From: Joao Eduardo Luis Date: Sun, 28 Jul 2013 18:32:49 +0000 (+0100) Subject: mon: services: no longer needed to enforce caps on a per-service basis X-Git-Tag: v0.68~96^2~4 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=612444a887a441fb32cbfc966feaea281ed4b193;p=ceph.git mon: services: no longer needed to enforce caps on a per-service basis We now perform all perm checks for commands on Monitor::handle_command(). Services no longer need to check them. Signed-off-by: Joao Eduardo Luis --- diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 629451b5eac7..63bcbb1ef036 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -546,8 +546,7 @@ bool AuthMonitor::preprocess_command(MMonCommand *m) } MonSession *session = m->get_session(); - if (!session || - (!mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } @@ -696,8 +695,7 @@ bool AuthMonitor::prepare_command(MMonCommand *m) boost::scoped_ptr f(new_formatter(format)); MonSession *session = m->get_session(); - if (!session || - (!mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } diff --git a/src/mon/LogMonitor.cc b/src/mon/LogMonitor.cc index cab490600820..47f56bebee4f 100644 --- a/src/mon/LogMonitor.cc +++ b/src/mon/LogMonitor.cc @@ -362,9 +362,7 @@ bool LogMonitor::prepare_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("log", MON_CAP_W) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } diff --git a/src/mon/MDSMonitor.cc b/src/mon/MDSMonitor.cc index d89cc4129125..9988d8c84028 100644 --- a/src/mon/MDSMonitor.cc +++ b/src/mon/MDSMonitor.cc @@ -554,9 +554,7 @@ bool MDSMonitor::preprocess_command(MMonCommand *m) boost::scoped_ptr f(new_formatter(format)); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("mds", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } @@ -768,9 +766,7 @@ bool MDSMonitor::prepare_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("mds", MON_CAP_W) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 4fc0c999340b..e227bf823abd 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -2019,6 +2019,7 @@ void Monitor::handle_command(MMonCommand *m) if (!_allowed_command(session, module, prefix, cmdmap)) { dout(1) << __func__ << " access denied" << dendl; reply_command(m, -EACCES, "access denied", 0); + return; } if (module == "mds") { diff --git a/src/mon/MonmapMonitor.cc b/src/mon/MonmapMonitor.cc index 5ec1583b82f6..799f19df1545 100644 --- a/src/mon/MonmapMonitor.cc +++ b/src/mon/MonmapMonitor.cc @@ -164,9 +164,7 @@ bool MonmapMonitor::preprocess_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("mon", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } @@ -276,9 +274,7 @@ bool MonmapMonitor::prepare_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("mon", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc index c6db052a591f..e58b3c2082e1 100644 --- a/src/mon/OSDMonitor.cc +++ b/src/mon/OSDMonitor.cc @@ -1949,9 +1949,7 @@ bool OSDMonitor::preprocess_command(MMonCommand *m) } MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("osd", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } @@ -2595,9 +2593,7 @@ bool OSDMonitor::prepare_command(MMonCommand *m) boost::scoped_ptr f(new_formatter(format)); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("osd", MON_CAP_W) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } diff --git a/src/mon/PGMonitor.cc b/src/mon/PGMonitor.cc index 93b0b0b3828c..3546e9fb4330 100644 --- a/src/mon/PGMonitor.cc +++ b/src/mon/PGMonitor.cc @@ -1323,9 +1323,7 @@ bool PGMonitor::preprocess_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("pg", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } @@ -1571,9 +1569,7 @@ bool PGMonitor::prepare_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("pg", MON_CAP_W) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; }