// we only care about these message types
switch (m->get_type()) {
case CEPH_MSG_MON_MAP:
- return handle_monmap(conn, boost::static_pointer_cast<MMonMap>(m));
+ return handle_monmap(*conn, boost::static_pointer_cast<MMonMap>(m));
case CEPH_MSG_AUTH_REPLY:
return handle_auth_reply(
- conn, boost::static_pointer_cast<MAuthReply>(m));
+ *conn, boost::static_pointer_cast<MAuthReply>(m));
case CEPH_MSG_MON_SUBSCRIBE_ACK:
return handle_subscribe_ack(
boost::static_pointer_cast<MMonSubscribeAck>(m));
}
-int Client::handle_auth_request(crimson::net::ConnectionRef con,
- AuthConnectionMetaRef auth_meta,
+int Client::handle_auth_request(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta,
bool more,
uint32_t auth_method,
const ceph::bufferlist& payload,
if (payload.length() == 0) {
return -EACCES;
}
- auth_meta->auth_mode = payload[0];
- if (auth_meta->auth_mode < AUTH_MODE_AUTHORIZER ||
- auth_meta->auth_mode > AUTH_MODE_AUTHORIZER_MAX) {
+ auth_meta.auth_mode = payload[0];
+ if (auth_meta.auth_mode < AUTH_MODE_AUTHORIZER ||
+ auth_meta.auth_mode > AUTH_MODE_AUTHORIZER_MAX) {
return -EACCES;
}
- AuthAuthorizeHandler* ah = get_auth_authorize_handler(con->get_peer_type(),
+ AuthAuthorizeHandler* ah = get_auth_authorize_handler(conn.get_peer_type(),
auth_method);
if (!ah) {
logger().error("no AuthAuthorizeHandler found for auth method: {}",
auth_method);
return -EOPNOTSUPP;
}
- auto authorizer_challenge = &auth_meta->authorizer_challenge;
- if (auth_meta->skip_authorizer_challenge) {
- logger().info("skipping challenge on {}", con);
+ auto authorizer_challenge = &auth_meta.authorizer_challenge;
+ if (auth_meta.skip_authorizer_challenge) {
+ logger().info("skipping challenge on {}", conn);
authorizer_challenge = nullptr;
}
if (!active_con) {
// let's instruct the client to come back later
return -EBUSY;
}
- bool was_challenge = (bool)auth_meta->authorizer_challenge;
+ bool was_challenge = (bool)auth_meta.authorizer_challenge;
EntityName name;
AuthCapsInfo caps_info;
bool is_valid = ah->verify_authorizer(
&cct,
active_con->get_keys(),
payload,
- auth_meta->get_connection_secret_length(),
+ auth_meta.get_connection_secret_length(),
reply,
&name,
- &con->peer_global_id,
+ &conn.peer_global_id,
&caps_info,
- &auth_meta->session_key,
- &auth_meta->connection_secret,
+ &auth_meta.session_key,
+ &auth_meta.connection_secret,
authorizer_challenge);
if (is_valid) {
auth_handler.handle_authentication(name, caps_info);
return 1;
}
- if (!more && !was_challenge && auth_meta->authorizer_challenge) {
- logger().info("added challenge on {}", con);
+ if (!more && !was_challenge && auth_meta.authorizer_challenge) {
+ logger().info("added challenge on {}", conn);
return 0;
} else {
- logger().info("bad authorizer on {}", con);
+ logger().info("bad authorizer on {}", conn);
return -EACCES;
}
}
auth::AuthClient::auth_request_t
-Client::get_auth_request(crimson::net::ConnectionRef con,
- AuthConnectionMetaRef auth_meta)
+Client::get_auth_request(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta)
{
- logger().info("get_auth_request(con={}, auth_method={})",
- con, auth_meta->auth_method);
+ logger().info("get_auth_request(conn={}, auth_method={})",
+ conn, auth_meta.auth_method);
// connection to mon?
- if (con->get_peer_type() == CEPH_ENTITY_TYPE_MON) {
+ if (conn.get_peer_type() == CEPH_ENTITY_TYPE_MON) {
auto found = std::find_if(pending_conns.begin(), pending_conns.end(),
- [peer_addr = con->get_peer_addr()](auto& mc) {
+ [peer_addr = conn.get_peer_addr()](auto& mc) {
return mc->is_my_peer(peer_addr);
});
if (found == pending_conns.end()) {
logger().error(" but no auth handler is set up");
throw crimson::auth::error("no auth available");
}
- auto authorizer = active_con->get_authorizer(con->get_peer_type());
+ auto authorizer = active_con->get_authorizer(conn.get_peer_type());
if (!authorizer) {
logger().error("failed to build_authorizer for type {}",
- ceph_entity_type_name(con->get_peer_type()));
+ ceph_entity_type_name(conn.get_peer_type()));
throw crimson::auth::error("unable to build auth");
}
- auth_meta->authorizer.reset(authorizer);
- auth_meta->auth_method = authorizer->protocol;
+ auth_meta.authorizer.reset(authorizer);
+ auth_meta.auth_method = authorizer->protocol;
vector<uint32_t> modes;
- auth_registry.get_supported_modes(con->get_peer_type(),
- auth_meta->auth_method,
+ auth_registry.get_supported_modes(conn.get_peer_type(),
+ auth_meta.auth_method,
&modes);
return {authorizer->protocol, modes, authorizer->bl};
}
}
-ceph::bufferlist Client::handle_auth_reply_more(crimson::net::ConnectionRef conn,
- AuthConnectionMetaRef auth_meta,
+ceph::bufferlist Client::handle_auth_reply_more(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta,
const bufferlist& bl)
{
- if (conn->get_peer_type() == CEPH_ENTITY_TYPE_MON) {
+ if (conn.get_peer_type() == CEPH_ENTITY_TYPE_MON) {
auto found = std::find_if(pending_conns.begin(), pending_conns.end(),
- [peer_addr = conn->get_peer_addr()](auto& mc) {
+ [peer_addr = conn.get_peer_addr()](auto& mc) {
return mc->is_my_peer(peer_addr);
});
if (found == pending_conns.end()) {
throw crimson::auth::error{"unknown connection"};
}
bufferlist reply;
- tie(auth_meta->session_key, auth_meta->connection_secret, reply) =
+ tie(auth_meta.session_key, auth_meta.connection_secret, reply) =
(*found)->handle_auth_reply_more(bl);
return reply;
} else {
// authorizer challenges
- if (!active_con || !auth_meta->authorizer) {
+ if (!active_con || !auth_meta.authorizer) {
logger().error("no authorizer?");
throw crimson::auth::error("no auth available");
}
- auth_meta->authorizer->add_challenge(&cct, bl);
- return auth_meta->authorizer->bl;
+ auth_meta.authorizer->add_challenge(&cct, bl);
+ return auth_meta.authorizer->bl;
}
}
-int Client::handle_auth_done(crimson::net::ConnectionRef conn,
- AuthConnectionMetaRef auth_meta,
+int Client::handle_auth_done(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta,
uint64_t global_id,
uint32_t /*con_mode*/,
const bufferlist& bl)
{
- if (conn->get_peer_type() == CEPH_ENTITY_TYPE_MON) {
+ if (conn.get_peer_type() == CEPH_ENTITY_TYPE_MON) {
auto found = std::find_if(pending_conns.begin(), pending_conns.end(),
- [peer_addr = conn->get_peer_addr()](auto& mc) {
+ [peer_addr = conn.get_peer_addr()](auto& mc) {
return mc->is_my_peer(peer_addr);
});
if (found == pending_conns.end()) {
return -ENOENT;
}
int r = 0;
- tie(auth_meta->session_key, auth_meta->connection_secret, r) =
+ tie(auth_meta.session_key, auth_meta.connection_secret, r) =
(*found)->handle_auth_done(global_id, bl);
return r;
} else {
// verify authorizer reply
auto p = bl.begin();
- if (!auth_meta->authorizer->verify_reply(p, &auth_meta->connection_secret)) {
+ if (!auth_meta.authorizer->verify_reply(p, &auth_meta.connection_secret)) {
logger().error("failed verifying authorizer reply");
return -EACCES;
}
- auth_meta->session_key = auth_meta->authorizer->session_key;
+ auth_meta.session_key = auth_meta.authorizer->session_key;
return 0;
}
}
// Handle server's indication that the previous auth attempt failed
-int Client::handle_auth_bad_method(crimson::net::ConnectionRef conn,
- AuthConnectionMetaRef auth_meta,
+int Client::handle_auth_bad_method(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta,
uint32_t old_auth_method,
int result,
const std::vector<uint32_t>& allowed_methods,
const std::vector<uint32_t>& allowed_modes)
{
- if (conn->get_peer_type() == CEPH_ENTITY_TYPE_MON) {
+ if (conn.get_peer_type() == CEPH_ENTITY_TYPE_MON) {
auto found = std::find_if(pending_conns.begin(), pending_conns.end(),
- [peer_addr = conn->get_peer_addr()](auto& mc) {
+ [peer_addr = conn.get_peer_addr()](auto& mc) {
return mc->is_my_peer(peer_addr);
});
if (found != pending_conns.end()) {
}
}
-seastar::future<> Client::handle_monmap(crimson::net::ConnectionRef conn,
+seastar::future<> Client::handle_monmap(crimson::net::Connection &conn,
Ref<MMonMap> m)
{
monmap.decode(m->monmapbl);
- const auto peer_addr = conn->get_peer_addr();
+ const auto peer_addr = conn.get_peer_addr();
auto cur_mon = monmap.get_name(peer_addr);
logger().info("got monmap {}, mon.{}, is now rank {}",
monmap.epoch, cur_mon, monmap.get_rank(cur_mon));
}
}
-seastar::future<> Client::handle_auth_reply(crimson::net::ConnectionRef conn,
+seastar::future<> Client::handle_auth_reply(crimson::net::Connection &conn,
Ref<MAuthReply> m)
{
logger().info("handle_auth_reply {} returns {}: {}",
- *conn, *m, m->result);
+ conn, *m, m->result);
auto found = std::find_if(pending_conns.begin(), pending_conns.end(),
- [peer_addr = conn->get_peer_addr()](auto& mc) {
+ [peer_addr = conn.get_peer_addr()](auto& mc) {
return mc->is_my_peer(peer_addr);
});
if (found != pending_conns.end()) {
active_con->renew_tickets()).discard_result();
});
} else {
- logger().error("unknown auth reply from {}", conn->get_peer_addr());
+ logger().error("unknown auth reply from {}", conn.get_peer_addr());
return seastar::now();
}
}
const std::vector<uint32_t>& preferred_modes) final;
AuthAuthorizeHandler* get_auth_authorize_handler(int peer_type,
int auth_method) final;
- int handle_auth_request(crimson::net::ConnectionRef conn,
- AuthConnectionMetaRef auth_meta,
+ int handle_auth_request(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta,
bool more,
uint32_t auth_method,
const ceph::bufferlist& payload,
// AuthClient methods
crimson::auth::AuthClient::auth_request_t
- get_auth_request(crimson::net::ConnectionRef conn,
- AuthConnectionMetaRef auth_meta) final;
+ get_auth_request(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta) final;
// Handle server's request to continue the handshake
- ceph::bufferlist handle_auth_reply_more(crimson::net::ConnectionRef conn,
- AuthConnectionMetaRef auth_meta,
+ ceph::bufferlist handle_auth_reply_more(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta,
const bufferlist& bl) final;
// Handle server's indication that authentication succeeded
- int handle_auth_done(crimson::net::ConnectionRef conn,
- AuthConnectionMetaRef auth_meta,
+ int handle_auth_done(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta,
uint64_t global_id,
uint32_t con_mode,
const bufferlist& bl) final;
// Handle server's indication that the previous auth attempt failed
- int handle_auth_bad_method(crimson::net::ConnectionRef conn,
- AuthConnectionMetaRef auth_meta,
+ int handle_auth_bad_method(crimson::net::Connection &conn,
+ AuthConnectionMeta &auth_meta,
uint32_t old_auth_method,
int result,
const std::vector<uint32_t>& allowed_methods,
MessageRef m) override;
void ms_handle_reset(crimson::net::ConnectionRef conn, bool is_replace) override;
- seastar::future<> handle_monmap(crimson::net::ConnectionRef conn,
+ seastar::future<> handle_monmap(crimson::net::Connection &conn,
Ref<MMonMap> m);
- seastar::future<> handle_auth_reply(crimson::net::ConnectionRef conn,
+ seastar::future<> handle_auth_reply(crimson::net::Connection &conn,
Ref<MAuthReply> m);
seastar::future<> handle_subscribe_ack(Ref<MMonSubscribeAck> m);
seastar::future<> handle_get_version_reply(Ref<MMonGetVersionReply> m);
SocketMessenger& messenger)
: Protocol(proto_t::v2, dispatchers, conn),
messenger{messenger},
+ auth_meta{seastar::make_lw_shared<AuthConnectionMeta>()},
protocol_timer{conn}
{}
bad_method.allowed_methods(), bad_method.allowed_modes());
ceph_assert(messenger.get_auth_client());
int r = messenger.get_auth_client()->handle_auth_bad_method(
- conn.shared_from_this(), auth_meta,
+ conn, *auth_meta,
bad_method.method(), bad_method.result(),
bad_method.allowed_methods(), bad_method.allowed_modes());
if (r < 0) {
ceph_assert(messenger.get_auth_client());
// let execute_connecting() take care of the thrown exception
auto reply = messenger.get_auth_client()->handle_auth_reply_more(
- conn.shared_from_this(), auth_meta, auth_more.auth_payload());
+ conn, *auth_meta, auth_more.auth_payload());
auto more_reply = AuthRequestMoreFrame::Encode(reply);
logger().debug("{} WRITE AuthRequestMoreFrame: payload_len={}",
conn, reply.length());
auth_done.auth_payload().length());
ceph_assert(messenger.get_auth_client());
int r = messenger.get_auth_client()->handle_auth_done(
- conn.shared_from_this(), auth_meta,
+ conn,
+ *auth_meta,
auth_done.global_id(),
auth_done.con_mode(),
auth_done.auth_payload());
try {
auto [auth_method, preferred_modes, bl] =
- messenger.get_auth_client()->get_auth_request(conn.shared_from_this(), auth_meta);
+ messenger.get_auth_client()->get_auth_request(conn, *auth_meta);
auth_meta->auth_method = auth_method;
auto frame = AuthRequestFrame::Encode(auth_method, preferred_modes, bl);
logger().debug("{} WRITE AuthRequestFrame: method={},"
ceph_assert(messenger.get_auth_server());
bufferlist reply;
int r = messenger.get_auth_server()->handle_auth_request(
- conn.shared_from_this(), auth_meta,
- more, auth_meta->auth_method, auth_payload,
+ conn,
+ *auth_meta,
+ more,
+ auth_meta->auth_method,
+ auth_payload,
&reply);
switch (r) {
// successful
projects / ceph-ci.git / commitdiff