From: Xiubo Li <xiubli@redhat.com>
Date: Fri, 9 Sep 2022 04:32:17 +0000 (+0800)
Subject: client: check the cephx mds auth access for open
X-Git-Tag: v18.2.4~114^2~11
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1e01ba67bdc46bb6fc23fe22619bf341c78c0056;p=ceph.git

client: check the cephx mds auth access for open

Before opening the file locally we need to check the cephx access.

Fixes: https://tracker.ceph.com/issues/57154
Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit ce216595c0391fc4b7e3c0f5b3be88aa4f67d245)
---

diff --git a/src/client/Client.cc b/src/client/Client.cc
index 7c23c52bdc7..f05b898dc69 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -10258,11 +10258,31 @@ int Client::_open(Inode *in, int flags, mode_t mode, Fh **fhp,
 
   in->get_open_ref(cmode);  // make note of pending open, since it effects _wanted_ caps.
 
+  int do_sync = true;
   if ((flags & O_TRUNC) == 0 && in->caps_issued_mask(want)) {
-    // update wanted?
-    check_caps(in, CHECK_CAPS_NODELAY);
-  } else {
+    int mask = MAY_READ;
+
+    if (cmode & CEPH_FILE_MODE_WR) {
+      mask |= MAY_WRITE;
+    }
+
+    std::string path;
+    int result = in->make_path_string(path);
+    if (result) {
+      ldout(cct, 20) << __func__ << " absolute path: " << path << dendl;
+      if (path.length())
+        path = path.substr(1);    // drop leading /
+      result = mds_check_access(path, perms, mask);
+      if (result) {
+        return result;
+      }
+      // update wanted?
+      check_caps(in, CHECK_CAPS_NODELAY);
+      do_sync = false;
+    }
+  }
 
+  if (do_sync) {
     MetaRequest *req = new MetaRequest(CEPH_MDS_OP_OPEN);
     filepath path;
     in->make_nosnap_relative_path(path);