From: Greg Farnum Date: Sat, 7 Dec 2013 03:08:13 +0000 (-0800) Subject: Monitor: validate incoming commands against the leader's set too X-Git-Tag: v0.75~125^2~8 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=3cb58f74068021ac10dfc0d5e66a89ab5c1df1c1;p=ceph.git Monitor: validate incoming commands against the leader's set too Then check against our own, and forward if we don't recognize it or for some reason don't match. Signed-off-by: Greg Farnum --- diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index ecee1eb55584..c9e7fe87fea8 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -2044,10 +2044,29 @@ void Monitor::handle_command(MMonCommand *m) get_str_vec(prefix, fullcmd); module = fullcmd[0]; - map param_str_map; - _generate_command_map(cmdmap, param_str_map); + // validate command is in leader map + + const MonCommand *leader_cmd; + leader_cmd = _get_moncommand(prefix, + // the boost underlying this isn't const for some reason + const_cast(leader_supported_mon_commands), + leader_supported_mon_commands_size); + if (!leader_cmd) { + reply_command(m, -EINVAL, "command not known", 0); + return; + } + // validate command is in our map & matches, or forward const MonCommand *mon_cmd = _get_moncommand(prefix, mon_commands, ARRAY_SIZE(mon_commands)); + if (!mon_cmd || + (*leader_cmd != *mon_cmd)) { + dout(10) << "We don't match leader, forwarding request " << m << dendl; + forward_request_leader(m); + return; + } + // validate user's permissions for requested command + map param_str_map; + _generate_command_map(cmdmap, param_str_map); if (!_allowed_command(session, module, prefix, cmdmap, param_str_map, mon_cmd)) { dout(1) << __func__ << " access denied" << dendl;