From: Sage Weil <sage@inktank.com>
Date: Wed, 23 May 2012 01:29:52 +0000 (-0700)
Subject: mon: restrict mon 'join' message/command
X-Git-Tag: v0.48argonaut~151^2~27^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=311a23ce85ab0e73b83093ca9b6669d391fd6e3d;p=ceph.git

mon: restrict mon 'join' message/command

Signed-off-by: Sage Weil <sage@inktank.com>
---

diff --git a/src/mon/MonmapMonitor.cc b/src/mon/MonmapMonitor.cc
index 1b84e463b13..ec5b0e3873d 100644
--- a/src/mon/MonmapMonitor.cc
+++ b/src/mon/MonmapMonitor.cc
@@ -355,6 +355,15 @@ bool MonmapMonitor::preprocess_join(MMonJoin *join)
 {
   dout(10) << "preprocess_join " << join->name << " at " << join->addr << dendl;
 
+  MonSession *session = join->get_session();
+  if (!session ||
+      (!session->caps.get_allow_all() &&
+       !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_ALL))) {
+    dout(10) << " insufficient caps" << dendl;
+    join->put();
+    return true;
+  }
+
   if (pending_map.contains(join->name) && !pending_map.get_addr(join->name).is_blank_ip()) {
     dout(10) << " already have " << join->name << dendl;
     join->put();