client: permission check for lookup

Signed-off-by: Yan, Zheng <zyan@redhat.com>

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 7e5ba40ed7434da647a320157cbed93e1d96eb95..c1fe9c38825ccecb7ae3d797eb111bc424c8a84f 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -4937,6 +4937,24 @@ out:
   return r;
 }
 
+int Client::may_lookup(Inode *dir, int uid, int gid)
+{
+  if (uid < 0)
+    uid = get_uid();
+  if (gid < 0)
+    gid = get_gid();
+  RequestUserGroups groups(this, uid, gid);
+
+  int r = _getattr(dir, CEPH_STAT_CAP_MODE, uid, gid);
+  if (r < 0)
+    goto out;
+
+  r = inode_permission(dir, uid, groups, MAY_EXEC);
+out:
+  ldout(cct, 3) << __func__ << " " << dir << " = " << r <<  dendl;
+  return r;
+}
+
 int Client::may_create(Inode *dir, int uid, int gid)
 {
   if (uid < 0)
@@ -8972,9 +8990,15 @@ int Client::ll_lookup(Inode *parent, const char *name, struct stat *attr,
   tout(cct) << "ll_lookup" << std::endl;
   tout(cct) << name << std::endl;
 
+  int r = 0;
+  if (!cct->_conf->fuse_default_permissions) {
+    r = may_lookup(parent, uid, gid);
+    if (r < 0)
+      return r;
+  }
+
   string dname(name);
   InodeRef in;
-  int r = 0;
 
   r = _lookup(parent, dname, &in, uid, gid);
   if (r < 0) {

diff --git a/src/client/Client.h b/src/client/Client.h
index db3f8d820ca8196f32083bdf2c7ca9a9dfbd2808..38874f6ae6c1f3a8bc273729bd186c2161ab0296 100644 (file)
--- a/src/client/Client.h
+++ b/src/client/Client.h
@@ -785,6 +785,7 @@ private:
   int inode_permission(Inode *in, uid_t uid, UserGroups& groups, unsigned want);
   int may_setattr(Inode *in, struct stat *st, int mask, int uid=-1, int gid=-1);
   int may_open(Inode *in, int flags, int uid=-1, int gid=-1);
+  int may_lookup(Inode *dir, int uid=-1, int gid=-1);
   int may_create(Inode *dir, int uid=-1, int gid=-1);
   int may_delete(Inode *dir, const char *name, int uid=-1, int gid=-1);
   int _getgrouplist(gid_t **sgids, int uid=-1, int gid=-1);