return 0;
}
+int Client::xattr_permission(Inode *in, const char *name, unsigned want, int uid, int gid)
+{
+ if (uid < 0)
+ uid = get_uid();
+ if (gid < 0)
+ gid = get_gid();
+ RequestUserGroups groups(this, uid, gid);
+
+ int r = _getattr(in, CEPH_STAT_CAP_MODE, uid, gid);
+ if (r < 0)
+ goto out;
+
+ r = 0;
+ if (strncmp(name, "system.", 7) == 0) {
+ if ((want & MAY_WRITE) && (uid != 0 && (uid_t)uid != in->uid))
+ r = -EPERM;
+ } else {
+ r = inode_permission(in, uid, groups, want);
+ }
+out:
+ ldout(cct, 3) << __func__ << " " << in << " = " << r << dendl;
+ return r;
+}
+
int Client::may_setattr(Inode *in, struct stat *st, int mask, int uid, int gid)
{
if (uid < 0)
tout(cct) << vino.ino.val << std::endl;
tout(cct) << name << std::endl;
+ if (!cct->_conf->fuse_default_permissions) {
+ int r = xattr_permission(in, name, MAY_READ, uid, gid);
+ if (r < 0)
+ return r;
+ }
+
return _getxattr(in, name, value, size, uid, gid);
}
tout(cct) << vino.ino.val << std::endl;
tout(cct) << name << std::endl;
+ if (!cct->_conf->fuse_default_permissions) {
+ int r = xattr_permission(in, name, MAY_WRITE, uid, gid);
+ if (r < 0)
+ return r;
+ }
+
return _setxattr(in, name, value, size, flags, uid, gid);
}
tout(cct) << vino.ino.val << std::endl;
tout(cct) << name << std::endl;
+ if (!cct->_conf->fuse_default_permissions) {
+ int r = xattr_permission(in, name, MAY_WRITE, uid, gid);
+ if (r < 0)
+ return r;
+ }
+
return _removexattr(in, name, uid, gid);
}
};
int inode_permission(Inode *in, uid_t uid, UserGroups& groups, unsigned want);
+ int xattr_permission(Inode *in, const char *name, unsigned want, int uid=-1, int gid=-1);
int may_setattr(Inode *in, struct stat *st, int mask, int uid=-1, int gid=-1);
int may_open(Inode *in, int flags, int uid=-1, int gid=-1);
int may_lookup(Inode *dir, int uid=-1, int gid=-1);
projects / ceph.git / commitdiff