#include "../KeyRing.h"
+#include "config.h"
+
+#define DOUT_SUBSYS auth
+#undef dout_prefix
+#define dout_prefix *_dout << dbeginl << "cephx client: "
+
+
int CephxClientHandler::build_request(bufferlist& bl)
{
- dout(0) << "state=" << state << dendl;
+ dout(0) << "build_request state " << state << dendl;
switch (state) {
case STATE_START:
req.key ^= *p;
}
::encode(req, bl);
+
+ dout(10) << "get auth session key: client_challenge " << req.client_challenge << dendl;
}
break;
case STATE_GETTING_SESSION_KEYS:
/* get service tickets */
{
- dout(0) << "want=" << hex << want << " have=" << have << dec << dendl;
+ dout(0) << "get service keys: want=" << hex << want << " have=" << have << dec << dendl;
CephXRequestHeader header;
header.request_type = CEPHX_GET_PRINCIPAL_SESSION_KEY;
int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
{
- dout(0) << "cephx handle_response ret = " << ret << " state " << state << dendl;
+ dout(10) << "handle_response ret = " << ret << " state " << state << dendl;
if (ret < 0)
return ret; // hrm!
CephXServerChallenge ch;
::decode(ch, indata);
server_challenge = ch.server_challenge;
+ dout(10) << " got initial server challenge " << server_challenge << dendl;
state = STATE_GETTING_MON_KEY;
return -EAGAIN;
}
switch (header.request_type) {
case CEPHX_GET_AUTH_SESSION_KEY:
{
- dout(0) << "request_type=" << hex << header.request_type << dec << dendl;
- dout(0) << "handle_cephx_response()" << dendl;
-
- dout(0) << "CEPHX_GET_AUTH_SESSION_KEY" << dendl;
-
+ dout(10) << " get_auth_session_key" << dendl;
CryptoKey secret;
g_keyring.get_master(secret);
dout(0) << "could not verify service_ticket reply" << dendl;
return -EPERM;
}
- dout(0) << "want=" << want << " have=" << have << dendl;
+ dout(10) << " want=" << want << " have=" << have << dendl;
if (want != have) {
state = STATE_GETTING_SESSION_KEYS;
ret = -EAGAIN;
case CEPHX_GET_PRINCIPAL_SESSION_KEY:
{
CephXTicketHandler& ticket_handler = tickets.get_handler(CEPH_ENTITY_TYPE_AUTH);
- dout(0) << "CEPHX_GET_PRINCIPAL_SESSION_KEY session_key " << ticket_handler.session_key << dendl;
+ dout(10) << " get_principal_session_key session_key " << ticket_handler.session_key << dendl;
if (!tickets.verify_service_ticket_reply(ticket_handler.session_key, indata)) {
dout(0) << "could not verify service_ticket reply" << dendl;
case CEPHX_GET_ROTATING_KEY:
{
+ dout(10) << " get_rotating_key" << dendl;
RotatingSecrets secrets;
CryptoKey secret_key;
g_keyring.get_master(secret_key);
break;
default:
- assert(0);
+ dout(0) << " unknown request_type " << header.request_type << dendl;
+ assert(0);
}
return ret;
}
AuthAuthorizer *CephxClientHandler::build_authorizer(uint32_t service_id)
{
- dout(0) << "going to build authorizer for peer_id=" << service_id << " service_id=" << service_id << dendl;
+ dout(10) << "build_authorizer for service " << service_id << dendl;
return tickets.build_authorizer(service_id);
}
void CephxClientHandler::build_rotating_request(bufferlist& bl)
{
+ dout(10) << "build_rotating_request" << dendl;
CephXRequestHeader header;
header.request_type = CEPHX_GET_ROTATING_KEY;
::encode(header, bl);
#include "config.h"
+#define DOUT_SUBSYS auth
+#undef dout_prefix
+#define dout_prefix *_dout << dbeginl << "cephx: "
#include "config.h"
+#define DOUT_SUBSYS auth
+#undef dout_prefix
+#define dout_prefix *_dout << dbeginl << "cephx server " << entity_name << ": "
int CephxServiceHandler::start_session(bufferlist& result_bl)
{
- CephXServerChallenge ch;
get_random_bytes((char *)&server_challenge, sizeof(server_challenge));
if (!server_challenge)
server_challenge = 1; // always non-zero.
+ dout(10) << "start_session server_challenge " << server_challenge << dendl;
+
+ CephXServerChallenge ch;
ch.server_challenge = server_challenge;
::encode(ch, result_bl);
return CEPH_AUTH_CEPHX;
{
int ret = 0;
- dout(0) << "CephxServiceHandler: handle request" << dendl;
-
struct CephXRequestHeader cephx_header;
::decode(cephx_header, indata);
- dout(0) << "op = " << cephx_header.request_type << dendl;
-
switch (cephx_header.request_type) {
case CEPHX_GET_AUTH_SESSION_KEY:
{
entity_name = req.name;
CryptoKey secret;
- dout(0) << "entity_name=" << entity_name.to_str() << dendl;
+ dout(10) << "handle_request get_auth_session_key for " << entity_name << dendl;
if (!key_server->get_secret(entity_name, secret)) {
- dout(0) << "couldn't find entity name: " << entity_name.to_str() << dendl;
+ dout(0) << "couldn't find entity name: " << entity_name << dendl;
ret = -EPERM;
break;
}
for (int pos = 0; pos + sizeof(req.key) <= key_enc.length(); pos+=sizeof(req.key), p++) {
expected_key ^= *p;
}
- dout(0) << "checking key: req.key=" << hex << req.key << " expected_key=" << expected_key << dec << dendl;
+ dout(0) << " checking key: req.key=" << hex << req.key << " expected_key=" << expected_key << dec << dendl;
if (req.key != expected_key) {
- dout(0) << "unexpected key: req.key=" << req.key << " expected_key=" << expected_key << dendl;
+ dout(0) << " unexpected key: req.key=" << req.key << " expected_key=" << expected_key << dendl;
ret = -EPERM;
break;
}
- dout(0) << "CEPHX_GET_AUTH_SESSION_KEY" << dendl;
-
CryptoKey session_key;
CephXSessionAuthInfo info;
info.session_key = session_key;
info.service_id = CEPH_ENTITY_TYPE_AUTH;
if (!key_server->get_service_secret(CEPH_ENTITY_TYPE_AUTH, info.service_secret, info.secret_id)) {
- dout(0) << "could not get service secret for auth subsystem" << dendl;
+ dout(0) << " could not get service secret for auth subsystem" << dendl;
ret = -EIO;
break;
}
}
if (!key_server->get_service_caps(entity_name, CEPH_ENTITY_TYPE_MON, caps)) {
- dout(0) << "could not get mon caps for " << entity_name << dendl;
+ dout(0) << " could not get mon caps for " << entity_name << dendl;
}
}
break;
case CEPHX_GET_PRINCIPAL_SESSION_KEY:
{
- dout(0) << "CEPHX_GET_PRINCIPAL_SESSION_KEY " << cephx_header.request_type << dendl;
+ dout(10) << "handle_request get_principal_session_key" << dendl;
bufferlist tmp_bl;
CephXServiceTicketInfo auth_ticket_info;
CephXServiceTicketRequest ticket_req;
::decode(ticket_req, indata);
- dout(0) << " ticket_req.keys = " << ticket_req.keys << dendl;
+ dout(10) << " ticket_req.keys = " << ticket_req.keys << dendl;
ret = 0;
vector<CephXSessionAuthInfo> info_vec;
for (uint32_t service_id = 1; service_id <= ticket_req.keys; service_id <<= 1) {
if (ticket_req.keys & service_id) {
- dout(0) << " adding key for service " << service_id << dendl;
+ dout(10) << " adding key for service " << service_id << dendl;
CephXSessionAuthInfo info;
int r = key_server->build_session_auth_info(service_id, auth_ticket_info, info);
if (r < 0) {
case CEPHX_GET_ROTATING_KEY:
{
- dout(10) << "getting rotating secret for " << entity_name << dendl;
+ dout(10) << "handle_request getting rotating secret for " << entity_name << dendl;
build_cephx_response_header(cephx_header.request_type, 0, result_bl);
key_server->get_rotating_encrypted(entity_name, result_bl);
ret = 0;
break;
default:
+ dout(10) << "handle_request unkonwn op " << cephx_header.request_type << dendl;
return -EINVAL;
}
return ret;
OPTION(debug_monc, 0, OPT_INT, 1),
OPTION(debug_paxos, 0, OPT_INT, 0),
OPTION(debug_tp, 0, OPT_INT, 0),
+ OPTION(debug_auth, 0, OPT_INT, 1),
OPTION(keys_file, 'k', OPT_STR, "keys.bin"),
OPTION(clock_lock, 0, OPT_BOOL, false),
OPTION(clock_tare, 0, OPT_BOOL, false),
int debug_monc;
int debug_paxos;
int debug_tp;
+ int debug_auth;
// clock
bool clock_lock;
projects / ceph.git / commitdiff