From 4932cb9ce0fba61821f8aa65e5edb47d809e1454 Mon Sep 17 00:00:00 2001 From: John Spray Date: Fri, 2 Oct 2015 11:15:37 +0100 Subject: [PATCH] mds: validate client 'root' metadata field Give this field special treatment so that users can be sure that clients are not claiming to have mounted a root outside of what they are really authorized to access. Signed-off-by: John Spray --- src/mds/Server.cc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/mds/Server.cc b/src/mds/Server.cc index 3887faac50676..2616a251d6327 100644 --- a/src/mds/Server.cc +++ b/src/mds/Server.cc @@ -280,6 +280,17 @@ void Server::handle_client_session(MClientSession *m) dout(20) << " " << i->first << ": " << i->second << dendl; } + // Special case for the 'root' metadata path; validate that the claimed + // root is actually within the caps of the session + if (session->info.client_metadata.count("root")) { + const auto claimed_root = session->info.client_metadata.at("root"); + if (!session->auth_caps.path_capable(claimed_root)) { + derr << __func__ << " forbidden path claimed as mount root: " + << claimed_root << " by " << m->get_source() << dendl; + session->info.client_metadata.erase("root"); + } + } + if (session->is_closed()) mds->sessionmap.add_session(session); -- 2.39.5