From 7e2bd2294f4263c41690a54d2d7481bab183cb5a Mon Sep 17 00:00:00 2001 From: Joao Eduardo Luis Date: Tue, 30 Sep 2014 19:15:18 +0100 Subject: [PATCH] mon: Monitor: let 'handle_command()' deal with caps validation If a given client doesn't have the required caps when running a command, it must receive an EACCES or EPERM reply. This is already handled by Monitor::handle_command(), which does an exceptionally good job at it. Therefore, and unlike other messages that do not expect return values, we can't simply drop the message if the client doesn't have the appropriate capabilities, or things can get very weird very fast from the user's perspective. Dropping the message for a command without a reply has roughly the same effect as loss of quorum (timeout, pipes failing) and confusion may ensue from it. Signed-off-by: Joao Eduardo Luis --- src/mon/Monitor.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 83da0b5094f..9b5005d5d16 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -3258,6 +3258,11 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon) paxos_service[PAXOS_LOG]->dispatch((PaxosServiceMessage*)m); break; + // handle_command() does its own caps checking + case MSG_MON_COMMAND: + handle_command(static_cast(m)); + break; + default: dealt_with = false; break; @@ -3287,10 +3292,6 @@ void Monitor::dispatch(MonSession *s, Message *m, const bool src_is_mon) handle_get_version(static_cast(m)); break; - case MSG_MON_COMMAND: - handle_command(static_cast(m)); - break; - case CEPH_MSG_MON_SUBSCRIBE: /* FIXME: check what's being subscribed, filter accordingly */ handle_subscribe(static_cast(m)); -- 2.47.3