messages/MMonCommand, MMonCommandAck: don't log values for "config set" and "config...

This acts like a big hammer to avoid adding sensitive information, like passwords
into mon/mgr/cluster logs when using "config set" and "config-key set" to set keys
whose values should be secure.

Fixes: https://tracker.ceph.com/issues/37503
Signed-off-by: Neha Ojha <nojha@redhat.com>
(cherry picked from commit 3d54660ca1a9a7ae54e884c3181fca17a40d8cd3)

Origin: upstream, https://github.com/ceph/ceph/pull/38614/commits/b579cddca07a19d8de2613eb7713de9e33d67d0d

Gbp-Pq: Name CVE-2020-25678-1.patch

diff --git a/src/messages/MMonCommand.h b/src/messages/MMonCommand.h
index c6764475dcd0caa4a611878ff7883ae0f11daab9..e0ef5a7355a35be0d7f55f54500f3f5062fceb0e 100644 (file)
--- a/src/messages/MMonCommand.h
+++ b/src/messages/MMonCommand.h
@@ -15,6 +15,7 @@
 #ifndef CEPH_MMONCOMMAND_H
 #define CEPH_MMONCOMMAND_H
 
+#include "common/cmdparse.h"
 #include "messages/PaxosServiceMessage.h"
 
 #include <vector>
@@ -37,10 +38,26 @@ private:
 public:  
   const char *get_type_name() const override { return "mon_command"; }
   void print(ostream& o) const override {
+    cmdmap_t cmdmap;
+    stringstream ss;
+    string prefix;
+    cmdmap_from_json(cmd, &cmdmap, ss);
+    cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
+    // Some config values contain sensitive data, so don't log them
     o << "mon_command(";
-    for (unsigned i=0; i<cmd.size(); i++) {
-      if (i) o << ' ';
-      o << cmd[i];
+    if (prefix == "config set") {
+      string name;
+      cmd_getval(g_ceph_context, cmdmap, "name", name);
+      o << "[{prefix=" << prefix << ", name=" << name << "}]";
+    } else if (prefix == "config-key set") {
+      string key;
+      cmd_getval(g_ceph_context, cmdmap, "key", key);
+      o << "[{prefix=" << prefix << ", key=" << key << "}]";
+    } else {
+      for (unsigned i=0; i<cmd.size(); i++) {
+        if (i) o << ' ';
+        o << cmd[i];
+      }
     }
     o << " v " << version << ")";
   }

diff --git a/src/messages/MMonCommandAck.h b/src/messages/MMonCommandAck.h
index 2c07b5fe722b8aca397913b9c8e6e8c8a4ef9e9b..4622c06443e7bee6dc2671b242ffd8ad05f50b1f 100644 (file)
--- a/src/messages/MMonCommandAck.h
+++ b/src/messages/MMonCommandAck.h
@@ -15,6 +15,7 @@
 #ifndef CEPH_MMONCOMMANDACK_H
 #define CEPH_MMONCOMMANDACK_H
 
+#include "common/cmdparse.h"
 #include "messages/PaxosServiceMessage.h"
 
 class MMonCommandAck : public PaxosServiceMessage {
@@ -33,7 +34,28 @@ private:
 public:
   const char *get_type_name() const override { return "mon_command"; }
   void print(ostream& o) const override {
-    o << "mon_command_ack(" << cmd << "=" << r << " " << rs << " v" << version << ")";
+    cmdmap_t cmdmap;
+    stringstream ss;
+    string prefix;
+    cmdmap_from_json(cmd, &cmdmap, ss);
+    cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
+    // Some config values contain sensitive data, so don't log them
+    o << "mon_command_ack(";
+    if (prefix == "config set") {
+      string name;
+      cmd_getval(g_ceph_context, cmdmap, "name", name);
+      o << "[{prefix=" << prefix
+        << ", name=" << name << "}]"
+        << "=" << r << " " << rs << " v" << version << ")";
+    } else if (prefix == "config-key set") {
+      string key;
+      cmd_getval(g_ceph_context, cmdmap, "key", key);
+      o << "[{prefix=" << prefix << ", key=" << key << "}]"
+        << "=" << r << " " << rs << " v" << version << ")";
+    } else {
+      o << cmd;
+    }
+    o << "=" << r << " " << rs << " v" << version << ")";
   }
   
   void encode_payload(uint64_t features) override {