class CephContext;
class KeyRing;
-class RotatingKeyRing;
struct AuthAuthorizeHandler {
virtual ~AuthAuthorizeHandler() {}
#include "none/AuthNoneClientHandler.h"
-AuthClientHandler* AuthClientHandler::create(CephContext *cct, int proto,
- RotatingKeyRing *rkeys)
+template<ceph::LockPolicy lp>
+AuthClientHandler<lp>*
+AuthClientHandler<lp>::create(CephContext *cct, int proto,
+ RotatingKeyRing<lp> *rkeys)
{
switch (proto) {
case CEPH_AUTH_CEPHX:
- return new CephxClientHandler(cct, rkeys);
+ return new CephxClientHandler<lp>(cct, rkeys);
case CEPH_AUTH_NONE:
- return new AuthNoneClientHandler(cct, rkeys);
+ return new AuthNoneClientHandler<lp>(cct, rkeys);
default:
return NULL;
}
}
+// explicitly instantiate only the classes we need
+template class AuthClientHandler<ceph::LockPolicy::MUTEX>;
#include "auth/Auth.h"
-#include "common/RWLock.h"
+#include "common/lock_policy.h"
+#include "common/lock_shared_mutex.h"
class CephContext;
struct MAuthReply;
-class RotatingKeyRing;
+template<ceph::LockPolicy> class RotatingKeyRing;
+template<ceph::LockPolicy lock_policy>
class AuthClientHandler {
protected:
CephContext *cct;
uint32_t want;
uint32_t have;
uint32_t need;
- RWLock lock;
+ mutable SharedMutexT<lock_policy> lock;
public:
explicit AuthClientHandler(CephContext *cct_)
: cct(cct_), global_id(0), want(CEPH_ENTITY_TYPE_AUTH), have(0), need(0),
- lock("AuthClientHandler::lock") {}
+ lock{SharedMutex<lock_policy>::create("AuthClientHandler::lock")}
+ {}
virtual ~AuthClientHandler() {}
void init(const EntityName& n) { name = n; }
void set_want_keys(__u32 keys) {
- RWLock::WLocker l(lock);
+ std::unique_lock l{lock};
want = keys | CEPH_ENTITY_TYPE_AUTH;
validate_tickets();
}
virtual void set_global_id(uint64_t id) = 0;
- static AuthClientHandler* create(CephContext *cct,
- int proto, RotatingKeyRing *rkeys);
+ static AuthClientHandler<lock_policy>*
+ create(CephContext *cct, int proto, RotatingKeyRing<lock_policy> *rkeys);
protected:
virtual void validate_tickets() = 0;
};
#define dout_prefix *_dout << "auth: "
-bool RotatingKeyRing::need_new_secrets() const
+template<LockPolicy lp>
+bool RotatingKeyRing<lp>::need_new_secrets() const
{
- Mutex::Locker l(lock);
+ std::lock_guard l{lock};
return secrets.need_new_secrets();
}
-bool RotatingKeyRing::need_new_secrets(utime_t now) const
+template<LockPolicy lp>
+bool RotatingKeyRing<lp>::need_new_secrets(utime_t now) const
{
- Mutex::Locker l(lock);
+ std::lock_guard l{lock};
return secrets.need_new_secrets(now);
}
-void RotatingKeyRing::set_secrets(RotatingSecrets&& s)
+template<LockPolicy lp>
+void RotatingKeyRing<lp>::set_secrets(RotatingSecrets&& s)
{
- Mutex::Locker l(lock);
+ std::lock_guard l{lock};
secrets = std::move(s);
dump_rotating();
}
-void RotatingKeyRing::dump_rotating() const
+template<LockPolicy lp>
+void RotatingKeyRing<lp>::dump_rotating() const
{
ldout(cct, 10) << "dump_rotating:" << dendl;
for (map<uint64_t, ExpiringCryptoKey>::const_iterator iter = secrets.secrets.begin();
ldout(cct, 10) << " id " << iter->first << " " << iter->second << dendl;
}
-bool RotatingKeyRing::get_secret(const EntityName& name, CryptoKey& secret) const
+template<LockPolicy lp>
+bool RotatingKeyRing<lp>::get_secret(const EntityName& name, CryptoKey& secret) const
{
- Mutex::Locker l(lock);
+ std::lock_guard l{lock};
return keyring->get_secret(name, secret);
}
-bool RotatingKeyRing::get_service_secret(uint32_t service_id_, uint64_t secret_id,
+template<LockPolicy lp>
+bool RotatingKeyRing<lp>::get_service_secret(uint32_t service_id_, uint64_t secret_id,
CryptoKey& secret) const
{
- Mutex::Locker l(lock);
+ std::lock_guard l{lock};
if (service_id_ != this->service_id) {
ldout(cct, 0) << "do not have service " << ceph_entity_type_name(service_id_)
return true;
}
-KeyRing *RotatingKeyRing::
-get_keyring()
+template<LockPolicy lp>
+KeyRing *RotatingKeyRing<lp>::get_keyring()
{
return keyring;
}
+
+// explicitly instantiate only the classes we need
+template class RotatingKeyRing<LockPolicy::MUTEX>;
#ifndef CEPH_ROTATINGKEYRING_H
#define CEPH_ROTATINGKEYRING_H
-#include "common/Mutex.h"
+#include "common/lock_mutex.h"
#include "auth/Auth.h"
/*
class KeyRing;
class CephContext;
+template<LockPolicy lock_policy>
class RotatingKeyRing : public KeyStore {
CephContext *cct;
uint32_t service_id;
RotatingSecrets secrets;
KeyRing *keyring;
- mutable Mutex lock;
+ mutable LockMutexT<lock_policy> lock;
public:
RotatingKeyRing(CephContext *cct_, uint32_t s, KeyRing *kr) :
cct(cct_),
service_id(s),
keyring(kr),
- lock("RotatingKeyRing::lock") {}
+ lock(LockMutex<lock_policy>::create("RotatingKeyRing::lock")) {}
bool need_new_secrets() const;
bool need_new_secrets(utime_t now) const;
#undef dout_prefix
#define dout_prefix *_dout << "cephx client: "
-
-int CephxClientHandler::build_request(bufferlist& bl) const
+template<LockPolicy lp>
+int CephxClientHandler<lp>::build_request(bufferlist& bl) const
{
ldout(cct, 10) << "build_request" << dendl;
- RWLock::RLocker l(lock);
+ std::shared_lock l{lock};
if (need & CEPH_ENTITY_TYPE_AUTH) {
/* authenticate */
return 0;
}
-bool CephxClientHandler::_need_tickets() const
+template<LockPolicy lp>
+bool CephxClientHandler<lp>::_need_tickets() const
{
// do not bother (re)requesting tickets if we *only* need the MGR
// ticket; that can happen during an upgrade and we want to avoid a
return need && need != CEPH_ENTITY_TYPE_MGR;
}
-int CephxClientHandler::handle_response(int ret, bufferlist::const_iterator& indata)
+template<LockPolicy lp>
+int CephxClientHandler<lp>::handle_response(int ret, bufferlist::const_iterator& indata)
{
ldout(cct, 10) << "handle_response ret = " << ret << dendl;
- RWLock::WLocker l(lock);
+ std::unique_lock l{lock};
if (ret < 0)
return ret; // hrm!
}
-
-AuthAuthorizer *CephxClientHandler::build_authorizer(uint32_t service_id) const
+template<LockPolicy lp>
+AuthAuthorizer *CephxClientHandler<lp>::build_authorizer(uint32_t service_id) const
{
- RWLock::RLocker l(lock);
+ std::shared_lock l{lock};
ldout(cct, 10) << "build_authorizer for service " << ceph_entity_type_name(service_id) << dendl;
return tickets.build_authorizer(service_id);
}
-bool CephxClientHandler::build_rotating_request(bufferlist& bl) const
+template<LockPolicy lp>
+bool CephxClientHandler<lp>::build_rotating_request(bufferlist& bl) const
{
ldout(cct, 10) << "build_rotating_request" << dendl;
CephXRequestHeader header;
return true;
}
-void CephxClientHandler::prepare_build_request()
+template<LockPolicy lp>
+void CephxClientHandler<lp>::prepare_build_request()
{
- RWLock::WLocker l(lock);
+ std::unique_lock l{lock};
ldout(cct, 10) << "validate_tickets: want=" << want << " need=" << need
<< " have=" << have << dendl;
validate_tickets();
ticket_handler = &(tickets.get_handler(CEPH_ENTITY_TYPE_AUTH));
}
-void CephxClientHandler::validate_tickets()
+template<LockPolicy lp>
+void CephxClientHandler<lp>::validate_tickets()
{
// lock should be held for write
tickets.validate_tickets(want, have, need);
}
-bool CephxClientHandler::need_tickets()
+template<LockPolicy lp>
+bool CephxClientHandler<lp>::need_tickets()
{
- RWLock::WLocker l(lock);
+ std::unique_lock l{lock};
validate_tickets();
ldout(cct, 20) << "need_tickets: want=" << want
return _need_tickets();
}
+
+// explicitly instantiate only the classes we need
+template class CephxClientHandler<LockPolicy::MUTEX>;
class CephContext;
class KeyRing;
-class CephxClientHandler : public AuthClientHandler {
+template<LockPolicy lock_policy>
+class CephxClientHandler : public AuthClientHandler<lock_policy> {
bool starting;
/* envelope protocol parameters */
CephXTicketManager tickets;
CephXTicketHandler* ticket_handler;
- RotatingKeyRing *rotating_secrets;
+ RotatingKeyRing<lock_policy> *rotating_secrets;
KeyRing *keyring;
+ using AuthClientHandler<lock_policy>::cct;
+ using AuthClientHandler<lock_policy>::global_id;
+ using AuthClientHandler<lock_policy>::want;
+ using AuthClientHandler<lock_policy>::have;
+ using AuthClientHandler<lock_policy>::need;
+ using AuthClientHandler<lock_policy>::lock;
+
public:
- CephxClientHandler(CephContext *cct_, RotatingKeyRing *rsecrets)
- : AuthClientHandler(cct_),
+ CephxClientHandler(CephContext *cct_,
+ RotatingKeyRing<lock_policy> *rsecrets)
+ : AuthClientHandler<lock_policy>(cct_),
starting(false),
server_challenge(0),
tickets(cct_),
}
void reset() override {
- RWLock::WLocker l(lock);
+ std::unique_lock l{lock};
starting = true;
server_challenge = 0;
}
bool need_tickets() override;
void set_global_id(uint64_t id) override {
- RWLock::WLocker l(lock);
+ std::unique_lock l{lock};
global_id = id;
tickets.global_id = id;
}
#include "AuthNoneProtocol.h"
#include "common/ceph_context.h"
#include "common/config.h"
-
-class AuthNoneClientHandler : public AuthClientHandler {
+
+template<LockPolicy lock_policy>
+class AuthNoneClientHandler : public AuthClientHandler<lock_policy> {
+ using AuthClientHandler<lock_policy>::cct;
+ using AuthClientHandler<lock_policy>::global_id;
+ using AuthClientHandler<lock_policy>::lock;
+
public:
- AuthNoneClientHandler(CephContext *cct_, RotatingKeyRing *rkeys)
- : AuthClientHandler(cct_) {}
+ AuthNoneClientHandler(CephContext *cct_,
+ RotatingKeyRing<lock_policy> *rkeys)
+ : AuthClientHandler<lock_policy>(cct_) {}
void reset() override { }
int get_protocol() const override { return CEPH_AUTH_NONE; }
AuthAuthorizer *build_authorizer(uint32_t service_id) const override {
- RWLock::RLocker l(lock);
+ std::shared_lock l{lock};
AuthNoneAuthorizer *auth = new AuthNoneAuthorizer();
if (auth) {
auth->build_authorizer(cct->_conf->name, global_id);
bool need_tickets() override { return false; }
void set_global_id(uint64_t id) override {
- RWLock::WLocker l(lock);
+ std::unique_lock l{lock};
global_id = id;
}
private:
using WeakVPtr = typename shared_ptr_trait_t::template weak_ptr<V>;
LockMutexT<lock_policy> lock;
size_t max_size;
- LockCond<lock_policy> cond;
+ LockCondT<lock_policy> cond;
unsigned size;
public:
int waiting;
EntityName name;
uint64_t global_id;
- RotatingKeyRing *keys = monc->rotating_secrets.get();
- if (keys) {
+ if (auto keys = monc->rotating_secrets.get(); keys) {
is_valid = authorize_handler->verify_authorizer(
cct, keys,
authorizer_data, authorizer_reply, name, global_id, caps_info,
s->inst.addr = con->get_peer_addr();
AuthCapsInfo caps_info;
- RotatingKeyRing *keys = monc->rotating_secrets.get();
- if (keys) {
+ if (auto keys = monc->rotating_secrets.get(); keys) {
is_valid = handler->verify_authorizer(
cct, keys,
authorizer_data,
}
rotating_secrets.reset(
- new RotatingKeyRing(cct, cct->get_module_type(), keyring.get()));
+ new RotatingKeyRing<LockPolicy::MUTEX>(cct, cct->get_module_type(), keyring.get()));
initialized = true;
int MonConnection::handle_auth(MAuthReply* m,
const EntityName& entity_name,
uint32_t want_keys,
- RotatingKeyRing* keyring)
+ RotatingKeyRing<LockPolicy::MUTEX>* keyring)
{
if (state == State::NEGOTIATING) {
int r = _negotiate(m, entity_name, want_keys, keyring);
int MonConnection::_negotiate(MAuthReply *m,
const EntityName& entity_name,
uint32_t want_keys,
- RotatingKeyRing* keyring)
+ RotatingKeyRing<LockPolicy::MUTEX>* keyring)
{
if (auth && (int)m->protocol == auth->get_protocol()) {
// good, negotiation completed
return 0;
}
- auth.reset(AuthClientHandler::create(cct, m->protocol, keyring));
+ auth.reset(
+ AuthClientHandler<LockPolicy::MUTEX>::create(cct,m->protocol, keyring));
if (!auth) {
ldout(cct, 10) << "no handler for protocol " << m->protocol << dendl;
if (m->result == -ENOTSUP) {
class LogClient;
class AuthAuthorizer;
class AuthMethodList;
-class AuthClientHandler;
+template<LockPolicy> class AuthClientHandler;
class KeyRing;
-class RotatingKeyRing;
+template<LockPolicy> class RotatingKeyRing;
struct MonClientPinger : public Dispatcher {
int handle_auth(MAuthReply *m,
const EntityName& entity_name,
uint32_t want_keys,
- RotatingKeyRing* keyring);
+ RotatingKeyRing<LockPolicy::MUTEX>* keyring);
int authenticate(MAuthReply *m);
void start(epoch_t epoch,
const EntityName& entity_name,
ConnectionRef get_con() {
return con;
}
- std::unique_ptr<AuthClientHandler>& get_auth() {
+ std::unique_ptr<AuthClientHandler<LockPolicy::MUTEX>>& get_auth() {
return auth;
}
int _negotiate(MAuthReply *m,
const EntityName& entity_name,
uint32_t want_keys,
- RotatingKeyRing* keyring);
+ RotatingKeyRing<LockPolicy::MUTEX>* keyring);
private:
CephContext *cct;
State state = State::NONE;
ConnectionRef con;
- std::unique_ptr<AuthClientHandler> auth;
+ std::unique_ptr<AuthClientHandler<LockPolicy::MUTEX>> auth;
uint64_t global_id;
};
bool got_config = false;
// authenticate
- std::unique_ptr<AuthClientHandler> auth;
+ std::unique_ptr<AuthClientHandler<LockPolicy::MUTEX>> auth;
uint32_t want_keys = 0;
uint64_t global_id = 0;
Cond auth_cond;
}
std::unique_ptr<KeyRing> keyring;
- std::unique_ptr<RotatingKeyRing> rotating_secrets;
+ std::unique_ptr<RotatingKeyRing<LockPolicy::MUTEX>> rotating_secrets;
public:
explicit MonClient(CephContext *cct_);
if (!auth_cluster_required.is_supported_auth(CEPH_AUTH_CEPHX)) {
// auth_none
dout(20) << __func__ << " building auth_none authorizer" << dendl;
- AuthNoneClientHandler handler(g_ceph_context, nullptr);
+ AuthNoneClientHandler<LockPolicy::MUTEX> handler(g_ceph_context, nullptr);
handler.set_global_id(0);
*authorizer = handler.build_authorizer(service_id);
return true;
uint64_t global_id;
uint64_t auid = CEPH_AUTH_UID_DEFAULT;
- RotatingKeyRing *keys = monc->rotating_secrets.get();
+ auto keys = monc->rotating_secrets.get();
if (keys) {
isvalid = authorize_handler->verify_authorizer(
cct, keys,
projects / ceph.git / commitdiff