From: John Spray <john.spray@redhat.com>
Date: Fri, 2 Oct 2015 10:15:37 +0000 (+0100)
Subject: mds: validate client 'root' metadata field
X-Git-Tag: v10.0.3~48^2~4^2~9
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=4932cb9ce0fba61821f8aa65e5edb47d809e1454;p=ceph.git

mds: validate client 'root' metadata field

Give this field special treatment so that
users can be sure that clients are not claiming
to have mounted a root outside of what they
are really authorized to access.

Signed-off-by: John Spray <john.spray'redhat.com>
---

diff --git a/src/mds/Server.cc b/src/mds/Server.cc
index 3887faac5067..2616a251d632 100644
--- a/src/mds/Server.cc
+++ b/src/mds/Server.cc
@@ -280,6 +280,17 @@ void Server::handle_client_session(MClientSession *m)
       dout(20) << "  " << i->first << ": " << i->second << dendl;
     }
 
+    // Special case for the 'root' metadata path; validate that the claimed
+    // root is actually within the caps of the session
+    if (session->info.client_metadata.count("root")) {
+      const auto claimed_root = session->info.client_metadata.at("root");
+      if (!session->auth_caps.path_capable(claimed_root)) {
+        derr << __func__ << " forbidden path claimed as mount root: "
+             << claimed_root << " by " << m->get_source() << dendl;
+        session->info.client_metadata.erase("root");
+      }
+    }
+
     if (session->is_closed())
       mds->sessionmap.add_session(session);