From be3bc32f0f46148a4fbd68bb2cbfba3bda8ad310 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Fri, 20 Nov 2020 09:43:20 +0100
Subject: [PATCH] import 15.2.6

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 ceph/CMakeLists.txt              |  2 +-
 ceph/alpine/APKBUILD             |  6 +++---
 ceph/ceph.spec                   |  6 +++---
 ceph/changelog.upstream          | 10 ++++++++--
 ceph/src/.git_version            |  4 ++--
 ceph/src/auth/Auth.h             |  3 +++
 ceph/src/mon/MonClient.cc        |  9 ++-------
 ceph/src/msg/async/ProtocolV1.cc | 23 ++++++++++++++++++++++-
 8 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/ceph/CMakeLists.txt b/ceph/CMakeLists.txt
index 6d769090d..e5218c1e5 100644
--- a/ceph/CMakeLists.txt
+++ b/ceph/CMakeLists.txt
@@ -667,4 +667,4 @@ add_custom_target(tags DEPENDS ctags)
 
 find_package(CppCheck)
 find_package(IWYU)
-set(VERSION 15.2.5)
+set(VERSION 15.2.6)
diff --git a/ceph/alpine/APKBUILD b/ceph/alpine/APKBUILD
index a15bd142f..5a4bca6f2 100644
--- a/ceph/alpine/APKBUILD
+++ b/ceph/alpine/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: John Coyle <dx9err@gmail.com>
 # Maintainer: John Coyle <dx9err@gmail.com>
 pkgname=ceph
-pkgver=15.2.5
+pkgver=15.2.6
 pkgrel=0
 pkgdesc="Ceph is a distributed object store and file system"
 pkgusers="ceph"
@@ -63,7 +63,7 @@ makedepends="
 	xmlstarlet
 	yasm
 "
-source="ceph-15.2.5.tar.bz2"
+source="ceph-15.2.6.tar.bz2"
 subpackages="
 	$pkgname-base
 	$pkgname-common
@@ -116,7 +116,7 @@ _sysconfdir=/etc
 _udevrulesdir=/etc/udev/rules.d
 _python_sitelib=/usr/lib/python2.7/site-packages
 
-builddir=$srcdir/ceph-15.2.5
+builddir=$srcdir/ceph-15.2.6
 
 build() {
 	export CEPH_BUILD_VIRTUALENV=$builddir
diff --git a/ceph/ceph.spec b/ceph/ceph.spec
index 0e12976d0..a3502a7f8 100644
--- a/ceph/ceph.spec
+++ b/ceph/ceph.spec
@@ -98,7 +98,7 @@
 # main package definition
 #################################################################################
 Name:		ceph
-Version:	15.2.5
+Version:	15.2.6
 Release:	0%{?dist}
 %if 0%{?fedora} || 0%{?rhel}
 Epoch:		2
@@ -114,7 +114,7 @@ License:	LGPL-2.1 and LGPL-3.0 and CC-BY-SA-3.0 and GPL-2.0 and BSL-1.0 and BSD-
 Group:		System/Filesystems
 %endif
 URL:		http://ceph.com/
-Source0:	%{?_remote_tarball_prefix}ceph-15.2.5.tar.bz2
+Source0:	%{?_remote_tarball_prefix}ceph-15.2.6.tar.bz2
 %if 0%{?suse_version}
 # _insert_obs_source_lines_here
 ExclusiveArch:  x86_64 aarch64 ppc64le s390x
@@ -1126,7 +1126,7 @@ This package provides Ceph’s default alerts for Prometheus.
 # common
 #################################################################################
 %prep
-%autosetup -p1 -n ceph-15.2.5
+%autosetup -p1 -n ceph-15.2.6
 
 %build
 # LTO can be enabled as soon as the following GCC bug is fixed:
diff --git a/ceph/changelog.upstream b/ceph/changelog.upstream
index 242e05bf4..3ff5c5df0 100644
--- a/ceph/changelog.upstream
+++ b/ceph/changelog.upstream
@@ -1,7 +1,13 @@
-ceph (15.2.5-1bionic) bionic; urgency=medium
+ceph (15.2.6-1bionic) bionic; urgency=medium
 
 
- -- Jenkins Build Slave User <jenkins-build@braggi13.front.sepia.ceph.com>  Tue, 15 Sep 2020 19:09:15 +0000
+ -- Jenkins Build Slave User <jenkins-build@braggi11.front.sepia.ceph.com>  Tue, 17 Nov 2020 18:25:05 +0000
+
+ceph (15.2.6-1) stable; urgency=medium
+
+  * New upstream release
+
+ -- Ceph Release Team <ceph-maintainers@ceph.com>  Tue, 17 Nov 2020 18:12:51 +0000
 
 ceph (15.2.5-1) stable; urgency=medium
 
diff --git a/ceph/src/.git_version b/ceph/src/.git_version
index cd1d01c51..93ceaee81 100644
--- a/ceph/src/.git_version
+++ b/ceph/src/.git_version
@@ -1,2 +1,2 @@
-2c93eff00150f0cc5f106a559557a58d3d7b6f1f
-15.2.5
+cb8c61a60551b72614257d632a574d420064c17a
+15.2.6
diff --git a/ceph/src/auth/Auth.h b/ceph/src/auth/Auth.h
index 642164985..845f56c9b 100644
--- a/ceph/src/auth/Auth.h
+++ b/ceph/src/auth/Auth.h
@@ -192,6 +192,9 @@ struct AuthConnectionMeta {
 
   std::unique_ptr<AuthAuthorizer> authorizer;
   std::unique_ptr<AuthAuthorizerChallenge> authorizer_challenge;
+
+  ///< set if msgr1 peer doesn't support CEPHX_V2
+  bool skip_authorizer_challenge = false;
 };
 
 /*
diff --git a/ceph/src/mon/MonClient.cc b/ceph/src/mon/MonClient.cc
index a3937170a..139c18eb1 100644
--- a/ceph/src/mon/MonClient.cc
+++ b/ceph/src/mon/MonClient.cc
@@ -1666,13 +1666,8 @@ int MonClient::handle_auth_request(
   }
 
   auto ac = &auth_meta->authorizer_challenge;
-  if (!HAVE_FEATURE(con->get_features(), CEPHX_V2)) {
-    if (cct->_conf->cephx_service_require_version >= 2) {
-      ldout(cct,10) << __func__ << " client missing CEPHX_V2 ("
-		    << "cephx_service_requre_version = "
-		    << cct->_conf->cephx_service_require_version << ")" << dendl;
-      return -EACCES;
-    }
+  if (auth_meta->skip_authorizer_challenge) {
+    ldout(cct, 10) << __func__ << " skipping challenge on " << con << dendl;
     ac = nullptr;
   }
 
diff --git a/ceph/src/msg/async/ProtocolV1.cc b/ceph/src/msg/async/ProtocolV1.cc
index 4560cb5a0..46b3f2698 100644
--- a/ceph/src/msg/async/ProtocolV1.cc
+++ b/ceph/src/msg/async/ProtocolV1.cc
@@ -1996,7 +1996,8 @@ CtPtr ProtocolV1::handle_connect_message_2() {
   // require signatures for cephx?
   if (connect_msg.authorizer_protocol == CEPH_AUTH_CEPHX) {
     if (connection->peer_type == CEPH_ENTITY_TYPE_OSD ||
-        connection->peer_type == CEPH_ENTITY_TYPE_MDS) {
+        connection->peer_type == CEPH_ENTITY_TYPE_MDS ||
+        connection->peer_type == CEPH_ENTITY_TYPE_MGR) {
       if (cct->_conf->cephx_require_signatures ||
           cct->_conf->cephx_cluster_require_signatures) {
         ldout(cct, 10)
@@ -2005,6 +2006,14 @@ CtPtr ProtocolV1::handle_connect_message_2() {
             << dendl;
         connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH;
       }
+      if (cct->_conf->cephx_require_version >= 2 ||
+          cct->_conf->cephx_cluster_require_version >= 2) {
+        ldout(cct, 10)
+            << __func__
+            << " using cephx, requiring cephx v2 feature bit for cluster"
+            << dendl;
+        connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+      }
     } else {
       if (cct->_conf->cephx_require_signatures ||
           cct->_conf->cephx_service_require_signatures) {
@@ -2014,6 +2023,14 @@ CtPtr ProtocolV1::handle_connect_message_2() {
             << dendl;
         connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH;
       }
+      if (cct->_conf->cephx_require_version >= 2 ||
+          cct->_conf->cephx_service_require_version >= 2) {
+        ldout(cct, 10)
+            << __func__
+            << " using cephx, requiring cephx v2 feature bit for service"
+            << dendl;
+        connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+      }
     }
   }
 
@@ -2029,6 +2046,10 @@ CtPtr ProtocolV1::handle_connect_message_2() {
   bufferlist auth_bl_copy = authorizer_buf;
   auto am = auth_meta;
   am->auth_method = connect_msg.authorizer_protocol;
+  if (!HAVE_FEATURE((uint64_t)connect_msg.features, CEPHX_V2)) {
+    // peer doesn't support it and we won't get here if we require it
+    am->skip_authorizer_challenge = true;
+  }
   connection->lock.unlock();
   ldout(cct,10) << __func__ << " authorizor_protocol "
 		<< connect_msg.authorizer_protocol
-- 
2.39.2