From: Sage Weil Date: Thu, 4 Jun 2015 21:40:21 +0000 (-0700) Subject: mds/MDSAuthCaps: normalize path, drop useless constant. X-Git-Tag: v10.0.0~123^2~92 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e24a9cbffd12151ab3212a21b5c50374e09b9761;p=ceph.git mds/MDSAuthCaps: normalize path, drop useless constant. Use an empty string for no path--this is more efficient. This generalizes to losing any leading '/' character. Signed-off-by: Sage Weil --- diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc index 609836e1b5ad..b5b3c09454ec 100644 --- a/src/mds/MDSAuthCaps.cc +++ b/src/mds/MDSAuthCaps.cc @@ -27,8 +27,6 @@ namespace qi = boost::spirit::qi; namespace ascii = boost::spirit::ascii; namespace phoenix = boost::phoenix; -const std::string MDSCapMatch::MDS_AUTH_PATH_ROOT = "/"; - template struct MDSCapParser : qi::grammar { @@ -89,6 +87,18 @@ struct MDSCapParser : qi::grammar qi::rule mdscaps; }; +void MDSCapMatch::normalize_path() +{ + // drop any leading / + while (path.length() && path[0] == '/') { + path = path.substr(1); + } + + // drop dup // + // drop . + // drop .. +} + bool MDSCapMatch::match(const std::string &target_path, const int target_uid) const { @@ -126,7 +136,11 @@ bool MDSAuthCaps::is_capable(const std::string &inode_path, if (i->match.match(inode_path, uid) && i->spec.allows(mask & (MAY_READ|MAY_EXECUTE), mask & MAY_WRITE)) { // check unix permissions? - if (i->match.uid != MDS_AUTH_UID_ANY) { + if (i->match.uid != MDSCapMatch::MDS_AUTH_UID_ANY) { + // use fcntl.h macros for the file mode: + // S_IRUSR S_IRGRP S_ROTH + // S_IWUSR S_IWGRP S_WOTH + // S_IXUSR S_IXGRP S_XOTH // WRITE ME @@ -185,12 +199,11 @@ bool MDSAuthCaps::allow_all() const ostream &operator<<(ostream &out, const MDSCapMatch &match) { - if (match.path != MDSCapMatch::MDS_AUTH_PATH_ROOT) { - out << "path=\"" << match.path << "\""; - } - if (match.path != MDSCapMatch::MDS_AUTH_PATH_ROOT && - match.uid != MDSCapMatch::MDS_AUTH_UID_ANY) { - out << " "; + if (match.path.length()) { + out << "path=\"/" << match.path << "\""; + if (match.uid != MDSCapMatch::MDS_AUTH_UID_ANY) { + out << " "; + } } if (match.uid != MDSCapMatch::MDS_AUTH_UID_ANY) { out << "uid=" << match.uid; diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h index b4debb95caf4..89337227c291 100644 --- a/src/mds/MDSAuthCaps.h +++ b/src/mds/MDSAuthCaps.h @@ -52,18 +52,23 @@ struct MDSCapSpec { // conditions before we are allowed to do it struct MDSCapMatch { static const int64_t MDS_AUTH_UID_ANY = -1; - static const std::string MDS_AUTH_PATH_ROOT; - int64_t uid; // Require UID to be equal to this, if !=MDS_AUTH_UID_ANY + int64_t uid; // Require UID to be equal to this, if !=MDS_AUTH_UID_ANY std::vector gids; // Use these GIDs - std::string path; // Require path to be child of this (may be "/" for any) + std::string path; // Require path to be child of this (may be "" or "/" for any) - MDSCapMatch() : uid(MDS_AUTH_UID_ANY), path(MDS_AUTH_PATH_ROOT) {} - MDSCapMatch(int64_t uid_, std::vector& gids_) - : uid(uid_), gids(gids_), path(MDS_AUTH_PATH_ROOT) {} - MDSCapMatch(std::string path_) : uid(MDS_AUTH_UID_ANY), path(path_) {} + MDSCapMatch() : uid(MDS_AUTH_UID_ANY) {} + MDSCapMatch(int64_t uid_, std::vector& gids_) : uid(uid_), gids(gids_) {} + MDSCapMatch(std::string path_) + : uid(MDS_AUTH_UID_ANY), path(path_) { + normalize_path(); + } MDSCapMatch(std::string path_, int64_t uid_, std::vector& gids_) - : uid(uid_), gids(gids_), path(path_) {} + : uid(uid_), gids(gids_), path(path_) { + normalize_path(); + } + + void normalize_path(); bool is_match_all() const {