From: John Spray Date: Mon, 16 Nov 2015 10:57:56 +0000 (+0000) Subject: mon: don't require OSD W for MRemoveSnaps X-Git-Tag: v10.0.1~3^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F6601%2Fhead;p=ceph.git mon: don't require OSD W for MRemoveSnaps Use ability to execute "osd pool rmsnap" command as a signal that the client should be permitted to send MRemoveSnaps too. Note that we don't also require the W ability, unlike Monitor::_allowed_command -- this is slightly more permissive handling, but anyone crafting caps that explicitly permit "osd pool rmsnap" needs to know what they are doing. Fixes: #13777 Signed-off-by: John Spray --- diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc index 989893b20269..a2540b56411c 100644 --- a/src/mon/MonCap.cc +++ b/src/mon/MonCap.cc @@ -134,6 +134,8 @@ void MonCapGrant::expand_profile(EntityName name) const profile_grants.push_back(MonCapGrant("mds", MON_CAP_ALL)); profile_grants.push_back(MonCapGrant("mon", MON_CAP_R)); profile_grants.push_back(MonCapGrant("osd", MON_CAP_R)); + // This command grant is checked explicitly in MRemoveSnaps handling + profile_grants.push_back(MonCapGrant("osd pool rmsnap")); profile_grants.push_back(MonCapGrant("log", MON_CAP_W)); } if (profile == "osd" || profile == "mds" || profile == "mon") { diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc index ca10faad6508..040332c823a3 100644 --- a/src/mon/OSDMonitor.cc +++ b/src/mon/OSDMonitor.cc @@ -2278,7 +2278,8 @@ bool OSDMonitor::preprocess_remove_snaps(MonOpRequestRef op) MonSession *session = m->get_session(); if (!session) goto ignore; - if (!session->is_capable("osd", MON_CAP_R | MON_CAP_W)) { + if (!session->caps.is_capable(g_ceph_context, session->entity_name, + "osd", "osd pool rmsnap", {}, true, true, false)) { dout(0) << "got preprocess_remove_snaps from entity with insufficient caps " << session->caps << dendl; goto ignore;