From: Yan, Zheng Date: Tue, 29 Sep 2015 08:40:11 +0000 (+0800) Subject: client: permission check for lookup X-Git-Tag: v10.0.3~48^2~3^2~9 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c2c89b2cc68fab7f775b5ed2c5225381637cbc2e;p=ceph.git client: permission check for lookup Signed-off-by: Yan, Zheng --- diff --git a/src/client/Client.cc b/src/client/Client.cc index 7e5ba40ed74..c1fe9c38825 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -4937,6 +4937,24 @@ out: return r; } +int Client::may_lookup(Inode *dir, int uid, int gid) +{ + if (uid < 0) + uid = get_uid(); + if (gid < 0) + gid = get_gid(); + RequestUserGroups groups(this, uid, gid); + + int r = _getattr(dir, CEPH_STAT_CAP_MODE, uid, gid); + if (r < 0) + goto out; + + r = inode_permission(dir, uid, groups, MAY_EXEC); +out: + ldout(cct, 3) << __func__ << " " << dir << " = " << r << dendl; + return r; +} + int Client::may_create(Inode *dir, int uid, int gid) { if (uid < 0) @@ -8972,9 +8990,15 @@ int Client::ll_lookup(Inode *parent, const char *name, struct stat *attr, tout(cct) << "ll_lookup" << std::endl; tout(cct) << name << std::endl; + int r = 0; + if (!cct->_conf->fuse_default_permissions) { + r = may_lookup(parent, uid, gid); + if (r < 0) + return r; + } + string dname(name); InodeRef in; - int r = 0; r = _lookup(parent, dname, &in, uid, gid); if (r < 0) { diff --git a/src/client/Client.h b/src/client/Client.h index db3f8d820ca..38874f6ae6c 100644 --- a/src/client/Client.h +++ b/src/client/Client.h @@ -785,6 +785,7 @@ private: int inode_permission(Inode *in, uid_t uid, UserGroups& groups, unsigned want); int may_setattr(Inode *in, struct stat *st, int mask, int uid=-1, int gid=-1); int may_open(Inode *in, int flags, int uid=-1, int gid=-1); + int may_lookup(Inode *dir, int uid=-1, int gid=-1); int may_create(Inode *dir, int uid=-1, int gid=-1); int may_delete(Inode *dir, const char *name, int uid=-1, int gid=-1); int _getgrouplist(gid_t **sgids, int uid=-1, int gid=-1);