From: Joao Eduardo Luis Date: Tue, 30 Sep 2014 18:15:18 +0000 (+0100) Subject: mon: Monitor: let 'handle_command()' deal with caps validation X-Git-Tag: v0.87~41^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7e2bd2294f4263c41690a54d2d7481bab183cb5a;p=ceph.git mon: Monitor: let 'handle_command()' deal with caps validation If a given client doesn't have the required caps when running a command, it must receive an EACCES or EPERM reply. This is already handled by Monitor::handle_command(), which does an exceptionally good job at it. Therefore, and unlike other messages that do not expect return values, we can't simply drop the message if the client doesn't have the appropriate capabilities, or things can get very weird very fast from the user's perspective. Dropping the message for a command without a reply has roughly the same effect as loss of quorum (timeout, pipes failing) and confusion may ensue from it. Signed-off-by: Joao Eduardo Luis --- diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 83da0b5094f8..9b5005d5d167 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -3258,6 +3258,11 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon) paxos_service[PAXOS_LOG]->dispatch((PaxosServiceMessage*)m); break; + // handle_command() does its own caps checking + case MSG_MON_COMMAND: + handle_command(static_cast(m)); + break; + default: dealt_with = false; break; @@ -3287,10 +3292,6 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon) handle_get_version(static_cast(m)); break; - case MSG_MON_COMMAND: - handle_command(static_cast(m)); - break; - case CEPH_MSG_MON_SUBSCRIBE: /* FIXME: check what's being subscribed, filter accordingly */ handle_subscribe(static_cast(m));