packages/ceph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ceph/0007-CVE-2020-25678-2.patch
Zhuohui Zou e8ae2e052e fix CVE-2020-25678 
Signed-off-by: Zhuohui Zou <zhuohui@xsky.com>
(cherry picked from commit f923d4556ff61072cabfc3f385c73738abe14731)
2021-03-11 09:17:45 +08:00

77 lines
2.8 KiB
Diff
Raw Permalink Blame History

From 5267f57c24ffc7bd43de66a92b08dd958887f6a0 Mon Sep 17 00:00:00 2001
From: Neha Ojha <nojha@redhat.com>
Date: Thu, 3 Dec 2020 19:24:39 +0000
Subject: [PATCH 2/2] mon: don't log "config set" and "config-key set" dispatch
and finished messages
Signed-off-by: Neha Ojha <nojha@redhat.com>
(cherry picked from commit 4b83dfb1f74e8a59c802ff3c0eb4595f7e763762)
---
src/mon/Monitor.cc | 18 ++++++++++--------
src/mon/Monitor.h | 9 ++++++++-
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index da1fac90ed..f6c9a1bd8b 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3170,18 +3170,20 @@ void Monitor::handle_command(MonOpRequestRef op)
if (!_allowed_command(session, service, prefix, cmdmap,
param_str_map, mon_cmd)) {
dout(1) << __func__ << " access denied" << dendl;
- (cmd_is_rw ? audit_clog->info() : audit_clog->debug())
- << "from='" << session->inst << "' "
- << "entity='" << session->entity_name << "' "
- << "cmd=" << m->cmd << ": access denied";
+ if (prefix != "config set" && prefix != "config-key set")
+ (cmd_is_rw ? audit_clog->info() : audit_clog->debug())
+ << "from='" << session->inst << "' "
+ << "entity='" << session->entity_name << "' "
+ << "cmd=" << m->cmd << ": access denied";
reply_command(op, -EACCES, "access denied", 0);
return;
}
- (cmd_is_rw ? audit_clog->info() : audit_clog->debug())
- << "from='" << session->inst << "' "
- << "entity='" << session->entity_name << "' "
- << "cmd=" << m->cmd << ": dispatch";
+ if (prefix != "config set" && prefix != "config-key set")
+ (cmd_is_rw ? audit_clog->info() : audit_clog->debug())
+ << "from='" << session->inst << "' "
+ << "entity='" << session->entity_name << "' "
+ << "cmd=" << m->cmd << ": dispatch";
if (mon_cmd->is_mgr() &&
osdmon()->osdmap.require_osd_release >= CEPH_RELEASE_LUMINOUS) {
diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h
index 008947e85b..e8f712e984 100644
--- a/src/mon/Monitor.h
+++ b/src/mon/Monitor.h
@@ -40,6 +40,7 @@
#include "PGStatService.h"
#include "MonCommand.h"
+#include "common/cmdparse.h"
#include "common/LogClient.h"
#include "auth/cephx/CephxKeyServer.h"
#include "auth/AuthMethodList.h"
@@ -860,7 +861,13 @@ public:
ss << "session dropped for command ";
}
}
- ss << "cmd='" << m->cmd << "': finished";
+ cmdmap_t cmdmap;
+ stringstream ds;
+ string prefix;
+ cmdmap_from_json(m->cmd, &cmdmap, ds);
+ cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
+ if (prefix != "config set" && prefix != "config-key set")
+ ss << "cmd='" << m->cmd << "': finished";
mon->audit_clog->info() << ss.str();
mon->reply_command(op, rc, rs, rdata, version);
--
2.29.2
Reference in New Issue View Git Blame Copy Permalink