From de67c1dab5597c91538970421b25f6ec667af492 Mon Sep 17 00:00:00 2001 From: Josh Durgin Date: Mon, 4 May 2020 17:03:35 -0400 Subject: [PATCH 1/3] mgr: require all caps for pre-octopus tell commands This matches the requirements for admin socket commands sent via tell elsewhere. Signed-off-by: Josh Durgin Upstream-status: Backport [https://github.com/ceph/ceph/commit/347003e13167c428187a5450517850f4d85e09ad] Signed-off-by: Liu Haitao --- src/mgr/DaemonServer.cc | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) diff --git a/src/mgr/DaemonServer.cc b/src/mgr/DaemonServer.cc index becd428a..527326e3 100644 --- a/src/mgr/DaemonServer.cc +++ b/src/mgr/DaemonServer.cc @@ -808,20 +808,12 @@ public: bool DaemonServer::handle_command(const ref_t& m) { std::lock_guard l(lock); - // a blank fsid in MCommand signals a legacy client sending a "mon-mgr" CLI - // command. - if (m->fsid != uuid_d()) { - cct->get_admin_socket()->queue_tell_command(m); + auto cmdctx = std::make_shared(m); + try { + return _handle_command(cmdctx); + } catch (const bad_cmd_get& e) { + cmdctx->reply(-EINVAL, e.what()); return true; - } else { - // legacy client; send to CLI processing - auto cmdctx = std::make_shared(m); - try { - return _handle_command(cmdctx); - } catch (const bad_cmd_get& e) { - cmdctx->reply(-EINVAL, e.what()); - return true; - } } } @@ -853,8 +845,12 @@ bool DaemonServer::_handle_command( std::shared_ptr& cmdctx) { MessageRef m; + bool admin_socket_cmd = false; if (cmdctx->m_tell) { m = cmdctx->m_tell; + // a blank fsid in MCommand signals a legacy client sending a "mon-mgr" CLI + // command. + admin_socket_cmd = (cmdctx->m_tell->fsid != uuid_d()); } else { m = cmdctx->m_mgr; } @@ -888,7 +884,10 @@ bool DaemonServer::_handle_command( dout(10) << "decoded-size=" << cmdctx->cmdmap.size() << " prefix=" << prefix << dendl; - if (prefix == "get_command_descriptions") { + // this is just for mgr commands - admin socket commands will fall + // through and use the admin socket version of + // get_command_descriptions + if (prefix == "get_command_descriptions" && !admin_socket_cmd) { dout(10) << "reading commands from python modules" << dendl; const auto py_commands = py_modules.get_commands(); @@ -925,7 +924,10 @@ bool DaemonServer::_handle_command( bool is_allowed = false; ModuleCommand py_command; - if (!mgr_cmd) { + if (admin_socket_cmd) { + // admin socket commands require all capabilities + is_allowed = session->caps.is_allow_all(); + } else if (!mgr_cmd) { // Resolve the command to the name of the module that will // handle it (if the command exists) auto py_commands = py_modules.get_py_commands(); @@ -958,6 +960,11 @@ bool DaemonServer::_handle_command( << "entity='" << session->entity_name << "' " << "cmd=" << cmdctx->cmd << ": dispatch"; + if (admin_socket_cmd) { + cct->get_admin_socket()->queue_tell_command(cmdctx->m_tell); + return true; + } + // ---------------- // service map commands if (prefix == "service dump") { -- 2.25.1