crimson/mon: skip CEPHX_V2 challenge if client doesn't support it

author Kefu Chai <kchai@redhat.com>

Wed, 16 Oct 2019 07:51:54 +0000 (15:51 +0800)

committer Kefu Chai <kchai@redhat.com>

Mon, 21 Oct 2019 14:59:59 +0000 (22:59 +0800)
author Kefu Chai <kchai@redhat.com>
Wed, 16 Oct 2019 07:51:54 +0000 (15:51 +0800)
committer Kefu Chai <kchai@redhat.com>
Mon, 21 Oct 2019 14:59:59 +0000 (22:59 +0800)
diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc

index 8aa59d825d50bc7a17368dc71f1790b8bd3c86cc..7ef75567131ca3d00002064c7dfbed8b1237ec8a 100644 (file)
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -617,7 +617,14 @@ int Client::handle_auth_request(ceph::net::ConnectionRef con,
                     auth_method);
      return -EOPNOTSUPP;
    }
+  auto authorizer_challenge = &auth_meta->authorizer_challenge;
    ceph_assert(active_con);
+  if (!HAVE_FEATURE(active_con->get_conn()->get_features(), CEPHX_V2)) {
+    if (local_conf().get_val<uint64_t>("cephx_service_require_version") >= 2) {
+      return -EACCES;
+    }
+    authorizer_challenge = nullptr;
+  }
    bool was_challenge = (bool)auth_meta->authorizer_challenge;
    EntityName name;
    AuthCapsInfo caps_info;
@@ -632,7 +639,7 @@ int Client::handle_auth_request(ceph::net::ConnectionRef con,
      &caps_info,
      &auth_meta->session_key,
      &auth_meta->connection_secret,
-    &auth_meta->authorizer_challenge);
+    authorizer_challenge);
    if (is_valid) {
      auth_handler.handle_authentication(name, caps_info);
      return 1;
author	Kefu Chai <kchai@redhat.com>
	Wed, 16 Oct 2019 07:51:54 +0000 (15:51 +0800)
committer	Kefu Chai <kchai@redhat.com>
	Mon, 21 Oct 2019 14:59:59 +0000 (22:59 +0800)