Unverified Commit 15d38f26 authored by David Kocher's avatar David Kocher Committed by GitHub
Browse files

Reduce number of callbacks when checking access flags. (#89)



* Reduce number of callbacks when checking access flags.
Signed-off-by: default avatarDavid Kocher <dkocher@iterate.ch>

* Fix test.
Signed-off-by: default avatarDavid Kocher <dkocher@iterate.ch>
parent 7d14d29c
......@@ -85,9 +85,9 @@ public class PseudoFs extends ForwardingFileSystem {
return _inner;
}
private boolean canAccess(Inode inode, int mode) {
private boolean canAccess(Inode inode, Stat stat, int mode) {
try {
checkAccess(inode, mode, false);
checkAccess(inode, stat, mode, false);
return true;
} catch (IOException e) {
}
......@@ -102,38 +102,39 @@ public class PseudoFs extends ForwardingFileSystem {
throw new InvalException("invalid access mask");
}
Stat stat = _inner.getattr(inode);
if ((mode & ACCESS4_READ) != 0) {
if (canAccess(inode, ACE4_READ_DATA)) {
if (canAccess(inode, stat, ACE4_READ_DATA)) {
accessmask |= ACCESS4_READ;
}
}
if ((mode & ACCESS4_LOOKUP) != 0) {
if (canAccess(inode, ACE4_EXECUTE)) {
if (canAccess(inode, stat, ACE4_EXECUTE)) {
accessmask |= ACCESS4_LOOKUP;
}
}
if ((mode & ACCESS4_MODIFY) != 0) {
if (canAccess(inode, ACE4_WRITE_DATA)) {
if (canAccess(inode, stat, ACE4_WRITE_DATA)) {
accessmask |= ACCESS4_MODIFY;
}
}
if ((mode & ACCESS4_EXECUTE) != 0) {
if (canAccess(inode, ACE4_EXECUTE)) {
if (canAccess(inode, stat, ACE4_EXECUTE)) {
accessmask |= ACCESS4_EXECUTE;
}
}
if ((mode & ACCESS4_EXTEND) != 0) {
if (canAccess(inode, ACE4_APPEND_DATA)) {
if (canAccess(inode, stat, ACE4_APPEND_DATA)) {
accessmask |= ACCESS4_EXTEND;
}
}
if ((mode & ACCESS4_DELETE) != 0) {
if (canAccess(inode, ACE4_DELETE_CHILD)) {
if (canAccess(inode, stat, ACE4_DELETE_CHILD)) {
accessmask |= ACCESS4_DELETE;
}
}
......@@ -146,19 +147,19 @@ public class PseudoFs extends ForwardingFileSystem {
*/
if ((mode & ACCESS4_XAREAD) != 0) {
if (canAccess(inode, ACE4_READ_DATA)) {
if (canAccess(inode, stat, ACE4_READ_DATA)) {
accessmask |= ACCESS4_XAREAD;
}
}
if ((mode & ACCESS4_XALIST) != 0) {
if (canAccess(inode, ACE4_READ_DATA)) {
if (canAccess(inode, stat, ACE4_READ_DATA)) {
accessmask |= ACCESS4_XALIST;
}
}
if ((mode & ACCESS4_XAWRITE) != 0) {
if (canAccess(inode, ACE4_WRITE_DATA)) {
if (canAccess(inode, stat, ACE4_WRITE_DATA)) {
accessmask |= ACCESS4_XAWRITE;
}
}
......@@ -393,6 +394,10 @@ public class PseudoFs extends ForwardingFileSystem {
}
private Subject checkAccess(Inode inode, int requestedMask, boolean shouldLog) throws IOException {
return checkAccess(inode, _inner.getattr(inode), requestedMask, shouldLog);
}
private Subject checkAccess(Inode inode, Stat stat, int requestedMask, boolean shouldLog) throws IOException {
Subject effectiveSubject = _subject;
Access aclMatched = Access.UNDEFINED;
......@@ -453,7 +458,6 @@ public class PseudoFs extends ForwardingFileSystem {
* always allows it.
*/
if ((aclMatched == Access.UNDEFINED) && (requestedMask != ACE4_READ_ATTRIBUTES)) {
Stat stat = _inner.getattr(inode);
int unixAccessmask = unixToAccessmask(effectiveSubject, stat);
if ((unixAccessmask & requestedMask) != requestedMask) {
if (shouldLog) {
......
......@@ -24,6 +24,8 @@ import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.stream.Stream;
import javax.security.auth.Subject;
import com.google.common.primitives.Longs;
import org.dcache.auth.Subjects;
import org.dcache.nfs.ExportFile;
import org.dcache.nfs.FsExport;
......@@ -383,7 +385,7 @@ public class PseudoFsTest {
Inode inode = new Inode(
new FileHandle.FileHandleBuilder()
.setExportIdx(1)
.build(new byte[] {0x1})
.build(Longs.toByteArray(1L))
);
given(mockedExportFile.getExport(1, localAddress.getAddress())).willReturn(null);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment