X-Git-Url: https://git.whamcloud.com/?a=blobdiff_plain;f=lustre%2Fmdd%2Fmdd_permission.c;h=68ebb7ad9056df2b2f844ee29b00b08cd0cb3128;hb=2104ed0f0da3651f0cb4ab0c78a1037891d7cb4f;hp=750df8d4ba223a95667b555a5edb675651abb532;hpb=26b8238659974959780cd49de92595b4b0bdf89f;p=fs%2Flustre-release.git diff --git a/lustre/mdd/mdd_permission.c b/lustre/mdd/mdd_permission.c index 750df8d..68ebb7a 100644 --- a/lustre/mdd/mdd_permission.c +++ b/lustre/mdd/mdd_permission.c @@ -27,7 +27,7 @@ * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. * Use is subject to license terms. * - * Copyright (c) 2012, 2014, Intel Corporation. + * Copyright (c) 2012, 2015, Intel Corporation. */ /* * This file is part of Lustre, http://www.lustre.org/ @@ -99,9 +99,10 @@ int mdd_acl_set(const struct lu_env *env, struct mdd_object *obj, struct thandle *handle; posix_acl_xattr_header *head; posix_acl_xattr_entry *entry; - int rc, entry_count; + int entry_count; bool not_equiv, mode_change; mode_t mode; + int rc; ENTRY; head = (posix_acl_xattr_header *)(buf->lb_buf); @@ -163,7 +164,7 @@ int mdd_acl_set(const struct lu_env *env, struct mdd_object *obj, unlock: mdd_write_unlock(env, obj); stop: - mdd_trans_stop(env, mdd, rc, handle); + rc = mdd_trans_stop(env, mdd, rc, handle); RETURN(rc); } @@ -298,6 +299,9 @@ check_capabilities: if (md_capable(uc, CFS_CAP_DAC_READ_SEARCH)) RETURN(0); + CDEBUG(D_SEC, "permission denied, mode %x, fsuid %u, uid %u\n", + la->la_mode, uc->uc_fsuid, la->la_uid); + RETURN(-EACCES); } @@ -310,12 +314,6 @@ int mdd_permission(const struct lu_env *env, struct lu_ucred *uc = NULL; struct lu_attr *pattr = NULL; struct lu_attr *cattr = MDD_ENV_VAR(env, cattr); - bool check_create; - bool check_link; - int check_unlink; - int check_rename_src, check_rename_tar; - int check_vtx_part, check_vtx_full; - int check_rgetfacl; int rc = 0; ENTRY; @@ -339,57 +337,18 @@ int mdd_permission(const struct lu_env *env, if (unlikely(mask & MDS_OPEN_CROSS)) mask = accmode(env, cattr, mask & ~MDS_OPEN_CROSS); - check_create = mask & MAY_CREATE; - check_link = mask & MAY_LINK; - check_unlink = mask & MAY_UNLINK; - check_rename_src = mask & MAY_RENAME_SRC; - check_rename_tar = mask & MAY_RENAME_TAR; - check_vtx_part = mask & MAY_VTX_PART; - check_vtx_full = mask & MAY_VTX_FULL; - check_rgetfacl = mask & MAY_RGETFACL; - - mask &= ~(MAY_CREATE | MAY_LINK | - MAY_UNLINK | - MAY_RENAME_SRC | MAY_RENAME_TAR | - MAY_VTX_PART | MAY_VTX_FULL | - MAY_RGETFACL); - - rc = mdd_permission_internal_locked(env, mdd_cobj, cattr, mask, - MOR_TGT_CHILD); - - if (!rc && check_create) - rc = mdd_may_create(env, mdd_pobj, pattr, mdd_cobj, true); - - if (!rc && check_unlink) - rc = mdd_may_unlink(env, mdd_pobj, pattr, cattr); - - if (!rc && (check_rename_src || check_rename_tar)) - rc = mdd_may_delete(env, mdd_pobj, pattr, mdd_cobj, cattr, NULL, - 1, check_rename_tar); - - if (!rc && (check_vtx_part || check_vtx_full)) { - uc = lu_ucred_assert(env); - - if (!(cattr->la_mode & S_ISVTX) || - (cattr->la_uid == uc->uc_fsuid) || - (check_vtx_full && (ma->ma_attr.la_valid & LA_UID) && - (ma->ma_attr.la_uid == uc->uc_fsuid))) { - ma->ma_attr_flags |= MDS_VTX_BYPASS; - } else { - ma->ma_attr_flags &= ~MDS_VTX_BYPASS; - if (check_vtx_full) - rc = -EPERM; - } - } + rc = mdd_permission_internal_locked(env, mdd_cobj, cattr, + mask & ~MAY_RGETFACL, + MOR_TGT_CHILD); - if (unlikely(!rc && check_rgetfacl)) { - if (likely(!uc)) + if (unlikely(rc == 0 && (mask & MAY_RGETFACL))) { + if (likely(!uc)) uc = lu_ucred_assert(env); if (cattr->la_uid != uc->uc_fsuid && !md_capable(uc, CFS_CAP_FOWNER)) rc = -EPERM; - } + } - RETURN(rc); + RETURN(rc); }