From: Brad Hubbard <bhubbard@redhat.com>
Date: Mon, 29 May 2017 09:25:43 +0000 (+1000)
Subject: osd: Reverse order of op_has_sufficient_caps and do_pg_op
X-Git-Tag: v10.2.10~8^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a4c3ef5276eb7d232f5706e6fe07b0808ee581d4;p=ceph.git

osd: Reverse order of op_has_sufficient_caps and do_pg_op

Fixes: http://tracker.ceph.com/issues/19790

Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
(cherry picked from commit a921882e7c676d68ed67b54301b49fd9bed42945)

Conflicts:
        qa/suites/rados/singleton-nomsgr/all/pool-access.yaml - drop mgr.x
            role, which is not needed in jewel and might even cause the test to
            fail
        src/osd/PrimaryLogPG.cc - this file doesn't exist in jewel, so apply
            the change manually to ReplicatedPG.cc (i.e., by moving the
            op->includes_pg_op() conditional below the
            !op_has_sufficient_caps(op) conditional)
---

diff --git a/qa/suites/rados/singleton-nomsgr/all/pool-access.yaml b/qa/suites/rados/singleton-nomsgr/all/pool-access.yaml
new file mode 100644
index 000000000000..c312e47907ce
--- /dev/null
+++ b/qa/suites/rados/singleton-nomsgr/all/pool-access.yaml
@@ -0,0 +1,9 @@
+roles:
+- [mon.a, osd.0, osd.1, client.0]
+tasks:
+- install:
+- ceph:
+- workunit:
+    clients:
+      all:
+        - rados/test_pool_access.sh
diff --git a/qa/workunits/rados/test_pool_access.sh b/qa/workunits/rados/test_pool_access.sh
new file mode 100755
index 000000000000..8597b7147c88
--- /dev/null
+++ b/qa/workunits/rados/test_pool_access.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -x
+
+set -e
+
+expect_1()
+{
+  set -x
+  set +e
+  "$@"
+  if [ $? == 1 ]; then return 0; else return 1; fi
+}
+
+
+key=`ceph auth get-or-create-key client.poolaccess1 mon 'allow r' osd 'allow *'`
+rados --id poolaccess1 --key $key -p rbd ls
+
+key=`ceph auth get-or-create-key client.poolaccess2 mon 'allow r' osd 'allow * pool=nopool'`
+expect_1 rados --id poolaccess2 --key $key -p rbd ls
+
+key=`ceph auth get-or-create-key client.poolaccess3 mon 'allow r' osd 'allow rw pool=nopool'`
+expect_1 rados --id poolaccess3 --key $key -p rbd ls
+
+echo OK
diff --git a/src/osd/ReplicatedPG.cc b/src/osd/ReplicatedPG.cc
index 4b4dc34c602a..b62d030b2480 100644
--- a/src/osd/ReplicatedPG.cc
+++ b/src/osd/ReplicatedPG.cc
@@ -1620,6 +1620,11 @@ void ReplicatedPG::do_op(OpRequestRef& op)
     }
   }
 
+  if (!op_has_sufficient_caps(op)) {
+    osd->reply_op_error(op, -EPERM);
+    return;
+  }
+
   if (op->includes_pg_op()) {
     if (pg_op_must_wait(m)) {
       wait_for_all_missing(op);
@@ -1628,11 +1633,6 @@ void ReplicatedPG::do_op(OpRequestRef& op)
     return do_pg_op(op);
   }
 
-  if (!op_has_sufficient_caps(op)) {
-    osd->reply_op_error(op, -EPERM);
-    return;
-  }
-
   hobject_t head(m->get_oid(), m->get_object_locator().key,
 		 CEPH_NOSNAP, m->get_pg().ps(),
 		 info.pgid.pool(), m->get_object_locator().nspace);