auth: changed order of test for legacy and new authentication

Changed order of test for legacy and new configuration options
in several places.

Signed-off-by: Peter Reiher <reiher@inktank.com>

diff --git a/src/auth/AuthMethodList.cc b/src/auth/AuthMethodList.cc
index f310cc0d0d1e07044627ea5242f2c49656464be4..dc181f92041c51fba32151e136b6cca4225e5e22 100644 (file)
--- a/src/auth/AuthMethodList.cc
+++ b/src/auth/AuthMethodList.cc
@@ -39,6 +39,9 @@ AuthMethodList::AuthMethodList(CephContext *cct, string str)
       lderr(cct) << "WARNING: unknown auth protocol defined: " << *iter << dendl;
     }
   }
+  if (auth_supported.empty()) {
+    auth_supported.push_back(CEPH_AUTH_CEPHX);
+  }
 }
 
 bool AuthMethodList::is_supported_auth(int auth_type)

diff --git a/src/mds/MDS.cc b/src/mds/MDS.cc
index 9b2417bdfde8eaf19a9a0c99d97a27917f569b60..d71405643f4bbad0009bf8d334caffcf4e05328a 100644 (file)
--- a/src/mds/MDS.cc
+++ b/src/mds/MDS.cc
@@ -90,13 +90,13 @@ MDS::MDS(const std::string &n, Messenger *m, MonClient *mc) :
   mds_lock("MDS::mds_lock"),
   timer(m->cct, mds_lock),
   authorize_handler_cluster_registry(new AuthAuthorizeHandlerRegistry(m->cct,
-                                                                     m->cct->_conf->auth_cluster_required.length() ?
-                                                                     m->cct->_conf->auth_cluster_required :
-                                                                     m->cct->_conf->auth_supported)),
+                                                                     m->cct->_conf->auth_supported.length() ?
+                                                                     m->cct->_conf->auth_supported :
+                                                                     m->cct->_conf->auth_cluster_required)),
   authorize_handler_service_registry(new AuthAuthorizeHandlerRegistry(m->cct,
-                                                                     m->cct->_conf->auth_service_required.length() ?
-                                                                     m->cct->_conf->auth_service_required :
-                                                                     m->cct->_conf->auth_supported)),
+                                                                     m->cct->_conf->auth_supported.length() ?
+                                                                     m->cct->_conf->auth_supported :
+                                                                     m->cct->_conf->auth_service_required)),
   name(n),
   whoami(-1), incarnation(0),
   standby_for_rank(MDSMap::MDS_NO_STANDBY_PREF),

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index b705b3def0091f5a5e719ef65b52c4299cd27f02..6ffe8e8d6da9c45683a51b7c2cdbc3ac54e703ee 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -269,13 +269,13 @@ int MonClient::init()
   if (r == -ENOENT) {
     // do we care?
     string method;
-    if (entity_name.get_type() == CEPH_ENTITY_TYPE_MDS ||
-       entity_name.get_type() == CEPH_ENTITY_TYPE_OSD)
+    if (cct->_conf->auth_supported.length() != 0) 
+      method = cct->_conf->auth_supported;
+    else if (entity_name.get_type() == CEPH_ENTITY_TYPE_MDS ||
+            entity_name.get_type() == CEPH_ENTITY_TYPE_OSD)
       method = cct->_conf->auth_cluster_required;
     else
       method = cct->_conf->auth_client_required;
-    if (method.length() == 0)
-      method = cct->_conf->auth_supported;
     AuthMethodList supported(cct, method);
     if (!supported.is_supported_auth(CEPH_AUTH_CEPHX)) {
       ldout(cct, 2) << "cephx auth is not supported, ignoring absence of keyring" << dendl;
@@ -294,14 +294,16 @@ int MonClient::init()
   schedule_tick();
 
   string method;
-  if (entity_name.get_type() == CEPH_ENTITY_TYPE_OSD ||
-      entity_name.get_type() == CEPH_ENTITY_TYPE_MDS ||
-      entity_name.get_type() == CEPH_ENTITY_TYPE_MON)
-    method = cct->_conf->auth_cluster_required;
-  else
-    method = cct->_conf->auth_client_required;
-  auth_supported = new AuthMethodList(cct, method.length() ? method : cct->_conf->auth_supported);
-  ldout(cct, 10) << "auth_supported " << auth_supported->get_supported_set() << dendl;
+    if (cct->_conf->auth_supported.length() != 0)
+      method = cct->_conf->auth_supported;
+    else if (entity_name.get_type() == CEPH_ENTITY_TYPE_OSD ||
+             entity_name.get_type() == CEPH_ENTITY_TYPE_MDS ||
+             entity_name.get_type() == CEPH_ENTITY_TYPE_MON)
+      method = cct->_conf->auth_cluster_required;
+    else
+      method = cct->_conf->auth_client_required;
+  auth_supported = new AuthMethodList(cct, method);
+  ldout(cct, 10) << "auth_supported " << auth_supported->get_supported_set() << " method " << method << dendl;
 
   initialized = true;
   return 0;

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 91db2b0c20f7c95903d1e0914f16f14ab7049ec8..fcdad38f34f813eeb01ac0a95c04e093b8bd31c7 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -117,11 +117,11 @@ Monitor::Monitor(CephContext* cct_, string nm, MonitorStore *s, Messenger *m, Mo
   clog(cct_, messenger, monmap, LogClient::FLAG_MON),
   key_server(cct, &keyring),
   auth_cluster_required(cct,
-                       cct->_conf->auth_cluster_required.length() ?
-                       cct->_conf->auth_cluster_required : cct->_conf->auth_supported),
+                       cct->_conf->auth_supported.length() ?
+                       cct->_conf->auth_supported : cct->_conf->auth_cluster_required),
   auth_service_required(cct,
-                      cct->_conf->auth_service_required.length() ?
-                      cct->_conf->auth_service_required : cct->_conf->auth_supported),
+                       cct->_conf->auth_supported.length() ?
+                       cct->_conf->auth_supported : cct->_conf->auth_service_required),
   store(s),
   
   state(STATE_PROBING),

diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
index 913157a850858fc168bd459d80b255f4e76660e2..8490f6a2a2658ed9a92226fa6f93043f4c9c229b 100644 (file)
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -695,13 +695,13 @@ OSD::OSD(int id, Messenger *internal_messenger, Messenger *external_messenger,
   osd_lock("OSD::osd_lock"),
   timer(external_messenger->cct, osd_lock),
   authorize_handler_cluster_registry(new AuthAuthorizeHandlerRegistry(external_messenger->cct,
-                                                                     cct->_conf->auth_cluster_required.length() ?
-                                                                     cct->_conf->auth_cluster_required :
-                                                                     cct->_conf->auth_supported)),
+                                                                     cct->_conf->auth_supported.length() ?
+                                                                     cct->_conf->auth_supported :
+                                                                     cct->_conf->auth_cluster_required)),
   authorize_handler_service_registry(new AuthAuthorizeHandlerRegistry(external_messenger->cct,
-                                                                     cct->_conf->auth_service_required.length() ?
-                                                                     cct->_conf->auth_service_required :
-                                                                     cct->_conf->auth_supported)),
+                                                                     cct->_conf->auth_supported.length() ?
+                                                                     cct->_conf->auth_supported :
+                                                                     cct->_conf->auth_service_required)),
   cluster_messenger(internal_messenger),
   client_messenger(external_messenger),
   monc(mc),