From 85d5c9cb0fa4f6677a88b9b04a5ad93768558538 Mon Sep 17 00:00:00 2001
From: turly221 <feifan@scntist.com>
Date: Wed, 11 Dec 2024 15:30:27 +0000
Subject: [PATCH 1/4] commit patch 20488664

---
 src/msg/async/ProtocolV1.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/msg/async/ProtocolV1.cc b/src/msg/async/ProtocolV1.cc
index 714eff74df8a7..8de0c215f5a5e 100644
--- a/src/msg/async/ProtocolV1.cc
+++ b/src/msg/async/ProtocolV1.cc
@@ -1905,7 +1905,8 @@ CtPtr ProtocolV1::handle_connect_message_2() {
   // require signatures for cephx?
   if (connect_msg.authorizer_protocol == CEPH_AUTH_CEPHX) {
     if (connection->peer_type == CEPH_ENTITY_TYPE_OSD ||
-        connection->peer_type == CEPH_ENTITY_TYPE_MDS) {
+        connection->peer_type == CEPH_ENTITY_TYPE_MDS ||
+        connection->peer_type == CEPH_ENTITY_TYPE_MGR) {
       if (cct->_conf->cephx_require_signatures ||
           cct->_conf->cephx_cluster_require_signatures) {
         ldout(cct, 10)

From 679f9736a36d7c20537b8f4074e09f9764c88432 Mon Sep 17 00:00:00 2001
From: turly221 <feifan@scntist.com>
Date: Wed, 11 Dec 2024 15:30:29 +0000
Subject: [PATCH 2/4] commit patch 26976948

---
 src/msg/async/ProtocolV1.cc | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/msg/async/ProtocolV1.cc b/src/msg/async/ProtocolV1.cc
index 8de0c215f5a5e..d267f70f7bac7 100644
--- a/src/msg/async/ProtocolV1.cc
+++ b/src/msg/async/ProtocolV1.cc
@@ -1915,6 +1915,14 @@ CtPtr ProtocolV1::handle_connect_message_2() {
             << dendl;
         connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH;
       }
+      if (cct->_conf->cephx_require_version >= 2 ||
+          cct->_conf->cephx_cluster_require_version >= 2) {
+        ldout(cct, 10)
+            << __func__
+            << " using cephx, requiring cephx v2 feature bit for cluster"
+            << dendl;
+        connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+      }
     } else {
       if (cct->_conf->cephx_require_signatures ||
           cct->_conf->cephx_service_require_signatures) {
@@ -1924,6 +1932,14 @@ CtPtr ProtocolV1::handle_connect_message_2() {
             << dendl;
         connection->policy.features_required |= CEPH_FEATURE_MSG_AUTH;
       }
+      if (cct->_conf->cephx_require_version >= 2 ||
+          cct->_conf->cephx_service_require_version >= 2) {
+        ldout(cct, 10)
+            << __func__
+            << " using cephx, requiring cephx v2 feature bit for service"
+            << dendl;
+        connection->policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+      }
     }
   }
 

From e78e5cb7480c1fe5c936df57ec6a480c917826fd Mon Sep 17 00:00:00 2001
From: turly221 <feifan@scntist.com>
Date: Wed, 11 Dec 2024 15:30:31 +0000
Subject: [PATCH 3/4] commit patch 21883938

---
 src/auth/cephx/CephxServiceHandler.cc | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 12bb8348f44c5..aabfd4d442572 100644
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -187,11 +187,14 @@ int CephxServiceHandler::handle_request(
 	    }
 	  }
 	  encode(cbl, *result_bl);
-	  // provite all of the other tickets at the same time
+	  // provide requested service tickets at the same time
 	  vector<CephXSessionAuthInfo> info_vec;
 	  for (uint32_t service_id = 1; service_id <= req.other_keys;
 	       service_id <<= 1) {
-	    if (req.other_keys & service_id) {
+	    // skip CEPH_ENTITY_TYPE_AUTH: auth ticket is already encoded
+	    // (possibly encrypted with the old session key)
+	    if ((req.other_keys & service_id) &&
+		service_id != CEPH_ENTITY_TYPE_AUTH) {
 	      ldout(cct, 10) << " adding key for service "
 			     << ceph_entity_type_name(service_id) << dendl;
 	      CephXSessionAuthInfo svc_info;
@@ -243,7 +246,10 @@ int CephxServiceHandler::handle_request(
       int service_err = 0;
       for (uint32_t service_id = 1; service_id <= ticket_req.keys;
 	   service_id <<= 1) {
-        if (ticket_req.keys & service_id) {
+        // skip CEPH_ENTITY_TYPE_AUTH: auth ticket must be obtained with
+        // CEPHX_GET_AUTH_SESSION_KEY
+        if ((ticket_req.keys & service_id) &&
+            service_id != CEPH_ENTITY_TYPE_AUTH) {
 	  ldout(cct, 10) << " adding key for service "
 			 << ceph_entity_type_name(service_id) << dendl;
           CephXSessionAuthInfo info;

From d5f09739126a2a28987eed5a46ea318ad1ec77eb Mon Sep 17 00:00:00 2001
From: turly221 <feifan@scntist.com>
Date: Wed, 11 Dec 2024 15:30:33 +0000
Subject: [PATCH 4/4] commit patch 19221635

---
 src/rgw/rgw_rest_swift.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc
index af672c6685ba4..057a4caa6d96e 100644
--- a/src/rgw/rgw_rest_swift.cc
+++ b/src/rgw/rgw_rest_swift.cc
@@ -2545,6 +2545,9 @@ bool RGWSwiftWebsiteHandler::is_web_dir() const
     return false;
   } else if (subdir_name.back() == '/') {
     subdir_name.pop_back();
+    if (subdir_name.empty()) {
+      return false;
+    }
   }
 
   rgw_obj obj(s->bucket, std::move(subdir_name));