From ffa7e70c87547492c87318fcbc2e4a24f0ae784e Mon Sep 17 00:00:00 2001
From: Kefu Chai <kchai@redhat.com>
Date: Tue, 19 Nov 2019 10:44:16 +0800
Subject: [PATCH] mon: check cap before executing tell command

tell command is sent from a client from network, we need to authorize
the cap of client before executing the command sent by it.

in this change, the check for `session->caps.is_allow_all()` is removed,
because

- simpler this way
- `session->caps.is_capable()` also check it, and this code path is
  not a critical path, so no need for trading the simplicity for
  performance here.

Signed-off-by: Kefu Chai <kchai@redhat.com>
---
 src/mon/Monitor.cc | 39 ++++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 21 deletions(-)

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index b96f1071220..5baa2c9b551 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3180,27 +3180,24 @@ void Monitor::handle_tell_command(MonOpRequestRef op)
     dout(5) << __func__ << " dropping stray message " << *m << dendl;
     return;
   }
-  if (!session->caps.is_allow_all()) {
-    // see if command is whitelisted
-    cmdmap_t cmdmap;
-    stringstream ss;
-    if (!cmdmap_from_json(m->cmd, &cmdmap, ss)) {
-      return reply_tell_command(op, -EINVAL, ss.str());
-    }
-    map<string,string> param_str_map;
-    _generate_command_map(cmdmap, param_str_map);
-    string prefix;
-    if (!cmd_getval(g_ceph_context, cmdmap, "prefix", prefix)) {
-      return reply_tell_command(op, -EINVAL, "no prefix");
-    }
-    if (!session->caps.is_capable(
-	  g_ceph_context,
-	  session->entity_name,
-	  "mon", prefix, param_str_map,
-	  true, true, true,
-	  session->get_peer_socket_addr())) {
-      return reply_tell_command(op, -EACCES, "insufficient caps");
-    }
+  cmdmap_t cmdmap;
+  if (stringstream ss; !cmdmap_from_json(m->cmd, &cmdmap, ss)) {
+    return reply_tell_command(op, -EINVAL, ss.str());
+  }
+  map<string,string> param_str_map;
+  _generate_command_map(cmdmap, param_str_map);
+  string prefix;
+  if (!cmd_getval(g_ceph_context, cmdmap, "prefix", prefix)) {
+    return reply_tell_command(op, -EINVAL, "no prefix");
+  }
+  // see if command is whitelisted
+  if (!session->caps.is_capable(
+      g_ceph_context,
+      session->entity_name,
+      "mon", prefix, param_str_map,
+      true, true, true,
+      session->get_peer_socket_addr())) {
+    return reply_tell_command(op, -EACCES, "insufficient caps");
   }
   // pass it to asok
   cct->get_admin_socket()->queue_tell_command(m);
-- 
2.39.5