is a distributed object store and file system designed to provide excellent performance, reliability and scalability.
| ProtocolV1.cc (ceph-15.2.5) | : | ProtocolV1.cc (ceph-15.2.6) |
|---|
| | |
| skipping to change at line 1999 | | skipping to change at line 1999 |
|---|
| << ", their proto " << connect_msg.protocol_version << dendl; | | << ", their proto " << connect_msg.protocol_version << dendl; |
| | |
| if (connect_msg.protocol_version != reply.protocol_version) { | | if (connect_msg.protocol_version != reply.protocol_version) { |
| return send_connect_message_reply(CEPH_MSGR_TAG_BADPROTOVER, reply, | | return send_connect_message_reply(CEPH_MSGR_TAG_BADPROTOVER, reply, |
| authorizer_reply); | | authorizer_reply); |
| } | | } |
| | |
| // require signatures for cephx? | | // require signatures for cephx? |
| if (connect_msg.authorizer_protocol == CEPH_AUTH_CEPHX) { | | if (connect_msg.authorizer_protocol == CEPH_AUTH_CEPHX) { |
| if (connection->peer_type == CEPH_ENTITY_TYPE_OSD || | | if (connection->peer_type == CEPH_ENTITY_TYPE_OSD || |
|
| connection->peer_type == CEPH_ENTITY_TYPE_MDS) { | | connection->peer_type == CEPH_ENTITY_TYPE_MDS || |
| | connection->peer_type == CEPH_ENTITY_TYPE_MGR) { |
| if (cct->_conf->cephx_require_signatures || | | if (cct->_conf->cephx_require_signatures || |
| cct->_conf->cephx_cluster_require_signatures) { | | cct->_conf->cephx_cluster_require_signatures) { |
| ldout(cct, 10) | | ldout(cct, 10) |
| << __func__ | | << __func__ |
| << " using cephx, requiring MSG_AUTH feature bit for cluster" | | << " using cephx, requiring MSG_AUTH feature bit for cluster" |
| << dendl; | | << dendl; |
| connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH; | | connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH; |
| } | | } |
|
| | if (cct->_conf->cephx_require_version >= 2 || |
| | cct->_conf->cephx_cluster_require_version >= 2) { |
| | ldout(cct, 10) |
| | << __func__ |
| | << " using cephx, requiring cephx v2 feature bit for cluster" |
| | << dendl; |
| | connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2; |
| | } |
| } else { | | } else { |
| if (cct->_conf->cephx_require_signatures || | | if (cct->_conf->cephx_require_signatures || |
| cct->_conf->cephx_service_require_signatures) { | | cct->_conf->cephx_service_require_signatures) { |
| ldout(cct, 10) | | ldout(cct, 10) |
| << __func__ | | << __func__ |
| << " using cephx, requiring MSG_AUTH feature bit for service" | | << " using cephx, requiring MSG_AUTH feature bit for service" |
| << dendl; | | << dendl; |
| connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH; | | connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH; |
| } | | } |
|
| | if (cct->_conf->cephx_require_version >= 2 || |
| | cct->_conf->cephx_service_require_version >= 2) { |
| | ldout(cct, 10) |
| | << __func__ |
| | << " using cephx, requiring cephx v2 feature bit for service" |
| | << dendl; |
| | connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2; |
| | } |
| } | | } |
| } | | } |
| | |
| uint64_t feat_missing = | | uint64_t feat_missing = |
| connection->policy.features_required & ~(uint64_t)connect_msg.features; | | connection->policy.features_required & ~(uint64_t)connect_msg.features; |
| if (feat_missing) { | | if (feat_missing) { |
| ldout(cct, 1) << __func__ << " peer missing required features " << std::hex | | ldout(cct, 1) << __func__ << " peer missing required features " << std::hex |
| << feat_missing << std::dec << dendl; | | << feat_missing << std::dec << dendl; |
| return send_connect_message_reply(CEPH_MSGR_TAG_FEATURES, reply, | | return send_connect_message_reply(CEPH_MSGR_TAG_FEATURES, reply, |
| authorizer_reply); | | authorizer_reply); |
| } | | } |
| | |
| bufferlist auth_bl_copy = authorizer_buf; | | bufferlist auth_bl_copy = authorizer_buf; |
| auto am = auth_meta; | | auto am = auth_meta; |
| am->auth_method = connect_msg.authorizer_protocol; | | am->auth_method = connect_msg.authorizer_protocol; |
|
| | if (!HAVE_FEATURE((uint64_t)connect_msg.features, CEPHX_V2)) { |
| | // peer doesn't support it and we won't get here if we require it |
| | am->skip_authorizer_challenge = true; |
| | } |
| connection->lock.unlock(); | | connection->lock.unlock(); |
| ldout(cct,10) << __func__ << " authorizor_protocol " | | ldout(cct,10) << __func__ << " authorizor_protocol " |
| << connect_msg.authorizer_protocol | | << connect_msg.authorizer_protocol |
| << " len " << auth_bl_copy.length() | | << " len " << auth_bl_copy.length() |
| << dendl; | | << dendl; |
| bool more = (bool)auth_meta->authorizer_challenge; | | bool more = (bool)auth_meta->authorizer_challenge; |
| int r = messenger->auth_server->handle_auth_request( | | int r = messenger->auth_server->handle_auth_request( |
| connection, | | connection, |
| am.get(), | | am.get(), |
| more, | | more, |
| | | |
| End of changes. 4 change blocks. |
|---|
| 1 lines changed or deleted | | 22 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 