mon/AuthMonitor: check caps validity for all cap-related commands

Add a validity check for 'auth add' and 'fs authorize'.  'auth caps' and
'auth get-or-create[-key]' already had the check.

Fixes: http://tracker.ceph.com/issues/22525
Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit fa588730bfea17eb1ca556e20ffcfd0b7628d093)

Conflicts:
	src/mon/AuthMonitor.cc (no "fs autorize" in jewel)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 86b72c3cb0cc99c7792dbc4b88c2cfb6d5e58926..9885d0b6cd27be7ce33c925e637cc39c9ca030b8 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -807,6 +807,11 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       }
     }
 
+    if (!valid_caps(caps_vec, &ss)) {
+      err = -EINVAL;
+      goto done;
+    }
+
     // are we about to have it?
     for (vector<Incremental>::iterator p = pending_auth.begin();
         p != pending_auth.end();
@@ -907,7 +912,7 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
                                                   get_last_committed() + 1));
     return true;
   } else if ((prefix == "auth get-or-create-key" ||
-            prefix == "auth get-or-create") &&
+             prefix == "auth get-or-create") &&
             !entity_name.empty()) {
     // auth get-or-create <name> [mon osdcapa osd osdcapb ...]