Unverified Commit 15d38f26 authored by David Kocher's avatar David Kocher Committed by GitHub
Browse files

Reduce number of callbacks when checking access flags. (#89)



* Reduce number of callbacks when checking access flags.
Signed-off-by: default avatarDavid Kocher <dkocher@iterate.ch>

* Fix test.
Signed-off-by: default avatarDavid Kocher <dkocher@iterate.ch>
parent 7d14d29c
...@@ -85,9 +85,9 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -85,9 +85,9 @@ public class PseudoFs extends ForwardingFileSystem {
return _inner; return _inner;
} }
private boolean canAccess(Inode inode, int mode) { private boolean canAccess(Inode inode, Stat stat, int mode) {
try { try {
checkAccess(inode, mode, false); checkAccess(inode, stat, mode, false);
return true; return true;
} catch (IOException e) { } catch (IOException e) {
} }
...@@ -102,38 +102,39 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -102,38 +102,39 @@ public class PseudoFs extends ForwardingFileSystem {
throw new InvalException("invalid access mask"); throw new InvalException("invalid access mask");
} }
Stat stat = _inner.getattr(inode);
if ((mode & ACCESS4_READ) != 0) { if ((mode & ACCESS4_READ) != 0) {
if (canAccess(inode, ACE4_READ_DATA)) { if (canAccess(inode, stat, ACE4_READ_DATA)) {
accessmask |= ACCESS4_READ; accessmask |= ACCESS4_READ;
} }
} }
if ((mode & ACCESS4_LOOKUP) != 0) { if ((mode & ACCESS4_LOOKUP) != 0) {
if (canAccess(inode, ACE4_EXECUTE)) { if (canAccess(inode, stat, ACE4_EXECUTE)) {
accessmask |= ACCESS4_LOOKUP; accessmask |= ACCESS4_LOOKUP;
} }
} }
if ((mode & ACCESS4_MODIFY) != 0) { if ((mode & ACCESS4_MODIFY) != 0) {
if (canAccess(inode, ACE4_WRITE_DATA)) { if (canAccess(inode, stat, ACE4_WRITE_DATA)) {
accessmask |= ACCESS4_MODIFY; accessmask |= ACCESS4_MODIFY;
} }
} }
if ((mode & ACCESS4_EXECUTE) != 0) { if ((mode & ACCESS4_EXECUTE) != 0) {
if (canAccess(inode, ACE4_EXECUTE)) { if (canAccess(inode, stat, ACE4_EXECUTE)) {
accessmask |= ACCESS4_EXECUTE; accessmask |= ACCESS4_EXECUTE;
} }
} }
if ((mode & ACCESS4_EXTEND) != 0) { if ((mode & ACCESS4_EXTEND) != 0) {
if (canAccess(inode, ACE4_APPEND_DATA)) { if (canAccess(inode, stat, ACE4_APPEND_DATA)) {
accessmask |= ACCESS4_EXTEND; accessmask |= ACCESS4_EXTEND;
} }
} }
if ((mode & ACCESS4_DELETE) != 0) { if ((mode & ACCESS4_DELETE) != 0) {
if (canAccess(inode, ACE4_DELETE_CHILD)) { if (canAccess(inode, stat, ACE4_DELETE_CHILD)) {
accessmask |= ACCESS4_DELETE; accessmask |= ACCESS4_DELETE;
} }
} }
...@@ -146,19 +147,19 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -146,19 +147,19 @@ public class PseudoFs extends ForwardingFileSystem {
*/ */
if ((mode & ACCESS4_XAREAD) != 0) { if ((mode & ACCESS4_XAREAD) != 0) {
if (canAccess(inode, ACE4_READ_DATA)) { if (canAccess(inode, stat, ACE4_READ_DATA)) {
accessmask |= ACCESS4_XAREAD; accessmask |= ACCESS4_XAREAD;
} }
} }
if ((mode & ACCESS4_XALIST) != 0) { if ((mode & ACCESS4_XALIST) != 0) {
if (canAccess(inode, ACE4_READ_DATA)) { if (canAccess(inode, stat, ACE4_READ_DATA)) {
accessmask |= ACCESS4_XALIST; accessmask |= ACCESS4_XALIST;
} }
} }
if ((mode & ACCESS4_XAWRITE) != 0) { if ((mode & ACCESS4_XAWRITE) != 0) {
if (canAccess(inode, ACE4_WRITE_DATA)) { if (canAccess(inode, stat, ACE4_WRITE_DATA)) {
accessmask |= ACCESS4_XAWRITE; accessmask |= ACCESS4_XAWRITE;
} }
} }
...@@ -393,6 +394,10 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -393,6 +394,10 @@ public class PseudoFs extends ForwardingFileSystem {
} }
private Subject checkAccess(Inode inode, int requestedMask, boolean shouldLog) throws IOException { private Subject checkAccess(Inode inode, int requestedMask, boolean shouldLog) throws IOException {
return checkAccess(inode, _inner.getattr(inode), requestedMask, shouldLog);
}
private Subject checkAccess(Inode inode, Stat stat, int requestedMask, boolean shouldLog) throws IOException {
Subject effectiveSubject = _subject; Subject effectiveSubject = _subject;
Access aclMatched = Access.UNDEFINED; Access aclMatched = Access.UNDEFINED;
...@@ -453,7 +458,6 @@ public class PseudoFs extends ForwardingFileSystem { ...@@ -453,7 +458,6 @@ public class PseudoFs extends ForwardingFileSystem {
* always allows it. * always allows it.
*/ */
if ((aclMatched == Access.UNDEFINED) && (requestedMask != ACE4_READ_ATTRIBUTES)) { if ((aclMatched == Access.UNDEFINED) && (requestedMask != ACE4_READ_ATTRIBUTES)) {
Stat stat = _inner.getattr(inode);
int unixAccessmask = unixToAccessmask(effectiveSubject, stat); int unixAccessmask = unixToAccessmask(effectiveSubject, stat);
if ((unixAccessmask & requestedMask) != requestedMask) { if ((unixAccessmask & requestedMask) != requestedMask) {
if (shouldLog) { if (shouldLog) {
......
...@@ -24,6 +24,8 @@ import java.net.InetSocketAddress; ...@@ -24,6 +24,8 @@ import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.stream.Stream; import java.util.stream.Stream;
import javax.security.auth.Subject; import javax.security.auth.Subject;
import com.google.common.primitives.Longs;
import org.dcache.auth.Subjects; import org.dcache.auth.Subjects;
import org.dcache.nfs.ExportFile; import org.dcache.nfs.ExportFile;
import org.dcache.nfs.FsExport; import org.dcache.nfs.FsExport;
...@@ -383,7 +385,7 @@ public class PseudoFsTest { ...@@ -383,7 +385,7 @@ public class PseudoFsTest {
Inode inode = new Inode( Inode inode = new Inode(
new FileHandle.FileHandleBuilder() new FileHandle.FileHandleBuilder()
.setExportIdx(1) .setExportIdx(1)
.build(new byte[] {0x1}) .build(Longs.toByteArray(1L))
); );
given(mockedExportFile.getExport(1, localAddress.getAddress())).willReturn(null); given(mockedExportFile.getExport(1, localAddress.getAddress())).willReturn(null);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment