mon: users can now change pool owners.

This requires them to have write permission on both the current and the new auid.
att · Mar 10, 2010 · ff887e2 · ff887e2
1 parent 543c9eb
commit ff887e2
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/src/messages/MPoolOp.h b/src/messages/MPoolOp.h
@@ -23,6 +23,7 @@ enum {
   POOL_OP_DELETE,
   POOL_OP_CREATE_SNAP,
   POOL_OP_DELETE_SNAP,
+  POOL_OP_AUID_CHANGE
 };
 
 static const char *get_pool_op_name(int op) {
@@ -33,9 +34,11 @@ static const char *get_pool_op_name(int op) {
     return "delete pool";
   case POOL_OP_CREATE_SNAP:
     return "create snap";
-   case POOL_OP_DELETE_SNAP:
+  case POOL_OP_DELETE_SNAP:
     return "delete snap";
-   default:
+  case POOL_OP_AUID_CHANGE:
+    return "change auid";
+  default:
     return "unknown";
   }
 }

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
@@ -1332,6 +1332,8 @@ bool OSDMonitor::preprocess_pool_op ( MPoolOp *m) {
     return false;
   case POOL_OP_DELETE: //can't delete except on master
     return false;
+  case POOL_OP_AUID_CHANGE:
+    return false; //can't change except on master
   default:
     assert(0);
     break;
@@ -1356,6 +1358,8 @@ bool OSDMonitor::prepare_pool_op (MPoolOp *m)
     return prepare_pool_op_create(m);
   } else if (m->op == POOL_OP_DELETE) {
     return prepare_pool_op_delete(m);
+  } else if (m->op == POOL_OP_AUID_CHANGE) {
+    return prepare_pool_op_auid(m);
   }
   const pg_pool_t *p = osdmap.get_pg_pool(m->pool);
   pg_pool_t* pp = 0;
@@ -1400,6 +1404,26 @@ bool OSDMonitor::prepare_pool_op_delete (MPoolOp *m)
   return true;
 }
 
+bool OSDMonitor::prepare_pool_op_auid (MPoolOp *m)
+{
+  Session * session = (Session *) m->get_connection()->get_priv();
+  //check that current user can write to new auid
+  if(session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) {
+    //check that current user can write to old auid
+    int old_auid = osdmap.get_pg_pool(m->pool)->v.auid;
+    if(session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, old_auid)) {
+      //update pg_pool_t with new auid
+      pending_inc.new_pools[m->pool] = *(osdmap.get_pg_pool(m->pool));
+      pending_inc.new_pools[m->pool].v.auid = m->auid;
+      paxos->wait_for_commit(new OSDMonitor::C_PoolOp(this, m, 0, pending_inc.epoch));
+      return true;
+    }
+  }
+  //if it gets here it failed a permissions check
+  _pool_op(m, -EPERM, pending_inc.epoch);
+  return true;
+}
+
 void OSDMonitor::_pool_op(MPoolOp *m, int replyCode, epoch_t epoch)
 {
   MPoolOpReply *reply = new MPoolOpReply(m->fsid, m->get_tid(),

diff --git a/src/mon/OSDMonitor.h b/src/mon/OSDMonitor.h
@@ -89,8 +89,10 @@ class OSDMonitor : public PaxosService {
   bool prepare_pool_op (MPoolOp *m);
   bool prepare_pool_op_create (MPoolOp *m);
   bool prepare_pool_op_delete(MPoolOp *m);
+  bool prepare_pool_op_auid(MPoolOp *m);
   int prepare_new_pool(string& name, __u64 auid = CEPH_AUTH_UID_DEFAULT);
   int prepare_new_pool(MPoolOp *m);
+
   void _pool_op(MPoolOp *m, int replyCode, epoch_t epoch);
 
   struct C_Booted : public Context {