Actions
Bug #2429
closedceph-client: verify_authrizer_reply con method never called
% Done:
0%
Source:
Development
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
Both ceph_connection_operations and ceph_auth_client_ops define
a verify_authorizer_reply method.
The only caller of functions by that name in the client code are
the two auth_client verify_authorizer_reply methods, but they
themselves are never called.
This means we're never actually checking the authorizer returned
by the server, so we're (at least) not verifying its authenticity.
Maybe the client isn't supposed to--in which case this is dead
code that can be removed. But I think we want the authentication
between client and server to be mutual.
Actions