From e81fd0b85c8dd3f521e54e32b7da2f99a513f2f2 Mon Sep 17 00:00:00 2001
From: Jiffin Tony Thottan <jthottan@redhat.com>
Date: Thu, 17 Nov 2016 18:22:39 +0530
Subject: access_control : address O_TRUNC and O_APPEND flag properly in
 posix_acl_open

In posix_acl_open, in switch value passed is (flag & O_ACCMODE). The value for
O_ACCMODE is 0003, so the result will always be less than or equal to 3.
But value for O_TRUNC is 01000 and O_APPEND is 02000, so it is not right to
check it in switch case

Change-Id: Ia17db80a6a5f681c35e08e062d384f33ef7e0354
BUG: 1387241
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
Reviewed-on: http://review.gluster.org/15688
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
---
 tests/bugs/access-control/bug-1387241.c  | 17 +++++++++++++++
 tests/bugs/access-control/bug-1387241.t  | 36 ++++++++++++++++++++++++++++++++
 xlators/system/posix-acl/src/posix-acl.c |  5 +++--
 3 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 tests/bugs/access-control/bug-1387241.c
 create mode 100644 tests/bugs/access-control/bug-1387241.t

diff --git a/tests/bugs/access-control/bug-1387241.c b/tests/bugs/access-control/bug-1387241.c
new file mode 100644
index 0000000000..04e0d6ea11
--- /dev/null
+++ b/tests/bugs/access-control/bug-1387241.c
@@ -0,0 +1,17 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+
+int main(int argc, char *argv[])
+{
+        int ret = EXIT_FAILURE;
+        int fd = open(argv[1], O_RDONLY|O_TRUNC);
+
+        if (fd) {
+                ret = EXIT_SUCCESS;
+                close(fd);
+        }
+
+        return ret;
+}
diff --git a/tests/bugs/access-control/bug-1387241.t b/tests/bugs/access-control/bug-1387241.t
new file mode 100644
index 0000000000..2efd80547d
--- /dev/null
+++ b/tests/bugs/access-control/bug-1387241.t
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+. $(dirname $0)/../../include.rc
+. $(dirname $0)/../../volume.rc
+
+case $OSTYPE in
+NetBSD)
+        echo "Skip test on ACL which are not available on NetBSD" >&2
+        SKIP_TESTS
+        exit 0
+        ;;
+*)
+        ;;
+esac
+
+#cleanup;
+
+## Start and create a volume
+TEST glusterd;
+TEST pidof glusterd;
+TEST $CLI volume info;
+
+TEST $CLI volume create $V0 replica 2 $H0:$B0/${V0}{1,2,3,4};
+TEST $CLI volume start $V0;
+
+TEST glusterfs --entry-timeout=0 --attribute-timeout=0 --acl -s $H0 --volfile-id $V0 $M0;
+
+TEST touch $M0/file1;
+
+TEST $CC $(dirname $0)/bug-1387241.c -o $(dirname $0)/bug-1387241
+
+TEST $(dirname $0)/bug-1387241 $M0/file1
+
+TEST rm -f $(dirname $0)/bug-1387241
+
+#cleanup
diff --git a/xlators/system/posix-acl/src/posix-acl.c b/xlators/system/posix-acl/src/posix-acl.c
index 9b3698618f..dbe0e716e2 100644
--- a/xlators/system/posix-acl/src/posix-acl.c
+++ b/xlators/system/posix-acl/src/posix-acl.c
@@ -1203,8 +1203,6 @@ posix_acl_open (call_frame_t *frame, xlator_t *this, loc_t *loc, int flags,
 
                 break;
         case O_WRONLY:
-        case O_APPEND:
-        case O_TRUNC:
                 perm = POSIX_ACL_WRITE;
                 break;
         case O_RDWR:
@@ -1212,6 +1210,9 @@ posix_acl_open (call_frame_t *frame, xlator_t *this, loc_t *loc, int flags,
                 break;
         }
 
+        if (flags & (O_TRUNC | O_APPEND))
+                perm |= POSIX_ACL_WRITE;
+
         if (acl_permits (frame, loc->inode, perm))
                 goto green;
         else
-- 
cgit