From: František Dvořák <valtri@civ.zcu.cz>
Date: Sat, 19 Oct 2013 19:15:59 +0000 (+0200)
Subject: Separate performer code of setMode() to vfsSetMode() function.
X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=b1dfc5f53d9917ddfd0c6f061f6b6b69fe13791a;p=dmlite-plugins-vfs.git

Separate performer code of setMode() to vfsSetMode() function.
---

diff --git a/src/VfsNs.cpp b/src/VfsNs.cpp
index d9291f9..aac7ead 100644
--- a/src/VfsNs.cpp
+++ b/src/VfsNs.cpp
@@ -612,7 +612,6 @@ mode_t VfsCatalog::umask(mode_t mask) throw ()
 void VfsCatalog::setMode(const std::string& path, mode_t mode) throw (DmException)
 {
   ExtendedStat meta;
-  char buf[20];
 
   if (vfsCheckPermissions(path, S_IWRITE))
     vfsThrow(EACCES, "not enough permissions for '%s'", clientName.c_str());
@@ -628,20 +627,15 @@ void VfsCatalog::setMode(const std::string& path, mode_t mode) throw (DmExceptio
   // Clean up unwanted bits (keep type, read/write for owner, correct sticky bit)
   mode &= ~S_IFMT;
   mode |= (meta.stat.st_mode & S_IFMT);
+  if (!S_ISDIR(meta.stat.st_mode) && getUid(this->secCtx_) != 0)
+    mode &= ~S_ISVTX;
   if (getUid(this->secCtx_) != 0 &&
       !hasGroup(this->secCtx_->groups, meta.stat.st_gid))
     mode &= ~S_ISGID;
 
-  //
-  // Set the mode on the filesystem
-  //
-  // But keep read/write for owner.
-  // Filesystem mode couldn't be needed, but let's set it anyway.
-  //
-  wrapCall(chmod(getLocalPath(path).c_str(), mode | S_IRUSR | S_IWUSR));
+  // TODO: update ACL, setAcl().
 
-  snprintf(buf, sizeof buf, "%04o", mode);
-  vfsSetXattr(path, getLocalPath(path), VFS_XATTR "mode", buf, 0);
+  vfsSetMode(path, getLocalPath(path), mode);
 }
 
 
@@ -1416,3 +1410,20 @@ bool VfsCatalog::vfsEvalRegex(regex_t *allowRegex, regex_t *denyRegex, const cha
 
   return allow;
 }
+
+
+
+void VfsCatalog::vfsSetMode(const std::string& path, const std::string& lpath, mode_t mode) throw (DmException) {
+  char buf[20];
+
+  //
+  // Set the mode on the filesystem
+  //
+  // But keep read/write for owner.
+  // Filesystem mode couldn't be needed, but let's set it anyway.
+  //
+  wrapCall(chmod(lpath.c_str(), mode | S_IRUSR | S_IWUSR), "could not set mode on '%s' on the filesystem", path.c_str());
+
+  snprintf(buf, sizeof buf, "%04o", mode);
+  vfsSetXattr(path, lpath, VFS_XATTR "mode", buf, 0);
+}
diff --git a/src/VfsNs.h b/src/VfsNs.h
index ba05e9c..ece5e1f 100644
--- a/src/VfsNs.h
+++ b/src/VfsNs.h
@@ -118,6 +118,7 @@ namespace dmlite {
     regex_t *vfsCompileRegex(const char *name, const std::string value) throw (DmException);
     bool vfsEvalRegex(regex_t *allowRegex, regex_t *denyRegex, const char *subj);
     int vfsCheckPermissions(const std::string& path, mode_t mode);
+    void vfsSetMode(const std::string& path, const std::string& lpath, mode_t mode) throw (DmException);
 
     StackInstance* si_;
     const SecurityContext* secCtx_;