mon: expand cap validity check for mgr, osd, mds

Also strenghen the check to declare an unknown cap type as invalid.

Note that this means that in a mixed-version cluster, an older mon
would apply the syntax check for the older caps, even if the (say) OSDs
are newer and could parse something different.  This is judged to be fine:
it is not unreasonable to ask for the mons *and* daemons to be upgraded
before using the new cap syntax or feature.

Signed-off-by: Jing Li <lijing@gohighsec.com>
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit 113fa941e3a4feaed0891d1fb7d321ade3e1bca7)

Conflicts:
	src/mon/AuthMonitor.cc (no mgr in jewel)
	src/mon/CMakeLists.txt (no cmake in jewel; backported the changes
                               manually to src/mon/Makefile.am)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 094d93251614766cf20f5dce98c4a6778a8a4e04..86b72c3cb0cc99c7792dbc4b88c2cfb6d5e58926 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -35,6 +35,9 @@
 #include "include/assert.h"
 #include "include/str_list.h"
 
+#include "mds/MDSAuthCaps.h"
+#include "osd/OSDCap.h"
+
 #define dout_subsys ceph_subsys_mon
 #undef dout_prefix
 #define dout_prefix _prefix(_dout, mon, get_last_committed())
@@ -672,6 +675,37 @@ int AuthMonitor::import_keyring(KeyRing& keyring)
   return 0;
 }
 
+bool AuthMonitor::valid_caps(const vector<string>& caps, ostream *out)
+{
+  for (vector<string>::const_iterator p = caps.begin();
+       p != caps.end(); p += 2) {
+    if ((p+1) == caps.end()) {
+      *out << "cap '" << *p << "' has no value";
+      return false;
+    }
+    if (*p == "mon") {
+      MonCap tmp;
+      if (!tmp.parse(*(p+1), out)) {
+       return false;
+      }
+    } else if (*p == "osd") {
+      OSDCap ocap;
+      if (!ocap.parse(*(p+1), out)) {
+       return false;
+      }
+    } else if (*p == "mds") {
+      MDSAuthCaps mdscap;
+      if (!mdscap.parse(g_ceph_context, *(p+1), out)) {
+       return false;
+      }
+    } else {
+      *out << "unknown cap type '" << *p << "'";
+      return false;
+    }
+  }
+  return true;
+}
+
 bool AuthMonitor::prepare_command(MonOpRequestRef op)
 {
   MMonCommand *m = static_cast<MMonCommand*>(op->get_req());

diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h
index 07e8ef3dd0c533d3af8ff34b4461aab919f18459..7a315e3809f15e35e226fb1609064426f185f985 100644 (file)
--- a/src/mon/AuthMonitor.h
+++ b/src/mon/AuthMonitor.h
@@ -19,6 +19,7 @@
 #include <set>
 using namespace std;
 
+#include "global/global_init.h"
 #include "include/ceph_features.h"
 #include "include/types.h"
 #include "msg/Messenger.h"
@@ -124,19 +125,9 @@ private:
     pending_auth.push_back(inc);
   }
 
-  /* validate mon caps ; don't care about caps for other services as
+  /* validate mon/osd/mds caps ; don't care about caps for other services as
    * we don't know how to validate them */
-  bool valid_caps(const vector<string>& caps, ostream *out) {
-    for (vector<string>::const_iterator p = caps.begin();
-         p != caps.end(); p += 2) {
-      if (!p->empty() && *p != "mon")
-        continue;
-      MonCap tmp;
-      if (!tmp.parse(*(p+1), out))
-        return false;
-    }
-    return true;
-  }
+  bool valid_caps(const vector<string>& caps, ostream *out);
 
   void on_active();
   bool should_propose(double& delay);

diff --git a/src/mon/Makefile.am b/src/mon/Makefile.am
index 0835e6ce6295378bebc8c1770ba2ba70b8201fac..e864fb213f70b289454380bfcbfce920bb0e31dd 100644 (file)
--- a/src/mon/Makefile.am
+++ b/src/mon/Makefile.am
@@ -18,7 +18,9 @@ libmon_a_SOURCES = \
        mon/Elector.cc \
        mon/HealthMonitor.cc \
        mon/DataHealthService.cc \
-       mon/ConfigKeyService.cc
+       mon/ConfigKeyService.cc \
+       mds/MDSAuthCaps.cc \
+       osd/OSDCap.cc
 libmon_a_LIBADD =
 noinst_LIBRARIES += libmon.a