auth: do not use GSS/KRB5 if ! HAVE_GSSAPI

WITH_GSSAPI is a configure-time setting, so we should not compile krb5
related sources if this option is disabled.

Signed-off-by: Kefu Chai <kchai@redhat.com>

diff --git a/src/auth/AuthAuthorizeHandler.cc b/src/auth/AuthAuthorizeHandler.cc
index dc4fcb74192947da7a1aef242ccde94b2b037a8d..746a21ee01c552e772ac3b1f5338bf19bb067081 100644 (file)
--- a/src/auth/AuthAuthorizeHandler.cc
+++ b/src/auth/AuthAuthorizeHandler.cc
@@ -14,7 +14,9 @@
 
 #include "AuthAuthorizeHandler.h"
 #include "cephx/CephxAuthorizeHandler.h"
+#ifdef HAVE_GSSAPI
 #include "krb/KrbAuthorizeHandler.hpp"
+#endif
 #include "none/AuthNoneAuthorizeHandler.h"
 
 AuthAuthorizeHandler *AuthAuthorizeHandlerRegistry::get_handler(int protocol)
@@ -36,12 +38,14 @@ AuthAuthorizeHandler *AuthAuthorizeHandlerRegistry::get_handler(int protocol)
   case CEPH_AUTH_CEPHX:
     m_authorizers[protocol] = new CephxAuthorizeHandler();
     return m_authorizers[protocol];
-
+#ifdef HAVE_GSSAPI
   case CEPH_AUTH_GSS:
     m_authorizers[protocol] = new KrbAuthorizeHandler();
     return m_authorizers[protocol];
+#endif
+  default:
+    return nullptr;
   }
-  return NULL;
 }
 
 AuthAuthorizeHandlerRegistry::~AuthAuthorizeHandlerRegistry()

diff --git a/src/auth/AuthClientHandler.cc b/src/auth/AuthClientHandler.cc
index ef76b993f5a2f3a427e3bb4987691accc1e9fd01..6d86c4e8e92d880a52c72d2ed85d74ca942624e4 100644 (file)
--- a/src/auth/AuthClientHandler.cc
+++ b/src/auth/AuthClientHandler.cc
@@ -17,7 +17,9 @@
 
 #include "AuthClientHandler.h"
 #include "cephx/CephxClientHandler.h"
+#ifdef HAVE_GSSAPI
 #include "krb/KrbClientHandler.hpp"
+#endif
 #include "none/AuthNoneClientHandler.h"
 
 
@@ -30,8 +32,10 @@ AuthClientHandler::create(CephContext* cct, int proto,
     return new CephxClientHandler(cct, rkeys);
   case CEPH_AUTH_NONE:
     return new AuthNoneClientHandler{cct};
+#ifdef HAVE_GSSAPI
   case CEPH_AUTH_GSS: 
     return new KrbClientHandler(cct);
+#endif
   default:
     return NULL;
   }

diff --git a/src/auth/AuthServiceHandler.cc b/src/auth/AuthServiceHandler.cc
index 406a2ed3210751d80608eb17ebc40219f8ee6bf5..51c5c75da7bf775466d2ffe9ab98b12aabedc023 100644 (file)
--- a/src/auth/AuthServiceHandler.cc
+++ b/src/auth/AuthServiceHandler.cc
@@ -14,7 +14,9 @@
 
 #include "AuthServiceHandler.h"
 #include "cephx/CephxServiceHandler.h"
+#ifdef HAVE_GSSAPI
 #include "krb/KrbServiceHandler.hpp"
+#endif
 #include "none/AuthNoneServiceHandler.h"
 
 #define dout_subsys ceph_subsys_auth
@@ -27,8 +29,11 @@ AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServ
     return new CephxServiceHandler(cct, ks);
   case CEPH_AUTH_NONE:
     return new AuthNoneServiceHandler(cct);
+#ifdef HAVE_GSSAPI
   case CEPH_AUTH_GSS: 
     return new KrbServiceHandler(cct, ks);
+#endif
+  default:
+    return nullptr;
   }
-  return NULL;
 }

diff --git a/src/auth/AuthSessionHandler.cc b/src/auth/AuthSessionHandler.cc
index 14fc241110db22a12cf467e05365197abd96f251..69fe9a7bb74f09209210f9016bb06ca8a50bed0e 100644 (file)
--- a/src/auth/AuthSessionHandler.cc
+++ b/src/auth/AuthSessionHandler.cc
@@ -15,7 +15,9 @@
 #include "common/debug.h"
 #include "AuthSessionHandler.h"
 #include "cephx/CephxSessionHandler.h"
+#ifdef HAVE_GSSAPI
 #include "krb/KrbSessionHandler.hpp"
+#endif
 #include "none/AuthNoneSessionHandler.h"
 #include "unknown/AuthUnknownSessionHandler.h"
 
@@ -40,8 +42,11 @@ AuthSessionHandler *get_auth_session_handler(CephContext *cct, int protocol, Cry
     return new AuthNoneSessionHandler(cct, key);
   case CEPH_AUTH_UNKNOWN:
     return new AuthUnknownSessionHandler(cct, key);
+#ifdef HAVE_GSSAPI
   case CEPH_AUTH_GSS: 
     return new KrbSessionHandler(cct, key);
+#endif
+  default:
+    return nullptr;
   }
-  return NULL;
 }

diff --git a/src/auth/CMakeLists.txt b/src/auth/CMakeLists.txt
index 1e21cd6b56368be0984cfbd5a2948e888fc2c6b4..d24f9a5df3c73961adc8b25fcac927b1eaa1ea3c 100644 (file)
--- a/src/auth/CMakeLists.txt
+++ b/src/auth/CMakeLists.txt
@@ -10,13 +10,17 @@ set(auth_srcs
   cephx/CephxClientHandler.cc
   cephx/CephxProtocol.cc
   cephx/CephxSessionHandler.cc
-  krb/KrbAuthorizeHandler.cpp
-  krb/KrbClientHandler.cpp
-  krb/KrbProtocol.cpp
-  krb/KrbSessionHandler.hpp
   none/AuthNoneAuthorizeHandler.cc
   unknown/AuthUnknownAuthorizeHandler.cc)
 
+if(HAVE_GSSAPI)
+  list(APPEND auth_srcs
+    krb/KrbAuthorizeHandler.cpp
+    krb/KrbClientHandler.cpp
+    krb/KrbProtocol.cpp
+    krb/KrbSessionHandler.hpp)
+endif()
+
 add_library(common-auth-objs OBJECT ${auth_srcs})
 if(WITH_SEASTAR)
   add_library(crimson-auth OBJECT ${auth_srcs})

diff --git a/src/include/config-h.in.cmake b/src/include/config-h.in.cmake
index 329fb526febc6bc2854e96ba686aed8e103c3402..4d1d5d0f598e595c593a1d30fdeb0ef014168e71 100644 (file)
--- a/src/include/config-h.in.cmake
+++ b/src/include/config-h.in.cmake
@@ -142,6 +142,9 @@
 /* define if cephfs enabled */
 #cmakedefine WITH_CEPHFS
 
+/*define if GSSAPI/KRB5 enabled */
+#cmakedefine HAVE_GSSAPI
+
 /* define if rbd enabled */
 #cmakedefine WITH_RBD
 

diff --git a/src/mon/CMakeLists.txt b/src/mon/CMakeLists.txt
index d0dde1fcd4cb31dcea331baa846565042e9d114f..bcfd451de613d5bb92f154a8d1a21aa79efa8154 100644 (file)
--- a/src/mon/CMakeLists.txt
+++ b/src/mon/CMakeLists.txt
@@ -2,7 +2,6 @@ set(lib_mon_srcs
   ${CMAKE_SOURCE_DIR}/src/auth/cephx/CephxKeyServer.cc
   ${CMAKE_SOURCE_DIR}/src/auth/cephx/CephxServiceHandler.cc
   ${CMAKE_SOURCE_DIR}/src/auth/AuthServiceHandler.cc
-  ${CMAKE_SOURCE_DIR}/src/auth/krb/KrbServiceHandler.cpp
   ${osd_mon_files}
   Paxos.cc
   PaxosService.cc
@@ -24,6 +23,12 @@ set(lib_mon_srcs
   ../mds/MDSAuthCaps.cc
   ../mgr/mgr_commands.cc
   ../osd/OSDCap.cc)
+
+if(HAVE_GSSAPI)
+  list(APPEND lib_mon_srcs
+    ${CMAKE_SOURCE_DIR}/src/auth/krb/KrbServiceHandler.cpp)
+endif()
+
 add_library(mon STATIC
   ${lib_mon_srcs}
   $<TARGET_OBJECTS:kv_objs>)