if (gid < 0)
gid = get_gid();
RequestUserGroups groups(this, uid, gid);
+ UserPerm perms(uid, gid);
- int r = _getattr_for_perm(in, uid, gid);
+ int r = _getattr_for_perm(in, perms);
if (r < 0)
goto out;
return r;
}
-int Client::may_setattr(Inode *in, struct stat *st, int mask, int uid, int gid)
+int Client::may_setattr(Inode *in, struct stat *st, int mask, const UserPerm& perms)
{
- if (uid < 0)
- uid = get_uid();
- if (gid < 0)
- gid = get_gid();
- RequestUserGroups groups(this, uid, gid);
+ RequestUserGroups groups(this, perms.uid(), perms.gid());
- int r = _getattr_for_perm(in, uid, gid);
+ int r = _getattr_for_perm(in, perms);
if (r < 0)
goto out;
if (mask & CEPH_SETATTR_SIZE) {
- r = inode_permission(in, uid, groups, MAY_WRITE);
+ r = inode_permission(in, perms, MAY_WRITE);
if (r < 0)
goto out;
}
r = -EPERM;
if (mask & CEPH_SETATTR_UID) {
- if (uid != 0 && ((uid_t)uid != in->uid || st->st_uid != in->uid))
+ if (perms.uid() != 0 && (perms.uid() != in->uid || st->st_uid != in->uid))
goto out;
}
if (mask & CEPH_SETATTR_GID) {
- if (uid != 0 && ((uid_t)uid != in->uid ||
+ if (perms.uid() != 0 && (perms.uid() != in->uid ||
(!groups.is_in(st->st_gid) && st->st_gid != in->gid)))
goto out;
}
if (mask & CEPH_SETATTR_MODE) {
- if (uid != 0 && (uid_t)uid != in->uid)
+ if (perms.uid() != 0 && perms.uid() != in->uid)
goto out;
gid_t i_gid = (mask & CEPH_SETATTR_GID) ? st->st_gid : in->gid;
- if (uid != 0 && !groups.is_in(i_gid))
+ if (perms.uid() != 0 && !groups.is_in(i_gid))
st->st_mode &= ~S_ISGID;
}
if (mask & (CEPH_SETATTR_CTIME | CEPH_SETATTR_MTIME | CEPH_SETATTR_ATIME)) {
- if (uid != 0 && (uid_t)uid != in->uid) {
+ if (perms.uid() != 0 && perms.uid() != in->uid) {
int check_mask = CEPH_SETATTR_CTIME;
if (!(mask & CEPH_SETATTR_MTIME_NOW))
check_mask |= CEPH_SETATTR_MTIME;
if (check_mask & mask) {
goto out;
} else {
- r = inode_permission(in, uid, groups, MAY_WRITE);
+ r = inode_permission(in, perms, MAY_WRITE);
if (r < 0)
goto out;
}
return r;
}
-int Client::may_open(Inode *in, int flags, int uid, int gid)
+int Client::may_open(Inode *in, int flags, const UserPerm& perms)
{
unsigned want = 0;
if (flags & O_TRUNC)
want |= MAY_WRITE;
- if (uid < 0)
- uid = get_uid();
- if (gid < 0)
- gid = get_gid();
- RequestUserGroups groups(this, uid, gid);
-
int r = 0;
switch (in->mode & S_IFMT) {
case S_IFLNK:
break;
}
- r = _getattr_for_perm(in, uid, gid);
+ r = _getattr_for_perm(in, perms);
if (r < 0)
goto out;
- r = inode_permission(in, uid, groups, want);
+ r = inode_permission(in, perms, want);
out:
ldout(cct, 3) << __func__ << " " << in << " = " << r << dendl;
return r;
}
-int Client::may_lookup(Inode *dir, int uid, int gid)
+int Client::may_lookup(Inode *dir, const UserPerm& perms)
{
- if (uid < 0)
- uid = get_uid();
- if (gid < 0)
- gid = get_gid();
- RequestUserGroups groups(this, uid, gid);
-
- int r = _getattr_for_perm(dir, uid, gid);
+ int r = _getattr_for_perm(dir, perms);
if (r < 0)
goto out;
- r = inode_permission(dir, uid, groups, MAY_EXEC);
+ r = inode_permission(dir, perms, MAY_EXEC);
out:
ldout(cct, 3) << __func__ << " " << dir << " = " << r << dendl;
return r;
}
-int Client::may_create(Inode *dir, int uid, int gid)
+int Client::may_create(Inode *dir, const UserPerm& perms)
{
- if (uid < 0)
- uid = get_uid();
- if (gid < 0)
- gid = get_gid();
- RequestUserGroups groups(this, uid, gid);
-
- int r = _getattr_for_perm(dir, uid, gid);
+ int r = _getattr_for_perm(dir, perms);
if (r < 0)
goto out;
- r = inode_permission(dir, uid, groups, MAY_EXEC | MAY_WRITE);
+ r = inode_permission(dir, perms, MAY_EXEC | MAY_WRITE);
out:
ldout(cct, 3) << __func__ << " " << dir << " = " << r << dendl;
return r;
}
-int Client::may_delete(Inode *dir, const char *name, int uid, int gid)
+int Client::may_delete(Inode *dir, const char *name, const UserPerm& perms)
{
- if (uid < 0)
- uid = get_uid();
- if (gid < 0)
- gid = get_gid();
- RequestUserGroups groups(this, uid, gid);
-
- int r = _getattr_for_perm(dir, uid, gid);
+ int r = _getattr_for_perm(dir, perms);
if (r < 0)
goto out;
- r = inode_permission(dir, uid, groups, MAY_EXEC | MAY_WRITE);
+ r = inode_permission(dir, perms, MAY_EXEC | MAY_WRITE);
if (r < 0)
goto out;
/* 'name == NULL' means rmsnap */
- if (uid != 0 && name && (dir->mode & S_ISVTX)) {
+ if (perms.uid() != 0 && name && (dir->mode & S_ISVTX)) {
InodeRef otherin;
- r = _lookup(dir, name, CEPH_CAP_AUTH_SHARED, &otherin, uid, gid);
+ r = _lookup(dir, name, CEPH_CAP_AUTH_SHARED, &otherin, perms);
if (r < 0)
goto out;
- if (dir->uid != (uid_t)uid && otherin->uid != (uid_t)uid)
+ if (dir->uid != perms.uid() && otherin->uid != perms.uid())
r = -EPERM;
}
out:
return r;
}
-int Client::may_hardlink(Inode *in, int uid, int gid)
+int Client::may_hardlink(Inode *in, const UserPerm& perms)
{
- if (uid < 0)
- uid = get_uid();
- if (gid < 0)
- gid = get_gid();
- RequestUserGroups groups(this, uid, gid);
-
- int r = _getattr_for_perm(in, uid, gid);
+ int r = _getattr_for_perm(in, perms);
if (r < 0)
goto out;
- if (uid == 0 || (uid_t)uid == in->uid) {
+ if (perms.uid() == 0 || perms.uid() == in->uid) {
r = 0;
goto out;
}
if ((in->mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
goto out;
- r = inode_permission(in, uid, groups, MAY_READ | MAY_WRITE);
+ r = inode_permission(in, perms, MAY_READ | MAY_WRITE);
out:
ldout(cct, 3) << __func__ << " " << in << " = " << r << dendl;
return r;
}
-int Client::_getattr_for_perm(Inode *in, int uid, int gid)
+int Client::_getattr_for_perm(Inode *in, const UserPerm& perms)
{
int mask = CEPH_STAT_CAP_MODE;
bool force = false;
mask |= CEPH_STAT_CAP_XATTR;
force = in->xattr_version == 0;
}
- return _getattr(in, mask, uid, gid, force);
+ return _getattr(in, mask, perms, force);
}
vinodeno_t Client::_get_vino(Inode *in)
int inode_permission(Inode *in, uid_t uid, UserGroups& groups, unsigned want);
int xattr_permission(Inode *in, const char *name, unsigned want, int uid=-1, int gid=-1);
- int may_setattr(Inode *in, struct stat *st, int mask, int uid=-1, int gid=-1);
- int may_open(Inode *in, int flags, int uid=-1, int gid=-1);
- int may_lookup(Inode *dir, int uid=-1, int gid=-1);
- int may_create(Inode *dir, int uid=-1, int gid=-1);
- int may_delete(Inode *dir, const char *name, int uid=-1, int gid=-1);
- int may_hardlink(Inode *in, int uid=-1, int gid=-1);
+ int may_setattr(Inode *in, struct stat *st, int mask, const UserPerm& perms);
+ int may_open(Inode *in, int flags, const UserPerm& perms);
+ int may_lookup(Inode *dir, const UserPerm& perms);
+ int may_create(Inode *dir, const UserPerm& perms);
+ int may_delete(Inode *dir, const char *name, const UserPerm& perms);
+ int may_hardlink(Inode *in, const UserPerm& perms);
int inode_permission(Inode *in, const UserPerm& perms, unsigned want) {
RequestUserGroups groups(this, perms.uid(), perms.gid());
return xattr_permission(in, name, want, perms.uid(), perms.gid());
}
- int may_setattr(Inode *in, struct stat *st, int mask, const UserPerm& perms) {
- return may_setattr(in, st, mask, perms.uid(), perms.gid());
+ int may_setattr(Inode *in, struct stat *st, int mask, int uid=-1, int gid=-1) {
+ if (uid < 0) uid = get_uid();
+ if (gid < 0) gid = get_gid();
+ UserPerm perms(uid, gid);
+ return may_setattr(in, st, mask, perms);
}
- int may_open(Inode *in, int flags, const UserPerm& perms) {
- return may_open(in, flags, perms.uid(), perms.gid());
+ int may_open(Inode *in, int flags, int uid=-1, int gid=-1) {
+ if (uid < 0) uid = get_uid();
+ if (gid < 0) gid = get_gid();
+ UserPerm perms(uid, gid);
+ return may_open(in, flags, perms);
}
- int may_lookup(Inode *dir, const UserPerm& perms) {
- return may_lookup(dir, perms.uid(), perms.gid());
+ int may_lookup(Inode *dir, int uid=-1, int gid=-1) {
+ if (uid < 0) uid = get_uid();
+ if (gid < 0) gid = get_gid();
+ UserPerm perms(uid, gid);
+ return may_lookup(dir, perms);
}
- int may_create(Inode *dir, const UserPerm& perms) {
- return may_create(dir, perms.uid(), perms.gid());
+ int may_create(Inode *dir, int uid=-1, int gid=-1) {
+ if (uid < 0) uid = get_uid();
+ if (gid < 0) gid = get_gid();
+ UserPerm perms(uid, gid);
+ return may_create(dir, perms);
}
- int may_delete(Inode *dir, const char *name, const UserPerm& perms) {
- return may_delete(dir, name, perms.uid(), perms.gid());
+ int may_delete(Inode *dir, const char *name, int uid=-1, int gid=-1) {
+ if (uid < 0) uid = get_uid();
+ if (gid < 0) gid = get_gid();
+ UserPerm perms(uid, gid);
+ return may_delete(dir, name, perms);
}
- int may_hardlink(Inode *in, const UserPerm& perms) {
- return may_hardlink(in, perms.uid(), perms.gid());
+ int may_hardlink(Inode *in, int uid=-1, int gid=-1) {
+ if (uid < 0) uid = get_uid();
+ if (gid < 0) gid = get_gid();
+ UserPerm perms(uid, gid);
+ return may_hardlink(in, perms);
}
- int _getattr_for_perm(Inode *in, int uid, int gid);
+ int _getattr_for_perm(Inode *in, const UserPerm& perms);
int _getgrouplist(gid_t **sgids, int uid, int gid);
int check_data_pool_exist(string name, string value, const OSDMap *osdmap);
projects / ceph.git / commitdiff