Skip to content

Server-enforced ACLs #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
avati merged 1 commit into from
Apr 25, 2011
Merged

Server-enforced ACLs #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions cli/src/cli.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,7 @@ glusterfs_ctx_defaults_init (glusterfs_ctx_t *ctx)
pthread_mutex_init (&(ctx->lock), NULL);

cmd_args = &ctx->cmd_args;
cmd_args->default_permissions = _gf_true;

INIT_LIST_HEAD (&cmd_args->xlator_options);

Expand Down
8 changes: 8 additions & 0 deletions glusterfsd/src/glusterfsd.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,8 @@ static struct argp_option gf_options[] = {
"Dump fuse traffic to PATH"},
{"volfile-check", ARGP_VOLFILE_CHECK_KEY, 0, 0,
"Enable strict volume file checking"},
{"default-permissions", ARGP_DEFAULT_PERMISSIONS_KEY, "BOOL",
OPTION_HIDDEN, "use FUSE default_permissions option"},
{0, 0, 0, 0, "Miscellaneous Options:"},
{0, }
};
Expand Down Expand Up @@ -638,6 +640,12 @@ parse_opts (int key, char *arg, struct argp_state *state)
"unknown client pid %s", arg);
break;

case ARGP_DEFAULT_PERMISSIONS_KEY:
if (gf_string2boolean(arg, &b) == 0) {
cmd_args->default_permissions = b;
}
break;

case ARGP_VOLFILE_CHECK_KEY:
cmd_args->volfile_check = 1;
break;
Expand Down
1 change: 1 addition & 0 deletions glusterfsd/src/glusterfsd.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ enum argp_option_keys {
ARGP_BRICK_NAME_KEY = 151,
ARGP_BRICK_PORT_KEY = 152,
ARGP_CLIENT_PID_KEY = 153,
ARGP_DEFAULT_PERMISSIONS_KEY = 154,
};

int glusterfs_mgmt_pmap_signout (glusterfs_ctx_t *ctx);
Expand Down
1 change: 1 addition & 0 deletions libglusterfs/src/glusterfs.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,7 @@ struct _cmd_args {
int fuse_nosuid;
char *dump_fuse;
pid_t client_pid;
int default_permissions;
int client_pid_set;

/* key args */
Expand Down
10 changes: 7 additions & 3 deletions xlators/mount/fuse/src/fuse-bridge.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3485,6 +3485,7 @@ init (xlator_t *this_xl)
int i = 0;
int xl_name_allocated = 0;
int fsname_allocated = 0;
char *fuse_opts;

if (this_xl == NULL)
return -1;
Expand Down Expand Up @@ -3628,9 +3629,12 @@ init (xlator_t *this_xl)
fsname = "glusterfs";


priv->fd = gf_fuse_mount (priv->mount_point, fsname,
"allow_other,default_permissions,"
"max_read=131072");
if (cmd_args->default_permissions) {
fuse_opts = "allow_other,default_permissions,max_read=131072";
} else {
fuse_opts = "allow_other,max_read=131072";
}
priv->fd = gf_fuse_mount (priv->mount_point, fsname, fuse_opts);
if (priv->fd == -1)
goto cleanup_exit;

Expand Down
3 changes: 0 additions & 3 deletions xlators/mount/fuse/src/fuse-bridge.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,6 @@
#include "list.h"
#include "dict.h"

/* TODO: when supporting posix acl, remove this definition */
#define DISABLE_POSIX_ACL

#ifdef GF_LINUX_HOST_OS
#define FUSE_OP_HIGH (FUSE_POLL + 1)
#endif
Expand Down
40 changes: 33 additions & 7 deletions xlators/storage/posix/src/posix.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,19 +57,24 @@
#include "hashfn.h"


#undef HAVE_SET_FSID
#ifdef HAVE_SET_FSID

#define DECLARE_OLD_FS_ID_VAR uid_t old_fsuid; gid_t old_fsgid;

#define SET_FS_ID(uid, gid) do { \
old_fsuid = setfsuid (uid); \
old_fsgid = setfsgid (gid); \
#define SET_FS_ID(uid, gid) do { \
struct posix_private *_sfi_priv = this->private; \
if (_sfi_priv->use_set_fsid) { \
old_fsuid = setfsuid (uid); \
old_fsgid = setfsgid (gid); \
} \
} while (0)

#define SET_TO_OLD_FS_ID() do { \
setfsuid (old_fsuid); \
setfsgid (old_fsgid); \
#define SET_TO_OLD_FS_ID() do { \
struct posix_private *_sfi_priv = this->private; \
if (_sfi_priv->use_set_fsid) { \
(void)setfsuid (old_fsuid); \
(void)setfsgid (old_fsgid); \
} \
} while (0)

#else
Expand Down Expand Up @@ -4506,6 +4511,23 @@ init (xlator_t *this)
_private->janitor_sleep_duration = janitor_sleep;
}

#if defined(HAVE_SET_FSID)
tmp_data = dict_get (this->options, "use-set-fsid");
if (tmp_data) {
if (gf_string2boolean (tmp_data->data,
&_private->use_set_fsid) == -1) {
ret = -1;
gf_log (this->name, GF_LOG_ERROR,
"wrong option provided for 'use-set-fsid'");
goto out;
}
if (_private->use_set_fsid) {
gf_log (this->name, GF_LOG_DEBUG,
"use_set_fsid mode is enabled");
}
}
#endif

#ifndef GF_DARWIN_HOST_OS
{
struct rlimit lim;
Expand Down Expand Up @@ -4625,5 +4647,9 @@ struct volume_options options[] = {
.type = GF_OPTION_TYPE_BOOL },
{ .key = {"janitor-sleep-duration"},
.type = GF_OPTION_TYPE_INT },
#if defined(HAVE_SET_FSID)
{ .key = {"use-set-fsid"},
.type = GF_OPTION_TYPE_BOOL },
#endif
{ .key = {NULL} }
};
2 changes: 2 additions & 0 deletions xlators/storage/posix/src/posix.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,8 @@ struct posix_private {
/* janitor thread which cleans up /.trash (created by replicate) */
pthread_t janitor;
gf_boolean_t janitor_present;

gf_boolean_t use_set_fsid; /* use setfs*id to deal with perms */
char * trash_path;
};

Expand Down