Commit f0c7a431 authored by Tigran Mkrtchyan's avatar Tigran Mkrtchyan
Browse files

nfsv41: move acl module into request context

defined ACL handler in a single place.

Patch: http://rb.dcache.org/r/1710
Acked-By: Irina
parent 174bee0f
......@@ -2,9 +2,6 @@ package org.dcache.chimera.nfs.v4;
import org.dcache.chimera.nfs.v4.xdr.nfs_argop4;
import org.dcache.chimera.nfs.v4.xdr.nfs_resop4;
import org.dcache.chimera.posix.AclHandler;
import org.dcache.chimera.posix.UnixPermissionHandler;
/**
*
......@@ -15,7 +12,6 @@ public abstract class AbstractNFSv4Operation {
protected final nfs_resop4 _result = new nfs_resop4();
protected final nfs_argop4 _args;
protected AclHandler _permissionHandler = UnixPermissionHandler.getInstance();
public AbstractNFSv4Operation(nfs_argop4 args, int opCode) {
_result.resop = opCode;
......
......@@ -9,6 +9,7 @@ import org.dcache.chimera.FileSystemProvider;
import org.dcache.chimera.FsInode;
import org.dcache.chimera.nfs.ExportFile;
import org.dcache.chimera.nfs.v4.xdr.nfs_resop4;
import org.dcache.chimera.posix.AclHandler;
import org.dcache.chimera.posix.UnixUser;
import org.dcache.xdr.RpcCall;
......@@ -31,6 +32,7 @@ public class CompoundContext {
private final UnixUser _user;
private final ExportFile _exportFile;
private final NFSv41DeviceManager _deviceManager;
private final AclHandler _aclHandler;
/**
* Create context of COUMPOUND request.
......@@ -42,11 +44,12 @@ public class CompoundContext {
* @param exportFile list of servers exports.
*/
public CompoundContext(List<nfs_resop4> processedOps, int minorversion, FileSystemProvider fs,
NFSv41DeviceManager deviceManager, RpcCall call, ExportFile exportFile) {
NFSv41DeviceManager deviceManager, AclHandler aclHandler, RpcCall call, ExportFile exportFile) {
_processedOps = processedOps;
_minorversion = minorversion;
_fs = fs;
_deviceManager = deviceManager;
_aclHandler = aclHandler;
_callInfo = call;
_exportFile = exportFile;
_user = HimeraNFS4Utils.remoteUser(_callInfo, _exportFile);
......@@ -67,6 +70,9 @@ public class CompoundContext {
return _deviceManager;
}
public AclHandler getAclHandler() {
return _aclHandler;
}
/**
* Get NFSv4 minor version number. The version number os provided by client
* for each coumpound.
......
......@@ -34,6 +34,7 @@ import org.dcache.chimera.nfs.v3.MountServer;
import org.dcache.chimera.nfs.v3.xdr.mount_prot;
import org.dcache.chimera.nfs.v4.mover.DSOperationFactory;
import org.dcache.chimera.nfs.v4.xdr.nfs4_prot;
import org.dcache.chimera.posix.UnixPermissionHandler;
import org.dcache.xdr.portmap.OncRpcEmbeddedPortmap;
......@@ -89,7 +90,7 @@ public class Main {
MountServer ms = new MountServer(exports, fs);
NFSServerV41 nfs4 = new NFSServerV41(new MDSOperationFactory(), new DeviceManager(),
fs, exports);
UnixPermissionHandler.getInstance(), fs, exports);
service.register( new OncRpcProgram(nfs4_prot.NFS4_PROGRAM, nfs4_prot.NFS_V4), nfs4);
service.register( new OncRpcProgram(mount_prot.MOUNT_PROGRAM, mount_prot.MOUNT_V3), ms);
......@@ -99,7 +100,7 @@ public class Main {
service = new OncRpcSvc(port);
_log.log(Level.INFO, "starting DS on: {0}", port );
NFSServerV41 ds = new NFSServerV41(new DSOperationFactory(), new DeviceManager(),
fs, null);
UnixPermissionHandler.getInstance(), fs, null);
service.register( new OncRpcProgram(nfs4_prot.NFS4_PROGRAM, nfs4_prot.NFS_V4), ds);
}
......
......@@ -18,6 +18,7 @@ import java.util.logging.Logger;
import org.dcache.chimera.FileSystemProvider;
import org.dcache.chimera.nfs.ExportFile;
import org.dcache.chimera.posix.AclHandler;
import org.dcache.xdr.OncRpcException;
import org.dcache.xdr.RpcCall;
......@@ -28,15 +29,17 @@ public class NFSServerV41 extends nfs4_prot_NFS4_PROGRAM_ServerStub {
private static final Logger _log = Logger.getLogger(NFSServerV41.class.getName());
private final NFSv4OperationFactory _operationFactory;
private final NFSv41DeviceManager _deviceManager;
private final AclHandler _aclHandler;
public NFSServerV41(NFSv4OperationFactory operationFactory,
NFSv41DeviceManager deviceManager, FileSystemProvider fs,
NFSv41DeviceManager deviceManager, AclHandler aclHandler, FileSystemProvider fs,
ExportFile exportFile) throws OncRpcException, IOException {
_deviceManager = deviceManager;
_fs = fs;
_exportFile = exportFile;
_operationFactory = operationFactory;
_aclHandler = aclHandler;
}
@Override
......@@ -62,7 +65,7 @@ public class NFSServerV41 extends nfs4_prot_NFS4_PROGRAM_ServerStub {
}
CompoundContext context = new CompoundContext(v, arg1.minorversion.value,
_fs, _deviceManager, call$, _exportFile);
_fs, _deviceManager, _aclHandler, call$, _exportFile);
for (nfs_argop4 op : arg1.argarray) {
......
......@@ -39,37 +39,37 @@ public class OperationACCESS extends AbstractNFSv4Operation {
if( (reqAccess & nfs4_prot.ACCESS4_EXECUTE) == nfs4_prot.ACCESS4_EXECUTE ) {
if ( _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_EXECUTE ) ) {
if ( context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_EXECUTE ) ) {
realAccess |= nfs4_prot.ACCESS4_EXECUTE;
}
}
if( (reqAccess & nfs4_prot.ACCESS4_EXTEND) == nfs4_prot.ACCESS4_EXTEND ) {
if ( _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_INSERT ) ) {
if ( context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_INSERT ) ) {
realAccess |= nfs4_prot.ACCESS4_EXTEND;
}
}
if( (reqAccess & nfs4_prot.ACCESS4_LOOKUP) == nfs4_prot.ACCESS4_LOOKUP ) {
if ( _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_LOOKUP ) ) {
if ( context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_LOOKUP ) ) {
realAccess |= nfs4_prot.ACCESS4_LOOKUP;
}
}
if( (reqAccess & nfs4_prot.ACCESS4_DELETE) == nfs4_prot.ACCESS4_DELETE ) {
if ( _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_DELETE ) ) {
if ( context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_DELETE ) ) {
realAccess |= nfs4_prot.ACCESS4_DELETE;
}
}
if( (reqAccess & nfs4_prot.ACCESS4_MODIFY) == nfs4_prot.ACCESS4_MODIFY ) {
if ( _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_WRITE ) ){
if ( context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_WRITE ) ){
realAccess |= nfs4_prot.ACCESS4_MODIFY;
}
}
if( (reqAccess & nfs4_prot.ACCESS4_READ) == nfs4_prot.ACCESS4_READ ) {
if ( _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_READ ) ) {
if ( context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_READ ) ) {
realAccess |= nfs4_prot.ACCESS4_READ;
}
}
......
......@@ -49,7 +49,7 @@ public class OperationCREATE extends AbstractNFSv4Operation {
UnixAcl fileAcl = new UnixAcl(parentStat.getUid(), parentStat.getGid(),parentStat.getMode() & 0777 );
if ( ! _permissionHandler.isAllowed(fileAcl, context.getUser(), AclHandler.ACL_INSERT) ) {
if ( ! context.getAclHandler().isAllowed(fileAcl, context.getUser(), AclHandler.ACL_INSERT) ) {
throw new ChimeraNFSException( nfsstat4.NFS4ERR_ACCESS, "Permission denied." );
}
......
......@@ -33,7 +33,7 @@ public class OperationLINK extends AbstractNFSv4Operation {
Stat parentStat = context.currentInode().statCache();
UnixAcl acl = new UnixAcl(parentStat.getUid(), parentStat.getGid(),parentStat.getMode() & 0777 );
if ( ! _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_INSERT ) ) {
if ( ! context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_INSERT ) ) {
throw new ChimeraNFSException( nfsstat4.NFS4ERR_ACCESS, "Permission denied." );
}
......
......@@ -99,7 +99,7 @@ public class OperationOPEN extends AbstractNFSv4Operation {
_log.log(Level.FINEST, "GID : {0}", fileStat.getGid());
_log.log(Level.FINEST, "Mode : 0{0}", Integer.toOctalString(fileStat.getMode() & 0777));
UnixAcl fileAcl = new UnixAcl(fileStat.getUid(), fileStat.getGid(), fileStat.getMode() & 0777);
if (!_permissionHandler.isAllowed(fileAcl, context.getUser(), AclHandler.ACL_WRITE)) {
if (!context.getAclHandler().isAllowed(fileAcl, context.getUser(), AclHandler.ACL_WRITE)) {
throw new ChimeraNFSException(nfsstat4.NFS4ERR_ACCESS, "Permission denied.");
}
......@@ -109,7 +109,7 @@ public class OperationOPEN extends AbstractNFSv4Operation {
// check parent permissions
Stat parentStat = context.currentInode().statCache();
UnixAcl parentAcl = new UnixAcl(parentStat.getUid(), parentStat.getGid(), parentStat.getMode() & 0777);
if (!_permissionHandler.isAllowed(parentAcl, context.getUser(), AclHandler.ACL_INSERT)) {
if (!context.getAclHandler().isAllowed(parentAcl, context.getUser(), AclHandler.ACL_INSERT)) {
throw new ChimeraNFSException(nfsstat4.NFS4ERR_ACCESS, "Permission denied.");
}
......@@ -128,7 +128,7 @@ public class OperationOPEN extends AbstractNFSv4Operation {
Stat inodeStat = inode.statCache();
UnixAcl fileAcl = new UnixAcl(inodeStat.getUid(), inodeStat.getGid(), inodeStat.getMode() & 0777);
if (!_permissionHandler.isAllowed(fileAcl, context.getUser(), AclHandler.ACL_READ)) {
if (!context.getAclHandler().isAllowed(fileAcl, context.getUser(), AclHandler.ACL_READ)) {
throw new ChimeraNFSException(nfsstat4.NFS4ERR_ACCESS, "Permission denied.");
}
......
......@@ -40,7 +40,7 @@ public class OperationREAD extends AbstractNFSv4Operation {
Stat inodeStat = context.currentInode().statCache();
UnixAcl fileAcl = new UnixAcl(inodeStat.getUid(), inodeStat.getGid(),inodeStat.getMode() & 0777 );
if ( ! _permissionHandler.isAllowed(fileAcl, context.getUser(), AclHandler.ACL_READ) ) {
if ( ! context.getAclHandler().isAllowed(fileAcl, context.getUser(), AclHandler.ACL_READ) ) {
throw new ChimeraNFSException( nfsstat4.NFS4ERR_ACCESS, "Permission denied." );
}
......
......@@ -104,7 +104,7 @@ public class OperationREADDIR extends AbstractNFSv4Operation {
Stat dirStat = dir.statCache();
UnixAcl acl = new UnixAcl(dirStat.getUid(), dirStat.getGid(),dirStat.getMode() & 0777 );
if ( ! _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_LOOKUP) ) {
if ( ! context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_LOOKUP) ) {
throw new ChimeraNFSException( nfsstat4.NFS4ERR_ACCESS, "Permission denied." );
}
......
......@@ -61,11 +61,11 @@ public class OperationREMOVE extends AbstractNFSv4Operation {
Stat parentStat = parentInode.statCache();
UnixAcl acl = new UnixAcl(inodeStat.getUid(), inodeStat.getGid(), inodeStat.getMode() & 0777);
// if (!_permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_DELETE)) {
// if (!context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_DELETE)) {
// throw new ChimeraNFSException(nfsstat4.NFS4ERR_ACCESS, "Permission denied.");
// }
acl = new UnixAcl(parentStat.getUid(), parentStat.getGid(), parentStat.getMode() & 0777);
if (!_permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_DELETE)) {
if (!context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_DELETE)) {
throw new ChimeraNFSException(nfsstat4.NFS4ERR_ACCESS, "Permission denied.");
}
......
......@@ -50,7 +50,7 @@ public class OperationSETATTR extends AbstractNFSv4Operation {
Stat inodeStat = context.currentInode().statCache();
UnixAcl acl = new UnixAcl(inodeStat.getUid(), inodeStat.getGid(),inodeStat.getMode() & 0777 );
if ( ! _permissionHandler.isAllowed(acl, context.getUser(), AclHandler.ACL_ADMINISTER) ) {
if ( ! context.getAclHandler().isAllowed(acl, context.getUser(), AclHandler.ACL_ADMINISTER) ) {
throw new ChimeraNFSException( nfsstat4.NFS4ERR_ACCESS, "Permission denied." );
}
......
......@@ -50,7 +50,7 @@ public class OperationWRITE extends AbstractNFSv4Operation {
Stat inodeStat = context.currentInode().statCache();
UnixAcl fileAcl = new UnixAcl(inodeStat.getUid(), inodeStat.getGid(),inodeStat.getMode() & 0777 );
if ( ! _permissionHandler.isAllowed(fileAcl, context.getUser(), AclHandler.ACL_WRITE) ) {
if ( ! context.getAclHandler().isAllowed(fileAcl, context.getUser(), AclHandler.ACL_WRITE) ) {
throw new ChimeraNFSException( nfsstat4.NFS4ERR_ACCESS, "Permission denied." );
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment