From fa588730bfea17eb1ca556e20ffcfd0b7628d093 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Mon, 9 Apr 2018 16:40:37 -0500
Subject: [PATCH] mon/AuthMonitor: check caps validity for all cap-related
 commands

Add a validity check for 'auth add' and 'fs authorize'.  'auth caps' and
'auth get-or-create[-key]' already had the check.

Fixes: http://tracker.ceph.com/issues/22525
Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mon/AuthMonitor.cc | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index b7d7c0bd5a8..f318fe5e4dc 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1147,6 +1147,11 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       }
     }
 
+    if (!valid_caps(caps_vec, &ss)) {
+      err = -EINVAL;
+      goto done;
+    }
+
     // are we about to have it?
     if (entity_is_pending(entity)) {
       wait_for_finished_proposal(op,
@@ -1215,7 +1220,7 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
 						   get_last_committed() + 1));
     return true;
   } else if ((prefix == "auth get-or-create-key" ||
-	     prefix == "auth get-or-create") &&
+	      prefix == "auth get-or-create") &&
 	     !entity_name.empty()) {
     // auth get-or-create <name> [mon osdcapa osd osdcapb ...]
 
@@ -1322,6 +1327,11 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
     string mds_cap_string, osd_cap_string;
     string osd_cap_wanted = "r";
 
+    if (!valid_caps(caps_vec, &ss)) {
+      err = -EINVAL;
+      goto done;
+    }
+
     for (auto it = caps_vec.begin();
 	 it != caps_vec.end() && (it + 1) != caps_vec.end();
 	 it += 2) {