mds/Server: disallow clients that have root_squash

... MDS auth caps but don't have CEPHFS_FEATURE_MDS_AUTH_CAPS_CHECK
feature bit (i.e., can't check the auth caps sent back to it by the
MDS) from establishing a session. Do this in
Server::handle_client_session(), and Server::handle_client_reconnect(),
where old clients try to reconnect to MDS servers after an upgrade.

If the client doesn't have the ability to authorize session access
based on the MDS auth caps send back to it by the MDS, then the
client may buffer changes locally during open and setattr operations
when it's not supposed to, e.g., when enforcing root_squash MDS auth
caps.

Fixes: https://tracker.ceph.com/issues/56067
Signed-off-by: Ramana Raja <rraja@redhat.com>

1 files changed, 9 insertions, 0 deletions

diff --git a/src/mds/MDSAuthCaps.h b/src/mds/MDSAuthCaps.h
index 9752f0ec1c8..c1d410eaf76 100644
--- a/src/mds/MDSAuthCaps.h
+++ b/src/mds/MDSAuthCaps.h
@@ -299,6 +299,15 @@ public:
     }
   }
 
+  bool root_squash_in_caps() const {
+    for (const MDSCapGrant &g : grants) {
+      if (g.match.root_squash) {
+        return true;
+      }
+    }
+    return false;
+  }
+
   friend std::ostream &operator<<(std::ostream &out, const MDSAuthCaps &cap);
   std::string to_string();
 private: