From 7e97e4d292df616b1182dd6e51518776fe8bc69b Mon Sep 17 00:00:00 2001 From: lijing Date: Fri, 5 Jan 2018 17:44:57 +0800 Subject: [PATCH] mon: expand cap validity check for mgr, osd, mds Also strenghen the check to declare an unknown cap type as invalid. Note that this means that in a mixed-version cluster, an older mon would apply the syntax check for the older caps, even if the (say) OSDs are newer and could parse something different. This is judged to be fine: it is not unreasonable to ask for the mons *and* daemons to be upgraded before using the new cap syntax or feature. Signed-off-by: Jing Li Signed-off-by: Sage Weil (cherry picked from commit 113fa941e3a4feaed0891d1fb7d321ade3e1bca7) Conflicts: src/mon/AuthMonitor.cc (no mgr in jewel) src/mon/CMakeLists.txt (no cmake in jewel; backported the changes manually to src/mon/Makefile.am) --- src/mon/AuthMonitor.cc | 34 ++++++++++++++++++++++++++++++++++ src/mon/AuthMonitor.h | 15 +++------------ src/mon/Makefile.am | 4 +++- 3 files changed, 40 insertions(+), 13 deletions(-) diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 094d932516147..86b72c3cb0cc9 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -35,6 +35,9 @@ #include "include/assert.h" #include "include/str_list.h" +#include "mds/MDSAuthCaps.h" +#include "osd/OSDCap.h" + #define dout_subsys ceph_subsys_mon #undef dout_prefix #define dout_prefix _prefix(_dout, mon, get_last_committed()) @@ -672,6 +675,37 @@ int AuthMonitor::import_keyring(KeyRing& keyring) return 0; } +bool AuthMonitor::valid_caps(const vector& caps, ostream *out) +{ + for (vector::const_iterator p = caps.begin(); + p != caps.end(); p += 2) { + if ((p+1) == caps.end()) { + *out << "cap '" << *p << "' has no value"; + return false; + } + if (*p == "mon") { + MonCap tmp; + if (!tmp.parse(*(p+1), out)) { + return false; + } + } else if (*p == "osd") { + OSDCap ocap; + if (!ocap.parse(*(p+1), out)) { + return false; + } + } else if (*p == "mds") { + MDSAuthCaps mdscap; + if (!mdscap.parse(g_ceph_context, *(p+1), out)) { + return false; + } + } else { + *out << "unknown cap type '" << *p << "'"; + return false; + } + } + return true; +} + bool AuthMonitor::prepare_command(MonOpRequestRef op) { MMonCommand *m = static_cast(op->get_req()); diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h index 07e8ef3dd0c53..7a315e3809f15 100644 --- a/src/mon/AuthMonitor.h +++ b/src/mon/AuthMonitor.h @@ -19,6 +19,7 @@ #include using namespace std; +#include "global/global_init.h" #include "include/ceph_features.h" #include "include/types.h" #include "msg/Messenger.h" @@ -124,19 +125,9 @@ private: pending_auth.push_back(inc); } - /* validate mon caps ; don't care about caps for other services as + /* validate mon/osd/mds caps ; don't care about caps for other services as * we don't know how to validate them */ - bool valid_caps(const vector& caps, ostream *out) { - for (vector::const_iterator p = caps.begin(); - p != caps.end(); p += 2) { - if (!p->empty() && *p != "mon") - continue; - MonCap tmp; - if (!tmp.parse(*(p+1), out)) - return false; - } - return true; - } + bool valid_caps(const vector& caps, ostream *out); void on_active(); bool should_propose(double& delay); diff --git a/src/mon/Makefile.am b/src/mon/Makefile.am index 0835e6ce62953..e864fb213f70b 100644 --- a/src/mon/Makefile.am +++ b/src/mon/Makefile.am @@ -18,7 +18,9 @@ libmon_a_SOURCES = \ mon/Elector.cc \ mon/HealthMonitor.cc \ mon/DataHealthService.cc \ - mon/ConfigKeyService.cc + mon/ConfigKeyService.cc \ + mds/MDSAuthCaps.cc \ + osd/OSDCap.cc libmon_a_LIBADD = noinst_LIBRARIES += libmon.a -- 2.39.5