From: Sage Weil <sage@inktank.com>
Date: Wed, 23 May 2012 00:34:55 +0000 (-0700)
Subject: mon: require admin privs to issue any monitor commands
X-Git-Tag: v0.48argonaut~151^2~27^2~10
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c43c7744a5479a0c751599d5cd8791af7b5502c3;p=ceph.git

mon: require admin privs to issue any monitor commands

This is overkill, but a first step before pushing caps enforcement down
into each subfunction that processes monitor commands.

Fixes: #2443
Signed-off-by: Sage Weil <sage@inktank.com>
---

diff --git a/src/mon/MonCaps.h b/src/mon/MonCaps.h
index b6dfef88c0dc..ca56b666a367 100644
--- a/src/mon/MonCaps.h
+++ b/src/mon/MonCaps.h
@@ -92,6 +92,10 @@ public:
   void set_allow_all(bool allow) { allow_all = allow; }
   void set_auid(uint64_t uid) { auid = uid; }
 
+  bool get_allow_all() const {
+    return allow_all;
+  }
+
   void encode(bufferlist& bl) const;
   void decode(bufferlist::iterator& bl);
   void dump(Formatter *f) const;
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 18417eaed03f..d30fb5f3a869 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -999,9 +999,6 @@ void Monitor::finish_election()
 
 bool Monitor::_allowed_command(MonSession *s, const vector<string>& cmd)
 {
-  if (s->caps.check_privileges(PAXOS_MONMAP, MON_CAP_ALL))
-    return true;
-
   for (list<list<string> >::iterator p = s->caps.cmd_allow.begin();
        p != s->caps.cmd_allow.end();
        ++p) {
@@ -1124,7 +1121,9 @@ void Monitor::handle_command(MMonCommand *m)
   }
 
   MonSession *session = m->get_session();
-  if (!session || !_allowed_command(session, m->cmd)) {
+  if (!session ||
+      (!session->caps.get_allow_all() &&
+       !_allowed_command(session, m->cmd))) {
     string rs = "Access denied";
     reply_command(m, -EACCES, rs, 0);
     return;