There is no need to consider the pre-nautilus scenario.
Signed-off-by: Yingxin Cheng <yingxin.cheng@intel.com>
const ceph::bufferlist& payload,
ceph::bufferlist *reply)
{
- // for some channels prior to nautilus (osd heartbeat), we tolerate the lack of
- // an authorizer.
if (payload.length() == 0) {
- if (con->get_messenger()->get_require_authorizer()) {
- return -EACCES;
- } else {
- auth_handler.handle_authentication({}, {});
- return 1;
- }
+ return -EACCES;
}
auth_meta->auth_mode = payload[0];
if (auth_meta->auth_mode < AUTH_MODE_AUTHORIZER ||
class Messenger {
crimson::auth::AuthClient* auth_client = nullptr;
crimson::auth::AuthServer* auth_server = nullptr;
- bool require_authorizer = true;
protected:
entity_name_t my_name;
virtual void set_policy_throttler(entity_type_t peer_type, Throttle* throttle) = 0;
- // allow unauthenticated connections. This is needed for compatibility with
- // pre-nautilus OSDs, which do not authenticate the heartbeat sessions.
- bool get_require_authorizer() const {
- return require_authorizer;
- }
- void set_require_authorizer(bool r) {
- require_authorizer = r;
- }
static MessengerRef
create(const entity_name_t& name,
const std::string& lname,
return back_msgr;
}
-void Heartbeat::set_require_authorizer(bool require_authorizer)
-{
- if (front_msgr.get_require_authorizer() != require_authorizer) {
- front_msgr.set_require_authorizer(require_authorizer);
- back_msgr.set_require_authorizer(require_authorizer);
- }
-}
-
void Heartbeat::add_peer(osd_id_t _peer, epoch_t epoch)
{
assert(whoami != _peer);
crimson::net::Messenger &get_front_msgr() const;
crimson::net::Messenger &get_back_msgr() const;
- void set_require_authorizer(bool);
// Dispatcher methods
std::optional<seastar::future<>> ms_dispatch(
seastar::future<> OSD::check_osdmap_features()
{
- heartbeat->set_require_authorizer(true);
return store.write_meta("require_osd_release",
stringify((int)osdmap->require_osd_release));
}
msgr->set_default_policy(Messenger::Policy::stateless_server(0));
msgr->set_auth_client(&dummy_auth);
msgr->set_auth_server(&dummy_auth);
- msgr->set_require_authorizer(false);
}
DummyAuthClientServer dummy_auth;
std::unique_ptr<Messenger> msgr;
if (client.is_active()) {
client.msgr = crimson::net::Messenger::create(entity_name_t::OSD(client.sid), client.lname, client.sid);
client.msgr->set_default_policy(crimson::net::SocketPolicy::lossy_client(0));
- client.msgr->set_require_authorizer(false);
client.msgr->set_auth_client(&client.dummy_auth);
client.msgr->set_auth_server(&client.dummy_auth);
return client.msgr->start({&client});
server.msgr->set_default_policy(crimson::net::SocketPolicy::stateless_server(0));
server.msgr->set_policy_throttler(entity_name_t::TYPE_OSD,
&server.byte_throttler);
- server.msgr->set_require_authorizer(false);
server.msgr->set_auth_client(&server.dummy_auth);
server.msgr->set_auth_server(&server.dummy_auth);
return server.msgr->bind(entity_addrvec_t{addr}
client.msgr->set_default_policy(crimson::net::SocketPolicy::lossy_client(0));
client.msgr->set_policy_throttler(entity_name_t::TYPE_OSD,
&client.byte_throttler);
- client.msgr->set_require_authorizer(false);
client.msgr->set_auth_client(&client.dummy_auth);
client.msgr->set_auth_server(&client.dummy_auth);
return client.msgr->start({&client.dispatcher}).then(
msgr->set_default_policy(Messenger::Policy::stateless_server(0));
msgr->set_auth_client(&dummy_auth);
msgr->set_auth_server(&dummy_auth);
- msgr->set_require_authorizer(false);
}
DummyAuthClientServer dummy_auth;
std::unique_ptr<Messenger> msgr;
msgr->set_default_policy(Messenger::Policy::lossy_client(0));
msgr->set_auth_client(&dummy_auth);
msgr->set_auth_server(&dummy_auth);
- msgr->set_require_authorizer(false);
}
DummyAuthClientServer dummy_auth;
struct ClientDispatcher : Dispatcher {
const entity_addr_t& addr) {
msgr = crimson::net::Messenger::create(name, lname, nonce);
msgr->set_default_policy(crimson::net::SocketPolicy::stateless_server(0));
- msgr->set_require_authorizer(false);
msgr->set_auth_client(&dummy_auth);
msgr->set_auth_server(&dummy_auth);
return msgr->bind(entity_addrvec_t{addr}).safe_then([this] {
peer_msgr->set_default_policy(policy);
peer_msgr->set_auth_client(&dummy_auth);
peer_msgr->set_auth_server(&dummy_auth);
- peer_msgr->set_require_authorizer(false);
peer_msgr->bind(test_peer_addr);
peer_msgr->add_dispatcher_head(this);
peer_msgr->start();
cmd_msgr->set_default_policy(Messenger::Policy::stateless_server(0));
cmd_msgr->set_auth_client(&dummy_auth);
cmd_msgr->set_auth_server(&dummy_auth);
- cmd_msgr->set_require_authorizer(false);
cmd_msgr->bind(cmd_peer_addr);
cmd_msgr->add_dispatcher_head(this);
cmd_msgr->start();
crimson::net::MessengerRef msgr =
crimson::net::Messenger::create(name, lname, nonce);
msgr->set_default_policy(server_policy);
- msgr->set_require_authorizer(false);
msgr->set_auth_client(&dummy_auth);
msgr->set_auth_server(&dummy_auth);
available_servers.insert(msgr);
return crimson::common::sharded_perf_coll().start();
}).then([]() mutable {
auto msgr = crimson::net::Messenger::create(entity_name_t::OSD(0), "monc", 0);
- msgr->set_require_authorizer(false);
return seastar::do_with(MonClient{*msgr, dummy_handler},
[msgr](auto& monc) mutable {
return msgr->start({&monc}).then([&monc] {
projects / ceph.git / commitdiff