virtual int get_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t *method,
std::vector<uint32_t> *preferred_modes,
bufferlist *out) = 0;
virtual int handle_auth_reply_more(
Connection *con,
+ AuthConnectionMeta *auth_meta,
const bufferlist& bl,
bufferlist *reply) = 0;
virtual int handle_auth_done(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint64_t global_id,
uint32_t con_mode,
const bufferlist& bl,
std::string *connection_secret) = 0;
virtual int handle_auth_bad_method(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t old_auth_method,
int result,
const std::vector<uint32_t>& allowed_methods,
virtual int handle_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
bool more,
uint32_t auth_method,
const bufferlist& bl,
int MonClient::get_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t *auth_method,
std::vector<uint32_t> *preferred_modes,
bufferlist *bl)
// connection to mon?
if (con->get_peer_type() == CEPH_ENTITY_TYPE_MON) {
- ceph_assert(!con->get_auth_meta()->authorizer);
+ ceph_assert(!auth_meta->authorizer);
for (auto& i : pending_cons) {
if (i.second.is_con(con)) {
return i.second.get_auth_request(
}
// generate authorizer
- auto auth_meta = con->get_auth_meta();
if (!auth) {
lderr(cct) << __func__ << " but no auth handler is set up" << dendl;
return -EACCES;
int MonClient::handle_auth_reply_more(
Connection *con,
+ AuthConnectionMeta *auth_meta,
const bufferlist& bl,
bufferlist *reply)
{
if (con->get_peer_type() == CEPH_ENTITY_TYPE_MON) {
for (auto& i : pending_cons) {
if (i.second.is_con(con)) {
- return i.second.handle_auth_reply_more(bl, reply);
+ return i.second.handle_auth_reply_more(auth_meta, bl, reply);
}
}
return -ENOENT;
}
// authorizer challenges
- auto auth_meta = con->get_auth_meta();
if (!auth || !auth_meta->authorizer) {
lderr(cct) << __func__ << " no authorizer?" << dendl;
return -1;
int MonClient::handle_auth_done(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint64_t global_id,
uint32_t con_mode,
const bufferlist& bl,
for (auto& i : pending_cons) {
if (i.second.is_con(con)) {
int r = i.second.handle_auth_done(
- global_id, bl,
+ auth_meta, global_id, bl,
session_key, connection_secret);
if (r) {
pending_cons.erase(i.first);
return -ENOENT;
} else {
// verify authorizer reply
- auto auth_meta = con->get_auth_meta();
auto p = bl.begin();
if (!auth_meta->authorizer->verify_reply(p, &auth_meta->connection_secret)) {
ldout(cct, 0) << __func__ << " failed verifying authorizer reply"
int MonClient::handle_auth_bad_method(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t old_auth_method,
int result,
const std::vector<uint32_t>& allowed_methods,
const std::vector<uint32_t>& allowed_modes)
{
- con->get_auth_meta()->allowed_methods = allowed_methods;
+ auth_meta->allowed_methods = allowed_methods;
std::lock_guard l(monc_lock);
if (con->get_peer_type() == CEPH_ENTITY_TYPE_MON) {
int MonClient::handle_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
bool more,
uint32_t auth_method,
const bufferlist& payload,
bufferlist *reply)
{
- auto auth_meta = con->get_auth_meta();
auth_meta->auth_mode = payload[0];
if (auth_meta->auth_mode != AUTH_MODE_AUTHORIZER) {
return -EACCES;
}
int MonConnection::handle_auth_reply_more(
+ AuthConnectionMeta *auth_meta,
const bufferlist& bl,
bufferlist *reply)
{
auto p = bl.cbegin();
ldout(cct, 10) << __func__ << " payload_len " << bl.length() << dendl;
- auto auth_meta = con->get_auth_meta();
int r = auth->handle_response(0, p, &auth_meta->session_key,
&auth_meta->connection_secret);
if (r == -EAGAIN) {
}
int MonConnection::handle_auth_done(
+ AuthConnectionMeta *auth_meta,
uint64_t new_global_id,
const bufferlist& bl,
CryptoKey *session_key,
global_id = new_global_id;
auth->set_global_id(global_id);
auto p = bl.begin();
- auto auth_meta = con->get_auth_meta();
int auth_err = auth->handle_response(0, p, &auth_meta->session_key,
&auth_meta->connection_secret);
if (auth_err >= 0) {
uint32_t want_keys,
RotatingKeyRing* keyring);
int handle_auth_reply_more(
+ AuthConnectionMeta *auth_meta,
const bufferlist& bl,
bufferlist *reply);
int handle_auth_done(
+ AuthConnectionMeta *auth_meta,
uint64_t global_id,
const bufferlist& bl,
CryptoKey *session_key,
// AuthClient
int get_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t *method,
std::vector<uint32_t> *preferred_modes,
bufferlist *bl) override;
int handle_auth_reply_more(
Connection *con,
+ AuthConnectionMeta *auth_meta,
const bufferlist& bl,
bufferlist *reply) override;
int handle_auth_done(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint64_t global_id,
uint32_t con_mode,
const bufferlist& bl,
std::string *connection_secret) override;
int handle_auth_bad_method(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t old_auth_method,
int result,
const std::vector<uint32_t>& allowed_methods,
// AuthServer
int handle_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
bool more,
uint32_t auth_method,
const bufferlist& bl,
// AuthClient methods -- for mon <-> mon communication
int Monitor::get_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t *method,
vector<uint32_t> *preferred_modes,
bufferlist *out)
if (con->get_peer_type() != CEPH_ENTITY_TYPE_MON) {
return -EACCES;
}
- auto auth_meta = con->get_auth_meta();
auth_meta->authorizer.reset(auth);
*method = auth->protocol;
auth_registry.get_supported_modes(CEPH_ENTITY_TYPE_MON, auth->protocol,
int Monitor::handle_auth_reply_more(
Connection *con,
+ AuthConnectionMeta *auth_meta,
const bufferlist& bl,
bufferlist *reply)
{
- auto auth_meta = con->get_auth_meta();
if (!auth_meta->authorizer) {
derr << __func__ << " no authorizer?" << dendl;
return -EACCES;
int Monitor::handle_auth_done(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint64_t global_id,
uint32_t con_mode,
const bufferlist& bl,
std::string *connection_secret)
{
// verify authorizer reply
- auto auth_meta = con->get_auth_meta();
auto p = bl.begin();
if (!auth_meta->authorizer->verify_reply(p, connection_secret)) {
dout(0) << __func__ << " failed verifying authorizer reply" << dendl;
int Monitor::handle_auth_bad_method(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t old_auth_method,
int result,
const std::vector<uint32_t>& allowed_methods,
int Monitor::handle_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
bool more,
uint32_t auth_method,
const bufferlist &payload,
<< " method " << auth_method
<< " payload " << payload.length()
<< dendl;
- auto auth_meta = con->get_auth_meta();
if (!more) {
auth_meta->auth_mode = payload[0];
}
// AuthClient
int get_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t *method,
vector<uint32_t> *preferred_modes,
bufferlist *out) override;
int handle_auth_reply_more(
Connection *con,
- const bufferlist& bl,
+ AuthConnectionMeta *auth_meta,
+ const bufferlist& bl,
bufferlist *reply) override;
int handle_auth_done(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint64_t global_id,
uint32_t con_mode,
const bufferlist& bl,
std::string *connection_secret) override;
int handle_auth_bad_method(
Connection *con,
+ AuthConnectionMeta *auth_meta,
uint32_t old_auth_method,
int result,
const std::vector<uint32_t>& allowed_methods,
// AuthServer
int handle_auth_request(
Connection *con,
+ AuthConnectionMeta *auth_meta,
bool more,
uint32_t auth_method,
const bufferlist& bl,
return msgr;
}
- virtual AuthConnectionMeta *get_auth_meta() {
- return nullptr;
- }
-
/**
* Queue the given Message to send out on the given Connection.
* Success in this function does not guarantee Message delivery, only
return protocol->is_connected();
}
-AuthConnectionMeta *AsyncConnection::get_auth_meta()
-{
- return &protocol->auth_meta;
-}
-
void AsyncConnection::connect(const entity_addrvec_t &addrs, int type,
entity_addr_t &target) {
return target_addr;
}
- AuthConnectionMeta *get_auth_meta() override;
-
private:
enum {
STATE_NONE,
virtual void write_event() = 0;
virtual bool is_queued() = 0;
- virtual AuthConnectionMeta *get_auth_meta() {
- return nullptr;
- }
};
#endif /* _MSG_ASYNC_PROTOCOL_ */
vector<uint32_t> preferred_modes;
connection->lock.unlock();
int r = messenger->auth_client->get_auth_request(
- connection, &auth_meta.auth_method, &preferred_modes, &bl);
+ connection, &auth_meta,
+ &auth_meta.auth_method, &preferred_modes, &bl);
connection->lock.lock();
if (state != State::CONNECTING) {
return _fault();
ceph_assert(messenger->auth_client);
connection->lock.unlock();
int r = messenger->auth_client->handle_auth_bad_method(
- connection, bad_method.method(), bad_method.result(),
+ connection,
+ &auth_meta,
+ bad_method.method(), bad_method.result(),
bad_method.allowed_methods(),
bad_method.allowed_modes());
connection->lock.lock();
bufferlist reply;
connection->lock.unlock();
int r = messenger->auth_client->handle_auth_reply_more(
- connection, auth_more.auth_payload(), &reply);
+ connection, &auth_meta, auth_more.auth_payload(), &reply);
connection->lock.lock();
if (state != State::CONNECTING) {
return _fault();
connection->lock.unlock();
int r = messenger->auth_client->handle_auth_done(
connection,
+ &auth_meta,
auth_done.global_id(),
auth_done.con_mode(),
auth_done.auth_payload(),
bufferlist reply;
connection->lock.unlock();
int r = messenger->auth_server->handle_auth_request(
- connection, more, auth_meta.auth_method, auth_payload,
+ connection, &auth_meta,
+ more, auth_meta.auth_method, auth_payload,
&reply);
connection->lock.lock();
if (state != ACCEPTING) {
projects / ceph-ci.git / commitdiff