Commit 5c056fdc authored by Ilya Dryomov's avatar Ilya Dryomov
Browse files

libceph: verify authorize reply on connect

After sending an authorizer (ceph_x_authorize_a + ceph_x_authorize_b),
the client gets back a ceph_x_authorize_reply, which it is supposed to
verify to ensure the authenticity and protect against replay attacks.
The code for doing this is there (ceph_x_verify_authorizer_reply(),
ceph_auth_verify_authorizer_reply() + plumbing), but it is never
invoked by the the messenger.

AFAICT this goes back to 2009, when ceph authentication protocols
support was added to the kernel client in 4e7a5dcd

negotiate authentication protocol; implement AUTH_NONE protocol").

The second param of ceph_connection_operations::verify_authorizer_reply
is unused all the way down.  Pass 0 to facilitate backporting, and kill
it in the next commit.

Signed-off-by: default avatarIlya Dryomov <>
Reviewed-by: default avatarSage Weil <>
parent 5418d0a2
......@@ -2027,6 +2027,19 @@ static int process_connect(struct ceph_connection *con)
dout("process_connect on %p tag %d\n", con, (int)con->in_tag);
if (con->auth_reply_buf) {
* Any connection that defines ->get_authorizer()
* should also define ->verify_authorizer_reply().
* See get_connect_authorizer().
ret = con->ops->verify_authorizer_reply(con, 0);
if (ret < 0) {
con->error_msg = "bad authorize reply";
return ret;
switch (con->in_reply.tag) {
pr_err("%s%lld %s feature set mismatch,"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment