#include "Crypto.h"
#include "common/entity_name.h"
+// The _MAX values are a bit wonky here because we are overloading the first
+// byte of the auth payload to identify both the type of authentication to be
+// used *and* the encoding version for the authenticator. So, we define a
+// range.
enum {
AUTH_MODE_NONE = 0,
AUTH_MODE_AUTHORIZER = 1,
- AUTH_MODE_MON = 100,
+ AUTH_MODE_AUTHORIZER_MAX = 9,
+ AUTH_MODE_MON = 10,
+ AUTH_MODE_MON_MAX = 19,
};
class Cond;
/// client: initial empty, but populated if server said bad method
std::vector<uint32_t> allowed_methods;
- int auth_mode = 0; ///< AUTH_MODE_*
+ int auth_mode = AUTH_MODE_NONE; ///< AUTH_MODE_*
int con_mode = 0; ///< negotiated mode
bufferlist *reply)
{
auth_meta->auth_mode = payload[0];
- if (auth_meta->auth_mode != AUTH_MODE_AUTHORIZER) {
+ if (auth_meta->auth_mode < AUTH_MODE_AUTHORIZER ||
+ auth_meta->auth_mode > AUTH_MODE_AUTHORIZER_MAX) {
return -EACCES;
}
AuthAuthorizeHandler *ah = get_auth_authorize_handler(con->get_peer_type(),
auth_meta->auth_mode = payload[0];
}
- if (auth_meta->auth_mode == AUTH_MODE_AUTHORIZER) {
+ if (auth_meta->auth_mode >= AUTH_MODE_AUTHORIZER &&
+ auth_meta->auth_mode <= AUTH_MODE_AUTHORIZER_MAX) {
AuthAuthorizeHandler *ah = get_auth_authorize_handler(con->get_peer_type(),
auth_method);
if (!ah) {
}
dout(10) << __func__ << " bad authorizer on " << con << dendl;
return -EACCES;
- } else if (auth_meta->auth_mode != AUTH_MODE_MON) {
+ } else if (auth_meta->auth_mode < AUTH_MODE_MON &&
+ auth_meta->auth_mode > AUTH_MODE_MON_MAX) {
derr << __func__ << " unrecognized auth mode " << auth_meta->auth_mode
<< dendl;
return -EACCES;
EntityName entity_name;
decode(mode, p);
- assert(mode == AUTH_MODE_MON);
+ assert(mode >= AUTH_MODE_MON && mode <= AUTH_MODE_MON_MAX);
decode(entity_name, p);
decode(con->peer_global_id, p);
projects / ceph.git / commitdiff