mon: Monitor: let 'handle_command()' deal with caps validation

If a given client doesn't have the required caps when running a command,
it must receive an EACCES or EPERM reply.  This is already handled by
Monitor::handle_command(), which does an exceptionally good job at it.

Therefore, and unlike other messages that do not expect return values,
we can't simply drop the message if the client doesn't have the
appropriate capabilities, or things can get very weird very fast from
the user's perspective.  Dropping the message for a command without a
reply has roughly the same effect as loss of quorum (timeout, pipes
failing) and confusion may ensue from it.

Signed-off-by: Joao Eduardo Luis <joao@redhat.com>

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 83da0b5094f83ad08d1ef59642b5b9bb7ead5b73..9b5005d5d16710992e954c7e762f802a6295c6be 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3258,6 +3258,11 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon)
       paxos_service[PAXOS_LOG]->dispatch((PaxosServiceMessage*)m);
       break;
 
+    // handle_command() does its own caps checking
+    case MSG_MON_COMMAND:
+      handle_command(static_cast<MMonCommand*>(m));
+      break;
+
     default:
       dealt_with = false;
       break;
@@ -3287,10 +3292,6 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon)
       handle_get_version(static_cast<MMonGetVersion*>(m));
       break;
 
-    case MSG_MON_COMMAND:
-      handle_command(static_cast<MMonCommand*>(m));
-      break;
-
     case CEPH_MSG_MON_SUBSCRIBE:
       /* FIXME: check what's being subscribed, filter accordingly */
       handle_subscribe(static_cast<MMonSubscribe*>(m));