From d0b5a33170eaa73a6a0ba74d94896b2bb0076d12 Mon Sep 17 00:00:00 2001 From: Jashan Kamboj Date: Tue, 4 Aug 2015 00:18:38 +0530 Subject: [PATCH] move _check_access to SessionMap Signed-off-by: Jashan Kamboj --- src/mds/Server.cc | 27 +-------------------------- src/mds/SessionMap.cc | 24 ++++++++++++++++++++++++ src/mds/SessionMap.h | 2 ++ 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/src/mds/Server.cc b/src/mds/Server.cc index 333dab0c33f39..bd95ffa1a06b2 100644 --- a/src/mds/Server.cc +++ b/src/mds/Server.cc @@ -2105,34 +2105,9 @@ void Server::handle_slave_auth_pin_ack(MDRequestRef& mdr, MMDSSlaveRequest *ack) * by mask on the given inode, based on the capability in the mdr's * session. */ -bool Server::_check_access(Session *session, CInode *in, unsigned mask, int caller_uid, int caller_gid, int setattr_uid, int setattr_gid) -{ - string path; - - if (in->is_stray()){ - path = in->get_projected_inode()->stray_prior_path; - } else { - in->make_path_string(path, false, in->get_projected_parent_dn()); - } - if (path.length()) - path = path.substr(1); // drop leading / - - if ((mask & (MAY_CHOWN|MAY_CHGRP)) && - !(session->auth_caps.is_capable(path, in->inode.uid, in->inode.gid, in->inode.mode, - caller_uid, caller_gid, mask))) { - return false; - } - - if (session->auth_caps.is_capable(path, in->inode.uid, in->inode.gid, in->inode.mode, - caller_uid, caller_gid, mask)) { - return true; - } - return false; -} - bool Server::check_access(MDRequestRef& mdr, CInode *in, unsigned mask) { - if (!_check_access(mdr->session, in, MAY_WRITE, mdr->client_request->get_caller_uid(), mdr->client_request->get_caller_gid(), + if (!mdr->session->check_access(in, MAY_WRITE, mdr->client_request->get_caller_uid(), mdr->client_request->get_caller_gid(), mdr->client_request->head.args.setattr.uid, mdr->client_request->head.args.setattr.gid)){ respond_to_request(mdr, -EACCES); } diff --git a/src/mds/SessionMap.cc b/src/mds/SessionMap.cc index dc0ba711694de..cde0ba0d38ddf 100644 --- a/src/mds/SessionMap.cc +++ b/src/mds/SessionMap.cc @@ -829,4 +829,28 @@ void SessionMap::save_if_dirty(const std::set &tgt_sessions, } } +bool Session::check_access(CInode *in, unsigned mask, int caller_uid, int caller_gid, int setattr_uid, int setattr_gid) +{ + string path; + + if (in->is_stray()){ + path = in->get_projected_inode()->stray_prior_path; + } else { + in->make_path_string(path, false, in->get_projected_parent_dn()); + } + if (path.length()) + path = path.substr(1); // drop leading / + + if ((mask & (MAY_CHOWN|MAY_CHGRP)) && + !(auth_caps.is_capable(path, in->inode.uid, in->inode.gid, in->inode.mode, + caller_uid, caller_gid, mask))) { + return false; + } + + if (auth_caps.is_capable(path, in->inode.uid, in->inode.gid, in->inode.mode, + caller_uid, caller_gid, mask)) { + return true; + } + return false; +} diff --git a/src/mds/SessionMap.h b/src/mds/SessionMap.h index a4fdb3d8c1fe1..6a2a840b635b0 100644 --- a/src/mds/SessionMap.h +++ b/src/mds/SessionMap.h @@ -301,6 +301,8 @@ public: completed_requests_dirty = false; } + bool check_access(CInode *in, unsigned mask, int caller_uid, int caller_gid, int setattr_uid, int setattr_gid); + Session() : state(STATE_CLOSED), state_seq(0), importing_count(0), -- 2.39.5