mds: add MAY_SET_POOL in MDSAuthCaps

For controlling whether a client is allowed to modify the pool field in file/dir layouts. Signed-off-by: John Spray <john.spray@redhat.com>
ceph · Nov 13, 2015 · eee4b8f · eee4b8f
1 parent 1d03924
commit eee4b8f
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 8 deletions.
diff --git a/src/mds/MDSAuthCaps.cc b/src/mds/MDSAuthCaps.cc
@@ -70,11 +70,13 @@ struct MDSCapParser : qi::grammar<Iterator, MDSAuthCaps()>
 
     // capspec = * | r[w]
     capspec = spaces >> (
-        lit("*")[_val = MDSCapSpec(true, true, true)]
+        lit("*")[_val = MDSCapSpec(true, true, true, true)]
         |
-        (lit("rw"))[_val = MDSCapSpec(true, true, false)]
+        (lit("rwp"))[_val = MDSCapSpec(true, true, false, true)]
         |
-        (lit("r"))[_val = MDSCapSpec(true, false, false)]
+        (lit("rw"))[_val = MDSCapSpec(true, true, false, false)]
+        |
+        (lit("r"))[_val = MDSCapSpec(true, false, false, false)]
         );
 
     grant = lit("allow") >> (capspec >> match)[_val = phoenix::construct<MDSCapGrant>(_1, _2)];
@@ -159,6 +161,13 @@ bool MDSAuthCaps::is_capable(const std::string &inode_path,
     if (i->match.match(inode_path, caller_uid, caller_gid) &&
 	i->spec.allows(mask & (MAY_READ|MAY_EXECUTE), mask & MAY_WRITE)) {
 
+      // Spec is non-allowing if caller asked for set pool but spec forbids it
+      if (mask & MAY_SET_POOL) {
+        if (!i->spec.allows_set_pool()) {
+          continue;
+        }
+      }
+
       // check unix permissions?
       if (i->match.uid == MDSCapMatch::MDS_AUTH_UID_ANY) {
         return true;
@@ -209,15 +218,17 @@ bool MDSAuthCaps::is_capable(const std::string &inode_path,
 void MDSAuthCaps::set_allow_all()
 {
     grants.clear();
-    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, true), MDSCapMatch()));
+    grants.push_back(MDSCapGrant(
+                       MDSCapSpec(true, true, true, true),
+                       MDSCapMatch()));
 }
 
 bool MDSAuthCaps::parse(CephContext *c, const std::string& str, ostream *err)
 {
   // Special case for legacy caps
   if (str == "allow") {
     grants.clear();
-    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, false), MDSCapMatch()));
+    grants.push_back(MDSCapGrant(MDSCapSpec(true, true, false, true), MDSCapMatch()));
     return true;
   }
 

diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h
@@ -28,7 +28,8 @@ enum {
   MAY_WRITE = 2,
   MAY_EXECUTE = 4,
   MAY_CHOWN = 16,
-  MAY_CHGRP = 32
+  MAY_CHGRP = 32,
+  MAY_SET_POOL = 64,
 };
 
 class CephContext;
@@ -37,12 +38,17 @@ class CephContext;
 struct MDSCapSpec {
   bool read, write, any;
 
-  MDSCapSpec() : read(false), write(false), any(false) {}
-  MDSCapSpec(bool r, bool w, bool a) : read(r), write(w), any(a) {}
+  // True if the capability permits modifying the pool on file layouts
+  bool layout_pool;
+
+  MDSCapSpec() : read(false), write(false), any(false), layout_pool(false) {}
+  MDSCapSpec(bool r, bool w, bool a, bool lop)
+    : read(r), write(w), any(a), layout_pool(lop) {}
 
   bool allow_all() const {
     return any;
   }
+
   bool allows(bool r, bool w) const {
     if (any)
       return true;
@@ -52,6 +58,10 @@ struct MDSCapSpec {
       return false;
     return true;
   }
+
+  bool allows_set_pool() const {
+    return layout_pool;
+  }
 };
 
 // conditions before we are allowed to do it