The monitor doesn't really know how to validate caps not meant for it.
The MDS or the OSD may very well allow blank caps for instance, while
the monitor categorically does not. We can't simply state a capability
is invalid because we wouldn't take it as such.
On the other hand, we must check monitor caps and make sure they are
correct, otherwise malformed caps can go unnoticed for a while,
sometimes even being hard to understand what may have gone wrong.
Backport: firefly
Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>
!entity_name.empty()) {
// auth get-or-create <name> [mon osdcapa osd osdcapb ...]
+ if (!valid_caps(caps_vec, &ss)) {
+ err = -EINVAL;
+ goto done;
+ }
+
// do we have it?
EntityAuth entity_auth;
if (mon->key_server.get_auth(entity, entity_auth)) {
goto done;
}
+ if (!valid_caps(caps_vec, &ss)) {
+ err = -EINVAL;
+ goto done;
+ }
+
map<string,bufferlist> newcaps;
for (vector<string>::iterator it = caps_vec.begin();
it != caps_vec.end(); it += 2)
pending_auth.push_back(inc);
}
+ /* validate mon caps ; don't care about caps for other services as
+ * we don't know how to validate them */
+ bool valid_caps(const vector<string>& caps, ostream *out) {
+ for (vector<string>::const_iterator p = caps.begin();
+ p != caps.end(); p += 2) {
+ if (!p->empty() && *p != "mon")
+ continue;
+ MonCap tmp;
+ if (!tmp.parse(*(p+1), out))
+ return false;
+ }
+ return true;
+ }
+
void on_active();
bool should_propose(double& delay);
void create_initial();
projects / ceph.git / commitdiff