From 316660d539dd01bbecb38ae26fbcf240bf9d0d32 Mon Sep 17 00:00:00 2001
From: John Spray <john.spray@redhat.com>
Date: Tue, 7 Oct 2014 21:39:52 +0100
Subject: [PATCH] mds: fix MDSAuthCap when cephx is disabled

Signed-off-by: John Spray <john.spray@redhat.com>
---
 src/mds/MDS.cc         | 16 +++++-----------
 src/mds/MDSAuthCaps.cc |  6 ++++++
 src/mds/MDSAuthCaps.h  |  1 +
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/mds/MDS.cc b/src/mds/MDS.cc
index 1c803a811b2c5..014ae92ccc815 100644
--- a/src/mds/MDS.cc
+++ b/src/mds/MDS.cc
@@ -817,7 +817,6 @@ void MDS::handle_command(MCommand *m)
 
 
   if (!session->auth_caps.allow_all()) {
-    // TODO: enforce allow_all check only for 'w' commands
     dout(1) << __func__
       << ": received command from client without `tell` capability: "
       << m->get_connection()->peer_addr << dendl;
@@ -2561,6 +2560,11 @@ bool MDS::ms_verify_authorizer(Connection *con, int peer_type,
       // messenger.)
     }
 
+    if (caps_info.allow_all) {
+        // Flag for auth providers that don't provide cap strings
+        s->auth_caps.set_allow_all();
+    }
+
     bufferlist::iterator p = caps_info.caps.begin();
     string auth_cap_str;
     try {
@@ -2579,16 +2583,6 @@ bool MDS::ms_verify_authorizer(Connection *con, int peer_type,
       //  * permit no `tell` ops
       dout(1) << __func__ << ": cannot decode auth caps bl of length " << caps_info.caps.length() << dendl;
     }
-
-    /*
-    s->caps.set_allow_all(caps_info.allow_all);
- 
-    if (caps_info.caps.length() > 0) {
-      bufferlist::iterator iter = caps_info.caps.begin();
-      s->caps.parse(iter);
-      dout(10) << " session " << s << " has caps " << s->caps << dendl;
-    }
-    */
   }
 
   return true;  // we made a decision (see is_valid)
diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc
index de97a0c102edf..a8eec5c3d5d09 100644
--- a/src/mds/MDSAuthCaps.cc
+++ b/src/mds/MDSAuthCaps.cc
@@ -109,6 +109,12 @@ bool MDSAuthCaps::is_capable(const std::string &path, int uid, bool may_read, bo
   return false;
 }
 
+void MDSAuthCaps::set_allow_all()
+{
+    grants.clear();
+    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, true), MDSCapMatch()));
+}
+
 bool MDSAuthCaps::parse(const std::string& str, ostream *err)
 {
   // Special case for legacy caps
diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h
index 2e54d079cfa21..8312f73c669f0 100644
--- a/src/mds/MDSAuthCaps.h
+++ b/src/mds/MDSAuthCaps.h
@@ -68,6 +68,7 @@ class MDSAuthCaps
     std::vector<MDSCapGrant> grants;
 
     public:
+    void set_allow_all();
     bool parse(const std::string &str, std::ostream *err);
     MDSAuthCaps() {}
     MDSAuthCaps(const std::vector<MDSCapGrant> &grants_) : grants(grants_) {}
-- 
2.47.3