]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ci.git/commitdiff
projects / ceph-ci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba58bb3)
libcephfs_proxy: check requirements for embedded perms on connection
authorXavi Hernandez <xhernandez@gmail.com>
Sat, 26 Jul 2025 19:41:22 +0000 (21:41 +0200)
committerAnoop C S <anoopcs@cryptolab.net>
Fri, 15 Aug 2025 09:52:22 +0000 (15:22 +0530)
Signed-off-by: Xavi Hernandez <xhernandez@gmail.com>
(cherry picked from commit 594c53be8a6f108cf644d80f7087fbf40aff777c)

src/libcephfs_proxy/proxy_link.c patch | blob | history

diff --git a/src/libcephfs_proxy/proxy_link.c b/src/libcephfs_proxy/proxy_link.c
index 3dbad3de67cebe2e8a3dc96be3301ac5a5d881aa..be7c987df2cb07e523ad34e991fb98e0bbc35e79 100644 (file)
--- a/src/libcephfs_proxy/proxy_link.c
+++ b/src/libcephfs_proxy/proxy_link.c
@@ -343,6 +343,15 @@ static int32_t proxy_link_negotiate_check(proxy_link_negotiate_t *local,
                goto validate;
        }
 
+       if (local->v2.protocol > remote->v2.protocol) {
+               local->v2.protocol = remote->v2.protocol;
+       }
+
+       if (local->v2.protocol < PROXY_PROTOCOL_V1) {
+               /* Embedded permissions feature requires protocol version 1 */
+               local->v1.supported &= ~PROXY_FEAT_EMBEDDED_PERMS;
+       }
+
        supported = local->v1.supported & remote->v1.supported;
        local->v1.supported = supported;
 
@@ -364,10 +373,6 @@ static int32_t proxy_link_negotiate_check(proxy_link_negotiate_t *local,
        enabled = (local->v1.enabled | remote->v1.enabled) & supported;
        local->v1.enabled = enabled;
 
-       if (local->v2.protocol > remote->v2.protocol) {
-               local->v2.protocol = remote->v2.protocol;
-       }
-
        /* NEG_VERSION: Implement handling of negotiate extensions. */
 
 validate:
@@ -489,6 +494,13 @@ static int32_t proxy_link_negotiate_server(proxy_link_t *link, int32_t sd,
                }
        }
 
+       if (((neg->v1.enabled & PROXY_FEAT_EMBEDDED_PERMS) != 0) &&
+           (neg->v2.protocol < PROXY_PROTOCOL_V1)) {
+               return proxy_log(LOG_ERR, EINVAL,
+                                "The client tried to enable embedded perms "
+                                "with an unsupported protocol version");
+       }
+
        /* NEG_VERSION: Implement any required handling for new negotiate
         *              extensions. */
 
Unnamed repository; edit this file 'description' to name the repository.