nfs-ganesha: fsal_local_op.c Source File

nfs-ganesha 1.4
00001 /*
00002  * vim:expandtab:shiftwidth=8:tabstop=8:
00003  */
00004 
00015 /*
00016  * Copyright CEA/DAM/DIF  (2008)
00017  * contributeur : Philippe DENIEL   philippe.deniel@cea.fr
00018  *                Thomas LEIBOVICI  thomas.leibovici@cea.fr
00019  *
00020  *
00021  * This program is free software; you can redistribute it and/or
00022  * modify it under the terms of the GNU Lesser General Public
00023  * License as published by the Free Software Foundation; either
00024  * version 3 of the License, or (at your option) any later version.
00025  * 
00026  * This program is distributed in the hope that it will be useful,
00027  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00028  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00029  * Lesser General Public License for more details.
00030  * 
00031  * You should have received a copy of the GNU Lesser General Public
00032  * License along with this library; if not, write to the Free Software
00033  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
00034  * 
00035  * ---------------------------------------
00036  */
00037 
00038 #ifdef HAVE_CONFIG_H
00039 #include "config.h"
00040 #endif
00041 
00042 #ifdef _SOLARIS
00043 #include "solaris_port.h"
00044 #endif                          /* _SOLARIS */
00045 
00046 #include <string.h>
00047 #ifdef _USE_GSSRPC
00048 #include <gssrpc/rpc.h>
00049 #include <gssrpc/xdr.h>
00050 #else
00051 #include <rpc/rpc.h>
00052 #include <rpc/xdr.h>
00053 #endif
00054 #include "nfs4.h"
00055 
00056 #include "fsal_internal.h"
00057 #include "fsal_convert.h"
00058 #include "fsal_common.h"
00059 
00060 #include "nfs_proto_functions.h"
00061 #include "fsal_nfsv4_macros.h"
00062 
00095 fsal_status_t PROXYFSAL_test_access(fsal_op_context_t * p_context, /* IN */
00096                                     fsal_accessflags_t access_type,     /* IN */
00097                                     fsal_attrib_list_t * object_attributes      /* IN */
00098     )
00099 {
00100   fsal_accessflags_t missing_access;
00101   int is_grp;
00102 
00103   /* sanity checks. */
00104 
00105   if(!object_attributes || !p_context)
00106     Return(ERR_FSAL_FAULT, 0, INDEX_FSAL_test_access);
00107 
00108   /* If the FSAL_F_OK flag is set, returns ERR INVAL */
00109 
00110   if(access_type & FSAL_F_OK)
00111     Return(ERR_FSAL_INVAL, 0, INDEX_FSAL_test_access);
00112 
00113   /* ----- here is a code sample for this function ---- */
00114 
00115   /* test root access */
00116 
00117   if(p_context->credential.user == 0)
00118     Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_test_access);
00119 
00120   /* unsatisfied permissions */
00121 
00122   missing_access = FSAL_MODE_MASK(access_type); /* only modes, no ACLs here */
00123 
00124 
00125   /* Test if file belongs to user. */
00126 
00127   if(p_context->credential.user == object_attributes->owner)
00128     {
00129 
00130       if(object_attributes->mode & FSAL_MODE_RUSR)
00131         missing_access &= ~FSAL_R_OK;
00132 
00133       if(object_attributes->mode & FSAL_MODE_WUSR)
00134         missing_access &= ~FSAL_W_OK;
00135 
00136       if(object_attributes->mode & FSAL_MODE_XUSR)
00137         missing_access &= ~FSAL_X_OK;
00138 
00139       if(missing_access == 0)
00140         Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_test_access);
00141       else
00142         Return(ERR_FSAL_ACCESS, 0, INDEX_FSAL_test_access);
00143 
00144     }
00145 
00146   /* Test if the file belongs to user's group. */
00147 
00148   is_grp = (p_context->credential.group == object_attributes->group);
00149 
00150   if(!is_grp)
00151     {
00152       /* >> Test here if file belongs to user's alt groups << */
00153     }
00154 
00155   /* finally apply group rights */
00156 
00157   if(is_grp)
00158     {
00159       if(object_attributes->mode & FSAL_MODE_RGRP)
00160         missing_access &= ~FSAL_R_OK;
00161 
00162       if(object_attributes->mode & FSAL_MODE_WGRP)
00163         missing_access &= ~FSAL_W_OK;
00164 
00165       if(object_attributes->mode & FSAL_MODE_XGRP)
00166         missing_access &= ~FSAL_X_OK;
00167 
00168       if(missing_access == 0)
00169         Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_test_access);
00170       else
00171         Return(ERR_FSAL_ACCESS, 0, INDEX_FSAL_test_access);
00172 
00173     }
00174 
00175   /* test other perms */
00176 
00177   if(object_attributes->mode & FSAL_MODE_ROTH)
00178     missing_access &= ~FSAL_R_OK;
00179 
00180   if(object_attributes->mode & FSAL_MODE_WOTH)
00181     missing_access &= ~FSAL_W_OK;
00182 
00183   if(object_attributes->mode & FSAL_MODE_XOTH)
00184     missing_access &= ~FSAL_X_OK;
00185 
00188   if(missing_access == 0)
00189     Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_test_access);
00190   else
00191     Return(ERR_FSAL_ACCESS, 0, INDEX_FSAL_test_access);
00192 
00193 }
00194 
00219 fsal_status_t PROXYFSAL_setattr_access(fsal_op_context_t * p_context,      /* IN */
00220                                        fsal_attrib_list_t * pcandidate_attributes,      /* IN */
00221                                        fsal_attrib_list_t * pobject_attributes  /* IN */
00222     )
00223 {
00224   int same_owner = FALSE;
00225 
00226   /* sanity check */
00227   if(p_context == NULL || pcandidate_attributes == NULL || pobject_attributes == NULL)
00228     Return(ERR_FSAL_FAULT, 0, INDEX_FSAL_setattr_access);
00229 
00230   /* Root has full power... */
00231   if(p_context->credential.user == 0)
00232     Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_setattr_access);
00233 
00234   /* Check for owner access */
00235   if(p_context->credential.user == pobject_attributes->owner)
00236     {
00237       same_owner = TRUE;
00238     }
00239 
00240   if(!same_owner)
00241     Return(ERR_FSAL_ACCESS, 0, INDEX_FSAL_setattr_access);
00242 
00243   /* If this point is reached, then access is granted */
00244   Return(ERR_FSAL_NO_ERROR, 0, INDEX_FSAL_setattr_access);
00245 
00246 }                               /* FSAL_test_setattr_access */
00247