Speed optimizations. Merged 3 writes into 1.
Got rid of std::string construction.
More unification on syslog,stderr,fd.

Signed-off-by: Adam Kupczyk <akupczyk@mirantis.com>

Merge remote-tracking branch 'gh/infernalis'

Merge branch 'wip-mdscap'

Reviewed-by: Greg Farnum <gfarnum@redhat.com>
Reviewed-by: Yan, Zheng <zyan@redhat.com>

Merge pull request #6114 from SUSE/wip-suse-spec-fixes

ceph.spec.in: correctly declare systemd dependency for SLE/openSUSE

Reviewed-by: Ken Dreyer <kdreyer@redhat.com>

Merge pull request #6134 from SUSE/wip-13318-infernalis

install-deps.sh: openSUSE-release/sles-release/sled-release are always present

install-deps.sh: openSUSE-release/sles-release/sled-release are always present

http://tracker.ceph.com/issues/13318 Fixes: #13318

Signed-off-by: Nathan Cutler <ncutler@suse.com>

ceph_test_libcephfs: remove remaining pool name assumptions

Signed-off-by: Sage Weil <sage@redhat.com>

client: clarify setattr forced sync behavior

Signed-off-by: Sage Weil <sage@redhat.com>

qa/workunits/fs/test_auth_caps: superceded by ceph_test_libcephfs

Signed-off-by: Sage Weil <sage@redhat.com>

ceph_test_libcephfs: fix LibCephFS.OpenLayout test

We can't make assumptions about the name of the data pool.

Signed-off-by: Sage Weil <sage@redhat.com>

unittest_mds_authcap: improve user tests

Signed-off-by: Sage Weil <sage@redhat.com>

mds: drop MAY_CREATE

The check is a no-op.  We already verify the uid/gid combo is valid and
that the dir is writeable with MAY_WRITE.  The new file is always set to
the caller uid:gid.

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCap: verify the caller_gid is valid

Verify both the caller uid and gid are a match for the given rule.

Signed-off-by: Sage Weil <sage@redhat.com>

mds: fix chown/chgrp check and tests

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCaps: rename args for is_capable

Signed-off-by: Sage Weil <sage@redhat.com>

ceph_test_libcephfs: add AccessTest.User

Covers read/write/create.

Signed-off-by: Sage Weil <sage@redhat.com>

mds/SessionMap: fix MAY_CREATE check

It's about caller_uid/gid.

Signed-off-by: Sage Weil <sage@redhat.com>

ceph_test_libcephfs: make foo, path tests use unique paths, users

Signed-off-by: Sage Weil <sage@redhat.com>

qa/workunits: drop bash path tests

ceph_test_libcephfs ones are better.

Signed-off-by: Sage Weil <sage@redhat.com>

mds/SessionMap: fix check_access for stray inodes

Signed-off-by: Sage Weil <sage@redhat.com>

mds/SessionMap: move Session method definitions together

Signed-off-by: Sage Weil <sage@redhat.com>

mds/Locker: do not ack from do_cap_update

Caller (handle_client_caps) already does it if we return
false.

Signed-off-by: Sage Weil <sage@redhat.com>

ceph_test_libcephfs: fix update-after-unlink test

This needs to be done with a user restricted to a path.

Signed-off-by: Sage Weil <sage@redhat.com>

mds/Server: skip auth check on session-less mdr's

The mds internal requests don't have a session.

Signed-off-by: Sage Weil <sage@redhat.com>

client: do sync setattr when caller != last cap dirtier

This way we can still do cap writeback in general when the caller is not
the same as the mount_uid/gid, but we flip to a sync setattr when we have
to because the dirty caps have a different uid/gid than the current
caller.

Signed-off-by: Sage Weil <sage@redhat.com>

client: consolidate client_mount_{uid,gid} and client_{user,group}_id options

Signed-off-by: Sage Weil <sage@redhat.com>

client: add get_{uid,gid} helpers for consistent uid/gids

Signed-off-by: Sage Weil <sage@redhat.com>

add caps_dirty to setattr

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

unittest_mds_authcaps: fix a few unit tests

The MAY_CREATE conditoin is simple: the created inode must match the caller
uid and gid.

Signed-off-by: Sage Weil <sage@redhat.com>

fix test_path_caps

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

doc:fix path-based restriction

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

test/libcephfs/access: add update_after_unlink test

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

test/libcephfs/access: add ReadOnly restriction test

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

test/libcephfs/access: add Path restriction test

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

client/Client: added client_mount_uid and gid as parameters to getattr call

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

mds/MDSAuthCap: fix creation ownership check

Check uid too.

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCaps: whitespace

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCaps: only verify create git when not AUTH_UID_ANY

Signed-off-by: Sage Weil <sage@redhat.com>

mds: send cap flush ack even when access check failed.

Signed-off-by: Yan, Zheng <zyan@redhat.com>

client: force setattr to MDS when caller's {uid,gid} are not the specified ones

Signed-off-by: Yan, Zheng <zyan@redhat.com>

client: allow specifying default caller_{uid,gid} of MClientRequest

Signed-off-by: Yan, Zheng <zyan@redhat.com>

client: add options to specify caller_{uid,gid} of MClientCaps

Signed-off-by: Yan, Zheng <zyan@redhat.com>

messages: add caller_{uid,gid} to cap msgs

Signed-off-by: Yan, Zheng <zyan@redhat.com>

test/libcephfs/access: expand example test a bit

Signed-off-by: Sage Weil <sage@redhat.com>

mds/Server: fix check_access

Pass through correct mask.  Clean up formatting.

Signed-off-by: Sage Weil <sage@redhat.com>

client: properly set caller_{uid,gid} of readdir request

save uid/gid of ll_opendir caller in dir_result_t, use the saved
uid/gid for readdir request.

Signed-off-by: Yan, Zheng <zyan@redhat.com>

ceph_test_libcephfs: skeleton for access tests

Signed-off-by: Sage Weil <sage@redhat.com>

mds: fix Server::check_access

Signed-off-by: Yan, Zheng <zyan@redhat.com>

doc/cephfs: path-based restriction

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add check_access in _do_cap_update

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

move _check_access to SessionMap

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add _check_access for async cap updates

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add stray_prior_path for is_stray

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add stray_prior_path to store path before rename

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

mds/MDSAuthCaps: add test cases for is_capable

mds/Server: add chown and chgrp check access to setattr

mds/Server: add create access check for openc

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

Server: add create access check for mknod and symlink

test_auth_caps: add mkdir check with mode 557

test_auth_caps: resolve bug with other bits test case

test_auth_caps: remove grp mount

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

MDSAuthCaps: validate create access

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

add stray_prior_path to store path before unlink

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add open check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add link check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add rename check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add snaps(ls,mk,rm,rename) check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add setlayout, setdirlayout, setxattr check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add readdir check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

mds/Server: clean up check_access a bit

Signed-off-by: Sage Weil <sage@redhat.com>

MDSAuthCaps: add logic for group bits check

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

test_auth_caps: add test for user bits

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

mds/MDSAuthCaps: add permissions for user bits

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

Makefile: include ceph-fuse in base target

Signed-off-by: Sage Weil <sage@redhat.com>

client: behave if we can't getattr parents of mount point

If our cap locks us into a subdirectory (e.g., /foo), we will fail to
getattr on its parents (e.g., /).  This is expected.  Tolerate this case,
and warn that quotas may misbehave in that case (if they are set on one of
those parents).

Signed-off-by: Sage Weil <sage@redhat.com>

test_auth_caps: Move trap and cleanup to the top

test_auth_caps: Added test logic for world bits

MDSAuthCaps: add world bits check logic

Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>

client: pass uid, gid to lookup

The MDS cares about who is performing lookup, too!

Signed-off-by: Sage Weil <sage@redhat.com>

add unlink, rmdir check_access test

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add unlink, rmdir check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add symlink test

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

add symlink check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

Add mknod check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

qa/workunits/fs/test_path_caps: tolerate existing directories

Signed-off-by: Sage Weil <sage@redhat.com>

functional test of mds cap path restriction

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

mds/Server.cc: drop leading / from path in is_capable check

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

unittest_mds_authcap: test lists of allow grants

Signed-off-by: Sage Weil <sage@redhat.com>

mds: mkdir check_access

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

mds/MDSAuthCaps: fix parse error message

Signed-off-by: Sage Weil <sage@redhat.com>

mds: whitespace

Signed-off-by: Sage Weil <sage@redhat.com>

mds: log to cluster log if mds cap parse fails

It's an admin error; tell an admin.

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCaps: debug is_capable

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCap: fix debug prefix

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCap: drop leading / in paths

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCaps: fix allow_all

Empty path is '', not '/'.

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCaps: add cct for debug context

signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
Signed-off-by: Sage Weil <sage@redhat.com>

mds: calculate path in check_access()

Signed-off-by: Jashan Kamboj <jashank42@gmail.com>

mds/MDSAuthCaps: normalize path, drop useless constant.

Use an empty string for no path--this is more efficient.  This generalizes
to losing any leading '/' character.

Signed-off-by: Sage Weil <sage@redhat.com>

mds/MDSAuthCaps: pass down inode uid.gid and mode

We will need this to evaluate the unix permissions.

Signed-off-by: Sage Weil <sage@redhat.com>