From: Nishtha Rai Date: Mon, 20 Jul 2015 13:35:01 +0000 (-0400) Subject: MDSAuthCaps: add world bits check logic X-Git-Tag: v10.0.0~123^2~71 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=5f5cf95db435ba82501217ba650a310381de8abd;p=ceph.git MDSAuthCaps: add world bits check logic Signed-off-by: Nishtha Rai --- diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc index ee06351c37a4..bf0d0f12a477 100644 --- a/src/mds/MDSAuthCaps.cc +++ b/src/mds/MDSAuthCaps.cc @@ -14,6 +14,7 @@ #include +#include #include #include @@ -138,27 +139,36 @@ bool MDSAuthCaps::is_capable(const std::string &inode_path, { if (cct) ldout(cct, 10) << __func__ << " inode(path /" << inode_path - << " owner " << inode_uid << ":" << inode_gid - << " mode 0" << std::oct << inode_mode << std::dec - << ") by uid " << uid << " mask " << mask << dendl; + << " owner " << inode_uid << ":" << inode_gid + << " mode 0" << std::oct << inode_mode << std::dec + << ") by uid " << uid << " mask " << mask << " cap: " << *this << dendl; + for (std::vector::const_iterator i = grants.begin(); i != grants.end(); ++i) { + if (i->match.match(inode_path, uid) && i->spec.allows(mask & (MAY_READ|MAY_EXECUTE), mask & MAY_WRITE)) { // check unix permissions? - if (i->match.uid != MDSCapMatch::MDS_AUTH_UID_ANY) { - // use fcntl.h macros for the file mode: - // S_IRUSR S_IRGRP S_ROTH - // S_IWUSR S_IWGRP S_WOTH - // S_IXUSR S_IXGRP S_XOTH - - // WRITE ME + if (i->match.uid == MDSCapMatch::MDS_AUTH_UID_ANY) { + return true; + } + if ((!(mask & MAY_READ) || (inode_mode & S_IROTH)) && + (!(mask & MAY_WRITE) || (inode_mode & S_IWOTH)) && + (!(mask & MAY_EXECUTE) || (inode_mode & S_IXOTH))) { + return true; } - return true; + + // use fcntl.h macros for the file mode: + // S_IRUSR S_IRGRP S_ROTH + // S_IWUSR S_IWGRP S_WOTH + // S_IXUSR S_IXGRP S_XOTH + + // WRITE ME } } + return false; }