From aae985d47a511ec23493ccd6d7ddaf58257eee5b Mon Sep 17 00:00:00 2001
From: Yehuda Sadeh <yehuda@hq.newdream.net>
Date: Wed, 21 Oct 2009 16:58:25 -0700
Subject: [PATCH] auth: verify authorize reply on connect

---
 src/msg/SimpleMessenger.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/msg/SimpleMessenger.cc b/src/msg/SimpleMessenger.cc
index 2d22a82662a85..3a3902adb1f3a 100644
--- a/src/msg/SimpleMessenger.cc
+++ b/src/msg/SimpleMessenger.cc
@@ -1027,6 +1027,15 @@ int SimpleMessenger::Pipe::connect()
       authorizer_reply.push_back(bp);
     }
 
+    if (authorizer.bl.length()) {
+      bufferlist::iterator iter = authorizer_reply.begin();
+      dout(0) << "verifying authorize reply, len=" << authorizer_reply.length() << dendl;
+      if (!authorizer.verify_reply(iter)) {
+        dout(0) << "failed verifying authorize reply" << dendl;
+        goto fail;
+      }
+    }
+
     lock.Lock();
     if (state != STATE_CONNECTING) {
       dout(0) << "connect got RESETSESSION but no longer connecting" << dendl;
-- 
2.39.5