void ConfigMonitor::check_sub(MonSession *s)
{
- if (!s->is_capable(s->entity_name.get_type_str(), MON_CAP_R)) {
- dout(20) << __func__ << " not capable for " << s->entity_name << " with "
- << s->caps << dendl;
+ if (!s->authenticated) {
+ dout(20) << __func__ << " not authenticated " << s->entity_name << dendl;
return;
}
auto p = s->sub_map.find("config");
case CEPH_MSG_MON_METADATA:
return handle_mon_metadata(op);
+
+ case CEPH_MSG_MON_SUBSCRIBE:
+ /* FIXME: check what's being subscribed, filter accordingly */
+ handle_subscribe(op);
+ return;
}
/* well, maybe the op belongs to a service... */
case CEPH_MSG_MON_GET_VERSION:
handle_get_version(op);
return;
-
- case CEPH_MSG_MON_SUBSCRIBE:
- /* FIXME: check what's being subscribed, filter accordingly */
- handle_subscribe(op);
- return;
}
if (!op->is_src_mon()) {
for (map<string,ceph_mon_subscribe_item>::iterator p = m->what.begin();
p != m->what.end();
++p) {
+ if (p->first == "monmap" || p->first == "config") {
+ // these require no caps
+ } else if (!s->is_capable("mon", MON_CAP_R)) {
+ dout(5) << __func__ << " " << op->get_req()->get_source_inst()
+ << " not enough caps for " << *(op->get_req()) << " -- dropping"
+ << dendl;
+ continue;
+ }
+
// if there are any non-onetime subscriptions, we need to reply to start the resubscribe timer
if ((p->second.flags & CEPH_SUBSCRIBE_ONETIME) == 0)
reply = true;
projects / ceph.git / commitdiff