From 6069fa6a55e81e4a2ea48e1528ed4f1ec4ab0f49 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@newdream.net>
Date: Wed, 8 Jun 2011 14:55:00 -0700
Subject: [PATCH] mon: weaken pool creation caps check

Allow a pool creation if we specify an auid but are allowed to create
buckets as anybody.

Signed-off-by: Sage Weil <sage@newdream.net>
---
 src/mon/OSDMonitor.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index 6ccaeefe4acdc..ea205aaafb2a0 100644
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -1880,8 +1880,8 @@ bool OSDMonitor::preprocess_pool_op_create ( MPoolOp *m)
     _pool_op(m, -EPERM, pending_inc.epoch);
     return true;
   }
-  if ((m->auid && !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) ||
-      (!m->auid && !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W))) {
+  if ((m->auid && !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W, m->auid)) &&
+      !session->caps.check_privileges(PAXOS_OSDMAP, MON_CAP_W)) {
     if (session)
       dout(5) << "attempt to create new pool without sufficient auid privileges!"
 	      << "message: " << *m  << std::endl
-- 
2.39.5