packages/ceph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ceph/0004-CVE-2020-27781-4.patch
chixinze 1fa3907728 fix CVE-2020-27781 
Signed-off-by: chixinze <xmdxcxz@gmail.com>
2021-07-24 10:06:10 +08:00

53 lines
2.2 KiB
Diff
Raw Blame History

From 6410f3dd63890f251414377de93cd51bfc372230 Mon Sep 17 00:00:00 2001
From: Kotresh HR <khiremat@redhat.com>
Date: Sun, 6 Dec 2020 12:40:20 +0530
Subject: [PATCH 4/5] pybind/ceph_volume_client: Optionally authorize existing
auth-ids
Optionally allow authorizing auth-ids not created by ceph_volume_client
via the option 'allow_existing_id'. This can help existing deployers
of manila to disallow/allow authorization of pre-created auth IDs
via a manila driver config that sets 'allow_existing_id' to False/True.
Fixes: https://tracker.ceph.com/issues/48555
Signed-off-by: Kotresh HR <khiremat@redhat.com>
(cherry picked from commit 77b42496e25cbd4af2e80a064ddf26221b53733f)
---
src/pybind/ceph_volume_client.py | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/pybind/ceph_volume_client.py b/src/pybind/ceph_volume_client.py
index ca1f361d03c..feeb495de00 100644
--- a/src/pybind/ceph_volume_client.py
+++ b/src/pybind/ceph_volume_client.py
@@ -993,7 +993,7 @@ class CephFSVolumeClient(object):
return caps_list
- def authorize(self, volume_path, auth_id, readonly=False, tenant_id=None):
+ def authorize(self, volume_path, auth_id, readonly=False, tenant_id=None, allow_existing_id=False):
"""
Get-or-create a Ceph auth identity for `auth_id` and grant them access
to
@@ -1003,6 +1003,8 @@ class CephFSVolumeClient(object):
:param tenant_id: Optionally provide a stringizable object to
restrict any created cephx IDs to other callers
passing the same tenant ID.
+ :allow_existing_id: Optionally authorize existing auth-ids not
+ created by ceph_volume_client
:return:
"""
@@ -1034,7 +1036,7 @@ class CephFSVolumeClient(object):
}
if auth_meta is None:
- if existing_caps is not None:
+ if not allow_existing_id and existing_caps is not None:
msg = "auth ID: {0} exists and not created by ceph_volume_client. Not allowed to modify".format(auth_id)
log.error(msg)
raise CephFSVolumeClientError(msg)
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink