fixed an initialization bug

git-svn-id: https://ceph.svn.sf.net/svnroot/ceph@1201 29311d96-e01e-0410-9327-a35deaab8ce9

diff --git a/branches/aleung/security1/ceph/crypto/MerkleTree.h b/branches/aleung/security1/ceph/crypto/MerkleTree.h
index 35b21bbdb900c8025eff5ddd6d110de0fb2ea49b..44ba675af5d22674ab5ef3743c0a968d58ebdf16 100644 (file)
--- a/branches/aleung/security1/ceph/crypto/MerkleTree.h
+++ b/branches/aleung/security1/ceph/crypto/MerkleTree.h
@@ -17,7 +17,7 @@
 #include<list>
 using namespace std;
 
-#include "crypto/CryptoLib.h"
+#include "CryptoLib.h"
 using namespace CryptoLib;
 
 struct hash_t{

diff --git a/branches/aleung/security1/ceph/mds/CInode.cc b/branches/aleung/security1/ceph/mds/CInode.cc
index f431184fb199b8af0b2c3814a4f4b5b780b3e8d3..0a4631d1dd1617257201e9fd9d7eb013976460d3 100644 (file)
--- a/branches/aleung/security1/ceph/mds/CInode.cc
+++ b/branches/aleung/security1/ceph/mds/CInode.cc
@@ -91,6 +91,12 @@ CInode::CInode(MDCache *c, bool auth) {
   
   dir = NULL;     // CDir opened separately
 
+  if (g_conf.mds_group == 1) {
+    user_cap = NULL;
+    group_cap = NULL;
+    world_cap = NULL;
+  }
+
   auth_pins = 0;
   nested_auth_pins = 0;
   num_request_pins = 0;

diff --git a/branches/aleung/security1/ceph/osd/OSD.cc b/branches/aleung/security1/ceph/osd/OSD.cc
index 06d0cb497f80cc3a81f8fac008107756a5ac157c..7150013187cf8d01277b12a126e81a1627a8a57c 100644 (file)
--- a/branches/aleung/security1/ceph/osd/OSD.cc
+++ b/branches/aleung/security1/ceph/osd/OSD.cc
@@ -2977,10 +2977,38 @@ void OSD::op_read(MOSDOp *op)//, PG *pg)
     //<< " in " << *pg 
            << endl;
 
-  // check cap if security is on, otherwise ignore it
   if (g_conf.secure_io) {
-    // FIXME only verfiy reads from a client
+    // FIXME only verfiy writes from a client
     // i know, i know...not secure but they should all have caps
+    if (op->get_source().is_client()) {      
+      ExtCap *op_capability = op->get_capability();
+      assert(op_capability);
+      // if using groups...do we know group?
+      if (op_capability->get_type() == UNIX_GROUP) {
+       // check if user is in group
+       hash_t my_hash = op_capability->get_user_hash();
+       
+       // do we have group cached? if not, update group
+       // we will lose execution control here! re-gain on reply
+       if (user_groups.count(my_hash) == 0) {
+         update_group(op->get_client_inst(), my_hash, op);
+         return;
+       }       
+      }   
+      // check accesses are right
+      if (check_request(op, op_capability)) {
+       dout(3) << "Access permissions are correct" << endl;
+      }
+      else
+       dout(3) << "Access permissions are incorrect" << endl;
+      
+      assert(verify_cap(op_capability));
+    }
+  }
+
+  /*
+  if (g_conf.secure_io) {
+    // FIXME only verfiy reads from a client
     if (op->get_source().is_client()) {
       ExtCap *op_capability = op->get_capability();
       assert(op_capability);
@@ -2993,6 +3021,7 @@ void OSD::op_read(MOSDOp *op)//, PG *pg)
       assert(verify_cap(op_capability));
     }
   }
+  */
 
   long r = 0;
   bufferlist bl;
@@ -3358,10 +3387,10 @@ void OSD::op_modify(MOSDOp *op, PG *pg)
       
       // check accesses are right
       if (check_request(op, op_capability)) {
-       cout << "Access permissions are correct" << endl;
+       dout(3) << "Access permissions are correct" << endl;
       }
       else
-       cout << "Access permissions are incorrect" << endl;
+       dout(3) << "Access permissions are incorrect" << endl;
       
       assert(verify_cap(op_capability));
     }