}
}
- bool root_squash_in_caps() const {
- for (const MDSCapGrant &g : grants) {
- if (g.match.root_squash) {
- return true;
+ bool root_squash_in_caps(std::string_view fs_name) const {
+ for (const MDSCapGrant& g : grants) {
+ if (g.match.match_fs(fs_name)) {
+ if (g.match.root_squash) {
+ return true;
+ }
}
}
return false;
break;
}
- if (session->auth_caps.root_squash_in_caps() && !client_metadata.features.test(CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK)) {
+ std::string_view fs_name = mds->mdsmap->get_fs_name();
+ bool client_caps_check = client_metadata.features.test(CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK);
+ if (session->auth_caps.root_squash_in_caps(fs_name) && !client_caps_check) {
CachedStackStringStream css;
*css << "client lacks CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK needed to enforce 'root_squash' MDS auth caps";
send_reject_message(css->strv());
*css << "missing required features '" << missing_features << "'";
error_str = css->strv();
}
- if (session->auth_caps.root_squash_in_caps() &&
- !session->info.client_metadata.features.test(CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK)) {
+ std::string_view fs_name = mds->mdsmap->get_fs_name();
+ bool client_caps_check = session->info.client_metadata.features.test(CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK);
+ if (session->auth_caps.root_squash_in_caps(fs_name) && !client_caps_check) {
CachedStackStringStream css;
*css << "client lacks CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK needed to enforce 'root_squash' MDS auth caps";
error_str = css->strv();
projects / ceph.git / commitdiff