return true;
}
- AuthCapsInfo caps_info;
- EntityName name;
- uint64_t global_id;
-
auto keys = monc->rotating_secrets.get();
if (keys) {
isvalid = authorize_handler->verify_authorizer(
cct, keys,
- authorizer_data, authorizer_reply, name, global_id, caps_info, session_key,
+ authorizer_data, authorizer_reply,
+ con->peer_name,
+ con->peer_global_id,
+ con->peer_caps_info,
+ session_key,
challenge);
} else {
dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl;
}
if (isvalid) {
- auto priv = con->get_priv();
- auto s = static_cast<Session*>(priv.get());
- if (!s) {
- s = new Session{cct, con};
- con->set_priv(RefCountedPtr{s, false});
- dout(10) << " new session " << s << " con=" << s->con
- << " addr=" << con->get_peer_addr() << dendl;
- }
+ ms_handle_authentication(con);
+ }
+ return true;
+}
- s->entity_name = name;
- if (caps_info.allow_all)
- s->caps.set_allow_all();
+int OSD::ms_handle_authentication(Connection *con)
+{
+ int ret = 0;
+ auto priv = con->get_priv();
+ Session *s = static_cast<Session*>(priv.get());
+ if (!s) {
+ s = new Session(cct, con);
+ con->set_priv(RefCountedPtr{s, false});
+ s->entity_name = con->get_peer_entity_name();
+ dout(10) << __func__ << " new session " << s << " con " << s->con
+ << " entity " << s->entity_name
+ << " addr " << con->get_peer_addrs() << dendl;
+ } else {
+ dout(10) << __func__ << " existing session " << s << " con " << s->con
+ << " entity " << s->entity_name
+ << " addr " << con->get_peer_addrs() << dendl;
+ }
- if (caps_info.caps.length() > 0) {
- auto p = caps_info.caps.cbegin();
- string str;
- try {
- decode(str, p);
- }
- catch (buffer::error& e) {
- isvalid = false;
- }
- stringstream ss;
- bool success = s->caps.parse(str, &ss);
- if (success)
- dout(10) << " session " << s << " " << s->entity_name << " has caps " << s->caps << " '" << str << "'" << dendl;
- else {
- dout(10) << " session " << s << " " << s->entity_name << " failed to parse caps '" << str << "'" << dendl;
- dout(20) << "parser returned " << ss.str() << dendl;
- isvalid = false;
+ AuthCapsInfo &caps_info = con->get_peer_caps_info();
+ if (caps_info.allow_all)
+ s->caps.set_allow_all();
+
+ if (caps_info.caps.length() > 0) {
+ bufferlist::const_iterator p = caps_info.caps.cbegin();
+ string str;
+ try {
+ decode(str, p);
+ }
+ catch (buffer::error& e) {
+ dout(10) << __func__ << " session " << s << " " << s->entity_name
+ << " failed to decode caps string" << dendl;
+ ret = -EPERM;
+ }
+ if (!ret) {
+ bool success = s->caps.parse(str);
+ if (success) {
+ dout(10) << __func__ << " session " << s
+ << " " << s->entity_name
+ << " has caps " << s->caps << " '" << str << "'" << dendl;
+ ret = 1;
+ } else {
+ dout(10) << __func__ << " session " << s << " " << s->entity_name
+ << " failed to parse caps '" << str << "'" << dendl;
+ ret = -EPERM;
}
}
}
- return true;
+ return ret;
}
void OSD::do_waiters()
projects / ceph.git / commitdiff