RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2024-12-18 09:25:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Temporary patch to a problem in Pipe related to monitor initialization.

Browse Source 
Signed-off-by: Peter Reiher <reiher@inktank.com>
This commit is contained in:
Peter Reiher 2012-10-29 12:42:29 -07:00
parent 1b258764bc
commit 2157bcbf65
2 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/auth/AuthAuthorizeHandler.cc
View File

@ -12,6 +12,7 @@
*
*/
#include "common/debug.h"
#include "Auth.h"
#include "AuthAuthorizeHandler.h"
#include "cephx/CephxAuthorizeHandler.h"
@ -19,6 +20,8 @@
#include "AuthMethodList.h"
#include "common/Mutex.h"
#define dout_subsys ceph_subsys_auth
AuthAuthorizeHandler *AuthAuthorizeHandlerRegistry::get_handler(int protocol)
{
if (!supported.is_supported_auth(protocol)) {

32
src/msg/Pipe.cc
View File

@ -311,19 +311,33 @@ int Pipe::accept()
}
msgr->lock.Unlock();
// As it stands, this code is not totally secure, since the first monitor pipe that gets set up isn't ready to verify authorizers.
// As a result, we just skip over verifying the authorizer. Fixing it requires some surgery in monitor initialization. PLR
if (msgr->verify_authorizer(connection_state, peer_type,
connect.authorizer_protocol, authorizer, authorizer_reply, authorizer_valid, session_key) &&
!authorizer_valid) {
ldout(msgr->cct,0) << "accept bad authorizer" << dendl;
reply.tag = CEPH_MSGR_TAG_BADAUTHORIZER;
session_security = NULL;
goto reply;
connect.authorizer_protocol, authorizer, authorizer_reply, authorizer_valid, session_key) ) {
if (!authorizer_valid) {
ldout(msgr->cct,0) << "accept: got bad authorizer" << dendl;
reply.tag = CEPH_MSGR_TAG_BADAUTHORIZER;
session_security = NULL;
goto reply;
}
else {
// We've verified the authorizer for this pipe, so set up the session security structure. PLR
session_security = get_auth_session_handler(msgr->cct, connect.authorizer_protocol, session_key);
}
}
else {
// We've verified the authorizer for this pipe, so set up the session security structure. PLR
session_security = get_auth_session_handler(msgr->cct, connect.authorizer_protocol, session_key);
// verify_authorizer failed. Don't set up session security, since we have no authorizer to get a key from. PLR
ldout(msgr->cct,10) << "accept: verify_authorizer failed, setting session_security to NULL." << dendl;
session_security = NULL;
}
msgr->lock.Lock();
if (msgr->dispatch_queue.stop)
goto shutting_down;