From 27fd5aca55731df836e9081008e21feb4c1ed9aa Mon Sep 17 00:00:00 2001
From: lijing <lijing@gohighsec.com>
Date: Fri, 5 Jan 2018 17:44:57 +0800
Subject: [PATCH] mon: validate capabilitys before add auth entity

Fixes: http://tracker.ceph.com/issues/22525
Signed-off-by: Jing Li lijing@gohighsec.com
---
 src/mon/AuthMonitor.cc |  6 ++++++
 src/mon/AuthMonitor.h  | 27 +++++++++++++++++++++------
 src/mon/CMakeLists.txt |  4 +++-
 3 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index c5e3786eea7b9b..d713276a6fcefa 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1155,6 +1155,12 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
     }
     err = 0;
 
+    //if capability strings are malformed, return with error msg.
+    if (!valid_caps(caps_vec, &ss)) {
+      err = -EINVAL;
+      goto done;
+    }
+
     // okay, add it.
     if (!has_keyring) {
       dout(10) << "AuthMonitor::prepare_command generating random key for "
diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h
index 777f2e80361d3b..47dc1d755ac6e7 100644
--- a/src/mon/AuthMonitor.h
+++ b/src/mon/AuthMonitor.h
@@ -18,10 +18,13 @@
 #include <map>
 #include <set>
 
+#include "global/global_init.h"
 #include "include/ceph_features.h"
 #include "include/types.h"
+#include "mds/MDSAuthCaps.h"
 #include "mon/PaxosService.h"
 #include "mon/MonitorDBStore.h"
+#include "osd/OSDCap.h"
 
 class MMonCommand;
 struct MAuth;
@@ -127,16 +130,28 @@ class AuthMonitor : public PaxosService {
     pending_auth.push_back(inc);
   }
 
-  /* validate mon caps ; don't care about caps for other services as
+  /* validate mon/osd/mds caps ; don't care about caps for other services as
    * we don't know how to validate them */
   bool valid_caps(const vector<string>& caps, ostream *out) {
     for (vector<string>::const_iterator p = caps.begin();
          p != caps.end(); p += 2) {
-      if (!p->empty() && *p != "mon")
-        continue;
-      MonCap tmp;
-      if (!tmp.parse(*(p+1), out))
-        return false;
+      if (!p->empty() && *p == "mon") {
+        MonCap tmp;
+        if (!tmp.parse(*(p+1), out))
+          return false;
+      }
+
+      if (!p->empty() && *p == "osd") {
+        OSDCap ocap;
+        if (!ocap.parse(*(p+1), out))
+          return false;
+      }
+
+      if (!p->empty() && *p == "mds") {
+        MDSAuthCaps mdscap;
+        if (!mdscap.parse(g_ceph_context, *(p+1), out))
+          return false;
+      }
     }
     return true;
   }
diff --git a/src/mon/CMakeLists.txt b/src/mon/CMakeLists.txt
index ebbc863c28b81a..49b77890d8e12f 100644
--- a/src/mon/CMakeLists.txt
+++ b/src/mon/CMakeLists.txt
@@ -18,7 +18,9 @@ set(lib_mon_srcs
   HealthMonitor.cc
   PGMap.cc
   ConfigKeyService.cc
-  ../mgr/mgr_commands.cc)
+  ../mds/MDSAuthCaps.cc
+  ../mgr/mgr_commands.cc
+  ../osd/OSDCap.cc)
 add_library(mon STATIC
   ${lib_mon_srcs}
   $<TARGET_OBJECTS:kv_objs>