Actions
Bug #2429
closedceph-client: verify_authrizer_reply con method never called
% Done:
0%
Source:
Development
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
Both ceph_connection_operations and ceph_auth_client_ops define
a verify_authorizer_reply method.
The only caller of functions by that name in the client code are
the two auth_client verify_authorizer_reply methods, but they
themselves are never called.
This means we're never actually checking the authorizer returned
by the server, so we're (at least) not verifying its authenticity.
Maybe the client isn't supposed to--in which case this is dead
code that can be removed. But I think we want the authentication
between client and server to be mutual.
Updated by Alex Elder almost 12 years ago
Whoops, forgot to fill in a real subject/title. Not sure how to
fix it either.
Updated by Sage Weil almost 12 years ago
- Subject changed from ceph-client: to ceph-client: verify_authrizer_reply con method never called
- Category set to libceph
- Priority changed from Normal to High
Actions