From: Jason Dillaman <dillaman@redhat.com>
Date: Thu, 21 Jun 2018 01:30:47 +0000 (-0400)
Subject: mon/OSDMonitor: enforce caps for all remaining pool ops
X-Git-Tag: v12.2.6~2^2~3
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=877a319a4e9e328b2954c210d1bc6da29931dc31;p=ceph.git

mon/OSDMonitor: enforce caps for all remaining pool ops

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
(cherry picked from commit 61c06200fe59996bba2bb65fc402207bc10fd459)
(cherry picked from commit fb4526690ccd29f1a03d3cd7e5484b9e2191b04b)
---

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 54529acceb7..f8efabb0399 100644
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -11670,6 +11670,13 @@ bool OSDMonitor::enforce_pool_op_caps(MonOpRequestRef op)
     }
     break;
   default:
+    if (!session->is_capable("osd", MON_CAP_W)) {
+      dout(0) << "got pool op from entity with insufficient privileges. "
+              << "message: " << *m  << std::endl
+              << "caps: " << session->caps << dendl;
+      _pool_op_reply(op, -EPERM, osdmap.get_epoch());
+      return true;
+    }
     break;
   }
 
@@ -11764,19 +11771,6 @@ bool OSDMonitor::preprocess_pool_op_create(MonOpRequestRef op)
 {
   op->mark_osdmon_event(__func__);
   MPoolOp *m = static_cast<MPoolOp*>(op->get_req());
-  MonSession *session = m->get_session();
-  if (!session) {
-    _pool_op_reply(op, -EPERM, osdmap.get_epoch());
-    return true;
-  }
-  if (!session->is_capable("osd", MON_CAP_W)) {
-    dout(5) << "attempt to create new pool without sufficient auid privileges!"
-	    << "message: " << *m  << std::endl
-	    << "caps: " << session->caps << dendl;
-    _pool_op_reply(op, -EPERM, osdmap.get_epoch());
-    return true;
-  }
-
   int64_t pool = osdmap.lookup_pg_pool_name(m->name.c_str());
   if (pool >= 0) {
     _pool_op_reply(op, 0, osdmap.get_epoch());