LU-8454 llite: normal user can't set FS default stripe

Current client doesn't check permission before updating filesystem
default stripe on MGS, which isn't secure and obvious.

Since we setattr on MDS first, and then set default stripe on MGS,
we can just return error upon setattr failure.

Now filesystem default stripe is stored in ROOT in MDT, so saving
it in system config is for compatibility with old servers, this
will be removed in the future.

Add sanity 65m to verify this.

Signed-off-by: Lai Siyao <lai.siyao@intel.com>
Change-Id: Ia224a9211c1ceab08a3a064adc67bc945ee3fc11
Reviewed-on: http://review.whamcloud.com/21612
Tested-by: Jenkins
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Jian Yu <jian.yu@intel.com>
Reviewed-by: Bobi Jam <bobijam@hotmail.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>

diff --git a/lustre/llite/dir.c b/lustre/llite/dir.c
index b0cfb5b..ea0c35c 100644 (file)
--- a/lustre/llite/dir.c
+++ b/lustre/llite/dir.c
@@ -594,19 +594,23 @@ int ll_dir_setstripe(struct inode *inode, struct lov_user_md *lump,
         if (IS_ERR(op_data))
                 RETURN(PTR_ERR(op_data));
 
-        /* swabbing is done in lov_setstripe() on server side */
+       /* swabbing is done in lov_setstripe() on server side */
        rc = md_setattr(sbi->ll_md_exp, op_data, lump, lum_size, &req);
-        ll_finish_md_op_data(op_data);
-        ptlrpc_req_finished(req);
-        if (rc) {
-                if (rc != -EPERM && rc != -EACCES)
-                        CERROR("mdc_setattr fails: rc = %d\n", rc);
-        }
+       ll_finish_md_op_data(op_data);
+       ptlrpc_req_finished(req);
+       if (rc)
+               RETURN(rc);
 
-        /* In the following we use the fact that LOV_USER_MAGIC_V1 and
-         LOV_USER_MAGIC_V3 have the same initial fields so we do not
-         need the make the distiction between the 2 versions */
-        if (set_default && mgc->u.cli.cl_mgc_mgsexp) {
+#if LUSTRE_VERSION_CODE < OBD_OCD_VERSION(2, 9, 50, 0)
+       /*
+        * 2.9 server has stored filesystem default stripe in ROOT xattr,
+        * and it's stored into system config for backward compatibility.
+        *
+        * In the following we use the fact that LOV_USER_MAGIC_V1 and
+        * LOV_USER_MAGIC_V3 have the same initial fields so we do not
+        * need the make the distiction between the 2 versions
+        */
+       if (set_default && mgc->u.cli.cl_mgc_mgsexp) {
                char *param = NULL;
                char *buf;
 
@@ -644,6 +648,7 @@ end:
                if (param != NULL)
                        OBD_FREE(param, MGS_PARAM_MAXLEN);
        }
+#endif
        RETURN(rc);
 }
 

diff --git a/lustre/tests/sanity.sh b/lustre/tests/sanity.sh
index 4947f7b..a5e8bdf 100755 (executable)
--- a/lustre/tests/sanity.sh
+++ b/lustre/tests/sanity.sh
@@ -5660,6 +5660,12 @@ test_65l() { # bug 12836
 }
 run_test 65l "lfs find on -1 stripe dir ========================"
 
+test_65m() {
+       $RUNAS $SETSTRIPE -c 2 $MOUNT && error "setstripe should fail"
+       true
+}
+run_test 65m "normal user can't set filesystem default stripe"
+
 # bug 2543 - update blocks count on client
 test_66() {
        [ $PARALLEL == "yes" ] && skip "skip parallel run" && return

diff --git a/lustre/utils/lfs.c b/lustre/utils/lfs.c
index 6969373..be62857 100644 (file)
--- a/lustre/utils/lfs.c
+++ b/lustre/utils/lfs.c
@@ -1228,7 +1228,7 @@ static int lfs_setstripe(int argc, char **argv)
                                argv[0], migrate_mode ? "migrate" : "create",
                                fname,
                                pool_name_arg != NULL && result == EINVAL ?
-                               "OST not in pool?" : strerror(result));
+                               "OST not in pool?" : strerror(errno));
                        continue;
                }
        }