diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-21 02:27:13 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-21 02:27:13 +0000 |
| commit | e22f8c6576e87dcfb42d10c71d4b06260ca9f722 (patch) | |
| tree | a010f9d27fb5769eeaee24d7dcd762a6b0ff87ae /src/mds/Server.cc | |
| parent | Adding upstream version 18.2.3. (diff) | |
| download | ceph-upstream.tar.xz ceph-upstream.zip | |
Adding upstream version 18.2.4.upstream/18.2.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/mds/Server.cc')
| -rw-r--r-- | src/mds/Server.cc | 23 |
1 files changed, 8 insertions, 15 deletions
diff --git a/src/mds/Server.cc b/src/mds/Server.cc index 48e7b03ae..2f8b376ce 100644 --- a/src/mds/Server.cc +++ b/src/mds/Server.cc @@ -717,16 +717,10 @@ void Server::handle_client_session(const cref_t<MClientSession> &m) break; } - if (session->auth_caps.root_squash_in_caps() && !client_metadata.features.test(CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK)) { - CachedStackStringStream css; - *css << "client lacks CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK needed to enforce 'root_squash' MDS auth caps"; - send_reject_message(css->strv()); - mds->clog->warn() << "client session (" << session->info.inst - << ") lacks CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK " - << " needed to enforce 'root_squash' MDS auth caps"; - session->clear(); - break; - + std::string_view fs_name = mds->mdsmap->get_fs_name(); + bool client_caps_check = client_metadata.features.test(CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK); + if (session->auth_caps.root_squash_in_caps(fs_name) && !client_caps_check) { + mds->sessionmap.add_to_broken_root_squash_clients(session); } // Special case for the 'root' metadata path; validate that the claimed // root is actually within the caps of the session @@ -1573,11 +1567,10 @@ void Server::handle_client_reconnect(const cref_t<MClientReconnect> &m) *css << "missing required features '" << missing_features << "'"; error_str = css->strv(); } - if (session->auth_caps.root_squash_in_caps() && - !session->info.client_metadata.features.test(CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK)) { - CachedStackStringStream css; - *css << "client lacks CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK needed to enforce 'root_squash' MDS auth caps"; - error_str = css->strv(); + std::string_view fs_name = mds->mdsmap->get_fs_name(); + bool client_caps_check = session->info.client_metadata.features.test(CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK); + if (session->auth_caps.root_squash_in_caps(fs_name) && !client_caps_check) { + mds->sessionmap.add_to_broken_root_squash_clients(session); } } |