From: Xavi Hernandez Date: Sat, 26 Jul 2025 19:41:22 +0000 (+0200) Subject: libcephfs_proxy: check requirements for embedded perms on connection X-Git-Tag: testing/wip-jcollin-testing-20250822.015611-tentacle~10^2~2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=3e2b6c5e1562e2d7e7a21d8b8d4b783c95ca66a7;p=ceph-ci.git libcephfs_proxy: check requirements for embedded perms on connection Signed-off-by: Xavi Hernandez (cherry picked from commit 594c53be8a6f108cf644d80f7087fbf40aff777c) --- diff --git a/src/libcephfs_proxy/proxy_link.c b/src/libcephfs_proxy/proxy_link.c index 3dbad3de67c..be7c987df2c 100644 --- a/src/libcephfs_proxy/proxy_link.c +++ b/src/libcephfs_proxy/proxy_link.c @@ -343,6 +343,15 @@ static int32_t proxy_link_negotiate_check(proxy_link_negotiate_t *local, goto validate; } + if (local->v2.protocol > remote->v2.protocol) { + local->v2.protocol = remote->v2.protocol; + } + + if (local->v2.protocol < PROXY_PROTOCOL_V1) { + /* Embedded permissions feature requires protocol version 1 */ + local->v1.supported &= ~PROXY_FEAT_EMBEDDED_PERMS; + } + supported = local->v1.supported & remote->v1.supported; local->v1.supported = supported; @@ -364,10 +373,6 @@ static int32_t proxy_link_negotiate_check(proxy_link_negotiate_t *local, enabled = (local->v1.enabled | remote->v1.enabled) & supported; local->v1.enabled = enabled; - if (local->v2.protocol > remote->v2.protocol) { - local->v2.protocol = remote->v2.protocol; - } - /* NEG_VERSION: Implement handling of negotiate extensions. */ validate: @@ -489,6 +494,13 @@ static int32_t proxy_link_negotiate_server(proxy_link_t *link, int32_t sd, } } + if (((neg->v1.enabled & PROXY_FEAT_EMBEDDED_PERMS) != 0) && + (neg->v2.protocol < PROXY_PROTOCOL_V1)) { + return proxy_log(LOG_ERR, EINVAL, + "The client tried to enable embedded perms " + "with an unsupported protocol version"); + } + /* NEG_VERSION: Implement any required handling for new negotiate * extensions. */