From 2ec7a215fadfbb0d85b6ba5410071229301d5167 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Mon, 9 Apr 2018 16:40:37 -0500
Subject: [PATCH] mon/AuthMonitor: check caps validity for all cap-related
 commands

Add a validity check for 'auth add' and 'fs authorize'.  'auth caps' and
'auth get-or-create[-key]' already had the check.

Fixes: http://tracker.ceph.com/issues/22525
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit fa588730bfea17eb1ca556e20ffcfd0b7628d093)

Conflicts:
	src/mon/AuthMonitor.cc (no "fs autorize" in jewel)
---
 src/mon/AuthMonitor.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 86b72c3cb0cc9..9885d0b6cd27b 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -807,6 +807,11 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       }
     }
 
+    if (!valid_caps(caps_vec, &ss)) {
+      err = -EINVAL;
+      goto done;
+    }
+
     // are we about to have it?
     for (vector<Incremental>::iterator p = pending_auth.begin();
         p != pending_auth.end();
@@ -907,7 +912,7 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
 						   get_last_committed() + 1));
     return true;
   } else if ((prefix == "auth get-or-create-key" ||
-	     prefix == "auth get-or-create") &&
+	      prefix == "auth get-or-create") &&
 	     !entity_name.empty()) {
     // auth get-or-create <name> [mon osdcapa osd osdcapb ...]
 
-- 
2.39.5