From: John Mulligan <jmulligan@redhat.com>
Date: Thu, 2 May 2024 20:41:15 +0000 (-0400)
Subject: mgr/smb: add validation funcs for custom parameter dictionaries
X-Git-Tag: v20.0.0~1709^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=fc21d002f5713f7028e6fbaccbcc341ce92937ca;p=ceph.git

mgr/smb: add validation funcs for custom parameter dictionaries

Custom parameter dictionaries will be used to pass options to samba
config without much filtering and control by the smb mgr module. Because
the risks that it entails the user must "agree" that using these options
can break their setup with a "magic" key-value pair.
This pair will be filtered out of the eventual data passed to samba.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
---

diff --git a/src/pybind/mgr/smb/validation.py b/src/pybind/mgr/smb/validation.py
index 3e04650dea95..bd7c6f211cd8 100644
--- a/src/pybind/mgr/smb/validation.py
+++ b/src/pybind/mgr/smb/validation.py
@@ -1,3 +1,5 @@
+from typing import Dict, Optional
+
 import posixpath
 import re
 
@@ -60,3 +62,44 @@ def check_path(value: str) -> None:
     """Raise ValueError if value is not a valid share path."""
     if not valid_path(value):
         raise ValueError(f'{value!r} is not a valid share path')
+
+
+CUSTOM_CAUTION_KEY = '_allow_customization'
+CUSTOM_CAUTION_VALUE = (
+    'i-take-responsibility-for-all-samba-configuration-errors'
+)
+
+
+def check_custom_options(opts: Optional[Dict[str, str]]) -> None:
+    """Raise ValueError if a custom configuration options dict is not valid."""
+    if opts is None:
+        return
+    if opts.get(CUSTOM_CAUTION_KEY) != CUSTOM_CAUTION_VALUE:
+        raise ValueError(
+            'options lack custom override permission key and value'
+            f' (review documentation pertaining to {CUSTOM_CAUTION_KEY})'
+        )
+    for key, value in opts.items():
+        if '[' in key or ']' in key:
+            raise ValueError(
+                f'custom option key may not contain square brackets: {key!r}'
+            )
+        if '\n' in key:
+            raise ValueError(
+                f'custom option key may not contain newlines: {key!r}'
+            )
+        if '\n' in value:
+            raise ValueError(
+                f'custom option value may not contain newlines: {key!r}'
+            )
+
+
+def clean_custom_options(
+    opts: Optional[Dict[str, str]]
+) -> Optional[Dict[str, str]]:
+    """Return a version of the custom options dictionary cleaned of special
+    validation parameters.
+    """
+    if opts is None:
+        return None
+    return {k: v for k, v in opts.items() if k != CUSTOM_CAUTION_KEY}