From: Greg Farnum <gregf@hq.newdream.net>
Date: Tue, 23 Mar 2010 00:06:28 +0000 (-0700)
Subject: mon: MRoutes are now checked by check_privileges instead of a macro
X-Git-Tag: v0.20~211
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=99172e27766c464dd0227763a2a2df46e2745dc0;p=ceph.git

mon: MRoutes are now checked by check_privileges instead of a macro
---

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 5e7f44b56210..d3f213bcdb59 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -440,6 +440,15 @@ void Monitor::send_reply(PaxosServiceMessage *req, Message *reply, entity_inst_t
 
 void Monitor::handle_route(MRoute *m)
 {
+  Session *session = (Session *)m->get_connection()->get_priv();
+  //check privileges
+  if (session && !session->caps.check_privileges(PAXOS_MONMAP, MON_CAP_X)) {
+    dout(0) << "MRoute received from entity without appropriate perms! "
+	    << dendl;
+    session->put();
+    delete m;
+    return;
+  }
   dout(10) << "handle_route " << *m->msg << " to " << m->dest << dendl;
   
   // look it up
@@ -457,6 +466,7 @@ void Monitor::handle_route(MRoute *m)
     m->msg = NULL;
   }
   delete m;
+  if (session) session->put();
 }
 
 void Monitor::resend_routed_requests()
@@ -621,7 +631,6 @@ do { \
     switch (m->get_type()) {
       
     case MSG_ROUTE:
-      ALLOW_MESSAGES_FROM(CEPH_ENTITY_TYPE_MON);
       handle_route((MRoute*)m);
       break;