Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dcache,chimera: resolve symlink before applying Restriction
Motivation: When PnfsManager determines permissions based on Restrictions, it should compare the prefixes or scope claims to the actual path after all symlinks have been resolved. Modification: Define and implement the necessary internal APIs to support a single-call path resolution; for Postgres, implement the driver method as referencing a stored procedure. Make the necessary changes to PnfsManager to resolve symlinks before using the Restriction's `isRestricted()`. Result: Application of restrictions is correct in that the ownership and scope of the resolved link is examined. Target: master Request: 8.2 (should this be backported further?) Requires-notes: yes Patch: https://rb.dcache.org/r/13908/ Acked-by: Dmitry Acked-by: Tigran
- Loading branch information
Showing
11 changed files
with
176 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
modules/chimera/src/main/resources/org/dcache/chimera/changelog/changeset-8.2.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?xml version="1.0" encoding="UTF-8" standalone="no"?> | ||
<databaseChangeLog | ||
xmlns="http://www.liquibase.org/xml/ns/dbchangelog" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog | ||
http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd"> | ||
|
||
<!-- For safety in backporting, we introduce a separate procedure rather | ||
than trying to integrate/modify an existing one. --> | ||
<changeSet id="34" author="arossi" dbms="postgresql"> | ||
<comment>Symlink resolution calling inumber2path(path2inumber)</comment> | ||
<createProcedure> | ||
CREATE OR REPLACE FUNCTION resolve_path(root bigint, path varchar) RETURNS varchar | ||
AS | ||
$$ | ||
BEGIN | ||
IF path LIKE '/%' THEN | ||
path := substring(path from 2); | ||
END IF; | ||
return inumber2path(path2inumber(root, path)); | ||
END; | ||
$$ LANGUAGE plpgsql; | ||
</createProcedure> | ||
<rollback> | ||
</rollback> | ||
</changeSet> | ||
</databaseChangeLog> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters