From: Neha Ojha <nojha@redhat.com>
Date: Thu, 3 Dec 2020 19:18:04 +0000 (+0000)
Subject: messages/MMonCommand, MMonCommandAck: don't log values for "config set" and "config... 
X-Git-Tag: archive/raspbian/12.2.11+dfsg1-2.1+rpi1+deb10u1^2~12
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=97df50063b8fb7de0bb7e11ce844f6f590b959fa;p=ceph.git

messages/MMonCommand, MMonCommandAck: don't log values for "config set" and "config-key set"

This acts like a big hammer to avoid adding sensitive information, like passwords
into mon/mgr/cluster logs when using "config set" and "config-key set" to set keys
whose values should be secure.

Fixes: https://tracker.ceph.com/issues/37503
Signed-off-by: Neha Ojha <nojha@redhat.com>
(cherry picked from commit 3d54660ca1a9a7ae54e884c3181fca17a40d8cd3)

Origin: upstream, https://github.com/ceph/ceph/pull/38614/commits/b579cddca07a19d8de2613eb7713de9e33d67d0d

Gbp-Pq: Name CVE-2020-25678-1.patch
---

diff --git a/src/messages/MMonCommand.h b/src/messages/MMonCommand.h
index c6764475d..e0ef5a735 100644
--- a/src/messages/MMonCommand.h
+++ b/src/messages/MMonCommand.h
@@ -15,6 +15,7 @@
 #ifndef CEPH_MMONCOMMAND_H
 #define CEPH_MMONCOMMAND_H
 
+#include "common/cmdparse.h"
 #include "messages/PaxosServiceMessage.h"
 
 #include <vector>
@@ -37,10 +38,26 @@ private:
 public:  
   const char *get_type_name() const override { return "mon_command"; }
   void print(ostream& o) const override {
+    cmdmap_t cmdmap;
+    stringstream ss;
+    string prefix;
+    cmdmap_from_json(cmd, &cmdmap, ss);
+    cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
+    // Some config values contain sensitive data, so don't log them
     o << "mon_command(";
-    for (unsigned i=0; i<cmd.size(); i++) {
-      if (i) o << ' ';
-      o << cmd[i];
+    if (prefix == "config set") {
+      string name;
+      cmd_getval(g_ceph_context, cmdmap, "name", name);
+      o << "[{prefix=" << prefix << ", name=" << name << "}]";
+    } else if (prefix == "config-key set") {
+      string key;
+      cmd_getval(g_ceph_context, cmdmap, "key", key);
+      o << "[{prefix=" << prefix << ", key=" << key << "}]";
+    } else {
+      for (unsigned i=0; i<cmd.size(); i++) {
+        if (i) o << ' ';
+        o << cmd[i];
+      }
     }
     o << " v " << version << ")";
   }
diff --git a/src/messages/MMonCommandAck.h b/src/messages/MMonCommandAck.h
index 2c07b5fe7..4622c0644 100644
--- a/src/messages/MMonCommandAck.h
+++ b/src/messages/MMonCommandAck.h
@@ -15,6 +15,7 @@
 #ifndef CEPH_MMONCOMMANDACK_H
 #define CEPH_MMONCOMMANDACK_H
 
+#include "common/cmdparse.h"
 #include "messages/PaxosServiceMessage.h"
 
 class MMonCommandAck : public PaxosServiceMessage {
@@ -33,7 +34,28 @@ private:
 public:
   const char *get_type_name() const override { return "mon_command"; }
   void print(ostream& o) const override {
-    o << "mon_command_ack(" << cmd << "=" << r << " " << rs << " v" << version << ")";
+    cmdmap_t cmdmap;
+    stringstream ss;
+    string prefix;
+    cmdmap_from_json(cmd, &cmdmap, ss);
+    cmd_getval(g_ceph_context, cmdmap, "prefix", prefix);
+    // Some config values contain sensitive data, so don't log them
+    o << "mon_command_ack(";
+    if (prefix == "config set") {
+      string name;
+      cmd_getval(g_ceph_context, cmdmap, "name", name);
+      o << "[{prefix=" << prefix
+        << ", name=" << name << "}]"
+        << "=" << r << " " << rs << " v" << version << ")";
+    } else if (prefix == "config-key set") {
+      string key;
+      cmd_getval(g_ceph_context, cmdmap, "key", key);
+      o << "[{prefix=" << prefix << ", key=" << key << "}]"
+        << "=" << r << " " << rs << " v" << version << ")";
+    } else {
+      o << cmd;
+    }
+    o << "=" << r << " " << rs << " v" << version << ")";
   }
   
   void encode_payload(uint64_t features) override {