mds/Server: add check_access() hook

For now, we are doing a very basic permission check.  No callers yet.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/mds/Server.cc b/src/mds/Server.cc
index da6475b5fb15339855d93aa2b84011c96cc3f204..c74319fe44b110b404cffbca604c1b4af7cbdc78 100644 (file)
--- a/src/mds/Server.cc
+++ b/src/mds/Server.cc
@@ -2098,6 +2098,35 @@ void Server::handle_slave_auth_pin_ack(MDRequestRef& mdr, MMDSSlaveRequest *ack)
 // HELPERS
 
 
+/**
+ * check whether we are permitted to complete a request
+ *
+ * Check whether we have permission to perform the operation specified
+ * by mask on the given inode, based on the capability in the mdr's
+ * session.
+ */
+bool Server::check_access(MDRequestRef& mdr, CInode *in, unsigned mask)
+{
+  Session *s = mdr->session;
+
+  uid_t uid = mdr->client_request->get_caller_uid();
+
+  // FIXME: generate a real path
+  // FIXME: behave with inodes in stray dir
+  // FIXME: behave with hard links
+  string path;
+
+  // FIXME: it depends on the inode!
+  if (s->auth_caps.is_capable(path, uid, mask)) {
+    return true;
+  }
+
+  // we are not allowed.
+  respond_to_request(mdr, -EACCES);
+  return false;
+}
+
+
 /** validate_dentry_dir
  *
  * verify that the dir exists and would own the dname.

diff --git a/src/mds/Server.h b/src/mds/Server.h
index c99f7ae2c08331bf04033194424baada5c10e8b9..35212813df1b85b72fceb6845c60fb683a314424 100644 (file)
--- a/src/mds/Server.h
+++ b/src/mds/Server.h
@@ -133,6 +133,7 @@ public:
   void handle_slave_auth_pin_ack(MDRequestRef& mdr, MMDSSlaveRequest *ack);
 
   // some helpers
+  bool check_access(MDRequestRef& mdr, CInode *in, unsigned mask);
   CDir *validate_dentry_dir(MDRequestRef& mdr, CInode *diri, const string& dname);
   CDir *traverse_to_auth_dir(MDRequestRef& mdr, vector<CDentry*> &trace, filepath refpath);
   CDentry *prepare_null_dentry(MDRequestRef& mdr, CDir *dir, const string& dname, bool okexist=false);