MODE) { + /* + The effective UID of the calling process must match the owner of + the file, or the process must be privileged + */ + if (!frame_is_user(frame, ctx->uid)) + return EPERM; + /* + If the calling process is not privileged (Linux: does not have + the CAP_FSETID capability), and the group of the file does not + match the effective group ID of the process or one of its + supplementary group IDs, the S_ISGID bit will be turned off, but + this will not cause an error to be returned. + + */ + if (!frame_in_group(frame, ctx->gid)) + buf->ia_prot.sgid = 0; + } + + if (valid & (GF_SET_ATTR_ATIME | GF_SET_ATTR_MTIME)) { + /* + Changing timestamps is permitted when: either the process has + appropri? ate privileges, or the effective user ID equals the + user ID of the file, or times is NULL and the process has write + permission for the file. + */ + if (!frame_is_user(frame, ctx->uid) && + !acl_permits(frame, inode, POSIX_ACL_WRITE)) + return EACCES; + } - if (valid & GF_SET_ATTR_UID) { - if ((!frame_is_super_user (frame)) && - (buf->ia_uid != ctx->uid)) - return EPERM; - } + if (valid & GF_SET_ATTR_UID) { + if ((!frame_is_super_user(frame)) && (buf->ia_uid != ctx->uid)) + return EPERM; + } - if (valid & GF_SET_ATTR_GID) { - if (!frame_is_user (frame, ctx->uid)) - return EPERM; - if (!frame_in_group (frame, buf->ia_gid)) - return EPERM; - } + if (valid & GF_SET_ATTR_GID) { + if (!frame_is_user(frame, ctx->uid)) + return EPERM; + if (!frame_in_group(frame, buf->ia_gid)) + return EPERM; + } - return 0; + return 0; } - int -posix_acl_setattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, - struct iatt *prebuf, struct iatt *postbuf, dict_t *xdata) +posix_acl_setattr_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iatt *prebuf, + struct iatt *postbuf, dict_t *xdata) { - inode_t *inode = NULL; + inode_t *inode = NULL; - inode = frame->local; - frame->local = NULL; + inode = frame->local; + frame->local = NULL; - if (op_ret != 0) - goto unwind; + if (op_ret != 0) + goto unwind; - posix_acl_ctx_update (inode, this, postbuf, GF_FOP_SETATTR); + posix_acl_ctx_update(inode, this, postbuf, GF_FOP_SETATTR); unwind: - STACK_UNWIND_STRICT (setattr, frame, op_ret, op_errno, prebuf, - postbuf, xdata); - return 0; + STACK_UNWIND_STRICT(setattr, frame, op_ret, op_errno, prebuf, postbuf, + xdata); + return 0; } - int -posix_acl_setattr (call_frame_t *frame, xlator_t *this, loc_t *loc, - struct iatt *buf, int valid, dict_t *xdata) +posix_acl_setattr(call_frame_t *frame, xlator_t *this, loc_t *loc, + struct iatt *buf, int valid, dict_t *xdata) { - int op_errno = 0; + int op_errno = 0; - op_errno = setattr_scrutiny (frame, loc->inode, buf, valid); + op_errno = setattr_scrutiny(frame, loc->inode, buf, valid); - if (op_errno) - goto red; + if (op_errno) + goto red; - frame->local = loc->inode; + frame->local = loc->inode; - STACK_WIND (frame, posix_acl_setattr_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->setattr, - loc, buf, valid, xdata); - return 0; + STACK_WIND(frame, posix_acl_setattr_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->setattr, loc, buf, valid, xdata); + return 0; red: - STACK_UNWIND_STRICT (setattr, frame, -1, op_errno, NULL, NULL, NULL); + STACK_UNWIND_STRICT(setattr, frame, -1, op_errno, NULL, NULL, NULL); - return 0; + return 0; } - int -posix_acl_fsetattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, - struct iatt *prebuf, struct iatt *postbuf, dict_t *xdata) +posix_acl_fsetattr_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, struct iatt *prebuf, + struct iatt *postbuf, dict_t *xdata) { - inode_t *inode = NULL; + inode_t *inode = NULL; - inode = frame->local; - frame->local = NULL; + inode = frame->local; + frame->local = NULL; - if (op_ret != 0) - goto unwind; + if (op_ret != 0) + goto unwind; - posix_acl_ctx_update (inode, this, postbuf, GF_FOP_FSETATTR); + posix_acl_ctx_update(inode, this, postbuf, GF_FOP_FSETATTR); unwind: - STACK_UNWIND_STRICT (fsetattr, frame, op_ret, op_errno, prebuf, - postbuf, xdata); - return 0; + STACK_UNWIND_STRICT(fsetattr, frame, op_ret, op_errno, prebuf, postbuf, + xdata); + return 0; } - int -posix_acl_fsetattr (call_frame_t *frame, xlator_t *this, fd_t *fd, - struct iatt *buf, int valid, dict_t *xdata) +posix_acl_fsetattr(call_frame_t *frame, xlator_t *this, fd_t *fd, + struct iatt *buf, int valid, dict_t *xdata) { - int op_errno = 0; + int op_errno = 0; - op_errno = setattr_scrutiny (frame, fd->inode, buf, valid); + op_errno = setattr_scrutiny(frame, fd->inode, buf, valid); - if (op_errno) - goto red; + if (op_errno) + goto red; - frame->local = fd->inode; + frame->local = fd->inode; - STACK_WIND (frame, posix_acl_fsetattr_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->fsetattr, - fd, buf, valid, xdata); - return 0; + STACK_WIND(frame, posix_acl_fsetattr_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->fsetattr, fd, buf, valid, xdata); + return 0; red: - STACK_UNWIND_STRICT (fsetattr, frame, -1, EACCES, NULL, NULL, NULL); + STACK_UNWIND_STRICT(fsetattr, frame, -1, EACCES, NULL, NULL, NULL); - return 0; + return 0; } - int -setxattr_scrutiny (call_frame_t *frame, inode_t *inode, dict_t *xattr) +setxattr_scrutiny(call_frame_t *frame, inode_t *inode, dict_t *xattr) { - struct posix_acl_ctx *ctx = NULL; - int found = 0; + struct posix_acl_ctx *ctx = NULL; + int found = 0; - if (frame_is_super_user (frame)) - return 0; + if (frame_is_super_user(frame)) + return 0; - ctx = posix_acl_ctx_get (inode, frame->this); - if (!ctx) - return EIO; + ctx = posix_acl_ctx_get(inode, frame->this); + if (!ctx) + return EIO; - if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || - dict_get (xattr, POSIX_ACL_DEFAULT_XATTR) || - dict_get (xattr, GF_POSIX_ACL_ACCESS) || - dict_get (xattr, GF_POSIX_ACL_DEFAULT)) { - found = 1; - if (!frame_is_user (frame, ctx->uid)) - return EPERM; - } + if (dict_get(xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get(xattr, POSIX_ACL_DEFAULT_XATTR) || + dict_get(xattr, GF_POSIX_ACL_ACCESS) || + dict_get(xattr, GF_POSIX_ACL_DEFAULT)) { + found = 1; + if (!frame_is_user(frame, ctx->uid)) + return EPERM; + } - if (!found && !acl_permits (frame, inode, POSIX_ACL_WRITE)) - return EACCES; + if (!found && !acl_permits(frame, inode, POSIX_ACL_WRITE)) + return EACCES; - return 0; + return 0; } - struct posix_acl * -posix_acl_xattr_update (xlator_t *this, inode_t *inode, dict_t *xattr, - char *name, struct posix_acl *old) +posix_acl_xattr_update(xlator_t *this, inode_t *inode, dict_t *xattr, + char *name, struct posix_acl *old) { - struct posix_acl *acl = NULL; - data_t *data = NULL; + struct posix_acl *acl = NULL; + data_t *data = NULL; - data = dict_get (xattr, name); - if (data) { - acl = posix_acl_from_xattr (this, data->data, - data->len); - } + data = dict_get(xattr, name); + if (data) { + acl = posix_acl_from_xattr(this, data->data, data->len); + } - if (!acl && old) - acl = posix_acl_ref (this, old); + if (!acl && old) + acl = posix_acl_ref(this, old); - return acl; + return acl; } - int -posix_acl_setxattr_update (xlator_t *this, inode_t *inode, dict_t *xattr) +posix_acl_setxattr_update(xlator_t *this, inode_t *inode, dict_t *xattr) { - struct posix_acl *acl_access = NULL; - struct posix_acl *acl_default = NULL; - struct posix_acl *old_access = NULL; - struct posix_acl *old_default = NULL; - struct posix_acl_ctx *ctx = NULL; - int ret = 0; + struct posix_acl *acl_access = NULL; + struct posix_acl *acl_default = NULL; + struct posix_acl *old_access = NULL; + struct posix_acl *old_default = NULL; + struct posix_acl_ctx *ctx = NULL; + int ret = 0; - ctx = posix_acl_ctx_get (inode, this); - if (!ctx) - return -1; + ctx = posix_acl_ctx_get(inode, this); + if (!ctx) + return -1; - ret = posix_acl_get (inode, this, &old_access, &old_default); + ret = posix_acl_get(inode, this, &old_access, &old_default); - acl_access = posix_acl_xattr_update (this, inode, xattr, - POSIX_ACL_ACCESS_XATTR, - old_access); + acl_access = posix_acl_xattr_update(this, inode, xattr, + POSIX_ACL_ACCESS_XATTR, old_access); - acl_default = posix_acl_xattr_update (this, inode, xattr, - POSIX_ACL_DEFAULT_XATTR, - old_default); + acl_default = posix_acl_xattr_update(this, inode, xattr, + POSIX_ACL_DEFAULT_XATTR, old_default); - ret = posix_acl_set (inode, this, acl_access, acl_default); + ret = posix_acl_set(inode, this, acl_access, acl_default); - if (acl_access && acl_access != old_access) { - posix_acl_access_set_mode (acl_access, ctx); - } + if (acl_access && acl_access != old_access) { + posix_acl_access_set_mode(acl_access, ctx); + } - if (acl_access) - posix_acl_unref (this, acl_access); - if (acl_default) - posix_acl_unref (this, acl_default); - if (old_access) - posix_acl_unref (this, old_access); - if (old_default) - posix_acl_unref (this, old_default); + if (acl_access) + posix_acl_unref(this, acl_access); + if (acl_default) + posix_acl_unref(this, acl_default); + if (old_access) + posix_acl_unref(this, old_access); + if (old_default) + posix_acl_unref(this, old_default); - return ret; + return ret; } /* * @@ -2094,400 +1999,376 @@ posix_acl_setxattr_update (xlator_t *this, inode_t *inode, dict_t *xattr) * access-control translator */ int -handling_other_acl_related_xattr (xlator_t *this, inode_t *inode, dict_t *xattr) +handling_other_acl_related_xattr(xlator_t *this, inode_t *inode, dict_t *xattr) { - struct posix_acl *acl = NULL; - struct posix_acl_ctx *ctx = NULL; - data_t *data = NULL; - int ret = 0; - - if (!this || !xattr || !inode) - goto out; + struct posix_acl *acl = NULL; + struct posix_acl_ctx *ctx = NULL; + data_t *data = NULL; + int ret = 0; - data = dict_get (xattr, POSIX_ACL_ACCESS_XATTR); - if (data) { - - acl = posix_acl_from_xattr (this, data->data, data->len); - if (!acl) { - ret = -1; - goto out; - } + if (!this || !xattr || !inode) + goto out; - ret = posix_acl_set_specific (inode, this, acl, _gf_true); - if (ret) - goto out; + data = dict_get(xattr, POSIX_ACL_ACCESS_XATTR); + if (data) { + acl = posix_acl_from_xattr(this, data->data, data->len); + if (!acl) { + ret = -1; + goto out; + } - ctx = posix_acl_ctx_get (inode, this); - if (!ctx) { - ret = -1; - goto out; - } + ret = posix_acl_set_specific(inode, this, acl, _gf_true); + if (ret) + goto out; - posix_acl_access_set_mode (acl, ctx); - posix_acl_unref (this, acl); - acl = NULL; + ctx = posix_acl_ctx_get(inode, this); + if (!ctx) { + ret = -1; + goto out; } - data = dict_get (xattr, POSIX_ACL_DEFAULT_XATTR); - if (data) { - acl = posix_acl_from_xattr (this, data->data, data->len); - if (!acl) { - ret = -1; - goto out; - } + posix_acl_access_set_mode(acl, ctx); + posix_acl_unref(this, acl); + acl = NULL; + } - ret = posix_acl_set_specific (inode, this, acl, _gf_false); + data = dict_get(xattr, POSIX_ACL_DEFAULT_XATTR); + if (data) { + acl = posix_acl_from_xattr(this, data->data, data->len); + if (!acl) { + ret = -1; + goto out; } + ret = posix_acl_set_specific(inode, this, acl, _gf_false); + } + out: - if (acl) - posix_acl_unref (this, acl); + if (acl) + posix_acl_unref(this, acl); - return ret; + return ret; } int -posix_acl_setxattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, dict_t *xdata) +posix_acl_setxattr_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, dict_t *xdata) { + /* + * Update the context of posix_acl_translator, if any of + * POSIX_ACL_*_XATTR set in the call back + */ + handling_other_acl_related_xattr(this, (inode_t *)cookie, xdata); - /* - * Update the context of posix_acl_translator, if any of - * POSIX_ACL_*_XATTR set in the call back - */ - handling_other_acl_related_xattr (this, (inode_t *)cookie, xdata); - - STACK_UNWIND_STRICT (setxattr, frame, op_ret, op_errno, xdata); + STACK_UNWIND_STRICT(setxattr, frame, op_ret, op_errno, xdata); - return 0; + return 0; } - int -posix_acl_setxattr (call_frame_t *frame, xlator_t *this, loc_t *loc, - dict_t *xattr, int flags, dict_t *xdata) +posix_acl_setxattr(call_frame_t *frame, xlator_t *this, loc_t *loc, + dict_t *xattr, int flags, dict_t *xdata) { - int op_errno = 0; + int op_errno = 0; - op_errno = setxattr_scrutiny (frame, loc->inode, xattr); + op_errno = setxattr_scrutiny(frame, loc->inode, xattr); - if (op_errno != 0) - goto red; + if (op_errno != 0) + goto red; - if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || - dict_get (xattr, POSIX_ACL_DEFAULT_XATTR)) - posix_acl_setxattr_update (this, loc->inode, xattr); + if (dict_get(xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get(xattr, POSIX_ACL_DEFAULT_XATTR)) + posix_acl_setxattr_update(this, loc->inode, xattr); - /* - * inode is required in call back function to update the context - * this translator - */ - STACK_WIND_COOKIE (frame, posix_acl_setxattr_cbk, loc->inode, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->setxattr, - loc, xattr, flags, xdata); - return 0; + /* + * inode is required in call back function to update the context + * this translator + */ + STACK_WIND_COOKIE(frame, posix_acl_setxattr_cbk, loc->inode, + FIRST_CHILD(this), FIRST_CHILD(this)->fops->setxattr, loc, + xattr, flags, xdata); + return 0; red: - STACK_UNWIND_STRICT (setxattr, frame, -1, op_errno, NULL); + STACK_UNWIND_STRICT(setxattr, frame, -1, op_errno, NULL); - return 0; + return 0; } - int -posix_acl_fsetxattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, dict_t *xdata) +posix_acl_fsetxattr_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, dict_t *xdata) { - STACK_UNWIND_STRICT (fsetxattr, frame, op_ret, op_errno, xdata); + STACK_UNWIND_STRICT(fsetxattr, frame, op_ret, op_errno, xdata); - return 0; + return 0; } - int -posix_acl_fsetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd, - dict_t *xattr, int flags, dict_t *xdata) +posix_acl_fsetxattr(call_frame_t *frame, xlator_t *this, fd_t *fd, + dict_t *xattr, int flags, dict_t *xdata) { - int op_errno = 0; + int op_errno = 0; - op_errno = setxattr_scrutiny (frame, fd->inode, xattr); + op_errno = setxattr_scrutiny(frame, fd->inode, xattr); - if (op_errno != 0) - goto red; + if (op_errno != 0) + goto red; - if (dict_get (xattr, POSIX_ACL_ACCESS_XATTR) || - dict_get (xattr, POSIX_ACL_DEFAULT_XATTR)) - posix_acl_setxattr_update (this, fd->inode, xattr); + if (dict_get(xattr, POSIX_ACL_ACCESS_XATTR) || + dict_get(xattr, POSIX_ACL_DEFAULT_XATTR)) + posix_acl_setxattr_update(this, fd->inode, xattr); - STACK_WIND (frame, posix_acl_fsetxattr_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->fsetxattr, - fd, xattr, flags, xdata); - return 0; + STACK_WIND(frame, posix_acl_fsetxattr_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->fsetxattr, fd, xattr, flags, xdata); + return 0; red: - STACK_UNWIND_STRICT (fsetxattr, frame, -1, op_errno, NULL); + STACK_UNWIND_STRICT(fsetxattr, frame, -1, op_errno, NULL); - return 0; + return 0; } - int -posix_acl_getxattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, dict_t *xattr, dict_t *xdata) +posix_acl_getxattr_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, dict_t *xattr, dict_t *xdata) { - STACK_UNWIND_STRICT (getxattr, frame, op_ret, op_errno, xattr, xdata); + STACK_UNWIND_STRICT(getxattr, frame, op_ret, op_errno, xattr, xdata); - return 0; + return 0; } - int -posix_acl_getxattr (call_frame_t *frame, xlator_t *this, loc_t *loc, - const char *name, dict_t *xdata) +posix_acl_getxattr(call_frame_t *frame, xlator_t *this, loc_t *loc, + const char *name, dict_t *xdata) { - if (whitelisted_xattr (name)) - goto green; + if (whitelisted_xattr(name)) + goto green; - if (acl_permits (frame, loc->inode, POSIX_ACL_READ)) - goto green; - else - goto red; + if (acl_permits(frame, loc->inode, POSIX_ACL_READ)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_getxattr_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->getxattr, - loc, name, xdata); - return 0; + STACK_WIND(frame, posix_acl_getxattr_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->getxattr, loc, name, xdata); + return 0; red: - STACK_UNWIND_STRICT (getxattr, frame, -1, EACCES, NULL, NULL); + STACK_UNWIND_STRICT(getxattr, frame, -1, EACCES, NULL, NULL); - return 0; + return 0; } - int -posix_acl_fgetxattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, dict_t *xattr, dict_t *xdata) +posix_acl_fgetxattr_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, dict_t *xattr, dict_t *xdata) { - STACK_UNWIND_STRICT (fgetxattr, frame, op_ret, op_errno, xattr, xdata); + STACK_UNWIND_STRICT(fgetxattr, frame, op_ret, op_errno, xattr, xdata); - return 0; + return 0; } - int -posix_acl_fgetxattr (call_frame_t *frame, xlator_t *this, fd_t *fd, - const char *name, dict_t *xdata) +posix_acl_fgetxattr(call_frame_t *frame, xlator_t *this, fd_t *fd, + const char *name, dict_t *xdata) { - if (whitelisted_xattr (name)) - goto green; + if (whitelisted_xattr(name)) + goto green; - if (acl_permits (frame, fd->inode, POSIX_ACL_READ)) - goto green; - else - goto red; + if (acl_permits(frame, fd->inode, POSIX_ACL_READ)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_fgetxattr_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->fgetxattr, - fd, name, xdata); - return 0; + STACK_WIND(frame, posix_acl_fgetxattr_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->fgetxattr, fd, name, xdata); + return 0; red: - STACK_UNWIND_STRICT (fgetxattr, frame, -1, EACCES, NULL, NULL); + STACK_UNWIND_STRICT(fgetxattr, frame, -1, EACCES, NULL, NULL); - return 0; + return 0; } - int -posix_acl_removexattr_cbk (call_frame_t *frame, void *cookie, xlator_t *this, - int op_ret, int op_errno, dict_t *xdata) +posix_acl_removexattr_cbk(call_frame_t *frame, void *cookie, xlator_t *this, + int op_ret, int op_errno, dict_t *xdata) { - STACK_UNWIND_STRICT (removexattr, frame, op_ret, op_errno, xdata); + STACK_UNWIND_STRICT(removexattr, frame, op_ret, op_errno, xdata); - return 0; + return 0; } - int -posix_acl_removexattr (call_frame_t *frame, xlator_t *this, loc_t *loc, - const char *name, dict_t *xdata) +posix_acl_removexattr(call_frame_t *frame, xlator_t *this, loc_t *loc, + const char *name, dict_t *xdata) { - struct posix_acl_ctx *ctx = NULL; - int op_errno = EACCES; + struct posix_acl_ctx *ctx = NULL; + int op_errno = EACCES; - if (frame_is_super_user (frame)) - goto green; + if (frame_is_super_user(frame)) + goto green; - ctx = posix_acl_ctx_get (loc->inode, this); - if (!ctx) { - op_errno = EIO; - goto red; - } + ctx = posix_acl_ctx_get(loc->inode, this); + if (!ctx) { + op_errno = EIO; + goto red; + } - if (whitelisted_xattr (name)) { - if (!frame_is_user (frame, ctx->uid)) { - op_errno = EPERM; - goto red; - } + if (whitelisted_xattr(name)) { + if (!frame_is_user(frame, ctx->uid)) { + op_errno = EPERM; + goto red; } + } - if (acl_permits (frame, loc->inode, POSIX_ACL_WRITE)) - goto green; - else - goto red; + if (acl_permits(frame, loc->inode, POSIX_ACL_WRITE)) + goto green; + else + goto red; green: - STACK_WIND (frame, posix_acl_removexattr_cbk, - FIRST_CHILD(this), FIRST_CHILD(this)->fops->removexattr, - loc, name, xdata); - return 0; + STACK_WIND(frame, posix_acl_removexattr_cbk, FIRST_CHILD(this), + FIRST_CHILD(this)->fops->removexattr, loc, name, xdata); + return 0; red: - STACK_UNWIND_STRICT (removexattr, frame, -1, op_errno, NULL); + STACK_UNWIND_STRICT(removexattr, frame, -1, op_errno, NULL); - return 0; + return 0; } - int -posix_acl_forget (xlator_t *this, inode_t *inode) +posix_acl_forget(xlator_t *this, inode_t *inode) { - struct posix_acl_ctx *ctx = NULL; + struct posix_acl_ctx *ctx = NULL; - ctx = posix_acl_ctx_get (inode, this); - if (!ctx) - goto out; + ctx = posix_acl_ctx_get(inode, this); + if (!ctx) + goto out; - if (ctx->acl_access) - posix_acl_unref (this, ctx->acl_access); + if (ctx->acl_access) + posix_acl_unref(this, ctx->acl_access); - if (ctx->acl_default) - posix_acl_unref (this, ctx->acl_default); + if (ctx->acl_default) + posix_acl_unref(this, ctx->acl_default); - GF_FREE (ctx); + GF_FREE(ctx); out: - return 0; + return 0; } - int -reconfigure (xlator_t *this, dict_t *options) +reconfigure(xlator_t *this, dict_t *options) { - struct posix_acl_conf *conf = NULL; + struct posix_acl_conf *conf = NULL; - conf = this->private; + conf = this->private; - GF_OPTION_RECONF ("super-uid", conf->super_uid, options, uint32, err); + GF_OPTION_RECONF("super-uid", conf->super_uid, options, uint32, err); - return 0; + return 0; err: - return -1; + return -1; } - int -init (xlator_t *this) +init(xlator_t *this) { - struct posix_acl_conf *conf = NULL; - struct posix_acl *minacl = NULL; - struct posix_ace *minace = NULL; + struct posix_acl_conf *conf = NULL; + struct posix_acl *minacl = NULL; + struct posix_ace *minace = NULL; - conf = GF_CALLOC (1, sizeof (*conf), gf_posix_acl_mt_conf_t); - if (!conf) { - gf_log (this->name, GF_LOG_ERROR, - "out of memory"); - return -1; - } + conf = GF_CALLOC(1, sizeof(*conf), gf_posix_acl_mt_conf_t); + if (!conf) { + gf_log(this->name, GF_LOG_ERROR, "out of memory"); + return -1; + } - LOCK_INIT (&conf->acl_lock); + LOCK_INIT(&conf->acl_lock); - this->private = conf; + this->private = conf; - minacl = posix_acl_new (this, 3); - if (!minacl) - return -1; + minacl = posix_acl_new(this, 3); + if (!minacl) + return -1; - minace = minacl->entries; - minace[0].tag = POSIX_ACL_USER_OBJ; - minace[1].tag = POSIX_ACL_GROUP_OBJ; - minace[2].tag = POSIX_ACL_OTHER; + minace = minacl->entries; + minace[0].tag = POSIX_ACL_USER_OBJ; + minace[1].tag = POSIX_ACL_GROUP_OBJ; + minace[2].tag = POSIX_ACL_OTHER; - conf->minimal_acl = minacl; + conf->minimal_acl = minacl; - GF_OPTION_INIT ("super-uid", conf->super_uid, uint32, err); + GF_OPTION_INIT("super-uid", conf->super_uid, uint32, err); - return 0; + return 0; err: - return -1; + return -1; } - int -fini (xlator_t *this) +fini(xlator_t *this) { - struct posix_acl_conf *conf = NULL; - struct posix_acl *minacl = NULL; + struct posix_acl_conf *conf = NULL; + struct posix_acl *minacl = NULL; - conf = this->private; - if (!conf) - return 0; - this->private = NULL; + conf = this->private; + if (!conf) + return 0; + this->private = NULL; - minacl = conf->minimal_acl; + minacl = conf->minimal_acl; - LOCK (&conf->acl_lock); - { - conf->minimal_acl = NULL; - } - UNLOCK (&conf->acl_lock); + LOCK(&conf->acl_lock); + { + conf->minimal_acl = NULL; + } + UNLOCK(&conf->acl_lock); - LOCK_DESTROY (&conf->acl_lock); + LOCK_DESTROY(&conf->acl_lock); - GF_FREE (minacl); + GF_FREE(minacl); - GF_FREE (conf); + GF_FREE(conf); - return 0; + return 0; } - struct xlator_fops fops = { - .lookup = posix_acl_lookup, - .open = posix_acl_open, + .lookup = posix_acl_lookup, + .open = posix_acl_open, #if FD_MODE_CHECK_IS_IMPLEMENTED - .readv = posix_acl_readv, - .writev = posix_acl_writev, - .ftruncate = posix_acl_ftruncate, - .fsetattr = posix_acl_fsetattr, - .fsetxattr = posix_acl_fsetxattr, - .fgetxattr = posix_acl_fgetxattr, + .readv = posix_acl_readv, + .writev = posix_acl_writev, + .ftruncate = posix_acl_ftruncate, + .fsetattr = posix_acl_fsetattr, + .fsetxattr = posix_acl_fsetxattr, + .fgetxattr = posix_acl_fgetxattr, #endif - .access = posix_acl_access, - .truncate = posix_acl_truncate, - .mkdir = posix_acl_mkdir, - .mknod = posix_acl_mknod, - .create = posix_acl_create, - .symlink = posix_acl_symlink, - .unlink = posix_acl_unlink, - .rmdir = posix_acl_rmdir, - .rename = posix_acl_rename, - .link = posix_acl_link, - .opendir = posix_acl_opendir, - .readdir = posix_acl_readdir, - .readdirp = posix_acl_readdirp, - .setattr = posix_acl_setattr, - .setxattr = posix_acl_setxattr, - .getxattr = posix_acl_getxattr, - .removexattr = posix_acl_removexattr, -}; - - -struct xlator_cbks cbks = { - .forget = posix_acl_forget + .access = posix_acl_access, + .truncate = posix_acl_truncate, + .mkdir = posix_acl_mkdir, + .mknod = posix_acl_mknod, + .create = posix_acl_create, + .symlink = posix_acl_symlink, + .unlink = posix_acl_unlink, + .rmdir = posix_acl_rmdir, + .rename = posix_acl_rename, + .link = posix_acl_link, + .opendir = posix_acl_opendir, + .readdir = posix_acl_readdir, + .readdirp = posix_acl_readdirp, + .setattr = posix_acl_setattr, + .setxattr = posix_acl_setxattr, + .getxattr = posix_acl_getxattr, + .removexattr = posix_acl_removexattr, }; +struct xlator_cbks cbks = {.forget = posix_acl_forget}; struct volume_options options[] = { - { .key = {"super-uid"}, - .type = GF_OPTION_TYPE_INT, - .default_value = "0", - .description = "UID to be treated as super user's id instead of 0", - }, - { .key = {NULL} }, + { + .key = {"super-uid"}, + .type = GF_OPTION_TYPE_INT, + .default_value = "0", + .description = "UID to be treated as super user's id instead of 0", + }, + {.key = {NULL}}, }; |