From: John Spray <john.spray@redhat.com>
Date: Tue, 7 Oct 2014 20:39:52 +0000 (+0100)
Subject: mds: fix MDSAuthCap when cephx is disabled
X-Git-Tag: v0.88~97^2~5
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=316660d539dd01bbecb38ae26fbcf240bf9d0d32;p=ceph.git

mds: fix MDSAuthCap when cephx is disabled

Signed-off-by: John Spray <john.spray@redhat.com>
---

diff --git a/src/mds/MDS.cc b/src/mds/MDS.cc
index 1c803a811b2c..014ae92ccc81 100644
--- a/src/mds/MDS.cc
+++ b/src/mds/MDS.cc
@@ -817,7 +817,6 @@ void MDS::handle_command(MCommand *m)
 
 
   if (!session->auth_caps.allow_all()) {
-    // TODO: enforce allow_all check only for 'w' commands
     dout(1) << __func__
       << ": received command from client without `tell` capability: "
       << m->get_connection()->peer_addr << dendl;
@@ -2561,6 +2560,11 @@ bool MDS::ms_verify_authorizer(Connection *con, int peer_type,
       // messenger.)
     }
 
+    if (caps_info.allow_all) {
+        // Flag for auth providers that don't provide cap strings
+        s->auth_caps.set_allow_all();
+    }
+
     bufferlist::iterator p = caps_info.caps.begin();
     string auth_cap_str;
     try {
@@ -2579,16 +2583,6 @@ bool MDS::ms_verify_authorizer(Connection *con, int peer_type,
       //  * permit no `tell` ops
       dout(1) << __func__ << ": cannot decode auth caps bl of length " << caps_info.caps.length() << dendl;
     }
-
-    /*
-    s->caps.set_allow_all(caps_info.allow_all);
- 
-    if (caps_info.caps.length() > 0) {
-      bufferlist::iterator iter = caps_info.caps.begin();
-      s->caps.parse(iter);
-      dout(10) << " session " << s << " has caps " << s->caps << dendl;
-    }
-    */
   }
 
   return true;  // we made a decision (see is_valid)
diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc
index de97a0c102ed..a8eec5c3d5d0 100644
--- a/src/mds/MDSAuthCaps.cc
+++ b/src/mds/MDSAuthCaps.cc
@@ -109,6 +109,12 @@ bool MDSAuthCaps::is_capable(const std::string &path, int uid, bool may_read, bo
   return false;
 }
 
+void MDSAuthCaps::set_allow_all()
+{
+    grants.clear();
+    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, true), MDSCapMatch()));
+}
+
 bool MDSAuthCaps::parse(const std::string& str, ostream *err)
 {
   // Special case for legacy caps
diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h
index 2e54d079cfa2..8312f73c669f 100644
--- a/src/mds/MDSAuthCaps.h
+++ b/src/mds/MDSAuthCaps.h
@@ -68,6 +68,7 @@ class MDSAuthCaps
     std::vector<MDSCapGrant> grants;
 
     public:
+    void set_allow_all();
     bool parse(const std::string &str, std::ostream *err);
     MDSAuthCaps() {}
     MDSAuthCaps(const std::vector<MDSCapGrant> &grants_) : grants(grants_) {}