auth/AuthServiceHandler: keep track of global_id and whether it is new

AuthServiceHandler already has global_id field, but it is unused.
Revive it and let the handler know whether global_id is newly assigned
by the monitor or provided by the client.

Lift the setting of entity_name into AuthServiceHandler.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit b50b6abd60e730176a7ef602bdd25d789a3c467d)

Conflicts:
	src/auth/AuthServiceHandler.h [ bufferlist vs
	  ceph::buffer::list ]
	src/auth/cephx/CephxServiceHandler.cc [ ditto ]
	src/auth/cephx/CephxServiceHandler.h [ ditto ]
	src/auth/none/AuthNoneServiceHandler.h [ ditto ]

diff --git a/src/auth/AuthServiceHandler.cc b/src/auth/AuthServiceHandler.cc
index 51c5c75da7bf775466d2ffe9ab98b12aabedc023..4bc2bb0b3790030677044e5552f21faf03631871 100644 (file)
--- a/src/auth/AuthServiceHandler.cc
+++ b/src/auth/AuthServiceHandler.cc
@@ -18,10 +18,28 @@
 #include "krb/KrbServiceHandler.hpp"
 #endif
 #include "none/AuthNoneServiceHandler.h"
+#include "common/dout.h"
 
 #define dout_subsys ceph_subsys_auth
 
 
+int AuthServiceHandler::start_session(const EntityName& entity_name,
+                                     uint64_t global_id,
+                                     bool is_new_global_id,
+                                     bufferlist *result,
+                                     AuthCapsInfo *caps)
+{
+  ceph_assert(!this->entity_name.get_type() && !this->global_id);
+
+  ldout(cct, 10) << __func__ << " entity_name=" << entity_name
+                << " global_id=" << global_id << " is_new_global_id="
+                << is_new_global_id << dendl;
+  this->entity_name = entity_name;
+  this->global_id = global_id;
+
+  return do_start_session(is_new_global_id, result, caps);
+}
+
 AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServer *ks)
 {
   switch (type) {

diff --git a/src/auth/AuthServiceHandler.h b/src/auth/AuthServiceHandler.h
index e00aac6140478f0e7e69497e85a11d4043be8303..3695264384216e18ad633c4bcfdf92f98cec6c2d 100644 (file)
--- a/src/auth/AuthServiceHandler.h
+++ b/src/auth/AuthServiceHandler.h
@@ -28,17 +28,19 @@ struct AuthCapsInfo;
 struct AuthServiceHandler {
 protected:
   CephContext *cct;
-public:
   EntityName entity_name;
-  uint64_t global_id;
+  uint64_t global_id = 0;
 
-  explicit AuthServiceHandler(CephContext *cct_) : cct(cct_), global_id(0) {}
+public:
+  explicit AuthServiceHandler(CephContext *cct_) : cct(cct_) {}
 
   virtual ~AuthServiceHandler() { }
 
-  virtual int start_session(const EntityName& name,
-                           bufferlist *result,
-                           AuthCapsInfo *caps) = 0;
+  int start_session(const EntityName& entity_name,
+                   uint64_t global_id,
+                   bool is_new_global_id,
+                   bufferlist *result,
+                   AuthCapsInfo *caps);
   virtual int handle_request(bufferlist::const_iterator& indata,
                             size_t connection_secret_required_length,
                             bufferlist *result,
@@ -47,7 +49,13 @@ public:
                             CryptoKey *session_key,
                             std::string *connection_secret) = 0;
 
-  EntityName& get_entity_name() { return entity_name; }
+  const EntityName& get_entity_name() { return entity_name; }
+  uint64_t get_global_id() { return global_id; }
+
+private:
+  virtual int do_start_session(bool is_new_global_id,
+                              bufferlist *result,
+                              AuthCapsInfo *caps) = 0;
 };
 
 extern AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServer *ks);

diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 2f070446080f555dd42bece95fa6082e73e87b03..babd7edd99e891085a5f801e437fc6c21aabff2a 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -27,13 +27,11 @@
 #undef dout_prefix
 #define dout_prefix *_dout << "cephx server " << entity_name << ": "
 
-int CephxServiceHandler::start_session(
-  const EntityName& name,
+int CephxServiceHandler::do_start_session(
+  bool is_new_global_id,
   bufferlist *result_bl,
   AuthCapsInfo *caps)
 {
-  entity_name = name;
-
   uint64_t min = 1; // always non-zero
   uint64_t max = std::numeric_limits<uint64_t>::max();
   server_challenge = ceph::util::generate_random_number<uint64_t>(min, max);

diff --git a/src/auth/cephx/CephxServiceHandler.h b/src/auth/cephx/CephxServiceHandler.h
index c27194814c5bb66529e85fc2741aeddc073300bd..024fd1bdc939723a25a58d963b9237919a4e47c4 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.h
+++ b/src/auth/cephx/CephxServiceHandler.h
@@ -29,9 +29,6 @@ public:
     : AuthServiceHandler(cct_), key_server(ks), server_challenge(0) {}
   ~CephxServiceHandler() override {}
   
-  int start_session(const EntityName& name,
-                   bufferlist *result_bl,
-                   AuthCapsInfo *caps) override;
   int handle_request(
     bufferlist::const_iterator& indata,
     size_t connection_secret_required_length,
@@ -42,6 +39,10 @@ public:
     std::string *connection_secret) override;
 
 private:
+  int do_start_session(bool is_new_global_id,
+                      bufferlist *result_bl,
+                      AuthCapsInfo *caps) override;
+
   void build_cephx_response_header(int request_type, int status,
                                   bufferlist& bl);
 };

diff --git a/src/auth/krb/KrbServiceHandler.cpp b/src/auth/krb/KrbServiceHandler.cpp
index 26c05cd92ef6bcc8613b3a025325a6019b243aa3..5fe004b801e9c13f217f00538048450fb23fbfbf 100644 (file)
--- a/src/auth/krb/KrbServiceHandler.cpp
+++ b/src/auth/krb/KrbServiceHandler.cpp
@@ -152,8 +152,8 @@ int KrbServiceHandler::handle_request(
   return result;
 }
 
-int KrbServiceHandler::start_session(
-  const EntityName& name,
+int KrbServiceHandler::do_start_session(
+  bool is_new_global_id,
   bufferlist *buff_list,
   AuthCapsInfo *caps)
 {
@@ -167,7 +167,6 @@ int KrbServiceHandler::start_session(
 
   gss_buffer_in.length = gss_service_name.length();
   gss_buffer_in.value  = (const_cast<char*>(gss_service_name.c_str()));
-  entity_name = name;
 
   gss_major_status = gss_import_name(&gss_minor_status, 
                                      &gss_buffer_in, 

diff --git a/src/auth/krb/KrbServiceHandler.hpp b/src/auth/krb/KrbServiceHandler.hpp
index c1179cc3f0cd2af59b5ef9200d645a44e044136e..a7c467e484c6c56b92532e2a9e5e441e2611d87d 100644 (file)
--- a/src/auth/krb/KrbServiceHandler.hpp
+++ b/src/auth/krb/KrbServiceHandler.hpp
@@ -45,11 +45,11 @@ class KrbServiceHandler : public AuthServiceHandler {
                       CryptoKey *session_key,
                       std::string *connection_secret) override;
 
-    int start_session(const EntityName& name,
-                     bufferlist *buff_list,
-                      AuthCapsInfo *caps) override;
-
   private:
+    int do_start_session(bool is_new_global_id,
+                        bufferlist *buff_list,
+                        AuthCapsInfo *caps) override;
+
     gss_buffer_desc m_gss_buffer_out;
     gss_cred_id_t m_gss_credentials; 
     gss_ctx_id_t m_gss_sec_ctx; 

diff --git a/src/auth/none/AuthNoneServiceHandler.h b/src/auth/none/AuthNoneServiceHandler.h
index dd8c9d26344623a16fdc6892dc9066108958c1d9..298a300c42755f8726ef0eeae91aaade4432b3c8 100644 (file)
--- a/src/auth/none/AuthNoneServiceHandler.h
+++ b/src/auth/none/AuthNoneServiceHandler.h
@@ -26,13 +26,6 @@ public:
     : AuthServiceHandler(cct_) {}
   ~AuthNoneServiceHandler() override {}
   
-  int start_session(const EntityName& name,
-                   bufferlist *result_bl,
-                   AuthCapsInfo *caps) override {
-    entity_name = name;
-    caps->allow_all = true;
-    return 1;
-  }
   int handle_request(bufferlist::const_iterator& indata,
                     size_t connection_secret_required_length,
                     bufferlist *result_bl,
@@ -42,6 +35,14 @@ public:
                     std::string *connection_secret) override {
     return 0;
   }
+
+private:
+  int do_start_session(bool is_new_global_id,
+                      bufferlist *result_bl,
+                      AuthCapsInfo *caps) override {
+    caps->allow_all = true;
+    return 1;
+  }
 };
 
 #endif

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 9537986eddd01c5dc954ffe9f340167de9f7d648..9e4a0dc226f6b3bd22ba2f40fe1d6d4079afb629 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -586,6 +586,7 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
   bool start = false;
   bool finished = false;
   EntityName entity_name;
+  bool is_new_global_id = false;
 
   // set up handler?
   if (m->protocol == 0 && !s->auth_handler) {
@@ -705,12 +706,15 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
       ceph_assert(!paxos_writable);
       return false;
     }
+    is_new_global_id = true;
   }
 
   try {
     if (start) {
       // new session
       ret = s->auth_handler->start_session(entity_name,
+                                          s->con->peer_global_id,
+                                          is_new_global_id,
                                           &response_bl,
                                           &s->con->peer_caps_info);
     } else {

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 55e13f67c87a427b565d67250ba2ed4d384f12c3..2cc2c4ce0986fb61855a8f0efa6c89c3fa366320 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6339,14 +6339,14 @@ int Monitor::handle_auth_request(
     // are supported by the client if we require it.  for msgr2 that
     // is not necessary.
 
+    bool is_new_global_id = false;
     if (!con->peer_global_id) {
       con->peer_global_id = authmon()->_assign_global_id();
       if (!con->peer_global_id) {
        dout(1) << __func__ << " failed to assign global_id" << dendl;
        return -EBUSY;
       }
-      dout(10) << __func__ << "  assigned global_id " << con->peer_global_id
-              << dendl;
+      is_new_global_id = true;
     }
 
     // set up partial session
@@ -6356,6 +6356,8 @@ int Monitor::handle_auth_request(
 
     r = s->auth_handler->start_session(
       entity_name,
+      con->peer_global_id,
+      is_new_global_id,
       reply,
       &con->peer_caps_info);
   } else {