summaryrefslogtreecommitdiffstats
path: root/xlators/system/posix-acl
Commit message (Collapse)AuthorAgeFilesLines
* cluster/dht : Acl fix for distribute directory selfhealKaushal M2012-03-261-4/+2
| | | | | | | | | | | | Send acl xattrs, if present in the xattrs returned during lookup, during directory self-heal. Change-Id: I5337bbd3f3963aeed500a8a552e5f6713089b53e BUG: 764787 Signed-off-by: Kaushal M <kaushal@redhat.com> Reviewed-on: http://review.gluster.com/737 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
* core: adding extra data for fopsAmar Tumballi2012-03-221-121/+137
| | | | | | | | | | | | | with this change, the xlator APIs will have a dictionary as extra argument, which is passed between all the layers. This can be utilized for overloading in some of the operations. Change-Id: I58a8186b3ef647650280e63f3e5e9b9de7827b40 Signed-off-by: Amar Tumballi <amarts@redhat.com> BUG: 782265 Reviewed-on: http://review.gluster.com/2960 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
* system/posix-acl: fix reference counting in posix_acl_readdirp_cbkBrian Foster2012-03-141-12/+21
| | | | | | | | | | | | unref. the acl pointers from posix_acl_get() Change-Id: I1247f64ceded17bfa204d1b899ec56a27bef0cdb Signed-off-by: Brian Foster <bfoster@redhat.com> BUG: 801183 Reviewed-on: http://review.gluster.com/2904 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-by: Amar Tumballi <amarts@redhat.com>
* system/posix-acl: fix acl inode assignment in posix_acl_readdirp_cbkBrian Foster2012-03-141-9/+7
| | | | | | | | | | | | | | | | If an entry includes no ACL returned via dictionary, it is possible to skip down to acl_set without updating acl_access and/or acl_default. If either are set from the previous iteration, the unrelated ACLs are set to the current entry. Use a single set of pointers to ensure that valid ACLs are always set. Change-Id: Ia94887ded91845bc39d4d5e95ef00d190681e517 BUG: 801183 Signed-off-by: Brian Foster <bfoster@redhat.com> Reviewed-on: http://review.gluster.com/2903 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-by: Amar Tumballi <amarts@redhat.com>
* core: add an extra flag to readv()/writev() APIAmar Tumballi2012-02-141-4/+4
| | | | | | | | | | | | needed to implement a proper handling of open flag alterations using fcntl() on fd. Change-Id: Ic280d5db6f1dc0418d5c439abb8db1d3ac21ced0 Signed-off-by: Amar Tumballi <amar@gluster.com> BUG: 782265 Reviewed-on: http://review.gluster.com/2723 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
* core: get xattrs also as part of readdirpAmar Tumballi2012-01-251-3/+74
| | | | | | | | | | | | | readdirp_req() call sends a dict_t * as an argument, which contains all the xattr keys for which the entries got in readdirp_rsp() are having xattr value filled dictionary. Change-Id: I8b7e1290740ea3e884e67d19156ce849227167c0 Signed-off-by: Amar Tumballi <amar@gluster.com> BUG: 765785 Reviewed-on: http://review.gluster.com/771 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
* posix-acl: properly process umask in case client sent itLubomir Rintel2012-01-121-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | | FUSE used to interpret the umask itself. That was a bad idea, since there are cases where umask is not applied, such as when extended POSIX ACLs are present and default ACLs are set on parent directory. The FUSE bridge was changed to send original mode with umask (alongside masked mode, for compatibility). If that is the case, we decide whether to apply the umask or not in the posix-acl translator depending on whether a default umask is set, or not. The original, broken, behavior is preserved in following cases: * Unpatched client (not sending umask with original mode) * Unpatched server (not understanding umask with original mode) * Old FUSE on client side (FUSE < 7.12 or linux < 2.6.31) (can not find out the umask and original mode) Change-Id: I2e3bfc4c7c9611bc51119ca5c8e28f6582677516 Signed-off-by: Lubomir Rintel <lubo.rintel@gooddata.com> Tested-by: Lubomir Rintel <lubo.rintel@gooddata.com> BUG: 765508 Reviewed-on: http://review.gluster.com/668 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
* features/posix-acl: handle fini for features/posix-aclshishir gowda2011-12-261-0/+24
| | | | | | | | | Signed-off-by: shishir gowda <shishirng@gluster.com> Change-Id: I6cd3a9c3a513cc2a998b82610613bbfa0622eec4 BUG: 767862 Reviewed-on: http://review.gluster.com/811 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Amar Tumballi <amar@gluster.com>
* build: warning suppression (round n)Amar Tumballi2011-10-201-7/+13
| | | | | | | | | | with this patch, there are no more warnings with gcc (GCC) 4.6.1 20110908 Change-Id: Ice0d52d304b9846395f8a4a191c98eb53125f792 BUG: 2550 Reviewed-on: http://review.gluster.com/607 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
* posix-acl: configurable super user IDAnand Avati2011-09-082-7/+61
| | | | | | | | | | | | In configurations with a uid mapper, super user ID could be mapped to a non-zero value. Hence making it configurable in access control would be necessary for proper super-user semantics. Change-Id: I51e8e0395680e9b96a99657a0af547659bd9affe BUG: 2815 Reviewed-on: http://review.gluster.com/332 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
* Save the mode flags set by the application when ACLs are in usePavan T C2011-09-081-1/+2
| | | | | | | | | | | | | | | | | While inheriting the ACLs from a directory that has default ACLs, make sure that the mode flags set by the application are saved. It is required to inherit only the Read, Write and Execute permissions while leaving the others viz. setuid, setgid and sticky bit untouched hence honouring the requests made by the application during create operations (mknod, mkdir et al). For a description of the problem, root cause and evaluation, refer: http://bugs.gluster.com/show_bug.cgi?id=3522 Change-Id: I994077fb321a35d8254f0cc5a7de99a17ec40c47 BUG: 3522 Reviewed-on: http://review.gluster.com/368 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
* Eliminate many "var set but not used" warnings with newer gcc.Jeff Darcy2011-09-071-3/+0
| | | | | | | | | | | | | | | | This fixes ~200 such warnings, but leaves three categories untouched. (1) Rpcgen code. (2) Macros which set variables in the outer (calling function) scope. (3) Variables which are set via function calls which may have side effects. Change-Id: I6554555f78ed26134251504b038da7e94adacbcd BUG: 2550 Reviewed-on: http://review.gluster.com/371 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
* posix-acl: disable permission checks for fd based opsAnand Avati2011-08-101-0/+2
| | | | | | | | | | | | | | | | | | | | | | | If write calls are coming in through an fd with O_RDWR or O_WRONLY flag then a permission check is unnecessary. However writes from NFS ideally need a "stateless" check in each call and this results in a permission failure due to the read-only mode (disregarding the FD's writeability). For now it is acceptable to disable write checks as almost always the NFS client would already be doing such basic access control. Also because the previous access-control translator (prior to posix ACL introduction) too was permitting writes and reads unconditionally. In fact the Linux KNFS server too assumes the NFS client would have done the permission check. Change-Id: I33e5de8911a87881f9341b8b92574780c2dfbeba BUG: 3388 Reviewed-on: http://review.gluster.com/208 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
* LICENSE: s/GNU Affero General Public/GNU General Public/Pranith Kumar K2011-08-064-12/+12
| | | | | | | | Change-Id: I3914467611e573cccee0d22df93920cf1b2eb79f BUG: 3348 Reviewed-on: http://review.gluster.com/182 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
* posix-acl: perform access checks on read/write/truncate for NFS callsAnand Avati2011-07-131-3/+108
| | | | | | | | | | | | Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815 Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
* access-control: Handle F_OK in perm check, and O_APPEND, O_TRUNC in openshishir gowda2011-07-131-0/+5
| | | | | | | | | | | Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
* access-control: NFS access control expects a return of valid modeshishir gowda2011-07-131-13/+29
| | | | | | | | | | | | | | | The permission check is same as that of posix. We break the requests into single checks, aggregate all the valid modes and return in reply. Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3057 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
* access-control: Save group permissions returned from backendshishir gowda2011-07-132-2/+9
| | | | | | | | | | | | | | | The backend permissions returned in stat for group is already masked value. Use the xattr value Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3102 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3102 (Read calls go ahead even when the group has no permissions) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3102
* access-control: Return mode part of NFS access control requestshishir gowda2011-07-131-8/+18
| | | | | | | | | | | | Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@gluster.com> BUG: 3057 () URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057 Signed-off-by: Anand Avati <avati@gluster.com> BUG: 3057 (acl permissions don't work on nfs mount) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=3057
* access-control: superseded by posix-acl translatorAnand Avati2011-07-081-0/+8
| | | | | | | Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815
* posix-acl: implementation of POSIX ACL as a translatorAnand Avati2011-07-086-0/+2134
Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2815 (Server-enforced ACLs) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2815