mds: fix MDSAuthCap when cephx is disabled

Signed-off-by: John Spray <john.spray@redhat.com>

diff --git a/src/mds/MDS.cc b/src/mds/MDS.cc
index 1c803a811b2c5d05a03e5851f38cc6915d67d996..014ae92ccc815d6590142c97565265d8efcc7e85 100644 (file)
--- a/src/mds/MDS.cc
+++ b/src/mds/MDS.cc
@@ -817,7 +817,6 @@ void MDS::handle_command(MCommand *m)
 
 
   if (!session->auth_caps.allow_all()) {
-    // TODO: enforce allow_all check only for 'w' commands
     dout(1) << __func__
       << ": received command from client without `tell` capability: "
       << m->get_connection()->peer_addr << dendl;
@@ -2561,6 +2560,11 @@ bool MDS::ms_verify_authorizer(Connection *con, int peer_type,
       // messenger.)
     }
 
+    if (caps_info.allow_all) {
+        // Flag for auth providers that don't provide cap strings
+        s->auth_caps.set_allow_all();
+    }
+
     bufferlist::iterator p = caps_info.caps.begin();
     string auth_cap_str;
     try {
@@ -2579,16 +2583,6 @@ bool MDS::ms_verify_authorizer(Connection *con, int peer_type,
       //  * permit no `tell` ops
       dout(1) << __func__ << ": cannot decode auth caps bl of length " << caps_info.caps.length() << dendl;
     }
-
-    /*
-    s->caps.set_allow_all(caps_info.allow_all);
- 
-    if (caps_info.caps.length() > 0) {
-      bufferlist::iterator iter = caps_info.caps.begin();
-      s->caps.parse(iter);
-      dout(10) << " session " << s << " has caps " << s->caps << dendl;
-    }
-    */
   }
 
   return true;  // we made a decision (see is_valid)

diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc
index de97a0c102edf8b7ee674ea506fba205f068bba0..a8eec5c3d5d09b52bab87e0d9d391816ede6c975 100644 (file)
--- a/src/mds/MDSAuthCaps.cc
+++ b/src/mds/MDSAuthCaps.cc
@@ -109,6 +109,12 @@ bool MDSAuthCaps::is_capable(const std::string &path, int uid, bool may_read, bo
   return false;
 }
 
+void MDSAuthCaps::set_allow_all()
+{
+    grants.clear();
+    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, true), MDSCapMatch()));
+}
+
 bool MDSAuthCaps::parse(const std::string& str, ostream *err)
 {
   // Special case for legacy caps

diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h
index 2e54d079cfa213c1ba34166a91d19a59bebed3d3..8312f73c669f07502a62d8d7a7984b8a3d322405 100644 (file)
--- a/src/mds/MDSAuthCaps.h
+++ b/src/mds/MDSAuthCaps.h
@@ -68,6 +68,7 @@ class MDSAuthCaps
     std::vector<MDSCapGrant> grants;
 
     public:
+    void set_allow_all();
     bool parse(const std::string &str, std::ostream *err);
     MDSAuthCaps() {}
     MDSAuthCaps(const std::vector<MDSCapGrant> &grants_) : grants(grants_) {}