}
}
-int MDSDaemon::ms_handle_fast_authentication(Connection *con)
+bool MDSDaemon::ms_handle_fast_authentication(Connection *con)
{
/* N.B. without mds_lock! */
MDSAuthCaps caps;
- return parse_caps(con->get_peer_caps_info(), caps) ? 0 : -1;
+ return parse_caps(con->get_peer_caps_info(), caps);
}
void MDSDaemon::ms_handle_accept(Connection *con)
private:
bool ms_dispatch2(const ref_t<Message> &m) override;
- int ms_handle_fast_authentication(Connection *con) override;
+ bool ms_handle_fast_authentication(Connection *con) override;
void ms_handle_accept(Connection *con) override;
void ms_handle_connect(Connection *con) override;
bool ms_handle_reset(Connection *con) override;
return msgr->get_myaddrs();
}
-int DaemonServer::ms_handle_fast_authentication(Connection *con)
+bool DaemonServer::ms_handle_fast_authentication(Connection *con)
{
auto s = ceph::make_ref<MgrSession>(cct);
con->set_priv(s);
catch (buffer::error& e) {
dout(10) << " session " << s << " " << s->entity_name
<< " failed to decode caps" << dendl;
- return -EACCES;
+ return false;
}
if (!s->caps.parse(str)) {
dout(10) << " session " << s << " " << s->entity_name
<< " failed to parse caps '" << str << "'" << dendl;
- return -EACCES;
+ return false;
}
dout(10) << " session " << s << " " << s->entity_name
<< " has caps " << s->caps << " '" << str << "'" << dendl;
}
- return 1;
+ return true;
}
void DaemonServer::ms_handle_accept(Connection* con)
~DaemonServer() override;
bool ms_dispatch2(const ceph::ref_t<Message>& m) override;
- int ms_handle_fast_authentication(Connection *con) override;
+ bool ms_handle_fast_authentication(Connection *con) override;
void ms_handle_accept(Connection *con) override;
bool ms_handle_reset(Connection *con) override;
void ms_handle_remote_reset(Connection *con) override {}
// for some channels prior to nautilus (osd heartbeat), we
// tolerate the lack of an authorizer.
if (!con->get_messenger()->require_authorizer) {
- handle_authentication_dispatcher->ms_handle_fast_authentication(con);
- return 1;
+ if (handle_authentication_dispatcher->ms_handle_fast_authentication(con)) {
+ return 1;
+ }
}
return -EACCES;
}
&auth_meta->connection_secret,
ac);
if (isvalid) {
- handle_authentication_dispatcher->ms_handle_fast_authentication(con);
- return 1;
+ if (handle_authentication_dispatcher->ms_handle_fast_authentication(con)) {
+ return 1;
+ }
+ return -EACCES;
}
if (!more && !was_challenge && auth_meta->authorizer_challenge) {
ldout(cct,10) << __func__ << " added challenge on " << con << dendl;
&auth_meta->connection_secret,
&auth_meta->authorizer_challenge);
if (isvalid) {
- ms_handle_fast_authentication(con);
+ if (!ms_handle_fast_authentication(con)) {
+ return -EACCES;
+ }
return 1;
}
if (!more && !was_challenge && auth_meta->authorizer_challenge) {
}
if (r > 0 &&
!s->authenticated) {
- ms_handle_fast_authentication(con);
+ if (!ms_handle_fast_authentication(con)) {
+ return -EACCES;
+ }
}
dout(30) << " r " << r << " reply:\n";
}
}
-int Monitor::ms_handle_fast_authentication(Connection *con)
+bool Monitor::ms_handle_fast_authentication(Connection *con)
{
if (con->get_peer_type() == CEPH_ENTITY_TYPE_MON) {
// mon <-> mon connections need no Session, and setting one up
// creates an awkward ref cycle between Session and Connection.
- return 1;
+ return true;
}
auto priv = con->get_priv();
<< " " << *s << dendl;
AuthCapsInfo &caps_info = con->get_peer_caps_info();
- int ret = 0;
if (caps_info.allow_all) {
s->caps.set_allow_all();
s->authenticated = true;
- ret = 1;
+ return true;
} else if (caps_info.caps.length()) {
bufferlist::const_iterator p = caps_info.caps.cbegin();
string str;
} catch (const ceph::buffer::error &err) {
derr << __func__ << " corrupt cap data for " << con->get_peer_entity_name()
<< " in auth db" << dendl;
- str.clear();
- ret = -EACCES;
+ return false;
}
- if (ret >= 0) {
- if (s->caps.parse(str, NULL)) {
- s->authenticated = true;
- ret = 1;
- } else {
- derr << __func__ << " unparseable caps '" << str << "' for "
- << con->get_peer_entity_name() << dendl;
- ret = -EACCES;
- }
+ if (s->caps.parse(str, NULL)) {
+ s->authenticated = true;
+ return true;
+ } else {
+ derr << __func__ << " unparseable caps '" << str << "' for "
+ << con->get_peer_entity_name() << dendl;
+ return false;
}
+ } else {
+ return false;
}
-
- return ret;
}
void Monitor::set_mon_crush_location(const string& loc)
MonCap mon_caps;
bool get_authorizer(int dest_type, AuthAuthorizer **authorizer);
public: // for AuthMonitor msgr1:
- int ms_handle_fast_authentication(Connection *con) override;
+ bool ms_handle_fast_authentication(Connection *con) override;
private:
void ms_handle_accept(Connection *con) override;
bool ms_handle_reset(Connection *con) override;
*
* Do not acquire locks in this method! It is considered "fast" delivery.
*
- * return 1 for success
- * return 0 for no action (let another Dispatcher handle it)
- * return <0 for failure (failure to parse caps, for instance)
+ * Note: MonClient is the only caller of this method and it is configured
+ * to only call a single dispatcher.
+ *
+ * return true for success (auth succeeds for this stage of session construction)
+ * return false for failure (failure to parse caps, for instance)
*/
- virtual int ms_handle_fast_authentication(Connection *con) {
- return 0;
+ [[nodiscard]] virtual bool ms_handle_fast_authentication(Connection *con) {
+ return false;
}
/**
OID_EVENT_TRACE_WITH_MSG(m, "MS_FAST_DISPATCH_END", false);
}
-int OSD::ms_handle_fast_authentication(Connection *con)
+bool OSD::ms_handle_fast_authentication(Connection *con)
{
- int ret = 0;
auto s = ceph::ref_cast<Session>(con->get_priv());
if (!s) {
s = ceph::make_ref<Session>(cct, con);
AuthCapsInfo &caps_info = con->get_peer_caps_info();
if (caps_info.allow_all) {
s->caps.set_allow_all();
+ return true;
} else if (caps_info.caps.length() > 0) {
bufferlist::const_iterator p = caps_info.caps.cbegin();
string str;
catch (ceph::buffer::error& e) {
dout(10) << __func__ << " session " << s << " " << s->entity_name
<< " failed to decode caps string" << dendl;
- ret = -EACCES;
- }
- if (!ret) {
- bool success = s->caps.parse(str);
- if (success) {
- dout(10) << __func__ << " session " << s
- << " " << s->entity_name
- << " has caps " << s->caps << " '" << str << "'" << dendl;
- ret = 1;
- } else {
- dout(10) << __func__ << " session " << s << " " << s->entity_name
- << " failed to parse caps '" << str << "'" << dendl;
- ret = -EACCES;
- }
+ return false;
}
+ bool success = s->caps.parse(str);
+ if (success) {
+ dout(10) << __func__ << " session " << s
+ << " " << s->entity_name
+ << " has caps " << s->caps << " '" << str << "'" << dendl;
+ return true;
+ } else {
+ dout(10) << __func__ << " session " << s << " " << s->entity_name
+ << " failed to parse caps '" << str << "'" << dendl;
+ return false;
+ }
+ } else {
+ return false;
}
- return ret;
}
void OSD::_dispatch(Message *m)
bool ms_handle_refused(Connection *con) override {
return osd->ms_handle_refused(con);
}
- int ms_handle_fast_authentication(Connection *con) override {
+ bool ms_handle_fast_authentication(Connection *con) override {
return true;
}
} heartbeat_dispatcher;
void ms_handle_connect(Connection *con) override;
void ms_handle_fast_connect(Connection *con) override;
void ms_handle_fast_accept(Connection *con) override;
- int ms_handle_fast_authentication(Connection *con) override;
+ bool ms_handle_fast_authentication(Connection *con) override;
bool ms_handle_reset(Connection *con) override;
void ms_handle_remote_reset(Connection *con) override {}
bool ms_handle_refused(Connection *con) override;
bool ms_handle_refused(Connection *con) override {
return false;
}
- int ms_handle_fast_authentication(Connection *con) override {
- return 1;
+ bool ms_handle_fast_authentication(Connection *con) override {
+ return true;
}
};
bool ms_handle_reset(Connection *con) override { return true; }
void ms_handle_remote_reset(Connection *con) override {}
bool ms_handle_refused(Connection *con) override { return false; }
- int ms_handle_fast_authentication(Connection *con) override {
- return 1;
+ bool ms_handle_fast_authentication(Connection *con) override {
+ return true;
}
};
//cerr << __func__ << " reply message=" << m << std::endl;
op_wq.queue(m);
}
- int ms_handle_fast_authentication(Connection *con) override {
- return 1;
+ bool ms_handle_fast_authentication(Connection *con) override {
+ return true;
}
};
cond.notify_all();
}
- int ms_handle_fast_authentication(Connection *con) override {
- return 1;
+ bool ms_handle_fast_authentication(Connection *con) override {
+ return true;
}
void reply_message(Message *m) {
}
}
- int ms_handle_fast_authentication(Connection *con) override {
- return 1;
+ bool ms_handle_fast_authentication(Connection *con) override {
+ return true;
}
void reply_message(const Message *m, Payload& pl) {
void ms_fast_dispatch(Message *m) override {
ceph_abort();
}
- int ms_handle_fast_authentication(Connection *con) override {
- return 1;
+ bool ms_handle_fast_authentication(Connection *con) override {
+ return true;
}
};
projects / ceph.git / commitdiff