std::string subj = ctx->credentials.clientName;
secCtx_ = ctx;
+ debug("'%s'", subj.c_str());
this->clientName = subj;
this->allowCurrent = vfsEvalRegex(this->allowRegex, this->denyRegex, subj.c_str());
// use the retrieved xattrs
vfsUpdateExtendedStat(meta, xattrs);
+ if (checkPermissions(this->secCtx_, meta.acl, meta.stat, S_IREAD) != 0)
+ vfsThrow(EACCES, "not enough permissions for '%s' to read '%s'", clientName.c_str(), meta.name.c_str());
+
#if 0
// XXX: black magic
// dmlite tests require proper count in st_nlink,
///
-/// override all permission checks - no file-level permissions in zero version
-///
-int VfsCatalog::checkPermissions(const SecurityContext *context, const Acl &acl, const struct stat &stat, mode_t mode) {
- return 0;
-}
-
-
-
-///
/// Get extended attributes.
///
/// @param path local disk namespace path
std::string prefix_;
private:
- int checkPermissions(const SecurityContext *context, const Acl &acl, const struct stat &stat, mode_t mode);
-
regex_t *allowRegex, *denyRegex, *allowWriteRegex, *denyWriteRegex;
bool allowCurrent, allowWriteCurrent;
std::string clientName;
git://scientific.zcu.cz / dmlite-plugins-vfs.git / commitdiff