From: Yan, Zheng <zyan@redhat.com>
Date: Fri, 11 May 2018 14:39:24 +0000 (+0800)
Subject: mds: tell client why it's rejected
X-Git-Tag: v14.0.1~879^2~6
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=43c11939159d2e48e673079ee7de97f30a1fb1bb;p=ceph.git

mds: tell client why it's rejected

Signed-off-by: Yan, Zheng <zyan@redhat.com>
---

diff --git a/src/client/Client.cc b/src/client/Client.cc
index b763b36795f54..d653c5bbfe4f6 100644
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -2108,9 +2108,18 @@ void Client::handle_client_session(MClientSession *m)
     break;
 
   case CEPH_SESSION_REJECT:
-    rejected_by_mds[session->mds_num] = session->addrs;
-    _closed_mds_session(session);
+    {
+      std::string_view error_str;
+      auto it = m->metadata.find("error_string");
+      if (it != m->metadata.end())
+	error_str = it->second;
+      else
+	error_str = "unknown error";
+      lderr(cct) << "mds." << from << " rejected us (" << error_str << ")" << dendl;
 
+      rejected_by_mds[session->mds_num] = session->addrs;
+      _closed_mds_session(session);
+    }
     break;
 
   default:
diff --git a/src/mds/Server.cc b/src/mds/Server.cc
index e249a2872aa0c..02cc8db601267 100644
--- a/src/mds/Server.cc
+++ b/src/mds/Server.cc
@@ -301,7 +301,6 @@ public:
 void Server::handle_client_session(MClientSession *m)
 {
   version_t pv;
-  bool blacklisted = false;
   Session *session = mds->get_session(m);
 
   dout(3) << "handle_client_session " << *m << " from " << m->get_source() << dendl;
@@ -352,19 +351,26 @@ void Server::handle_client_session(MClientSession *m)
       return;
     }
 
-    blacklisted = mds->objecter->with_osdmap(
-        [session](const OSDMap &osd_map) -> bool {
-          return osd_map.is_blacklisted(session->info.inst.addr);
-        });
-
-    if (blacklisted) {
-      dout(10) << "rejecting blacklisted client " << session->info.inst.addr << dendl;
-      mds->send_message_client(new MClientSession(CEPH_SESSION_REJECT), session);
-      m->put();
-      return;
-    }
-
     {
+      auto send_reject_message = [this, session](std::string_view err_str) {
+	MClientSession *m = new MClientSession(CEPH_SESSION_REJECT);
+	if (session->info.has_feature(CEPHFS_FEATURE_MIMIC))
+	  m->metadata["error_string"] = err_str;
+	mds->send_message_client(m, session);
+      };
+
+      bool blacklisted = mds->objecter->with_osdmap(
+	  [session](const OSDMap &osd_map) -> bool {
+	    return osd_map.is_blacklisted(session->info.inst.addr);
+	  });
+
+      if (blacklisted) {
+	dout(10) << "rejecting blacklisted client " << session->info.inst.addr << dendl;
+	send_reject_message("blacklisted");
+	session->clear();
+	break;
+      }
+
       client_metadata_t client_metadata(std::move(m->metadata),
 					std::move(m->supported_features));
       dout(20) << __func__ << " CEPH_SESSION_REQUEST_OPEN metadata entries:" << dendl;
@@ -376,7 +382,9 @@ void Server::handle_client_session(MClientSession *m)
       feature_bitset_t missing_features(CEPHFS_FEATURES_MDS_REQUIRED);
       missing_features -= client_metadata.features;
       if (!missing_features.empty()) {
-	mds->send_message_client(new MClientSession(CEPH_SESSION_REJECT), session);
+	stringstream ss;
+	ss << "missing required features '" << missing_features << "'";
+	send_reject_message(ss.str());
 	mds->clog->warn() << "client session lacks required features '"
 			  << missing_features << "' denied (" << session->info.inst << ")";
 	session->clear();
@@ -389,14 +397,23 @@ void Server::handle_client_session(MClientSession *m)
       it = client_metadata.find("root");
       if (it != client_metadata.end()) {
 	auto claimed_root = it->second;
+	stringstream ss;
+	bool denied = false;
 	// claimed_root has a leading "/" which we strip before passing
 	// into caps check
-	if (claimed_root.empty() || claimed_root[0] != '/' ||
-	    !session->auth_caps.path_capable(claimed_root.substr(1))) {
+	if (claimed_root.empty() || claimed_root[0] != '/') {
+	  denied = true;
+	  ss << "invalue root '" << claimed_root << "'";
+	} else if (!session->auth_caps.path_capable(claimed_root.substr(1))) {
+	  denied = true;
+	  ss << "non-allowable root '" << claimed_root << "'";
+	}
+
+	if (denied) {
 	  // Tell the client we're rejecting their open
-	  mds->send_message_client(new MClientSession(CEPH_SESSION_REJECT), session);
-	  mds->clog->warn() << "client session with invalid root '" << claimed_root
-			    << "' denied (" << session->info.inst << ")";
+	  send_reject_message(ss.str());
+	  mds->clog->warn() << "client session with " << ss.str()
+			    << " denied (" << session->info.inst << ")";
 	  session->clear();
 	  break;
 	}