From 975d0c003ac77a28be2847fb96a8a86251ee08b2 Mon Sep 17 00:00:00 2001
From: Raghavendra Bhat <raghavendra@redhat.com>
Date: Thu, 2 May 2013 12:56:46 +0530
Subject: system/posix-acl: check for the sticky bit of the parent directory

* While creating links, check if there is sticky bit set for the parent
  directory and whether the sticky bit permits the user to create the link.

Change-Id: Ic0d09d9ed579c4eb47462c71602a3a60cc7d3bc1
BUG: 958691
Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com>
Reviewed-on: http://review.gluster.org/4934
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Reviewed-on: http://review.gluster.org/5813
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
---
 tests/bugs/bug-958691.t                  | 50 ++++++++++++++++++++++++++++++++
 xlators/system/posix-acl/src/posix-acl.c |  5 ++++
 2 files changed, 55 insertions(+)
 create mode 100644 tests/bugs/bug-958691.t

diff --git a/tests/bugs/bug-958691.t b/tests/bugs/bug-958691.t
new file mode 100644
index 00000000000..a5ac406c9c6
--- /dev/null
+++ b/tests/bugs/bug-958691.t
@@ -0,0 +1,50 @@
+#!/bin/bash
+. $(dirname $0)/../include.rc
+. $(dirname $0)/../volume.rc
+
+cleanup;
+
+TEST glusterd
+TEST pidof glusterd
+TEST $CLI volume create $V0 $H0:$B0/${V0}{0,1}
+TEST $CLI volume start $V0;
+
+TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0;
+sleep 1;
+TEST mount -t nfs -o vers=3,nolock $H0:/$V0 $N0;
+
+sleep 2;
+
+# Tests for the fuse mount
+TEST mkdir $M0/dir;
+TEST chmod 1777 $M0/dir;
+TEST touch $M0/dir/file{1,2};
+
+TEST $CLI volume set $V0 server.root-squash enable;
+
+mv $M0/dir/file1 $M0/dir/file11 2>/dev/null;
+TEST [ $? -ne 0 ];
+
+TEST $CLI volume set $V0 server.root-squash disable;
+TEST rm -rf $M0/dir;
+
+sleep 1;
+
+# tests for nfs mount
+TEST mkdir $N0/dir;
+TEST chmod 1777 $N0/dir;
+TEST touch $N0/dir/file{1,2};
+
+TEST $CLI volume set $V0 server.root-squash enable;
+
+mv $N0/dir/file1 $N0/dir/file11 2>/dev/null;
+TEST [ $? -ne 0 ];
+
+TEST $CLI volume set $V0 server.root-squash disable;
+TEST rm -rf $N0/dir;
+TEST umount $N0;
+
+TEST $CLI volume stop $V0;
+TEST $CLI volume delete $V0;
+
+cleanup;
diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c
index f6246d92c8a..3e2f7f21260 100644
--- a/xlators/system/posix-acl/src/posix-acl.c
+++ b/xlators/system/posix-acl/src/posix-acl.c
@@ -1394,6 +1394,11 @@ posix_acl_link (call_frame_t *frame, xlator_t *this, loc_t *old, loc_t *new, dic
                 goto red;
         }
 
+        if (!sticky_permits (frame, new->parent, new->inode)) {
+                op_errno = EACCES;
+                goto red;
+        }
+
         STACK_WIND (frame, posix_acl_link_cbk,
                     FIRST_CHILD(this), FIRST_CHILD(this)->fops->link,
                     old, new, xdata);
-- 
cgit