diff --git a/src/mds/MDSDaemon.cc b/src/mds/MDSDaemon.cc index 86f43eca29de2..ee1ef22a695ee 100644 --- a/src/mds/MDSDaemon.cc +++ b/src/mds/MDSDaemon.cc @@ -1267,9 +1267,16 @@ bool MDSDaemon::ms_verify_authorizer(Connection *con, int peer_type, EntityName name; uint64_t global_id; - is_valid = authorize_handler->verify_authorizer( - cct, monc->rotating_secrets.get(), - authorizer_data, authorizer_reply, name, global_id, caps_info, session_key); + RotatingKeyRing *keys = monc->rotating_secrets.get(); + if (keys) { + is_valid = authorize_handler->verify_authorizer( + cct, keys, + authorizer_data, authorizer_reply, name, global_id, caps_info, + session_key); + } else { + dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; + is_valid = false; + } if (is_valid) { entity_name_t n(con->get_peer_type(), global_id); diff --git a/src/mgr/DaemonServer.cc b/src/mgr/DaemonServer.cc index 60fb2cc2095b4..5fa57f1d4c73a 100644 --- a/src/mgr/DaemonServer.cc +++ b/src/mgr/DaemonServer.cc @@ -148,12 +148,18 @@ bool DaemonServer::ms_verify_authorizer(Connection *con, s->inst.addr = con->get_peer_addr(); AuthCapsInfo caps_info; - is_valid = handler->verify_authorizer( - cct, monc->rotating_secrets.get(), - authorizer_data, - authorizer_reply, s->entity_name, - s->global_id, caps_info, - session_key); + RotatingKeyRing *keys = monc->rotating_secrets.get(); + if (keys) { + is_valid = handler->verify_authorizer( + cct, keys, + authorizer_data, + authorizer_reply, s->entity_name, + s->global_id, caps_info, + session_key); + } else { + dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; + is_valid = false; + } if (is_valid) { if (caps_info.allow_all) { diff --git a/src/msg/async/AsyncConnection.cc b/src/msg/async/AsyncConnection.cc index 3c535f765337b..fa3c76725ea9a 100644 --- a/src/msg/async/AsyncConnection.cc +++ b/src/msg/async/AsyncConnection.cc @@ -978,8 +978,8 @@ ssize_t AsyncConnection::_process_connection() << " - presumably this is the same node!" << dendl; } else { ldout(async_msgr->cct, 10) << __func__ << " connect claims to be " - << paddr << " not " << peer_addr - << " (peer is possibly using public_bind_addr?) " << dendl; + << paddr << " not " << peer_addr << dendl; + goto fail; } } diff --git a/src/msg/simple/Pipe.cc b/src/msg/simple/Pipe.cc index 355c2528f9380..4a7ab9acab7a0 100644 --- a/src/msg/simple/Pipe.cc +++ b/src/msg/simple/Pipe.cc @@ -1090,8 +1090,8 @@ int Pipe::connect() << paddr << " not " << peer_addr << " - presumably this is the same node!" << dendl; } else { ldout(msgr->cct,10) << "connect claims to be " - << paddr << " not " << peer_addr - << " (peer is possibly using public_bind_addr?) " << dendl; + << paddr << " not " << peer_addr << dendl; + goto fail; } } diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc index dfb64e4ad5ba6..a5b7659af6f54 100644 --- a/src/osd/OSD.cc +++ b/src/osd/OSD.cc @@ -4709,7 +4709,11 @@ void OSD::handle_osd_ping(MOSDPing *m) } OSDMapRef curmap = service.get_osdmap(); - assert(curmap); + if (!curmap) { + heartbeat_lock.Unlock(); + m->put(); + return; + } switch (m->op) { @@ -6964,10 +6968,16 @@ bool OSD::ms_verify_authorizer(Connection *con, int peer_type, uint64_t global_id; uint64_t auid = CEPH_AUTH_UID_DEFAULT; - isvalid = authorize_handler->verify_authorizer( - cct, monc->rotating_secrets.get(), - authorizer_data, authorizer_reply, name, global_id, caps_info, session_key, - &auid); + RotatingKeyRing *keys = monc->rotating_secrets.get(); + if (keys) { + isvalid = authorize_handler->verify_authorizer( + cct, keys, + authorizer_data, authorizer_reply, name, global_id, caps_info, session_key, + &auid); + } else { + dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; + isvalid = false; + } if (isvalid) { Session *s = static_cast(con->get_priv());