1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
From de67c1dab5597c91538970421b25f6ec667af492 Mon Sep 17 00:00:00 2001
From: Josh Durgin <jdurgin@redhat.com>
Date: Mon, 4 May 2020 17:03:35 -0400
Subject: [PATCH 1/3] mgr: require all caps for pre-octopus tell commands
This matches the requirements for admin socket commands
sent via tell elsewhere.
Signed-off-by: Josh Durgin <jdurgin@redhat.com>
Upstream-status: Backport
[https://github.com/ceph/ceph/commit/347003e13167c428187a5450517850f4d85e09ad]
Signed-off-by: Liu Haitao <haitao.liu@windriver.com>
---
src/mgr/DaemonServer.cc | 37 ++++++++++++++++++++++---------------
1 file changed, 22 insertions(+), 15 deletions(-)
diff --git a/src/mgr/DaemonServer.cc b/src/mgr/DaemonServer.cc
index becd428a..527326e3 100644
--- a/src/mgr/DaemonServer.cc
+++ b/src/mgr/DaemonServer.cc
@@ -808,20 +808,12 @@ public:
bool DaemonServer::handle_command(const ref_t<MCommand>& m)
{
std::lock_guard l(lock);
- // a blank fsid in MCommand signals a legacy client sending a "mon-mgr" CLI
- // command.
- if (m->fsid != uuid_d()) {
- cct->get_admin_socket()->queue_tell_command(m);
+ auto cmdctx = std::make_shared<CommandContext>(m);
+ try {
+ return _handle_command(cmdctx);
+ } catch (const bad_cmd_get& e) {
+ cmdctx->reply(-EINVAL, e.what());
return true;
- } else {
- // legacy client; send to CLI processing
- auto cmdctx = std::make_shared<CommandContext>(m);
- try {
- return _handle_command(cmdctx);
- } catch (const bad_cmd_get& e) {
- cmdctx->reply(-EINVAL, e.what());
- return true;
- }
}
}
@@ -853,8 +845,12 @@ bool DaemonServer::_handle_command(
std::shared_ptr<CommandContext>& cmdctx)
{
MessageRef m;
+ bool admin_socket_cmd = false;
if (cmdctx->m_tell) {
m = cmdctx->m_tell;
+ // a blank fsid in MCommand signals a legacy client sending a "mon-mgr" CLI
+ // command.
+ admin_socket_cmd = (cmdctx->m_tell->fsid != uuid_d());
} else {
m = cmdctx->m_mgr;
}
@@ -888,7 +884,10 @@ bool DaemonServer::_handle_command(
dout(10) << "decoded-size=" << cmdctx->cmdmap.size() << " prefix=" << prefix << dendl;
- if (prefix == "get_command_descriptions") {
+ // this is just for mgr commands - admin socket commands will fall
+ // through and use the admin socket version of
+ // get_command_descriptions
+ if (prefix == "get_command_descriptions" && !admin_socket_cmd) {
dout(10) << "reading commands from python modules" << dendl;
const auto py_commands = py_modules.get_commands();
@@ -925,7 +924,10 @@ bool DaemonServer::_handle_command(
bool is_allowed = false;
ModuleCommand py_command;
- if (!mgr_cmd) {
+ if (admin_socket_cmd) {
+ // admin socket commands require all capabilities
+ is_allowed = session->caps.is_allow_all();
+ } else if (!mgr_cmd) {
// Resolve the command to the name of the module that will
// handle it (if the command exists)
auto py_commands = py_modules.get_py_commands();
@@ -958,6 +960,11 @@ bool DaemonServer::_handle_command(
<< "entity='" << session->entity_name << "' "
<< "cmd=" << cmdctx->cmd << ": dispatch";
+ if (admin_socket_cmd) {
+ cct->get_admin_socket()->queue_tell_command(cmdctx->m_tell);
+ return true;
+ }
+
// ----------------
// service map commands
if (prefix == "service dump") {
--
2.25.1
|
