mon/OSDMonitor: enforce caps for all remaining pool ops

author Jason Dillaman <dillaman@redhat.com>

Thu, 21 Jun 2018 01:30:47 +0000 (21:30 -0400)

committer Jason Dillaman <dillaman@redhat.com>

Tue, 26 Jun 2018 15:41:19 +0000 (11:41 -0400)
author Jason Dillaman <dillaman@redhat.com>
Thu, 21 Jun 2018 01:30:47 +0000 (21:30 -0400)
committer Jason Dillaman <dillaman@redhat.com>
Tue, 26 Jun 2018 15:41:19 +0000 (11:41 -0400)
diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc

index c3a687633317dd8ad264c9069ee872a8c961fe38..be4ee37fb1c496e6cfdd6e3c6170b0081b4d2e91 100644 (file)
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -11812,6 +11812,13 @@ bool OSDMonitor::enforce_pool_op_caps(MonOpRequestRef op)
      }
      break;
    default:
+    if (!session->is_capable("osd", MON_CAP_W)) {
+      dout(0) << "got pool op from entity with insufficient privileges. "
+              << "message: " << *m  << std::endl
+              << "caps: " << session->caps << dendl;
+      _pool_op_reply(op, -EPERM, osdmap.get_epoch());
+      return true;
+    }
      break;
    }
  
@@ -11910,19 +11917,6 @@ bool OSDMonitor::preprocess_pool_op_create(MonOpRequestRef op)
  {
    op->mark_osdmon_event(__func__);
    MPoolOp *m = static_cast<MPoolOp*>(op->get_req());
-  MonSession *session = m->get_session();
-  if (!session) {
-    _pool_op_reply(op, -EPERM, osdmap.get_epoch());
-    return true;
-  }
-  if (!session->is_capable("osd", MON_CAP_W)) {
-    dout(5) << "attempt to create new pool without sufficient auid privileges!"
-           << "message: " << *m  << std::endl
-           << "caps: " << session->caps << dendl;
-    _pool_op_reply(op, -EPERM, osdmap.get_epoch());
-    return true;
-  }
-
    int64_t pool = osdmap.lookup_pg_pool_name(m->name.c_str());
    if (pool >= 0) {
      _pool_op_reply(op, 0, osdmap.get_epoch());
author	Jason Dillaman <dillaman@redhat.com>
	Thu, 21 Jun 2018 01:30:47 +0000 (21:30 -0400)
committer	Jason Dillaman <dillaman@redhat.com>
	Tue, 26 Jun 2018 15:41:19 +0000 (11:41 -0400)