From 8b7a8b23b380b9fb00a354b52aba33e94334b423 Mon Sep 17 00:00:00 2001
From: John Spray <john.spray@redhat.com>
Date: Tue, 13 Oct 2015 11:12:54 +0100
Subject: [PATCH] mds: reject client sessions with bad root metadata

...instead of just purging the bad metadata, prevent
the client from opening the session.

Signed-off-by: John Spray <john.spray@redhat.com>
---
 src/mds/Server.cc | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/mds/Server.cc b/src/mds/Server.cc
index 2616a251d63..62cf62f1b28 100644
--- a/src/mds/Server.cc
+++ b/src/mds/Server.cc
@@ -287,7 +287,13 @@ void Server::handle_client_session(MClientSession *m)
       if (!session->auth_caps.path_capable(claimed_root)) {
         derr << __func__ << " forbidden path claimed as mount root: "
              << claimed_root << " by " << m->get_source() << dendl;
-        session->info.client_metadata.erase("root");
+        // Tell the client we're rejecting their open
+        mds->send_message_client(new MClientSession(CEPH_SESSION_REJECT), session);
+        mds->clog->warn() << "client session with invalid root '" <<
+          claimed_root << "' denied (" << session->info.inst << ")";
+        session->clear();
+        // Drop out; don't record this session in SessionMap or journal it.
+        break;
       }
     }
 
-- 
2.47.3