[Pvfs2-cvs] commit by dbonnie in pvfs2/src/server: check.c check.h
get-attr.sm
CVS commit program
cvs at parl.clemson.edu
Fri Jul 18 12:04:04 EDT 2008
Update of /anoncvs/pvfs2/src/server
In directory parlweb1:/tmp/cvs-serv30245/src/server
Modified Files:
Tag: cu-security-branch
check.c check.h get-attr.sm
Log Message:
Updated encode/decode buffers. Updated getattr permission checking.
Index: check.c
===================================================================
RCS file: /anoncvs/pvfs2/src/server/check.c,v
diff -p -u -r1.1.8.10 -r1.1.8.11
--- check.c 17 Jul 2008 21:29:51 -0000 1.1.8.10
+++ check.c 18 Jul 2008 16:04:04 -0000 1.1.8.11
@@ -216,27 +216,34 @@ int PINT_check_mode(
/* PINT_getattr_check_perms()
*
- * fills in "op_mask" for user "uid" of group "gid" on
+ * fills in "op_mask" for user "uid" of groups in "gid" on
* the object with attributes "attr"
*
*/
-void PINT_getattr_check_perms(PVFS_uid uid, PVFS_gid gid,
+void PINT_getattr_check_perms(PVFS_uid uid, PVFS_gid *gid, uint32_t num_groups,
PVFS_object_attr attr, uint32_t *op_mask)
{
+ int i;
+
if (uid == 0)
{
*op_mask = ~0;
return;
}
- /* temporary stop-gap...fix after create is finsihed */
+ for (i = 0; i < num_groups; i++)
+ {
+ if (attr.group == gid[i]) break;
+ }
+
+ /* temporary stop-gap...fix after create is finished */
*op_mask |= PINT_CAP_CREATE;
- if (PINT_check_mode(&attr, uid, gid, PINT_ACCESS_READABLE) == 0)
+ if (PINT_check_mode(&attr, uid, gid[i], PINT_ACCESS_READABLE) == 0)
*op_mask |= PINT_CAP_READ;
- if (PINT_check_mode(&attr, uid, gid, PINT_ACCESS_WRITABLE) == 0)
+ if (PINT_check_mode(&attr, uid, gid[i], PINT_ACCESS_WRITABLE) == 0)
*op_mask |= PINT_CAP_WRITE;
- if (PINT_check_mode(&attr, uid, gid, PINT_ACCESS_EXECUTABLE) == 0)
+ if (PINT_check_mode(&attr, uid, gid[i], PINT_ACCESS_EXECUTABLE) == 0)
*op_mask |= PINT_CAP_EXEC;
if (uid == attr.owner)
*op_mask |= PINT_CAP_SETATTR;
Index: check.h
===================================================================
RCS file: /anoncvs/pvfs2/src/server/check.h,v
diff -p -u -r1.1.8.4 -r1.1.8.5
--- check.h 17 Jul 2008 21:29:51 -0000 1.1.8.4
+++ check.h 18 Jul 2008 16:04:04 -0000 1.1.8.5
@@ -33,7 +33,7 @@ PINT_sm_action prelude_check_acls_if_nee
PINT_sm_action prelude_check_acls(
struct PINT_smcb *smcb, job_status_s *js_p);
-void PINT_getattr_check_perms(PVFS_uid uid, PVFS_gid gid,
+void PINT_getattr_check_perms(PVFS_uid uid, PVFS_gid *gid, uint32_t num_groups,
PVFS_object_attr attr, uint32_t *op_mask);
#endif /* __CHECK_H */
Index: get-attr.sm
===================================================================
RCS file: /anoncvs/pvfs2/src/server/get-attr.sm,v
diff -p -u -r1.93.2.11 -r1.93.2.12
--- get-attr.sm 17 Jul 2008 21:29:51 -0000 1.93.2.11
+++ get-attr.sm 18 Jul 2008 16:04:04 -0000 1.93.2.12
@@ -290,12 +290,11 @@ static PINT_sm_action getattr_verify_att
}
resp_attr->capability.owner = s_op->attr.owner;
- /* use check.c op_mask function here when done */
-/* resp_attr->capability.op_mask = s_op->attr.perms; */
-
+ /* Note: ACL checks are not in place yet */
PINT_getattr_check_perms(s_op->req->u.getattr.credential.userid,
- s_op->req->u.getattr.credential.group_array[0], s_op->attr,
- &resp_attr->capability.op_mask);
+ s_op->req->u.getattr.credential.group_array,
+ s_op->req->u.getattr.credential.num_groups,
+ s_op->attr, &resp_attr->capability.op_mask);
resp_attr->capability.fsid = s_op->u.getattr.fs_id;
More information about the Pvfs2-cvs
mailing list