]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b7f2791)
mon: allow health, status, log, etc. messages with 'r' cap
authorSage Weil <sage@inktank.com>
Wed, 23 May 2012 01:17:37 +0000 (18:17 -0700)
committerSage Weil <sage@inktank.com>
Wed, 23 May 2012 01:31:47 +0000 (18:31 -0700)
Signed-off-by: Sage Weil <sage@inktank.com>
src/mon/Monitor.cc patch | blob | history

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 638edf6f8a196022b1cc938522f9d6abe3b9a196..14adfc04714838dbd079e751d20bb81dd1d45534 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -1176,7 +1176,9 @@ void Monitor::handle_command(MMonCommand *m)
       return;
     }
     if (m->cmd[0] == "log") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+         !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+         !_allowed_command(session, m->cmd)) {
        r = -EACCES;
        rs = "access denied";
        goto out;
@@ -1231,7 +1233,9 @@ void Monitor::handle_command(MMonCommand *m)
       return;
     }
     if (m->cmd[0] == "status") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+         !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+         !_allowed_command(session, m->cmd)) {
        r = -EACCES;
        rs = "access denied";
        goto out;
@@ -1249,7 +1253,9 @@ void Monitor::handle_command(MMonCommand *m)
       r = 0;
     }
     if (m->cmd[0] == "quorum_status") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+         !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+         !_allowed_command(session, m->cmd)) {
        r = -EACCES;
        rs = "access denied";
        goto out;
@@ -1266,7 +1272,9 @@ void Monitor::handle_command(MMonCommand *m)
       r = 0;
     }
     if (m->cmd[0] == "mon_status") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+         !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+         !_allowed_command(session, m->cmd)) {
        r = -EACCES;
        rs = "access denied";
        goto out;
@@ -1277,7 +1285,9 @@ void Monitor::handle_command(MMonCommand *m)
       r = 0;
     }
     if (m->cmd[0] == "health") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+         !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+         !_allowed_command(session, m->cmd)) {
        r = -EACCES;
        rs = "access denied";
        goto out;
Unnamed repository; edit this file 'description' to name the repository.