From adfd06a75daafc00e23b03077eb058c2fdc3f40a Mon Sep 17 00:00:00 2001 From: Albert Louis Rossi Date: Mon, 28 Oct 2019 14:42:45 -0500 Subject: [PATCH] dcache-xrootd: honor read paths when listing directories Motivation: RT ticket 9769 indicated a bug in xrootd directory listing. When read paths are defined, the list command does not observe them. Modification: Add a check to make sure the initial path (or one of its descendants) is a read path, if any are defined. Result: Correct behavior. Target: master Request: 6.0 Request: 5.2 Request: 5.1 Request: 5.0 Request: 4.2 Requires-book: no Requires-notes: yes Patch: https://rb.dcache.org/r/12015/ Bug: https://rt.dcache.org/Ticket/Display.html?id=9769 Acked-by: Dmitry --- .../java/org/dcache/xrootd/door/XrootdRedirectHandler.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdRedirectHandler.java b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdRedirectHandler.java index 5ceb3c1fb7a..541e82d2393 100644 --- a/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdRedirectHandler.java +++ b/modules/dcache-xrootd/src/main/java/org/dcache/xrootd/door/XrootdRedirectHandler.java @@ -850,6 +850,11 @@ protected XrootdResponse doOnDirList(ChannelHandlerContext ctx, _log.info("Listing directory {}", listPath); FsPath fullListPath = createFullPath(listPath); + + if (!_door.isReadAllowed(fullListPath)) { + throw new PermissionDeniedCacheException("Permission denied."); + } + if (request.isDirectoryStat()) { _door.listPath(fullListPath, request.getSubject(), _authz, new StatListCallback(request, fullListPath, ctx),