mon: require admin privs to issue any monitor commands

This is overkill, but a first step before pushing caps enforcement down
into each subfunction that processes monitor commands.

Fixes: #2443
Signed-off-by: Sage Weil <sage@inktank.com>

diff --git a/src/mon/MonCaps.h b/src/mon/MonCaps.h
index b6dfef88c0dc99dbe9d87ca157bc0e717ec9da27..ca56b666a367848d2ee56c834cffd478d841f530 100644 (file)
--- a/src/mon/MonCaps.h
+++ b/src/mon/MonCaps.h
@@ -92,6 +92,10 @@ public:
   void set_allow_all(bool allow) { allow_all = allow; }
   void set_auid(uint64_t uid) { auid = uid; }
 
+  bool get_allow_all() const {
+    return allow_all;
+  }
+
   void encode(bufferlist& bl) const;
   void decode(bufferlist::iterator& bl);
   void dump(Formatter *f) const;

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 18417eaed03fbe99ded515c322b1884f83146605..d30fb5f3a869cc591684cd155fd2f83967404e98 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -999,9 +999,6 @@ void Monitor::finish_election()
 
 bool Monitor::_allowed_command(MonSession *s, const vector<string>& cmd)
 {
-  if (s->caps.check_privileges(PAXOS_MONMAP, MON_CAP_ALL))
-    return true;
-
   for (list<list<string> >::iterator p = s->caps.cmd_allow.begin();
        p != s->caps.cmd_allow.end();
        ++p) {
@@ -1124,7 +1121,9 @@ void Monitor::handle_command(MMonCommand *m)
   }
 
   MonSession *session = m->get_session();
-  if (!session || !_allowed_command(session, m->cmd)) {
+  if (!session ||
+      (!session->caps.get_allow_all() &&
+       !_allowed_command(session, m->cmd))) {
     string rs = "Access denied";
     reply_command(m, -EACCES, rs, 0);
     return;