diff options
author | Joao Eduardo Luis <joao.luis@inktank.com> | 2013-07-28 19:32:49 +0100 |
---|---|---|
committer | Joao Eduardo Luis <joao.luis@inktank.com> | 2013-08-06 13:59:33 -0700 |
commit | 612444a887a441fb32cbfc966feaea281ed4b193 (patch) | |
tree | 5056b27f5c1e6c98b484d0db1f279f669cdc19c6 | |
parent | 2071af2ff05136b44416e52fc3e82a6ed421d31a (diff) | |
download | ceph-612444a887a441fb32cbfc966feaea281ed4b193.tar.gz |
mon: services: no longer needed to enforce caps on a per-service basis
We now perform all perm checks for commands on Monitor::handle_command().
Services no longer need to check them.
Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>
-rw-r--r-- | src/mon/AuthMonitor.cc | 6 | ||||
-rw-r--r-- | src/mon/LogMonitor.cc | 4 | ||||
-rw-r--r-- | src/mon/MDSMonitor.cc | 8 | ||||
-rw-r--r-- | src/mon/Monitor.cc | 1 | ||||
-rw-r--r-- | src/mon/MonmapMonitor.cc | 8 | ||||
-rw-r--r-- | src/mon/OSDMonitor.cc | 8 | ||||
-rw-r--r-- | src/mon/PGMonitor.cc | 8 |
7 files changed, 12 insertions, 31 deletions
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 629451b5eac..63bcbb1ef03 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -546,8 +546,7 @@ bool AuthMonitor::preprocess_command(MMonCommand *m) } MonSession *session = m->get_session(); - if (!session || - (!mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } @@ -696,8 +695,7 @@ bool AuthMonitor::prepare_command(MMonCommand *m) boost::scoped_ptr<Formatter> f(new_formatter(format)); MonSession *session = m->get_session(); - if (!session || - (!mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } diff --git a/src/mon/LogMonitor.cc b/src/mon/LogMonitor.cc index cab49060082..47f56bebee4 100644 --- a/src/mon/LogMonitor.cc +++ b/src/mon/LogMonitor.cc @@ -362,9 +362,7 @@ bool LogMonitor::prepare_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("log", MON_CAP_W) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } diff --git a/src/mon/MDSMonitor.cc b/src/mon/MDSMonitor.cc index d89cc412912..9988d8c8402 100644 --- a/src/mon/MDSMonitor.cc +++ b/src/mon/MDSMonitor.cc @@ -554,9 +554,7 @@ bool MDSMonitor::preprocess_command(MMonCommand *m) boost::scoped_ptr<Formatter> f(new_formatter(format)); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("mds", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } @@ -768,9 +766,7 @@ bool MDSMonitor::prepare_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("mds", MON_CAP_W) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 4fc0c999340..e227bf823ab 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -2019,6 +2019,7 @@ void Monitor::handle_command(MMonCommand *m) if (!_allowed_command(session, module, prefix, cmdmap)) { dout(1) << __func__ << " access denied" << dendl; reply_command(m, -EACCES, "access denied", 0); + return; } if (module == "mds") { diff --git a/src/mon/MonmapMonitor.cc b/src/mon/MonmapMonitor.cc index 5ec1583b82f..799f19df154 100644 --- a/src/mon/MonmapMonitor.cc +++ b/src/mon/MonmapMonitor.cc @@ -164,9 +164,7 @@ bool MonmapMonitor::preprocess_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("mon", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } @@ -276,9 +274,7 @@ bool MonmapMonitor::prepare_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("mon", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc index c6db052a591..e58b3c2082e 100644 --- a/src/mon/OSDMonitor.cc +++ b/src/mon/OSDMonitor.cc @@ -1949,9 +1949,7 @@ bool OSDMonitor::preprocess_command(MMonCommand *m) } MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("osd", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } @@ -2595,9 +2593,7 @@ bool OSDMonitor::prepare_command(MMonCommand *m) boost::scoped_ptr<Formatter> f(new_formatter(format)); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("osd", MON_CAP_W) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } diff --git a/src/mon/PGMonitor.cc b/src/mon/PGMonitor.cc index 93b0b0b3828..3546e9fb433 100644 --- a/src/mon/PGMonitor.cc +++ b/src/mon/PGMonitor.cc @@ -1323,9 +1323,7 @@ bool PGMonitor::preprocess_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("pg", MON_CAP_R) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", rdata, get_last_committed()); return true; } @@ -1571,9 +1569,7 @@ bool PGMonitor::prepare_command(MMonCommand *m) cmd_getval(g_ceph_context, cmdmap, "prefix", prefix); MonSession *session = m->get_session(); - if (!session || - (!session->is_capable("pg", MON_CAP_W) && - !mon->_allowed_command(session, cmdmap))) { + if (!session) { mon->reply_command(m, -EACCES, "access denied", get_last_committed()); return true; } |