mon: expand cap validity check for mgr, osd, mds

Also strenghen the check to declare an unknown cap type as invalid.

Note that this means that in a mixed-version cluster, an older mon
would apply the syntax check for the older caps, even if the (say) OSDs
are newer and could parse something different.  This is judged to be fine:
it is not unreasonable to ask for the mons *and* daemons to be upgraded
before using the new cap syntax or feature.

Signed-off-by: Jing Li <lijing@gohighsec.com>
Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 8b7210e63beeefbf3bd2d1f8567ef029aadbb7ee..b7d7c0bd5a8be7d94bc64188007683786832f383 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -33,6 +33,9 @@
 #include "include/stringify.h"
 #include "include/assert.h"
 
+#include "mds/MDSAuthCaps.h"
+#include "osd/OSDCap.h"
+
 #define dout_subsys ceph_subsys_mon
 #undef dout_prefix
 #define dout_prefix _prefix(_dout, mon, get_last_committed())
@@ -1012,6 +1015,37 @@ int AuthMonitor::do_osd_new(
   return 0;
 }
 
+bool AuthMonitor::valid_caps(const vector<string>& caps, ostream *out)
+{
+  for (vector<string>::const_iterator p = caps.begin();
+       p != caps.end(); p += 2) {
+    if ((p+1) == caps.end()) {
+      *out << "cap '" << *p << "' has no value";
+      return false;
+    }
+    if (*p == "mon" || *p == "mgr") {
+      MonCap tmp;
+      if (!tmp.parse(*(p+1), out)) {
+       return false;
+      }
+    } else if (*p == "osd") {
+      OSDCap ocap;
+      if (!ocap.parse(*(p+1), out)) {
+       return false;
+      }
+    } else if (*p == "mds") {
+      MDSAuthCaps mdscap;
+      if (!mdscap.parse(g_ceph_context, *(p+1), out)) {
+       return false;
+      }
+    } else {
+      *out << "unknown cap type '" << *p << "'";
+      return false;
+    }
+  }
+  return true;
+}
+
 bool AuthMonitor::prepare_command(MonOpRequestRef op)
 {
   MMonCommand *m = static_cast<MMonCommand*>(op->get_req());

diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h
index 1304c80d2f45f0fa1c66720e206d2c4acd67e0a0..faad9427ed19632d140460afeed8d10bf1987f5e 100644 (file)
--- a/src/mon/AuthMonitor.h
+++ b/src/mon/AuthMonitor.h
@@ -18,6 +18,7 @@
 #include <map>
 #include <set>
 
+#include "global/global_init.h"
 #include "include/ceph_features.h"
 #include "include/types.h"
 #include "mon/PaxosService.h"
@@ -128,19 +129,9 @@ private:
     pending_auth.push_back(inc);
   }
 
-  /* validate mon caps ; don't care about caps for other services as
+  /* validate mon/osd/mds caps ; don't care about caps for other services as
    * we don't know how to validate them */
-  bool valid_caps(const vector<string>& caps, ostream *out) {
-    for (vector<string>::const_iterator p = caps.begin();
-         p != caps.end(); p += 2) {
-      if (!p->empty() && *p != "mon")
-        continue;
-      MonCap tmp;
-      if (!tmp.parse(*(p+1), out))
-        return false;
-    }
-    return true;
-  }
+  bool valid_caps(const vector<string>& caps, ostream *out);
 
   void on_active() override;
   bool should_propose(double& delay) override;

diff --git a/src/mon/CMakeLists.txt b/src/mon/CMakeLists.txt
index 403c954edaf2c8ee498434fb8e337b1bbb8f7372..c8e2edbd7116b7fc755bf4e2f94ac5b10a4ad2c9 100644 (file)
--- a/src/mon/CMakeLists.txt
+++ b/src/mon/CMakeLists.txt
@@ -20,7 +20,9 @@ set(lib_mon_srcs
   HealthMonitor.cc
   PGMap.cc
   ConfigKeyService.cc
-  ../mgr/mgr_commands.cc)
+  ../mds/MDSAuthCaps.cc
+  ../mgr/mgr_commands.cc
+  ../osd/OSDCap.cc)
 add_library(mon STATIC
   ${lib_mon_srcs}
   $<TARGET_OBJECTS:kv_objs>