From: Greg Farnum <gregf@hq.newdream.net>
Date: Mon, 22 Mar 2010 20:28:01 +0000 (-0700)
Subject: mon: stat requests use caps->check_privileges instead of a macro
X-Git-Tag: v0.20~220
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=aeab0f650e6d6b8699af70856f58bff191f37df2;p=ceph.git

mon: stat requests use caps->check_privileges instead of a macro
---

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index eb0ceea9e032..d862a238df44 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -649,7 +649,6 @@ do { \
     case CEPH_MSG_STATFS:
     case MSG_PGSTATS:
     case MSG_GETPOOLSTATS:
-      ALLOW_CAPS(PAXOS_PGMAP, MON_CAP_R);
       fill_caps(m);
       paxos_service[PAXOS_PGMAP]->dispatch((PaxosServiceMessage*)m);
       break;
diff --git a/src/mon/PGMonitor.cc b/src/mon/PGMonitor.cc
index ebee606a60b6..900cb3a24e66 100644
--- a/src/mon/PGMonitor.cc
+++ b/src/mon/PGMonitor.cc
@@ -207,6 +207,12 @@ void PGMonitor::committed()
 
 void PGMonitor::handle_statfs(MStatfs *statfs)
 {
+  //check caps
+  if(!statfs->caps->check_privileges(PAXOS_PGMAP, MON_CAP_R)) {
+    dout(0) << "MStatfs received from entity with insufficient privileges "
+	    << *statfs->caps << dendl;
+    goto out;
+  }
   MStatfsReply *reply;
 
   dout(10) << "handle_statfs " << *statfs << " from " << statfs->get_orig_source() << dendl;
@@ -233,9 +239,14 @@ void PGMonitor::handle_statfs(MStatfs *statfs)
 
 bool PGMonitor::preprocess_getpoolstats(MGetPoolStats *m)
 {
-  dout(10) << "preprocess_getpoolstats " << *m << dendl;
   MGetPoolStatsReply *reply;
 
+  if (!m->caps->check_privileges(PAXOS_PGMAP, MON_CAP_R)) {
+    dout(0) << "MGetPoolStats received from entity with insufficient caps "
+	    << *m->caps << dendl;
+    goto out;
+  }
+
   if (ceph_fsid_compare(&m->fsid, &mon->monmap->fsid)) {
     dout(0) << "preprocess_getpoolstats on fsid " << m->fsid << " != " << mon->monmap->fsid << dendl;
     goto out;
@@ -267,6 +278,12 @@ bool PGMonitor::preprocess_pg_stats(MPGStats *stats)
 {
   int from = stats->get_orig_source().num();
 
+  //check caps
+  if (!stats->caps->check_privileges(PAXOS_PGMAP, MON_CAP_R)) {
+    dout(0) << "MPGStats received from entity with insufficient privileges "
+	    << *stats->caps << dendl;
+    goto out;
+  }
   // first, just see if they need a new osdmap.  but 
   // only if they've had the map for a while.
   if (stats->had_map_for > 30.0 && 
@@ -294,7 +311,7 @@ bool PGMonitor::preprocess_pg_stats(MPGStats *stats)
        p++)
     ack->pg_stat[p->first] = p->second.reported;
   mon->send_reply(stats, ack);
-
+ out:
   delete stats;
   return true;
 }