crimson/net: port proper cephx_* option handling

Port commits 949e2e595eda ("msg/async/ProtocolV1: resurrect "include
MGR as service when applying cephx settings"") and 6f5c4152ca2c
("msg/async/ProtocolV1: resurrect "implement cephx_*require_version
options"").

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

diff --git a/src/crimson/net/ProtocolV1.cc b/src/crimson/net/ProtocolV1.cc
index eaed769dcd38094f4c4aa337c63c9d483428e8aa..e0aa85694872e42e72cff397f8b1cd4922c0a539 100644 (file)
--- a/src/crimson/net/ProtocolV1.cc
+++ b/src/crimson/net/ProtocolV1.cc
@@ -522,13 +522,31 @@ bool ProtocolV1::require_auth_feature() const
     return true;
   }
   if (h.connect.host_type == CEPH_ENTITY_TYPE_OSD ||
-      h.connect.host_type == CEPH_ENTITY_TYPE_MDS) {
+      h.connect.host_type == CEPH_ENTITY_TYPE_MDS ||
+      h.connect.host_type == CEPH_ENTITY_TYPE_MGR) {
     return local_conf()->cephx_cluster_require_signatures;
   } else {
     return local_conf()->cephx_service_require_signatures;
   }
 }
 
+bool ProtocolV1::require_cephx_v2_feature() const
+{
+  if (h.connect.authorizer_protocol != CEPH_AUTH_CEPHX) {
+    return false;
+  }
+  if (local_conf()->cephx_require_version >= 2) {
+    return true;
+  }
+  if (h.connect.host_type == CEPH_ENTITY_TYPE_OSD ||
+      h.connect.host_type == CEPH_ENTITY_TYPE_MDS ||
+      h.connect.host_type == CEPH_ENTITY_TYPE_MGR) {
+    return local_conf()->cephx_cluster_require_version >= 2;
+  } else {
+    return local_conf()->cephx_service_require_version >= 2;
+  }
+}
+
 seastar::future<stop_t> ProtocolV1::repeat_handle_connect()
 {
   return socket->read(sizeof(h.connect))
@@ -561,6 +579,9 @@ seastar::future<stop_t> ProtocolV1::repeat_handle_connect()
       if (require_auth_feature()) {
         conn.policy.features_required |= CEPH_FEATURE_MSG_AUTH;
       }
+      if (require_cephx_v2_feature()) {
+        conn.policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+      }
       if (auto feat_missing = conn.policy.features_required & ~(uint64_t)h.connect.features;
           feat_missing != 0) {
         return send_connect_reply(

diff --git a/src/crimson/net/ProtocolV1.h b/src/crimson/net/ProtocolV1.h
index 8ab0da186731b0e4f67b951dafdf683f6859d002..d7d642c572757daab78cabe25dc4567af9450a60 100644 (file)
--- a/src/crimson/net/ProtocolV1.h
+++ b/src/crimson/net/ProtocolV1.h
@@ -103,6 +103,7 @@ class ProtocolV1 final : public Protocol {
   seastar::future<stop_t> handle_connect_with_existing(
       SocketConnectionRef existing, bufferlist&& authorizer_reply);
   bool require_auth_feature() const;
+  bool require_cephx_v2_feature() const;
   seastar::future<stop_t> repeat_handle_connect();
 
   // open