Skip to content
Browse files

Meta server: re-implement optional permissions check with append allo…

…cation cache by keeping pointer to permissions stored in a file attribute, and explicitly setting allocation status -EPERM in AllocateChunkForAppend() instead of returning -EPERM.
  • Loading branch information...
1 parent 8a7b1ef commit e84089d5b73cc3fd4bb85ff94a3987ea5e70ba7b @mikeov mikeov committed Feb 15, 2013
Showing with 34 additions and 17 deletions.
  1. +7 −1 src/cc/meta/LayoutManager.cc
  2. +16 −13 src/cc/meta/LayoutManager.h
  3. +9 −3 src/cc/meta/MetaRequest.cc
  4. +2 −0 src/cc/meta/MetaRequest.h
View
8 src/cc/meta/LayoutManager.cc
@@ -250,7 +250,8 @@ ARAChunkCache::RequestNew(MetaAllocate& req)
req.chunkVersion,
req.offset,
TimeNow(),
- last
+ last,
+ req.permissions
);
}
@@ -4828,6 +4829,11 @@ LayoutManager::AllocateChunkForAppend(MetaAllocate* req)
mARAChunkCache.Invalidate(req->fid);
return -1;
}
+ if (mVerifyAllOpsPermissionsFlag &&
+ ! entry->permissions->CanWrite(req->euser, req->egroup)) {
+ req->status = -EPERM;
+ return -1;
+ }
// The client is providing an offset hint in the case when it needs a
// new chunk: space allocation failed because chunk is full, or it can
// not talk to the chunk server.
View
29 src/cc/meta/LayoutManager.h
@@ -492,18 +492,20 @@ class ARAChunkCache
public:
struct Entry {
Entry(
- chunkId_t cid = -1,
- seq_t cv = -1,
- chunkOff_t co = -1,
- time_t now = 0,
- MetaAllocate* req = 0)
+ chunkId_t cid = -1,
+ seq_t cv = -1,
+ chunkOff_t co = -1,
+ time_t now = 0,
+ MetaAllocate* req = 0,
+ const Permissions* perms = 0)
: chunkId(cid),
chunkVersion(cv),
offset(co),
lastAccessedTime(now),
lastDecayTime(now),
spaceReservationSize(0),
numAppendersInChunk(0),
+ permissions(perms),
master(req ? req->master : ChunkServerPtr()),
lastPendingRequest(req),
responseStr()
@@ -513,18 +515,19 @@ class ARAChunkCache
return (lastPendingRequest != 0);
}
// index into chunk->server map to work out where the block lives
- chunkId_t chunkId;
- seq_t chunkVersion;
+ chunkId_t chunkId;
+ seq_t chunkVersion;
// the file offset corresponding to the last chunk
- chunkOff_t offset;
+ chunkOff_t offset;
// when was this info last accessed; use this to cleanup
- time_t lastAccessedTime;
- time_t lastDecayTime;
+ time_t lastAccessedTime;
+ time_t lastDecayTime;
// chunk space reservation approximation
- int spaceReservationSize;
+ int spaceReservationSize;
// # of appenders to which this chunk was used for allocation
- int numAppendersInChunk;
- ChunkServerPtr master;
+ int numAppendersInChunk;
+ const Permissions* permissions;
+ ChunkServerPtr master;
private:
MetaAllocate* lastPendingRequest;
string responseStr;
View
12 src/cc/meta/MetaRequest.cc
@@ -1467,8 +1467,8 @@ MetaAllocate::handle()
return;
}
// pick a chunk for which a write lease exists
- status = gLayoutManager.AllocateChunkForAppend(this);
- if (status == 0) {
+ status = 0;
+ if (gLayoutManager.AllocateChunkForAppend(this) == 0) {
// all good
KFS_LOG_STREAM_DEBUG <<
"For append re-using chunk " << chunkId <<
@@ -1477,12 +1477,16 @@ MetaAllocate::handle()
logFlag = false; // Do not emit redundant log record.
return;
}
+ if (status != 0) {
+ return;
+ }
offset = -1; // Allocate a new chunk past eof.
}
// force an allocation
chunkId = 0;
initialChunkVersion = -1;
vector<MetaChunkInfo*> chunkBlock;
+ MetaFattr* fa = 0;
// start at step #2 above.
status = metatree.allocateChunkId(
fid, offset,
@@ -1494,7 +1498,8 @@ MetaAllocate::handle()
&chunkBlockStart,
gLayoutManager.VerifyAllOpsPermissions() ?
euser : kKfsUserRoot,
- egroup
+ egroup,
+ &fa
);
if (status != 0 && (status != -EEXIST || appendChunk)) {
// we have a problem
@@ -1540,6 +1545,7 @@ MetaAllocate::handle()
status = -ENOENT;
return;
}
+ permissions = fa;
int ret;
if (status == -EEXIST) {
initialChunkVersion = chunkVersion;
View
2 src/cc/meta/MetaRequest.h
@@ -880,6 +880,7 @@ struct MetaAllocate: public MetaRequest, public KfsCallbackObj {
int firstFailedServerIdx;
bool logFlag;
bool invalidateAllFlag;
+ const Permissions* permissions;
MetaAllocate* next;
int64_t leaseId;
chunkOff_t chunkBlockStart;
@@ -909,6 +910,7 @@ struct MetaAllocate: public MetaRequest, public KfsCallbackObj {
firstFailedServerIdx(-1),
logFlag(true),
invalidateAllFlag(false),
+ permissions(0),
next(0),
leaseId(-1),
chunkBlockStart(-1),

0 comments on commit e84089d

Please sign in to comment.
Something went wrong with that request. Please try again.