]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6da13e9)
mds: sort GID lists in MDSAuthCaps
authorGreg Farnum <gfarnum@redhat.com>
Mon, 26 Sep 2016 23:45:43 +0000 (16:45 -0700)
committerGreg Farnum <gfarnum@redhat.com>
Tue, 27 Sep 2016 03:08:56 +0000 (20:08 -0700)
Fixes: http://tracker.ceph.com/issues/17368
Signed-off-by: Greg Farnum <gfarnum@redhat.com>
src/mds/MDSAuthCaps.cc patch | blob | history
src/test/mds/TestMDSAuthCaps.cc patch | blob | history

diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc
index e0a095d639004ead128d19a2d534f6b563a768e8..0fc1dc09e6cea3b8aba24f505fe5d322f63bd148 100644 (file)
--- a/src/mds/MDSAuthCaps.cc
+++ b/src/mds/MDSAuthCaps.cc
@@ -210,7 +210,9 @@ bool MDSAuthCaps::is_capable(const std::string &inode_path,
        std::set_intersection(i->match.gids.begin(), i->match.gids.end(),
                              caller_gid_list->begin(), caller_gid_list->end(),
                              std::back_inserter(gids));
+       std::sort(gids.begin(), gids.end());
       }
+      
 
       // Spec is non-allowing if caller asked for set pool but spec forbids it
       if (mask & MAY_SET_POOL) {
@@ -290,6 +292,9 @@ bool MDSAuthCaps::parse(CephContext *c, const std::string& str, ostream *err)
   bool r = qi::phrase_parse(iter, end, g, ascii::space, *this);
   cct = c;  // set after parser self-assignment
   if (r && iter == end) {
+    for (auto& grant : grants) {
+      std::sort(grant.match.gids.begin(), grant.match.gids.end());
+    }
     return true;
   } else {
     // Make sure no grants are kept after parsing failed!
diff --git a/src/test/mds/TestMDSAuthCaps.cc b/src/test/mds/TestMDSAuthCaps.cc
index 575910ead58e5b3aa4313f038d99f9f947ae32e4..eb2cb43bd7c117549bc51e3f3371d203c56bce79 100644 (file)
--- a/src/test/mds/TestMDSAuthCaps.cc
+++ b/src/test/mds/TestMDSAuthCaps.cc
@@ -119,7 +119,7 @@ TEST(MDSAuthCaps, AllowAll) {
 
 TEST(MDSAuthCaps, AllowUid) {
   MDSAuthCaps cap(g_ceph_context);
-  ASSERT_TRUE(cap.parse(g_ceph_context, "allow * uid=10 gids=10,11,12; allow * uid=12 gids=10,12", NULL));
+  ASSERT_TRUE(cap.parse(g_ceph_context, "allow * uid=10 gids=10,11,12; allow * uid=12 gids=12,10", NULL));
   ASSERT_FALSE(cap.allow_all());
 
   // uid/gid must be valid
Unnamed repository; edit this file 'description' to name the repository.