From 3d54660ca1a9a7ae54e884c3181fca17a40d8cd3 Mon Sep 17 00:00:00 2001
From: Neha Ojha <nojha@redhat.com>
Date: Thu, 3 Dec 2020 19:18:04 +0000
Subject: [PATCH] messages/MMonCommand, MMonCommandAck: don't log values for
 "config set" and "config-key set"

This acts like a big hammer to avoid adding sensitive information, like passwords
into mon/mgr/cluster logs when using "config set" and "config-key set" to set keys
whose values should be secure.

Fixes: https://tracker.ceph.com/issues/37503
Signed-off-by: Neha Ojha <nojha@redhat.com>
---
 src/messages/MMonCommand.h    | 23 ++++++++++++++++++++---
 src/messages/MMonCommandAck.h | 24 +++++++++++++++++++++++-
 2 files changed, 43 insertions(+), 4 deletions(-)

diff --git a/src/messages/MMonCommand.h b/src/messages/MMonCommand.h
index fbba9629fb62e..b2540ebffd087 100644
--- a/src/messages/MMonCommand.h
+++ b/src/messages/MMonCommand.h
@@ -15,6 +15,7 @@
 #ifndef CEPH_MMONCOMMAND_H
 #define CEPH_MMONCOMMAND_H
 
+#include "common/cmdparse.h"
 #include "messages/PaxosServiceMessage.h"
 
 #include <vector>
@@ -41,10 +42,26 @@ private:
 public:
   std::string_view get_type_name() const override { return "mon_command"; }
   void print(std::ostream& o) const override {
+    cmdmap_t cmdmap;
+    std::ostringstream ss;
+    string prefix;
+    ceph::common::cmdmap_from_json(cmd, &cmdmap, ss);
+    ceph::common::cmd_getval(cmdmap, "prefix", prefix);
+    // Some config values contain sensitive data, so don't log them
     o << "mon_command(";
-    for (unsigned i=0; i<cmd.size(); i++) {
-      if (i) o << ' ';
-      o << cmd[i];
+    if (prefix == "config set") {
+      string name;
+      ceph::common::cmd_getval(cmdmap, "name", name);
+      o << "[{prefix=" << prefix << ", name=" << name << "}]";
+    } else if (prefix == "config-key set") {
+      string key;
+      ceph::common::cmd_getval(cmdmap, "key", key);
+      o << "[{prefix=" << prefix << ", key=" << key << "}]";
+    } else {
+      for (unsigned i=0; i<cmd.size(); i++) {
+        if (i) o << ' ';
+        o << cmd[i];
+      }
     }
     o << " v " << version << ")";
   }
diff --git a/src/messages/MMonCommandAck.h b/src/messages/MMonCommandAck.h
index 96cf61fdaf8d8..24117556a9359 100644
--- a/src/messages/MMonCommandAck.h
+++ b/src/messages/MMonCommandAck.h
@@ -15,6 +15,7 @@
 #ifndef CEPH_MMONCOMMANDACK_H
 #define CEPH_MMONCOMMANDACK_H
 
+#include "common/cmdparse.h"
 #include "messages/PaxosServiceMessage.h"
 
 class MMonCommandAck final : public PaxosServiceMessage {
@@ -33,7 +34,28 @@ private:
 public:
   std::string_view get_type_name() const override { return "mon_command"; }
   void print(std::ostream& o) const override {
-    o << "mon_command_ack(" << cmd << "=" << r << " " << rs << " v" << version << ")";
+    cmdmap_t cmdmap;
+    std::ostringstream ss;
+    string prefix;
+    ceph::common::cmdmap_from_json(cmd, &cmdmap, ss);
+    ceph::common::cmd_getval(cmdmap, "prefix", prefix);
+    // Some config values contain sensitive data, so don't log them
+    o << "mon_command_ack(";
+    if (prefix == "config set") {
+      string name;
+      ceph::common::cmd_getval(cmdmap, "name", name);
+      o << "[{prefix=" << prefix
+        << ", name=" << name << "}]"
+        << "=" << r << " " << rs << " v" << version << ")";
+    } else if (prefix == "config-key set") {
+      string key;
+      ceph::common::cmd_getval(cmdmap, "key", key);
+      o << "[{prefix=" << prefix << ", key=" << key << "}]"
+        << "=" << r << " " << rs << " v" << version << ")";
+    } else {
+      o << cmd;
+    }
+    o << "=" << r << " " << rs << " v" << version << ")";
   }
   
   void encode_payload(uint64_t features) override {
-- 
2.39.5