return;
}
- if (!m->get_session()->caps.check_privileges(PAXOS_MONMAP, MON_CAP_ALL)) {
- string rs="Access denied";
- reply_command((MMonCommand *)m, -EACCES, rs, 0);
+ MonSession *session = m->get_session();
+ if (!session ||
+ !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_ALL)) {
+ string rs = "Access denied";
+ reply_command(m, -EACCES, rs, 0);
+ return;
}
dout(0) << "handle_command " << *m << dendl;
void Monitor::handle_observe(MMonObserve *m)
{
dout(10) << "handle_observe " << *m << " from " << m->get_source_inst() << dendl;
- //check that there are perms. Send a response back if they aren't sufficient,
- //and delete the message (if it's not deleted for us, which happens when
- //we own the connection to the requested observer).
- if (!m->get_session()->caps.check_privileges(PAXOS_MONMAP, MON_CAP_X)) {
+ // check that there are perms. Send a response back if they aren't sufficient,
+ // and delete the message (if it's not deleted for us, which happens when
+ // we own the connection to the requested observer).
+ MonSession *session = m->get_session();
+ if (!session || !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_X)) {
bool delete_m = false;
- if (m->session_mon) delete_m = true;
+ if (m->session_mon)
+ delete_m = true;
send_reply(m, m);
- if (delete_m) delete m;
+ if (delete_m)
+ delete m;
return;
}
if (m->machine_id >= PAXOS_NUM) {
void Monitor::handle_class(MClass *m)
{
- if (!m->get_session()->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
+ MonSession *session = m->get_session();
+ if (!session)
+ goto done;
+ if (!session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
dout(0) << "MClass received from entity without sufficient privileges "
- << m->get_session()->caps << dendl;
- delete m;
- return;
+ << session->caps << dendl;
+ goto done;
}
+
switch (m->action) {
case CLASS_SET:
case CLASS_GET:
classmon()->handle_request(m);
- break;
+ return;
+
case CLASS_RESPONSE:
dout(0) << "got a class response (" << *m << ") ???" << dendl;
- delete m;
break;
+
default:
dout(0) << "got an unknown class message (" << *m << ") ???" << dendl;
- assert(0);
break;
}
+
+ done:
+ delete m;
}
bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer, bool force_new)
// who is failed
int badboy = m->get_failed().name.num();
- if (ceph_fsid_compare(&m->fsid, &mon->monmap->fsid)) {
- dout(0) << "preprocess_failure on fsid " << m->fsid << " != " << mon->monmap->fsid << dendl;
+ // check permissions
+ MonSession *session = m->get_session();
+ if (!session)
+ goto didit;
+ if (!session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
+ dout(0) << "got MOSDFailure from entity with insufficient caps "
+ << session->caps << dendl;
goto didit;
}
- //check permissions
- if (!m->get_session()->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
- dout(0) << "got MOSDFailure from entity with insufficient caps "
- << m->get_session()->caps << dendl;
+ if (ceph_fsid_compare(&m->fsid, &mon->monmap->fsid)) {
+ dout(0) << "preprocess_failure on fsid " << m->fsid << " != " << mon->monmap->fsid << dendl;
goto didit;
}
bool OSDMonitor::preprocess_boot(MOSDBoot *m)
{
- if (ceph_fsid_compare(&m->sb.fsid, &mon->monmap->fsid)) {
- dout(0) << "preprocess_boot on fsid " << m->sb.fsid << " != " << mon->monmap->fsid << dendl;
- delete m;
- return true;
- }
+ int from = m->get_orig_source_inst().name.num();
- //check permissions, ignore if failed (no response expected)
- if (!m->get_session()->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
+ // check permissions, ignore if failed (no response expected)
+ MonSession *session = m->get_session();
+ if (!session)
+ goto ignore;
+ if (!session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
dout(0) << "got preprocess_boot message from entity with insufficient caps"
- << m->get_session()->caps << dendl;
- delete m;
- return true;
+ << session->caps << dendl;
+ goto ignore;
+ }
+
+ if (ceph_fsid_compare(&m->sb.fsid, &mon->monmap->fsid)) {
+ dout(0) << "preprocess_boot on fsid " << m->sb.fsid << " != " << mon->monmap->fsid << dendl;
+ goto ignore;
}
assert(m->get_orig_source_inst().name.is_osd());
- int from = m->get_orig_source_inst().name.num();
// already booted?
if (osdmap.is_up(from) &&
dout(10) << "preprocess_boot from " << m->get_orig_source_inst() << dendl;
return false;
+
+ ignore:
+ delete m;
+ return true;
}
bool OSDMonitor::prepare_boot(MOSDBoot *m)
bool OSDMonitor::preprocess_alive(MOSDAlive *m)
{
- //check permissions, ignore if failed
- if (!m->get_session()->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
+ int from = m->get_orig_source().num();
+
+ // check permissions, ignore if failed
+ MonSession *session = m->get_session();
+ if (!session)
+ goto ignore;
+ if (!session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
dout(0) << "attempt to send MOSDAlive from entity with insufficient privileges:"
- << m->get_session()->caps << dendl;
- return true;
+ << session->caps << dendl;
+ goto ignore;
}
- int from = m->get_orig_source().num();
+
if (osdmap.is_up(from) &&
osdmap.get_inst(from) == m->get_orig_source_inst() &&
osdmap.get_up_thru(from) >= m->map_epoch) {
dout(10) << "preprocess_alive e" << m->map_epoch
<< " from " << m->get_orig_source_inst() << dendl;
return false;
+
+ ignore:
+ delete m;
+ return true;
}
bool OSDMonitor::prepare_alive(MOSDAlive *m)
bool OSDMonitor::preprocess_pgtemp(MOSDPGTemp *m)
{
dout(10) << "preprocess_pgtemp " << *m << dendl;
+ vector<int> empty;
- //check caps
- if (!m->get_session()->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
+ // check caps
+ MonSession *session = m->get_session();
+ if (!session)
+ goto ignore;
+ if (!session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_X)) {
dout(0) << "attempt to send MOSDPGTemp from entity with insufficient caps "
- << m->get_session()->caps << dendl;
- return true;
+ << session->caps << dendl;
+ goto ignore;
}
- vector<int> empty;
+
for (map<pg_t,vector<int> >::iterator p = m->pg_temp.begin(); p != m->pg_temp.end(); p++) {
dout(20) << " " << p->first
<< (osdmap.pg_temp.count(p->first) ? osdmap.pg_temp[p->first] : empty)
dout(7) << "preprocess_pgtemp e" << m->map_epoch << " no changes from " << m->get_orig_source_inst() << dendl;
_reply_map(m, m->map_epoch);
return true;
+
+ ignore:
+ delete m;
+ return true;
}
bool OSDMonitor::prepare_pgtemp(MOSDPGTemp *m)
{
dout(7) << "preprocess_remove_snaps " << *m << dendl;
- //check privilege, ignore if failed
- if (!m->get_session()->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_RW)) {
+ // check privilege, ignore if failed
+ MonSession *session = m->get_session();
+ if (!session)
+ goto ignore;
+ if (!session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_RW)) {
dout(0) << "got preprocess_remove_snaps from entity with insufficient caps "
- << m->get_session()->caps << dendl;
- delete m;
- return true;
+ << session->caps << dendl;
+ goto ignore;
}
+
for (map<int, vector<snapid_t> >::iterator q = m->snaps.begin();
q != m->snaps.end();
q++) {
return false;
}
}
+
+ ignore:
delete m;
return true;
}
int OSDMonitor::prepare_new_pool(MPoolOp *m)
{
- //check permissions for the auid, then pass off to next function
- dout(10) << "prepare_new_pool from "
- << (m->get_connection()) << dendl;
- if (m->auid) {
- if(m->get_session()->
- caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) {
- return prepare_new_pool(m->name, m->auid);
- } else {
- dout(5) << "attempt to create new pool without sufficient auid privileges!"
- << "message: " << *m << std::endl
- << "caps: " << m->get_session()->caps << dendl;
- return -EPERM;
- }
- } else {
- if (m->get_session()->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W)) {
- return prepare_new_pool(m->name, m->get_session()->caps.auid);
- } else {
- dout(5) << "attempt to create new pool without sufficient caps!"
- << "message: " << *m << std::endl
- << "caps: " << m->get_session()->caps << dendl;
- return -EPERM;
- }
- }
- return -1; //can't get here!
+ dout(10) << "prepare_new_pool from " << m->get_connection() << dendl;
+ MonSession *session = m->get_session();
+ if (!session)
+ return -EPERM;
+ if (m->auid)
+ return prepare_new_pool(m->name, m->auid);
+ else
+ return prepare_new_pool(m->name, session->caps.auid);
}
int OSDMonitor::prepare_new_pool(string& name, __u64 auid)
return false;
}
-bool OSDMonitor::preprocess_pool_op ( MPoolOp *m) {
+bool OSDMonitor::preprocess_pool_op(MPoolOp *m)
+{
dout(0) << "m->op=" << m->op << dendl;
if (m->op == POOL_OP_CREATE) {
return preprocess_pool_op_create(m);
bool OSDMonitor::preprocess_pool_op_create ( MPoolOp *m)
{
+ MonSession *session = m->get_session();
+ if (!session) {
+ _pool_op(m, -EPERM, pending_inc.epoch);
+ return true;
+ }
+ if ((m->auid && !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) ||
+ (!m->auid && !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W))) {
+ if (session)
+ dout(5) << "attempt to create new pool without sufficient auid privileges!"
+ << "message: " << *m << std::endl
+ << "caps: " << m->get_session()->caps << dendl;
+ _pool_op(m, -EPERM, pending_inc.epoch);
+ return true;
+ }
+
int pool = osdmap.lookup_pg_pool_name(m->name.c_str());
- if (pool < 0)
- return false;
+ if (pool >= 0) {
+ _pool_op(m, -EEXIST, pending_inc.epoch);
+ return true;
+ }
- _pool_op(m, -EEXIST, pending_inc.epoch);
- return true;
+ return false;
}
-bool OSDMonitor::prepare_pool_op (MPoolOp *m)
+bool OSDMonitor::prepare_pool_op(MPoolOp *m)
{
dout(10) << "prepare_pool_op " << *m << dendl;
if (m->op == POOL_OP_CREATE) {
return true;
}
-bool OSDMonitor::prepare_pool_op_create (MPoolOp *m)
+bool OSDMonitor::prepare_pool_op_create(MPoolOp *m)
{
int err = prepare_new_pool(m);
if (!err) {
return true;
}
-bool OSDMonitor::prepare_pool_op_delete (MPoolOp *m)
+bool OSDMonitor::prepare_pool_op_delete(MPoolOp *m)
{
pending_inc.old_pools.insert(m->pool);
paxos->wait_for_commit(new OSDMonitor::C_PoolOp(this, m, 0, pending_inc.epoch));
return true;
}
-bool OSDMonitor::prepare_pool_op_auid (MPoolOp *m)
+bool OSDMonitor::prepare_pool_op_auid(MPoolOp *m)
{
- //check that current user can write to new auid
- if(m->get_session()->
- caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) {
- //check that current user can write to old auid
+ // check that current user can write to new auid
+ MonSession *session = m->get_session();
+ if (!session)
+ goto fail;
+ if (session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) {
+ // check that current user can write to old auid
int old_auid = osdmap.get_pg_pool(m->pool)->v.auid;
- if(m->get_session()->
- caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, old_auid)) {
- //update pg_pool_t with new auid
+ if (session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, old_auid)) {
+ // update pg_pool_t with new auid
pending_inc.new_pools[m->pool] = *(osdmap.get_pg_pool(m->pool));
pending_inc.new_pools[m->pool].v.auid = m->auid;
paxos->wait_for_commit(new OSDMonitor::C_PoolOp(this, m, 0, pending_inc.epoch));
return true;
}
}
- //if it gets here it failed a permissions check
+
+ fail:
+ // if it gets here it failed a permissions check
_pool_op(m, -EPERM, pending_inc.epoch);
return true;
}
projects / ceph.git / commitdiff