// go
MClientRequest *req = new MClientRequest(MDS_OP_OPEN, whoami);
- req->set_path(path);
+ req->set_path(path);
req->set_iarg(flags);
req->set_iarg2(cmode);
- // don't need a cap if I have one cached
- //ExtCap ext_cap;
- //ExtCap *ext_cap = fc->get_ext_caps(uid);
- // !!FIX ME!! Set flag to not ask for cap if I have one already
- //if (!ext_cap)
- // cout << "No capability cached at client for file " << path << endl;
- //else
- // cout << "Cached capability found! for file " << path << endl;
-
// FIXME where does FUSE maintain user information
req->set_caller_uid(uid);
req->set_caller_gid(gid);
dout(3) << "Received a " << ext_cap.mode() << " capability for uid: "
<< ext_cap.get_uid() << " for inode: " << ext_cap.get_ino() << endl;
- assert(ext_cap.verif_extcap(monmap->get_key()));
+ // FIXME the client should not actually verif the cap
+ //assert(ext_cap.verif_extcap(monmap->get_key()));
// cache it
f->inode->set_ext_cap(uid, &ext_cap);
Capability *cap = mds->locker->issue_new_caps(cur, mode, req);
// create signed security capability
- ExtCap *ext_cap = mds->locker->issue_new_extcaps(cur, mode, req);
+ // no security, just include a blank cap
+ ExtCap *ext_cap;
+ if (g_conf.secure_io)
+ ext_cap = mds->locker->issue_new_extcaps(cur, mode, req);
if (!cap) return; // can't issue (yet), so wait!
reply->set_file_caps(cap->pending());
reply->set_file_caps_seq(cap->get_last_seq());
reply->set_file_data_version(fdv);
- // set security cap
- reply->set_ext_cap(ext_cap);
-
+ // set security cap if security is on
+ if (g_conf.secure_io)
+ reply->set_ext_cap(ext_cap);
+
reply_request(req, reply, cur);
}
//<< " in " << *pg
<< endl;
- // FIXME only verfiy reads from a client
- // i know, i know...not secure but they should all have caps
- if (op->get_source().is_client()) {
- ExtCap *op_capability = op->get_capability();
- assert(op_capability);
- if (verify_cap(op_capability))
- cout << "OSD successfully verified capability" << endl;
+ // check cap if security is on, otherwise ignore it
+ if (g_conf.secure_io) {
+ // FIXME only verfiy reads from a client
+ // i know, i know...not secure but they should all have caps
+ if (op->get_source().is_client()) {
+ ExtCap *op_capability = op->get_capability();
+ assert(op_capability);
+ if (verify_cap(op_capability))
+ cout << "OSD successfully verified capability" << endl;
+ else
+ cout << "OSD failed to verify capability" << endl;
+ }
else
- cout << "OSD failed to verify capability" << endl;
+ cout << "Received some read with no cap from " <<
+ op->get_source().type() << endl;
}
- else
- cout << "Received some read with no cap from " << op->get_source().type() << endl;
-
long r = 0;
bufferlist bl;
opname = MOSDOp::get_opname(op->get_op());
}
- // FIXME only verfiy writes from a client
- // i know, i know...not secure but they should all have caps
- if (op->get_op() == OSD_OP_WRITE
- && op->get_source().is_client()) {
- ExtCap *op_capability = op->get_capability();
- assert(op_capability);
-
- // have i already verified this cap?
- if (verify_cap(op_capability))
- cout << "OSD successfully verified a write capability" << endl;
- else
- cout << "OSD failed to verify a write capability" << endl;
- }
- else
- cout << "Received some write with no cap from " << op->get_source().type() << endl;
-
- /*
- // check for capability
- ExtCap *op_capability = op->get_capability();
- if (op_capability && op->get_op() == OSD_OP_WRITE) {
- cout << "OSD recieved a write with a capability" << endl;
- if (op_capability->verif_extcap(monmap->get_key()))
- cout << "OSD successfully verified capability" << endl;
+ if (g_conf.secure_io) {
+ // FIXME only verfiy writes from a client
+ // i know, i know...not secure but they should all have caps
+ if (op->get_op() == OSD_OP_WRITE
+ && op->get_source().is_client()) {
+ ExtCap *op_capability = op->get_capability();
+ assert(op_capability);
+
+ // have i already verified this cap?
+ if (verify_cap(op_capability))
+ cout << "OSD successfully verified a write capability" << endl;
+ else
+ cout << "OSD failed to verify a write capability" << endl;
+ }
else
- cout << "OSD failed to verify capability" << endl;
+ cout << "Received some write with no cap from " << op->get_source().type() << endl;
}
- else if (op->get_op() == OSD_OP_WRITE) {
- cout << "Received write with no capability" << endl;
- }
- else
- cout << "Received " << opname << " with no capability" << endl;
- */
-
+
// locked by someone else?
// for _any_ op type -- eg only the locker can unlock!
if (op->get_op() != OSD_OP_WRNOOP && // except WRNOOP; we just want to flush
projects / ceph.git / commitdiff