Sage Weil
a43f5c7553
mds/Server: skip auth check on session-less mdr's
...
The mds internal requests don't have a session.
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:42:35 -04:00
Sage Weil
1957aeddbf
client: do sync setattr when caller != last cap dirtier
...
This way we can still do cap writeback in general when the caller is not
the same as the mount_uid/gid, but we flip to a sync setattr when we have
to because the dirty caps have a different uid/gid than the current
caller.
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:42:35 -04:00
Sage Weil
2df9bfb4cf
client: consolidate client_mount_{uid,gid} and client_{user,group}_id options
...
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:33 -04:00
Sage Weil
4867ef0a3a
client: add get_{uid,gid} helpers for consistent uid/gids
...
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:33 -04:00
Nishtha Rai
43f50c73ed
add caps_dirty to setattr
...
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:41:33 -04:00
Sage Weil
c5e9d69109
unittest_mds_authcaps: fix a few unit tests
...
The MAY_CREATE conditoin is simple: the created inode must match the caller
uid and gid.
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:33 -04:00
Jashan Kamboj
56bece263d
fix test_path_caps
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:33 -04:00
Jashan Kamboj
10295e9f8b
doc:fix path-based restriction
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:32 -04:00
Jashan Kamboj
548e34c8d8
test/libcephfs/access: add update_after_unlink test
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:32 -04:00
Jashan Kamboj
58a6f7c065
test/libcephfs/access: add ReadOnly restriction test
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:32 -04:00
Jashan Kamboj
073e92aa11
test/libcephfs/access: add Path restriction test
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:32 -04:00
Nishtha Rai
ddc69bb399
client/Client: added client_mount_uid and gid as parameters to getattr call
...
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:41:32 -04:00
Sage Weil
7b7e2c2024
mds/MDSAuthCap: fix creation ownership check
...
Check uid too.
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:32 -04:00
Sage Weil
868a87119a
mds/MDSAuthCaps: whitespace
...
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:32 -04:00
Sage Weil
5ed6625840
mds/MDSAuthCaps: only verify create git when not AUTH_UID_ANY
...
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:32 -04:00
Yan, Zheng
9056a482d0
mds: send cap flush ack even when access check failed.
...
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:32 -04:00
Yan, Zheng
0cb3616263
client: force setattr to MDS when caller's {uid,gid} are not the specified ones
...
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:32 -04:00
Yan, Zheng
74e05c6cfb
client: allow specifying default caller_{uid,gid} of MClientRequest
...
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:31 -04:00
Yan, Zheng
c6ab8de947
client: add options to specify caller_{uid,gid} of MClientCaps
...
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:31 -04:00
Yan, Zheng
785b21c929
messages: add caller_{uid,gid} to cap msgs
...
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:31 -04:00
Sage Weil
35f039e894
test/libcephfs/access: expand example test a bit
...
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:39:35 -04:00
Sage Weil
f0a418ddfb
mds/Server: fix check_access
...
Pass through correct mask. Clean up formatting.
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:39:35 -04:00
Yan, Zheng
8d78d5c6b4
client: properly set caller_{uid,gid} of readdir request
...
save uid/gid of ll_opendir caller in dir_result_t, use the saved
uid/gid for readdir request.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:39:34 -04:00
Sage Weil
aea8a0e141
ceph_test_libcephfs: skeleton for access tests
...
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:39:34 -04:00
Yan, Zheng
b71a9c41a5
mds: fix Server::check_access
...
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
6a6c06887c
doc/cephfs: path-based restriction
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
b70d70b96e
add check_access in _do_cap_update
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
d0b5a33170
move _check_access to SessionMap
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
6f2ac9c921
add _check_access for async cap updates
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
6cd7306682
add stray_prior_path for is_stray
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
4c896c78e7
add stray_prior_path to store path before rename
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Nishtha Rai
d12a388f85
mds/MDSAuthCaps: add test cases for is_capable
2015-10-01 09:39:34 -04:00
Nishtha Rai
b3fdbb666a
mds/Server: add chown and chgrp check access to setattr
2015-10-01 09:39:34 -04:00
Nishtha Rai
be7eb6729f
mds/Server: add create access check for openc
...
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:33 -04:00
Nishtha Rai
62b95027a6
Server: add create access check for mknod and symlink
2015-10-01 09:39:33 -04:00
Nishtha Rai
a4d5c3b241
test_auth_caps: add mkdir check with mode 557
2015-10-01 09:39:33 -04:00
Nishtha Rai
88d74789a7
test_auth_caps: resolve bug with other bits test case
2015-10-01 09:39:33 -04:00
Nishtha Rai
00d7480511
test_auth_caps: remove grp mount
...
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:33 -04:00
Nishtha Rai
4f71b11379
MDSAuthCaps: validate create access
...
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
17c758b589
add stray_prior_path to store path before unlink
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
e33cd74e41
add open check_access
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
ea94bc4768
add link check_access
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
8a29c4e939
add rename check_access
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
991d340a0e
add snaps(ls,mk,rm,rename) check_access
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
fb9c37940e
add setlayout, setdirlayout, setxattr check_access
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:32 -04:00
Jashan Kamboj
74b140ae94
add readdir check_access
...
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:32 -04:00
Sage Weil
9aa6128e34
mds/Server: clean up check_access a bit
...
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:39:32 -04:00
Nishtha Rai
5b318aa977
MDSAuthCaps: add logic for group bits check
...
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:32 -04:00
Nishtha Rai
1aaee87d2b
test_auth_caps: add test for user bits
...
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:32 -04:00
Nishtha Rai
7293540115
mds/MDSAuthCaps: add permissions for user bits
...
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:32 -04:00