]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8612461)
mon: Monitor: match command module caps against what's on MonCommands.h
authorJoao Eduardo Luis <joao@redhat.com>
Tue, 23 Sep 2014 23:33:57 +0000 (00:33 +0100)
committerJoao Eduardo Luis <joao@redhat.com>
Fri, 3 Oct 2014 15:24:19 +0000 (16:24 +0100)
We were checking the command's permissions against what we perceived as
the 'module' from parsing the command's "prefix" (specified by the
client).  This caused troubles with cap checks for commands without a
submodule clearly defined, such as 'status' or 'health' (vs 'mon dump'
or 'osd pool set', which are of submodule 'mon' and 'osd' respectively).

As such, we now grab the command's submodule (right now solely for caps
checks) from the monitor's internal representation of the commands
(defined in mon/MonCommands.h and built at compile time and stashed in
'mon_commands').  Given that commands such as 'health', 'fsid' or
'status' have properly defined modules in MonCommands.h, we simply rely
on that representation for all commands.  Which is what we should have
been doing from the start anyway, because we shouldn't be relying on the
client to point us to what we want to authenticate against.

Backport: firefly

Signed-off-by: Joao Eduardo Luis <joao@redhat.com>
src/mon/Monitor.cc patch | blob | history

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 84c66466e08bdfc6f470d47b81700739c9654fa0..58267fe05f858d300af09eaebda32a4af951007a 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -2481,6 +2481,13 @@ void Monitor::handle_command(MMonCommand *m)
     forward_request_leader(m);
     return;
   }
+  
+  /* what we perceive as being the service the command falls under */
+  string service(mon_cmd->module);
+
+  dout(25) << __func__ << " prefix='" << prefix
+           << "' module='" << module
+           << "' service='" << service << "'" << dendl;
 
   bool cmd_is_rw =
     (mon_cmd->requires_perm('w') || mon_cmd->requires_perm('x'));
@@ -2488,7 +2495,7 @@ void Monitor::handle_command(MMonCommand *m)
   // validate user's permissions for requested command
   map<string,string> param_str_map;
   _generate_command_map(cmdmap, param_str_map);
-  if (!_allowed_command(session, module, prefix, cmdmap,
+  if (!_allowed_command(session, service, prefix, cmdmap,
                         param_str_map, mon_cmd)) {
     dout(1) << __func__ << " access denied" << dendl;
     (cmd_is_rw ? audit_clog->info() : audit_clog->debug())
Unnamed repository; edit this file 'description' to name the repository.