From: Sage Weil <sage@inktank.com>
Date: Wed, 23 May 2012 01:17:37 +0000 (-0700)
Subject: mon: allow health, status, log, etc. messages with 'r' cap
X-Git-Tag: v0.48argonaut~151^2~27^2~6
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=880e86b29cd9f7b999e55ef1a356e39ece5fa409;p=ceph.git

mon: allow health, status, log, etc. messages with 'r' cap

Signed-off-by: Sage Weil <sage@inktank.com>
---

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 638edf6f8a196..14adfc0471483 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -1176,7 +1176,9 @@ void Monitor::handle_command(MMonCommand *m)
       return;
     }
     if (m->cmd[0] == "log") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+	  !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+	  !_allowed_command(session, m->cmd)) {
 	r = -EACCES;
 	rs = "access denied";
 	goto out;
@@ -1231,7 +1233,9 @@ void Monitor::handle_command(MMonCommand *m)
       return;
     }
     if (m->cmd[0] == "status") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+	  !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+	  !_allowed_command(session, m->cmd)) {
 	r = -EACCES;
 	rs = "access denied";
 	goto out;
@@ -1249,7 +1253,9 @@ void Monitor::handle_command(MMonCommand *m)
       r = 0;
     }
     if (m->cmd[0] == "quorum_status") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+	  !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+	  !_allowed_command(session, m->cmd)) {
 	r = -EACCES;
 	rs = "access denied";
 	goto out;
@@ -1266,7 +1272,9 @@ void Monitor::handle_command(MMonCommand *m)
       r = 0;
     }
     if (m->cmd[0] == "mon_status") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+	  !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+	  !_allowed_command(session, m->cmd)) {
 	r = -EACCES;
 	rs = "access denied";
 	goto out;
@@ -1277,7 +1285,9 @@ void Monitor::handle_command(MMonCommand *m)
       r = 0;
     }
     if (m->cmd[0] == "health") {
-      if (!session->caps.get_allow_all() && !_allowed_command(session, m->cmd)) {
+      if (!session->caps.get_allow_all() &&
+	  !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_R) &&
+	  !_allowed_command(session, m->cmd)) {
 	r = -EACCES;
 	rs = "access denied";
 	goto out;