find_package(CppCheck)
find_package(IWYU)
-set(VERSION 15.2.5)
+set(VERSION 15.2.6)
# Contributor: John Coyle <dx9err@gmail.com>
# Maintainer: John Coyle <dx9err@gmail.com>
pkgname=ceph
-pkgver=15.2.5
+pkgver=15.2.6
pkgrel=0
pkgdesc="Ceph is a distributed object store and file system"
pkgusers="ceph"
xmlstarlet
yasm
"
-source="ceph-15.2.5.tar.bz2"
+source="ceph-15.2.6.tar.bz2"
subpackages="
$pkgname-base
$pkgname-common
_udevrulesdir=/etc/udev/rules.d
_python_sitelib=/usr/lib/python2.7/site-packages
-builddir=$srcdir/ceph-15.2.5
+builddir=$srcdir/ceph-15.2.6
build() {
export CEPH_BUILD_VIRTUALENV=$builddir
# main package definition
#################################################################################
Name: ceph
-Version: 15.2.5
+Version: 15.2.6
Release: 0%{?dist}
%if 0%{?fedora} || 0%{?rhel}
Epoch: 2
Group: System/Filesystems
%endif
URL: http://ceph.com/
-Source0: %{?_remote_tarball_prefix}ceph-15.2.5.tar.bz2
+Source0: %{?_remote_tarball_prefix}ceph-15.2.6.tar.bz2
%if 0%{?suse_version}
# _insert_obs_source_lines_here
ExclusiveArch: x86_64 aarch64 ppc64le s390x
# common
#################################################################################
%prep
-%autosetup -p1 -n ceph-15.2.5
+%autosetup -p1 -n ceph-15.2.6
%build
# LTO can be enabled as soon as the following GCC bug is fixed:
-ceph (15.2.5-1bionic) bionic; urgency=medium
+ceph (15.2.6-1bionic) bionic; urgency=medium
- -- Jenkins Build Slave User <jenkins-build@braggi13.front.sepia.ceph.com> Tue, 15 Sep 2020 19:09:15 +0000
+ -- Jenkins Build Slave User <jenkins-build@braggi11.front.sepia.ceph.com> Tue, 17 Nov 2020 18:25:05 +0000
+
+ceph (15.2.6-1) stable; urgency=medium
+
+ * New upstream release
+
+ -- Ceph Release Team <ceph-maintainers@ceph.com> Tue, 17 Nov 2020 18:12:51 +0000
ceph (15.2.5-1) stable; urgency=medium
-2c93eff00150f0cc5f106a559557a58d3d7b6f1f
-15.2.5
+cb8c61a60551b72614257d632a574d420064c17a
+15.2.6
std::unique_ptr<AuthAuthorizer> authorizer;
std::unique_ptr<AuthAuthorizerChallenge> authorizer_challenge;
+
+ ///< set if msgr1 peer doesn't support CEPHX_V2
+ bool skip_authorizer_challenge = false;
};
/*
}
auto ac = &auth_meta->authorizer_challenge;
- if (!HAVE_FEATURE(con->get_features(), CEPHX_V2)) {
- if (cct->_conf->cephx_service_require_version >= 2) {
- ldout(cct,10) << __func__ << " client missing CEPHX_V2 ("
- << "cephx_service_requre_version = "
- << cct->_conf->cephx_service_require_version << ")" << dendl;
- return -EACCES;
- }
+ if (auth_meta->skip_authorizer_challenge) {
+ ldout(cct, 10) << __func__ << " skipping challenge on " << con << dendl;
ac = nullptr;
}
// require signatures for cephx?
if (connect_msg.authorizer_protocol == CEPH_AUTH_CEPHX) {
if (connection->peer_type == CEPH_ENTITY_TYPE_OSD ||
- connection->peer_type == CEPH_ENTITY_TYPE_MDS) {
+ connection->peer_type == CEPH_ENTITY_TYPE_MDS ||
+ connection->peer_type == CEPH_ENTITY_TYPE_MGR) {
if (cct->_conf->cephx_require_signatures ||
cct->_conf->cephx_cluster_require_signatures) {
ldout(cct, 10)
<< dendl;
connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH;
}
+ if (cct->_conf->cephx_require_version >= 2 ||
+ cct->_conf->cephx_cluster_require_version >= 2) {
+ ldout(cct, 10)
+ << __func__
+ << " using cephx, requiring cephx v2 feature bit for cluster"
+ << dendl;
+ connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+ }
} else {
if (cct->_conf->cephx_require_signatures ||
cct->_conf->cephx_service_require_signatures) {
<< dendl;
connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH;
}
+ if (cct->_conf->cephx_require_version >= 2 ||
+ cct->_conf->cephx_service_require_version >= 2) {
+ ldout(cct, 10)
+ << __func__
+ << " using cephx, requiring cephx v2 feature bit for service"
+ << dendl;
+ connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+ }
}
}
bufferlist auth_bl_copy = authorizer_buf;
auto am = auth_meta;
am->auth_method = connect_msg.authorizer_protocol;
+ if (!HAVE_FEATURE((uint64_t)connect_msg.features, CEPHX_V2)) {
+ // peer doesn't support it and we won't get here if we require it
+ am->skip_authorizer_challenge = true;
+ }
connection->lock.unlock();
ldout(cct,10) << __func__ << " authorizor_protocol "
<< connect_msg.authorizer_protocol