mds: add MAY_SET_POOL in MDSAuthCaps

For controlling whether a client is allowed
to modify the pool field in file/dir layouts.

Signed-off-by: John Spray <john.spray@redhat.com>

diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc
index 42d01aff0a03dfbdabe9d0b5053d8c19b479501b..ccabe0017a898d8615e7818c6d95049bf630bfe0 100644 (file)
--- a/src/mds/MDSAuthCaps.cc
+++ b/src/mds/MDSAuthCaps.cc
@@ -70,11 +70,13 @@ struct MDSCapParser : qi::grammar<Iterator, MDSAuthCaps()>
 
     // capspec = * | r[w]
     capspec = spaces >> (
-        lit("*")[_val = MDSCapSpec(true, true, true)]
+        lit("*")[_val = MDSCapSpec(true, true, true, true)]
         |
-        (lit("rw"))[_val = MDSCapSpec(true, true, false)]
+        (lit("rwp"))[_val = MDSCapSpec(true, true, false, true)]
         |
-        (lit("r"))[_val = MDSCapSpec(true, false, false)]
+        (lit("rw"))[_val = MDSCapSpec(true, true, false, false)]
+        |
+        (lit("r"))[_val = MDSCapSpec(true, false, false, false)]
         );
 
     grant = lit("allow") >> (capspec >> match)[_val = phoenix::construct<MDSCapGrant>(_1, _2)];
@@ -159,6 +161,13 @@ bool MDSAuthCaps::is_capable(const std::string &inode_path,
     if (i->match.match(inode_path, caller_uid, caller_gid) &&
        i->spec.allows(mask & (MAY_READ|MAY_EXECUTE), mask & MAY_WRITE)) {
 
+      // Spec is non-allowing if caller asked for set pool but spec forbids it
+      if (mask & MAY_SET_POOL) {
+        if (!i->spec.allows_set_pool()) {
+          continue;
+        }
+      }
+
       // check unix permissions?
       if (i->match.uid == MDSCapMatch::MDS_AUTH_UID_ANY) {
         return true;
@@ -209,7 +218,9 @@ bool MDSAuthCaps::is_capable(const std::string &inode_path,
 void MDSAuthCaps::set_allow_all()
 {
     grants.clear();
-    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, true), MDSCapMatch()));
+    grants.push_back(MDSCapGrant(
+                       MDSCapSpec(true, true, true, true),
+                       MDSCapMatch()));
 }
 
 bool MDSAuthCaps::parse(CephContext *c, const std::string& str, ostream *err)
@@ -217,7 +228,7 @@ bool MDSAuthCaps::parse(CephContext *c, const std::string& str, ostream *err)
   // Special case for legacy caps
   if (str == "allow") {
     grants.clear();
-    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, false), MDSCapMatch()));
+    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, false, true), MDSCapMatch()));
     return true;
   }
 

diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h
index 112a7fb12aeffafdd20ec202248f6026de6ef072..e75e7e7f6912f4741c9318cbd724f746f0a09f0d 100644 (file)
--- a/src/mds/MDSAuthCaps.h
+++ b/src/mds/MDSAuthCaps.h
@@ -28,7 +28,8 @@ enum {
   MAY_WRITE = 2,
   MAY_EXECUTE = 4,
   MAY_CHOWN = 16,
-  MAY_CHGRP = 32
+  MAY_CHGRP = 32,
+  MAY_SET_POOL = 64,
 };
 
 class CephContext;
@@ -37,12 +38,17 @@ class CephContext;
 struct MDSCapSpec {
   bool read, write, any;
 
-  MDSCapSpec() : read(false), write(false), any(false) {}
-  MDSCapSpec(bool r, bool w, bool a) : read(r), write(w), any(a) {}
+  // True if the capability permits modifying the pool on file layouts
+  bool layout_pool;
+
+  MDSCapSpec() : read(false), write(false), any(false), layout_pool(false) {}
+  MDSCapSpec(bool r, bool w, bool a, bool lop)
+    : read(r), write(w), any(a), layout_pool(lop) {}
 
   bool allow_all() const {
     return any;
   }
+
   bool allows(bool r, bool w) const {
     if (any)
       return true;
@@ -52,6 +58,10 @@ struct MDSCapSpec {
       return false;
     return true;
   }
+
+  bool allows_set_pool() const {
+    return layout_pool;
+  }
 };
 
 // conditions before we are allowed to do it