Commit 845ae9d4 authored by Xiubo Li's avatar Xiubo Li Committed by Ilya Dryomov
Browse files

ceph: check the cephx mds auth access for open 

Before opening the file locally we need to check the cephx access.

Link: https://tracker.ceph.com/issues/61333


Signed-off-by: default avatarXiubo Li <xiubli@redhat.com>
Reviewed-by: default avatarMilind Changire <mchangir@redhat.com>
Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
parent ded67830

fs/ceph/file.c

+33 −2
Original line number Diff line number Diff line
@@ -366,6 +366,12 @@ int ceph_open(struct inode *inode, struct file *file) 
	struct ceph_file_info *fi = file->private_data;

	int err;

	int flags, fmode, wanted;

	struct dentry *dentry;

	char *path;

	int pathlen;

	u64 pathbase;

	bool do_sync = false;

	int mask = MAY_READ;



	if (fi) {

		doutc(cl, "file %p is already opened\n", file);
@@ -387,6 +393,31 @@ int ceph_open(struct inode *inode, struct file *file) 
	fmode = ceph_flags_to_mode(flags);

	wanted = ceph_caps_for_mode(fmode);



	if (fmode & CEPH_FILE_MODE_WR)

		mask |= MAY_WRITE;

	dentry = d_find_alias(inode);

	if (!dentry) {

		do_sync = true;

	} else {

		path = ceph_mdsc_build_path(mdsc, dentry, &pathlen, &pathbase, 0);

		if (IS_ERR(path)) {

			do_sync = true;

			err = 0;

		} else {

			err = ceph_mds_check_access(mdsc, path, mask);

		}

		ceph_mdsc_free_path(path, pathlen);

		dput(dentry);



		/* For none EACCES cases will let the MDS do the mds auth check */

		if (err == -EACCES) {

			return err;

		} else if (err < 0) {

			do_sync = true;

			err = 0;

		}

	}



	/* snapped files are read-only */

	if (ceph_snap(inode) != CEPH_NOSNAP && (file->f_mode & FMODE_WRITE))

		return -EROFS;
@@ -402,7 +433,7 @@ int ceph_open(struct inode *inode, struct file *file) 
	 * asynchronously.

	 */

	spin_lock(&ci->i_ceph_lock);

	if (__ceph_is_any_real_caps(ci) &&

	if (!do_sync && __ceph_is_any_real_caps(ci) &&

	    (((fmode & CEPH_FILE_MODE_WR) == 0) || ci->i_auth_cap)) {

		int mds_wanted = __ceph_caps_mds_wanted(ci, true);

		int issued = __ceph_caps_issued(ci, NULL);
@@ -420,7 +451,7 @@ int ceph_open(struct inode *inode, struct file *file) 
			ceph_check_caps(ci, 0);



		return ceph_init_file(inode, file, fmode);

	} else if (ceph_snap(inode) != CEPH_NOSNAP &&

	} else if (!do_sync && ceph_snap(inode) != CEPH_NOSNAP &&

		   (ci->i_snap_caps & wanted) == wanted) {

		__ceph_touch_fmode(ci, mdsc, fmode);

		spin_unlock(&ci->i_ceph_lock);