mon: weaken pool creation caps check

Allow a pool creation if we specify an auid but are allowed to create
buckets as anybody.

Signed-off-by: Sage Weil <sage@newdream.net>

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 6ccaeefe4acdc195dfd9d513fc519dcd754e4f8a..ea205aaafb2a00ae3fbb9c93310ef6e3d71c6af1 100644 (file)
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -1880,8 +1880,8 @@ bool OSDMonitor::preprocess_pool_op_create ( MPoolOp *m)
     _pool_op(m, -EPERM, pending_inc.epoch);
     return true;
   }
-  if ((m->auid && !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) ||
-      (!m->auid && !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W))) {
+  if ((m->auid && !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) &&
+      !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W)) {
     if (session)
       dout(5) << "attempt to create new pool without sufficient auid privileges!"
              << "message: " << *m  << std::endl