mon: only all ms_handle_authentication() if auth method says we're done

author Sage Weil <sage@redhat.com>

Mon, 14 Jan 2019 23:18:13 +0000 (17:18 -0600)

committer Sage Weil <sage@redhat.com>

Thu, 7 Feb 2019 12:53:03 +0000 (06:53 -0600)
author Sage Weil <sage@redhat.com>
Mon, 14 Jan 2019 23:18:13 +0000 (17:18 -0600)
committer Sage Weil <sage@redhat.com>
Thu, 7 Feb 2019 12:53:03 +0000 (06:53 -0600)
diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc

index 091e791e64233ae268d21300f3c9b65d52eb9dce..948834649f7b98e91a4977ba481c26ef2be82d0b 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -139,18 +139,23 @@ int CephxServiceHandler::handle_request(
             cct, eauth.key, info_vec, should_enc_ticket,
             old_ticket_info.session_key, *result_bl)) {
         ret = -EIO;
+       break;
        }
  
        if (!key_server->get_service_caps(entity_name, CEPH_ENTITY_TYPE_MON,
                                         *caps)) {
          ldout(cct, 0) << " could not get mon caps for " << entity_name << dendl;
          ret = -EACCES;
+       break;
        } else {
          char *caps_str = caps->caps.c_str();
          if (!caps_str || !caps_str[0]) {
            ldout(cct,0) << "mon caps null for " << entity_name << dendl;
            ret = -EACCES;
+         break;
          }
+       // caller should try to finish authentication
+       ret = 1;
        }
      }
      break;
diff --git a/src/auth/none/AuthNoneServiceHandler.h b/src/auth/none/AuthNoneServiceHandler.h

index 11771be6ef3e3a1593b24fbbd5dacc52350e8755..07d68ddda878c7eecbadce7db8d091857c0eb308 100644 (file)
--- a/src/auth/none/AuthNoneServiceHandler.h
+++ b/src/auth/none/AuthNoneServiceHandler.h
@@ -31,7 +31,7 @@ public:
                     AuthCapsInfo *caps) override {
      entity_name = name;
      caps->allow_all = true;
-    return 0;
+    return 1;
    }
    int handle_request(bufferlist::const_iterator& indata,
                      bufferlist *result_bl,
diff --git a/src/auth/unknown/AuthUnknownServiceHandler.h b/src/auth/unknown/AuthUnknownServiceHandler.h

index b7cdf48087713476fcff870b488def9c98e6c2ba..b353959dde1cab91b193cb85429bc1c76f49f95e 100644 (file)
--- a/src/auth/unknown/AuthUnknownServiceHandler.h
+++ b/src/auth/unknown/AuthUnknownServiceHandler.h
@@ -29,7 +29,7 @@ public:
    int start_session(const EntityName& name,
                     bufferlist *result_bl,
                     AuthCapsInfo *caps) {
-    return 0;
+    return 1;
    }
    int handle_request(bufferlist::iterator& indata,
                      bufferlist *result_bl,
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc

index 3acc879e9a0c69bda57bf3b1a9864eae4120d369..f160eb852b5fc774d2e68f12cf1ae3b0bccde59d 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -654,9 +654,12 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
        wait_for_active(op, new C_RetryMessage(this,op));
        goto done;
      }
-    if (!s->authenticated &&
-       mon->ms_handle_authentication(s->con.get()) > 0) {
-      finished = true;
+    if (ret > 0) {
+      if (!s->authenticated &&
+         mon->ms_handle_authentication(s->con.get()) > 0) {
+       finished = true;
+      }
+      ret = 0;
      }
    } catch (const buffer::error &err) {
      ret = -EINVAL;
author	Sage Weil <sage@redhat.com>
	Mon, 14 Jan 2019 23:18:13 +0000 (17:18 -0600)
committer	Sage Weil <sage@redhat.com>
	Thu, 7 Feb 2019 12:53:03 +0000 (06:53 -0600)
src/auth/cephx/CephxServiceHandler.cc		patch \| blob \| history
src/auth/none/AuthNoneServiceHandler.h		patch \| blob \| history
src/auth/unknown/AuthUnknownServiceHandler.h		patch \| blob \| history
src/mon/AuthMonitor.cc		patch \| blob \| history