// lookup command
const MonCommand *mgr_cmd = _get_mgrcommand(prefix, mgr_commands);
_generate_command_map(cmdctx->cmdmap, param_str_map);
+
+ bool is_allowed;
if (!mgr_cmd) {
MonCommand py_command = {"", "", "py", "rw", "cli"};
- if (!_allowed_command(session.get(), py_command.module, prefix, cmdctx->cmdmap,
- param_str_map, &py_command)) {
- dout(1) << " access denied" << dendl;
- ss << "access denied; does your client key have mgr caps?"
- " See http://docs.ceph.com/docs/master/mgr/administrator/#client-authentication";
- cmdctx->reply(-EACCES, ss);
- return true;
- }
+ is_allowed = _allowed_command(session.get(), py_command.module,
+ prefix, cmdctx->cmdmap, param_str_map, &py_command);
} else {
// validate user's permissions for requested command
- if (!_allowed_command(session.get(), mgr_cmd->module, prefix, cmdctx->cmdmap,
- param_str_map, mgr_cmd)) {
+ is_allowed = _allowed_command(session.get(), mgr_cmd->module,
+ prefix, cmdctx->cmdmap, param_str_map, mgr_cmd);
+ }
+ if (!is_allowed) {
dout(1) << " access denied" << dendl;
audit_clog->info() << "from='" << session->inst << "' "
<< "entity='" << session->entity_name << "' "
<< "cmd=" << m->cmd << ": access denied";
- ss << "access denied' does your client key have mgr caps?"
- " See http://docs.ceph.com/docs/master/mgr/administrator/#client-authentication";
+ ss << "access denied' does your client key have mgr caps? "
+ "See http://docs.ceph.com/docs/master/mgr/administrator/"
+ "#client-authentication";
cmdctx->reply(-EACCES, ss);
return true;
- }
}
audit_clog->debug()
projects / ceph.git / commitdiff