Commit Graph

45115 Commits

Author SHA1 Message Date
Sage Weil
a43f5c7553 mds/Server: skip auth check on session-less mdr's
The mds internal requests don't have a session.

Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:42:35 -04:00
Sage Weil
1957aeddbf client: do sync setattr when caller != last cap dirtier
This way we can still do cap writeback in general when the caller is not
the same as the mount_uid/gid, but we flip to a sync setattr when we have
to because the dirty caps have a different uid/gid than the current
caller.

Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:42:35 -04:00
Sage Weil
2df9bfb4cf client: consolidate client_mount_{uid,gid} and client_{user,group}_id options
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:33 -04:00
Sage Weil
4867ef0a3a client: add get_{uid,gid} helpers for consistent uid/gids
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:33 -04:00
Nishtha Rai
43f50c73ed add caps_dirty to setattr
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:41:33 -04:00
Sage Weil
c5e9d69109 unittest_mds_authcaps: fix a few unit tests
The MAY_CREATE conditoin is simple: the created inode must match the caller
uid and gid.

Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:33 -04:00
Jashan Kamboj
56bece263d fix test_path_caps
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:33 -04:00
Jashan Kamboj
10295e9f8b doc:fix path-based restriction
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:32 -04:00
Jashan Kamboj
548e34c8d8 test/libcephfs/access: add update_after_unlink test
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:32 -04:00
Jashan Kamboj
58a6f7c065 test/libcephfs/access: add ReadOnly restriction test
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:32 -04:00
Jashan Kamboj
073e92aa11 test/libcephfs/access: add Path restriction test
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:41:32 -04:00
Nishtha Rai
ddc69bb399 client/Client: added client_mount_uid and gid as parameters to getattr call
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:41:32 -04:00
Sage Weil
7b7e2c2024 mds/MDSAuthCap: fix creation ownership check
Check uid too.

Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:32 -04:00
Sage Weil
868a87119a mds/MDSAuthCaps: whitespace
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:32 -04:00
Sage Weil
5ed6625840 mds/MDSAuthCaps: only verify create git when not AUTH_UID_ANY
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:41:32 -04:00
Yan, Zheng
9056a482d0 mds: send cap flush ack even when access check failed.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:32 -04:00
Yan, Zheng
0cb3616263 client: force setattr to MDS when caller's {uid,gid} are not the specified ones
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:32 -04:00
Yan, Zheng
74e05c6cfb client: allow specifying default caller_{uid,gid} of MClientRequest
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:31 -04:00
Yan, Zheng
c6ab8de947 client: add options to specify caller_{uid,gid} of MClientCaps
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:31 -04:00
Yan, Zheng
785b21c929 messages: add caller_{uid,gid} to cap msgs
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:41:31 -04:00
Sage Weil
35f039e894 test/libcephfs/access: expand example test a bit
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:39:35 -04:00
Sage Weil
f0a418ddfb mds/Server: fix check_access
Pass through correct mask.  Clean up formatting.

Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:39:35 -04:00
Yan, Zheng
8d78d5c6b4 client: properly set caller_{uid,gid} of readdir request
save uid/gid of ll_opendir caller in dir_result_t, use the saved
uid/gid for readdir request.

Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:39:34 -04:00
Sage Weil
aea8a0e141 ceph_test_libcephfs: skeleton for access tests
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:39:34 -04:00
Yan, Zheng
b71a9c41a5 mds: fix Server::check_access
Signed-off-by: Yan, Zheng <zyan@redhat.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
6a6c06887c doc/cephfs: path-based restriction
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
b70d70b96e add check_access in _do_cap_update
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
d0b5a33170 move _check_access to SessionMap
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
6f2ac9c921 add _check_access for async cap updates
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
6cd7306682 add stray_prior_path for is_stray
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Jashan Kamboj
4c896c78e7 add stray_prior_path to store path before rename
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:34 -04:00
Nishtha Rai
d12a388f85 mds/MDSAuthCaps: add test cases for is_capable 2015-10-01 09:39:34 -04:00
Nishtha Rai
b3fdbb666a mds/Server: add chown and chgrp check access to setattr 2015-10-01 09:39:34 -04:00
Nishtha Rai
be7eb6729f mds/Server: add create access check for openc
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:33 -04:00
Nishtha Rai
62b95027a6 Server: add create access check for mknod and symlink 2015-10-01 09:39:33 -04:00
Nishtha Rai
a4d5c3b241 test_auth_caps: add mkdir check with mode 557 2015-10-01 09:39:33 -04:00
Nishtha Rai
88d74789a7 test_auth_caps: resolve bug with other bits test case 2015-10-01 09:39:33 -04:00
Nishtha Rai
00d7480511 test_auth_caps: remove grp mount
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:33 -04:00
Nishtha Rai
4f71b11379 MDSAuthCaps: validate create access
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
17c758b589 add stray_prior_path to store path before unlink
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
e33cd74e41 add open check_access
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
ea94bc4768 add link check_access
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
8a29c4e939 add rename check_access
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
991d340a0e add snaps(ls,mk,rm,rename) check_access
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:33 -04:00
Jashan Kamboj
fb9c37940e add setlayout, setdirlayout, setxattr check_access
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:32 -04:00
Jashan Kamboj
74b140ae94 add readdir check_access
Signed-off-by: Jashan Kamboj <jashank42@gmail.com>
2015-10-01 09:39:32 -04:00
Sage Weil
9aa6128e34 mds/Server: clean up check_access a bit
Signed-off-by: Sage Weil <sage@redhat.com>
2015-10-01 09:39:32 -04:00
Nishtha Rai
5b318aa977 MDSAuthCaps: add logic for group bits check
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:32 -04:00
Nishtha Rai
1aaee87d2b test_auth_caps: add test for user bits
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:32 -04:00
Nishtha Rai
7293540115 mds/MDSAuthCaps: add permissions for user bits
Signed-off-by: Nishtha Rai <nishtha3rai@gmail.com>
2015-10-01 09:39:32 -04:00