[PVFS-developers] Possible permissions handling bug

Don Porter porterde@mercury.hendrix.edu
05 Sep 2003 18:07:46 -0500 

--=-vC+RsybxhBBiCPKWjPWM
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

In response to the email at
http://www.beowulf-underground.org/pipermail/pvfs-developers/2003-August/001245.html

This patch seems to introduce a case where is a user fails to pass the
meta_access checks, the errno gets reset to Success even though the
return value of the function is -1.  

This occurs when the __meta_access function returns -1, and then get
group members is called.  This function will then successfully get the
group members, resetting errno.  If the file's group has no other users
in it, the for loop which continues to call __meta_access will be
skipped and -1 will be returned.  So, attached is a patch which caches
errno and resets it if the ultimate result is a -1 return value. 

As an aside, I noticed that this patch has not yet been added to cvs and
I was curious if it was going to be?  I ask this primarily because I
just submitted some patches which have also make similar corrections to
the same file (metaio.c's meta_access function) when working on
md_unlink, et alium.  This is a bit of a fork and the two ought to be
reconciled. 

Thanks for any help on this,
Don


-- 
Don Porter <porterde@mercury.hendrix.edu>

--=-vC+RsybxhBBiCPKWjPWM
Content-Disposition: attachment; filename=pvfs-chgrp-fix1.patch
Content-Type: text/plain; name=pvfs-chgrp-fix1.patch; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit

--- pvfs-1.6.0/mgr/meta/metaio.c	Fri Sep  5 15:16:06 2003
+++ pvfs-1.6.0-fix/mgr/meta/metaio.c	Fri Sep  5 14:34:32 2003
@@ -350,6 +350,7 @@
 int meta_access(int fd, char *pathname, uid_t uid, gid_t gid, int mode)
 {
 	int i, max_groups = 0, ret = 0, count = 0;
+	int cached_errno = 0;
 	gid_t *list = NULL;
 	/* Essentially retry __meta_access 
 	 * for all gid's to which the uid 
@@ -357,6 +358,8 @@
 	 * or else return failure.
 	 */
 	if((ret = __meta_access(fd, pathname, uid, gid, mode)) < 0) {
+		/* cache the errno from __meta_access */
+		cached_errno = errno;
 		/* it may not mean an error just yet! */
 		max_groups = getusergroups(0, NULL, uid, gid);
 		if(max_groups < 0) {
@@ -383,6 +386,10 @@
 		}
 	}
 	if(list) free(list);
+	/* this call is still going to return a -1, let's restore errno */
+	if(ret){
+		errno = cached_errno;
+	}
 	return ret;
 }
 

--=-vC+RsybxhBBiCPKWjPWM--