From fc5e56b75a97c4652c87e9959aad1c4dec45010d Mon Sep 17 00:00:00 2001 From: Josh Durgin Date: Thu, 23 Apr 2020 00:22:10 -0400 Subject: [PATCH] mon: enforce caps for pre-octopus client tell commands This affects only the commands whitelisted here - in particular injectargs requires write access to the monitors. Signed-off-by: Josh Durgin --- src/mon/Monitor.cc | 56 +++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index a99ef5595307b..f7abdba65ecbf 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -3268,34 +3268,6 @@ void Monitor::handle_command(MonOpRequestRef op) return; } - // compat kludge for legacy clients trying to tell commands that are - // new. see bottom of MonCommands.h. we need to handle both (1) - // pre-octopus clients and (2) octopus clients with a mix of pre-octopus - // and octopus mons. - if ((!HAVE_FEATURE(m->get_connection()->get_features(), SERVER_OCTOPUS) || - monmap->min_mon_release < ceph_release_t::octopus) && - (prefix == "injectargs" || - prefix == "smart" || - prefix == "mon_status" || - prefix == "heap")) { - if (m->get_connection()->get_messenger() == 0) { - // Prior to octopus, monitors might forward these messages - // around. that was broken at baseline, and if we try to process - // this message now, it will assert out when we try to send a - // message in reply from the asok/tell worker (see - // AnonConnection). Just reply with an error. - dout(5) << __func__ << " failing forwarded command from a (presumably) " - << "pre-octopus peer" << dendl; - reply_command( - op, -EBUSY, - "failing forwarded tell command in mixed-version mon cluster", 0); - return; - } - dout(5) << __func__ << " passing command to tell/asok" << dendl; - cct->get_admin_socket()->queue_tell_command(m); - return; - } - string module; string err; @@ -3410,6 +3382,34 @@ void Monitor::handle_command(MonOpRequestRef op) << "entity='" << session->entity_name << "' " << "cmd=" << m->cmd << ": dispatch"; + // compat kludge for legacy clients trying to tell commands that are + // new. see bottom of MonCommands.h. we need to handle both (1) + // pre-octopus clients and (2) octopus clients with a mix of pre-octopus + // and octopus mons. + if ((!HAVE_FEATURE(m->get_connection()->get_features(), SERVER_OCTOPUS) || + monmap->min_mon_release < ceph_release_t::octopus) && + (prefix == "injectargs" || + prefix == "smart" || + prefix == "mon_status" || + prefix == "heap")) { + if (m->get_connection()->get_messenger() == 0) { + // Prior to octopus, monitors might forward these messages + // around. that was broken at baseline, and if we try to process + // this message now, it will assert out when we try to send a + // message in reply from the asok/tell worker (see + // AnonConnection). Just reply with an error. + dout(5) << __func__ << " failing forwarded command from a (presumably) " + << "pre-octopus peer" << dendl; + reply_command( + op, -EBUSY, + "failing forwarded tell command in mixed-version mon cluster", 0); + return; + } + dout(5) << __func__ << " passing command to tell/asok" << dendl; + cct->get_admin_socket()->queue_tell_command(m); + return; + } + if (mon_cmd->is_mgr()) { const auto& hdr = m->get_header(); uint64_t size = hdr.front_len + hdr.middle_len + hdr.data_len; -- 2.39.5