From 588629a1891edb1e284cf39a1b8d98552e5bf1cc Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Tue, 7 Mar 2017 16:12:22 -0500
Subject: [PATCH] mon/MgrMonitor: enforce mgr caps

Require 'allow x' for mgr beacon.  Verify fsid.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mon/MgrMonitor.cc | 22 ++++++++++++++++++++++
 src/mon/MgrMonitor.h  |  2 ++
 2 files changed, 24 insertions(+)

diff --git a/src/mon/MgrMonitor.cc b/src/mon/MgrMonitor.cc
index 871478a7b3e..3e59d0ecb36 100644
--- a/src/mon/MgrMonitor.cc
+++ b/src/mon/MgrMonitor.cc
@@ -67,6 +67,24 @@ void MgrMonitor::encode_pending(MonitorDBStore::TransactionRef t)
   put_last_committed(t, pending_map.epoch);
 }
 
+bool MgrMonitor::check_caps(MonOpRequestRef op, const uuid_d& fsid)
+{
+  // check permissions
+  MonSession *session = op->get_session();
+  if (!session)
+    return false;
+  if (!session->is_capable("mgr", MON_CAP_X)) {
+    dout(1) << __func__ << " insufficient caps " << session->caps << dendl;
+    return false;
+  }
+  if (fsid != mon->monmap->fsid) {
+    dout(1) << __func__ << " op fsid " << fsid
+	    << " != " << mon->monmap->fsid << dendl;
+    return false;
+  }
+  return true;
+}
+
 bool MgrMonitor::preprocess_query(MonOpRequestRef op)
 {
   PaxosServiceMessage *m = static_cast<PaxosServiceMessage*>(op->get_req());
@@ -123,6 +141,10 @@ bool MgrMonitor::preprocess_beacon(MonOpRequestRef op)
   MMgrBeacon *m = static_cast<MMgrBeacon*>(op->get_req());
   dout(4) << "beacon from " << m->get_gid() << dendl;
 
+  if (!check_caps(op, m->get_fsid())) {
+    return true;
+  }
+
   last_beacon[m->get_gid()] = ceph_clock_now();
 
   if (pending_map.active_gid == m->get_gid()
diff --git a/src/mon/MgrMonitor.h b/src/mon/MgrMonitor.h
index bfddba5943a..7e5fbce5438 100644
--- a/src/mon/MgrMonitor.h
+++ b/src/mon/MgrMonitor.h
@@ -36,6 +36,8 @@ class MgrMonitor : public PaxosService
 
   Context *digest_callback;
 
+  bool check_caps(MonOpRequestRef op, const uuid_d& fsid);
+
 public:
   MgrMonitor(Monitor *mn, Paxos *p, const string& service_name)
     : PaxosService(mn, p, service_name), digest_callback(nullptr)
-- 
2.47.3