We now perform all perm checks for commands on Monitor::handle_command().
Services no longer need to check them.
Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>
}
MonSession *session = m->get_session();
- if (!session ||
- (!mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed());
return true;
}
boost::scoped_ptr<Formatter> f(new_formatter(format));
MonSession *session = m->get_session();
- if (!session ||
- (!mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed());
return true;
}
cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("log", MON_CAP_W) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", get_last_committed());
return true;
}
boost::scoped_ptr<Formatter> f(new_formatter(format));
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("mds", MON_CAP_R) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed());
return true;
}
cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("mds", MON_CAP_W) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed());
return true;
}
if (!_allowed_command(session, module, prefix, cmdmap)) {
dout(1) << __func__ << " access denied" << dendl;
reply_command(m, -EACCES, "access denied", 0);
+ return;
}
if (module == "mds") {
cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("mon", MON_CAP_R) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", get_last_committed());
return true;
}
cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("mon", MON_CAP_R) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", get_last_committed());
return true;
}
}
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("osd", MON_CAP_R) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed());
return true;
}
boost::scoped_ptr<Formatter> f(new_formatter(format));
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("osd", MON_CAP_W) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", get_last_committed());
return true;
}
cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("pg", MON_CAP_R) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed());
return true;
}
cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
MonSession *session = m->get_session();
- if (!session ||
- (!session->is_capable("pg", MON_CAP_W) &&
- !mon->_allowed_command(session, cmdmap))) {
+ if (!session) {
mon->reply_command(m, -EACCES, "access denied", get_last_committed());
return true;
}
projects / ceph.git / commitdiff