auth: kill useless AuthServiceManager; rename file to AuthServiceHandler

diff --git a/src/Makefile.am b/src/Makefile.am
index 6fa20faf0cb034c23f7c1e1ee29cb6a950f05a75..be3311a11446017a37d659900a021b7991ec54d8 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -291,7 +291,7 @@ libcommon_files = \
        auth/Auth.cc \
        auth/AuthClientHandler.cc \
        auth/AuthorizeServer.cc \
-       auth/AuthServiceManager.cc \
+       auth/AuthServiceHandler.cc \
        auth/Crypto.cc \
        auth/ExportControl.cc \
        auth/KeyRing.cc \
@@ -396,7 +396,7 @@ noinst_HEADERS = \
        auth/Auth.h\
        auth/AuthorizeServer.h\
        auth/AuthProtocol.h\
-       auth/AuthServiceManager.h\
+       auth/AuthServiceHandler.h\
        auth/KeyRing.h\
        auth/KeysServer.h\
        auth/Crypto.h\

diff --git a/src/auth/AuthServiceHandler.cc b/src/auth/AuthServiceHandler.cc
new file mode 100644 (file)
index 0000000..f9816df
--- /dev/null
+++ b/src/auth/AuthServiceHandler.cc
@@ -0,0 +1,233 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
+// vim: ts=8 sw=2 smarttab
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2.1, as published by the Free Software 
+ * Foundation.  See file COPYING.
+ * 
+ */
+
+
+#include "AuthServiceHandler.h"
+#include "AuthProtocol.h"
+#include "Auth.h"
+
+#include "mon/Monitor.h"
+
+#include <errno.h>
+#include <sstream>
+
+#include "config.h"
+
+/*
+   the first X request is empty, we then send a response and get another request which
+   is not empty and contains the client challenge and the key
+*/
+class CephAuthService_X  : public AuthServiceHandler {
+  int state;
+  uint64_t server_challenge;
+  EntityName entity_name;
+
+public:
+  CephAuthService_X(Monitor *m) : AuthServiceHandler(m), state(0) {}
+  ~CephAuthService_X() {}
+
+  int handle_request(bufferlist::iterator& indata, bufferlist& result_bl);
+  int handle_cephx_protocol(bufferlist::iterator& indata, bufferlist& result_bl);
+  void build_cephx_response_header(int request_type, int status, bufferlist& bl);
+};
+
+
+int CephAuthService_X::handle_request(bufferlist::iterator& indata, bufferlist& result_bl)
+{
+  int ret = 0;
+  bool piggyback = false;
+
+  dout(0) << "CephAuthService_X: handle request" << dendl;
+  dout(0) << "state=" << state << dendl;
+
+  switch(state) {
+  case 0:
+    {
+      CephXEnvRequest1 req;
+      ::decode(req, indata);
+      entity_name = req.name;
+      CephXEnvResponse1 response;
+      get_random_bytes((char *)&server_challenge, sizeof(server_challenge));
+      response.server_challenge = server_challenge;
+      ::encode(response, result_bl);
+      ret = -EAGAIN;
+    }
+    break;
+  case 1:
+    {
+      CephXEnvRequest2 req;
+      ::decode(req, indata);
+
+      CryptoKey secret;
+      dout(0) << "entity_name=" << entity_name.to_str() << dendl;
+      if (!mon->keys_server.get_secret(entity_name, secret)) {
+        dout(0) << "couldn't find entity name: " << entity_name.to_str() << dendl;
+       ret = -EPERM;
+       break;
+      }
+
+      bufferlist key, key_enc;
+      ::encode(server_challenge, key);
+      ::encode(req.client_challenge, key);
+      ret = encode_encrypt(key, secret, key_enc);
+      if (ret < 0)
+        break;
+      uint64_t expected_key = 0;
+      const uint64_t *p = (const uint64_t *)key_enc.c_str();
+      for (int pos = 0; pos + sizeof(req.key) <= key_enc.length(); pos+=sizeof(req.key), p++) {
+        expected_key ^= *p;
+      }
+      dout(0) << "checking key: req.key=" << hex << req.key << " expected_key=" << expected_key << dec << dendl;
+      if (req.key != expected_key) {
+        dout(0) << "unexpected key: req.key=" << req.key << " expected_key=" << expected_key << dendl;
+        ret = -EPERM;
+      } else {
+       ret = 0;
+        piggyback = req.piggyback;
+      }
+    }
+    break;
+
+  case 2:
+    return handle_cephx_protocol(indata, result_bl);
+  default:
+    return -EINVAL;
+  }
+
+  if (!ret && piggyback) {
+    ret = handle_cephx_protocol(indata, result_bl);
+  }
+
+  if (!ret || (ret == -EAGAIN)) {
+    state++;
+  }
+  dout(0) << "returning with state=" << state << dendl;
+  return ret;
+}
+
+int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, bufferlist& result_bl)
+{
+  struct CephXRequestHeader cephx_header;
+
+  ::decode(cephx_header, indata);
+
+  uint16_t request_type = cephx_header.request_type & CEPHX_REQUEST_TYPE_MASK;
+  int ret = -EAGAIN;
+
+  dout(0) << "request_type=" << request_type << dendl;
+
+  switch (request_type) {
+  case CEPHX_GET_AUTH_SESSION_KEY:
+    {
+      dout(0) << "CEPHX_GET_AUTH_SESSION_KEY" << dendl;
+
+      AuthAuthenticateRequest req;
+      ::decode(req, indata);
+
+      CryptoKey session_key;
+      SessionAuthInfo info;
+
+      CryptoKey principal_secret;
+      if (mon->keys_server.get_secret(req.name, principal_secret) < 0) {
+       ret = -EPERM;
+       break;
+      }
+
+      info.ticket.name = req.name;
+      info.ticket.addr = req.addr;
+      info.ticket.init_timestamps(g_clock.now(), g_conf.auth_mon_ticket_ttl);
+
+      mon->keys_server.generate_secret(session_key);
+
+      info.session_key = session_key;
+      info.service_id = CEPHX_PRINCIPAL_AUTH;
+      if (!mon->keys_server.get_service_secret(CEPHX_PRINCIPAL_AUTH, info.service_secret, info.secret_id)) {
+        dout(0) << "could not get service secret for auth subsystem" << dendl;
+        ret = -EIO;
+        break;
+      }
+
+      vector<SessionAuthInfo> info_vec;
+      info_vec.push_back(info);
+
+      build_cephx_response_header(request_type, 0, result_bl);
+      if (!build_service_ticket_reply(principal_secret, info_vec, result_bl)) {
+        ret = -EIO;
+        break;
+      }
+    }
+    break;
+
+  case CEPHX_GET_PRINCIPAL_SESSION_KEY:
+    dout(0) << "CEPHX_GET_PRINCIPAL_SESSION_KEY " << cephx_header.request_type << dendl;
+    {
+      bufferlist tmp_bl;
+      AuthServiceTicketInfo auth_ticket_info;
+      if (!verify_authorizer(mon->keys_server, indata, auth_ticket_info, tmp_bl)) {
+        ret = -EPERM;
+      }
+
+      AuthServiceTicketRequest ticket_req;
+      if (!verify_service_ticket_request(ticket_req, indata)) {
+        ret = -EPERM;
+        break;
+      }
+
+      ret = 0;
+      vector<SessionAuthInfo> info_vec;
+      for (uint32_t service_id = 1; service_id != (CEPHX_PRINCIPAL_TYPE_MASK + 1); service_id <<= 1) {
+        if (ticket_req.keys & service_id) {
+          SessionAuthInfo info;
+          int r = mon->keys_server.build_session_auth_info(service_id, auth_ticket_info, info);
+          if (r < 0) {
+            ret = r;
+            break;
+          }
+
+          info_vec.push_back(info);
+        }
+      }
+      build_cephx_response_header(request_type, ret, result_bl);
+      build_service_ticket_reply(auth_ticket_info.session_key, info_vec, result_bl);
+    }
+    break;
+  default:
+    ret = -EINVAL;
+    build_cephx_response_header(request_type, -EINVAL, result_bl);
+    break;
+  }
+
+  return ret;
+}
+
+void CephAuthService_X::build_cephx_response_header(int request_type, int status, bufferlist& bl)
+{
+  struct CephXResponseHeader header;
+  header.request_type = request_type;
+  header.status = status;
+  ::encode(header, bl);
+}
+
+
+// --------------
+
+AuthServiceHandler *get_auth_handler(Monitor *mon, set<__u32>& supported)
+{
+  if (supported.count(CEPH_AUTH_CEPH)) {
+    return new CephAuthService_X(mon);
+  }
+  return NULL;
+}
+
+

diff --git a/src/auth/AuthServiceHandler.h b/src/auth/AuthServiceHandler.h
new file mode 100644 (file)
index 0000000..ffe1c4d
--- /dev/null
+++ b/src/auth/AuthServiceHandler.h
@@ -0,0 +1,36 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
+// vim: ts=8 sw=2 smarttab
+/*
+ * Ceph - scalable distributed file system
+ *
+ * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
+ *
+ * This is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License version 2.1, as published by the Free Software 
+ * Foundation.  See file COPYING.
+ * 
+ */
+
+#ifndef __AUTHSERVICEMANAGER_H
+#define __AUTHSERVICEMANAGER_H
+
+#include "include/types.h"
+#include "config.h"
+
+class Monitor;
+
+class AuthServiceHandler {
+protected:
+  Monitor *mon;
+
+public:
+  AuthServiceHandler(Monitor *m) : mon(m) { }
+  virtual ~AuthServiceHandler() { }
+
+  virtual int handle_request(bufferlist::iterator& indata, bufferlist& result) = 0;
+};
+
+extern AuthServiceHandler *get_auth_handler(Monitor *mon, set<__u32>& supported);
+
+#endif

diff --git a/src/auth/AuthServiceManager.cc b/src/auth/AuthServiceManager.cc
deleted file mode 100644 (file)
index 5d79ca7..0000000
--- a/src/auth/AuthServiceManager.cc
+++ /dev/null
@@ -1,233 +0,0 @@
-// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
-// vim: ts=8 sw=2 smarttab
-/*
- * Ceph - scalable distributed file system
- *
- * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2.1, as published by the Free Software 
- * Foundation.  See file COPYING.
- * 
- */
-
-
-#include "AuthServiceManager.h"
-#include "AuthProtocol.h"
-#include "Auth.h"
-
-#include "mon/Monitor.h"
-
-#include <errno.h>
-#include <sstream>
-
-#include "config.h"
-
-/*
-   the first X request is empty, we then send a response and get another request which
-   is not empty and contains the client challenge and the key
-*/
-class CephAuthService_X  : public AuthServiceHandler {
-  int state;
-  uint64_t server_challenge;
-  EntityName entity_name;
-
-public:
-  CephAuthService_X(Monitor *m) : AuthServiceHandler(m), state(0) {}
-  ~CephAuthService_X() {}
-
-  int handle_request(bufferlist::iterator& indata, bufferlist& result_bl);
-  int handle_cephx_protocol(bufferlist::iterator& indata, bufferlist& result_bl);
-  void build_cephx_response_header(int request_type, int status, bufferlist& bl);
-};
-
-
-int CephAuthService_X::handle_request(bufferlist::iterator& indata, bufferlist& result_bl)
-{
-  int ret = 0;
-  bool piggyback = false;
-
-  dout(0) << "CephAuthService_X: handle request" << dendl;
-  dout(0) << "state=" << state << dendl;
-
-  switch(state) {
-  case 0:
-    {
-      CephXEnvRequest1 req;
-      ::decode(req, indata);
-      entity_name = req.name;
-      CephXEnvResponse1 response;
-      get_random_bytes((char *)&server_challenge, sizeof(server_challenge));
-      response.server_challenge = server_challenge;
-      ::encode(response, result_bl);
-      ret = -EAGAIN;
-    }
-    break;
-  case 1:
-    {
-      CephXEnvRequest2 req;
-      ::decode(req, indata);
-
-      CryptoKey secret;
-      dout(0) << "entity_name=" << entity_name.to_str() << dendl;
-      if (!mon->keys_server.get_secret(entity_name, secret)) {
-        dout(0) << "couldn't find entity name: " << entity_name.to_str() << dendl;
-       ret = -EPERM;
-       break;
-      }
-
-      bufferlist key, key_enc;
-      ::encode(server_challenge, key);
-      ::encode(req.client_challenge, key);
-      ret = encode_encrypt(key, secret, key_enc);
-      if (ret < 0)
-        break;
-      uint64_t expected_key = 0;
-      const uint64_t *p = (const uint64_t *)key_enc.c_str();
-      for (int pos = 0; pos + sizeof(req.key) <= key_enc.length(); pos+=sizeof(req.key), p++) {
-        expected_key ^= *p;
-      }
-      dout(0) << "checking key: req.key=" << hex << req.key << " expected_key=" << expected_key << dec << dendl;
-      if (req.key != expected_key) {
-        dout(0) << "unexpected key: req.key=" << req.key << " expected_key=" << expected_key << dendl;
-        ret = -EPERM;
-      } else {
-       ret = 0;
-        piggyback = req.piggyback;
-      }
-    }
-    break;
-
-  case 2:
-    return handle_cephx_protocol(indata, result_bl);
-  default:
-    return -EINVAL;
-  }
-
-  if (!ret && piggyback) {
-    ret = handle_cephx_protocol(indata, result_bl);
-  }
-
-  if (!ret || (ret == -EAGAIN)) {
-    state++;
-  }
-  dout(0) << "returning with state=" << state << dendl;
-  return ret;
-}
-
-int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, bufferlist& result_bl)
-{
-  struct CephXRequestHeader cephx_header;
-
-  ::decode(cephx_header, indata);
-
-  uint16_t request_type = cephx_header.request_type & CEPHX_REQUEST_TYPE_MASK;
-  int ret = -EAGAIN;
-
-  dout(0) << "request_type=" << request_type << dendl;
-
-  switch (request_type) {
-  case CEPHX_GET_AUTH_SESSION_KEY:
-    {
-      dout(0) << "CEPHX_GET_AUTH_SESSION_KEY" << dendl;
-
-      AuthAuthenticateRequest req;
-      ::decode(req, indata);
-
-      CryptoKey session_key;
-      SessionAuthInfo info;
-
-      CryptoKey principal_secret;
-      if (mon->keys_server.get_secret(req.name, principal_secret) < 0) {
-       ret = -EPERM;
-       break;
-      }
-
-      info.ticket.name = req.name;
-      info.ticket.addr = req.addr;
-      info.ticket.init_timestamps(g_clock.now(), g_conf.auth_mon_ticket_ttl);
-
-      mon->keys_server.generate_secret(session_key);
-
-      info.session_key = session_key;
-      info.service_id = CEPHX_PRINCIPAL_AUTH;
-      if (!mon->keys_server.get_service_secret(CEPHX_PRINCIPAL_AUTH, info.service_secret, info.secret_id)) {
-        dout(0) << "could not get service secret for auth subsystem" << dendl;
-        ret = -EIO;
-        break;
-      }
-
-      vector<SessionAuthInfo> info_vec;
-      info_vec.push_back(info);
-
-      build_cephx_response_header(request_type, 0, result_bl);
-      if (!build_service_ticket_reply(principal_secret, info_vec, result_bl)) {
-        ret = -EIO;
-        break;
-      }
-    }
-    break;
-
-  case CEPHX_GET_PRINCIPAL_SESSION_KEY:
-    dout(0) << "CEPHX_GET_PRINCIPAL_SESSION_KEY " << cephx_header.request_type << dendl;
-    {
-      bufferlist tmp_bl;
-      AuthServiceTicketInfo auth_ticket_info;
-      if (!verify_authorizer(mon->keys_server, indata, auth_ticket_info, tmp_bl)) {
-        ret = -EPERM;
-      }
-
-      AuthServiceTicketRequest ticket_req;
-      if (!verify_service_ticket_request(ticket_req, indata)) {
-        ret = -EPERM;
-        break;
-      }
-
-      ret = 0;
-      vector<SessionAuthInfo> info_vec;
-      for (uint32_t service_id = 1; service_id != (CEPHX_PRINCIPAL_TYPE_MASK + 1); service_id <<= 1) {
-        if (ticket_req.keys & service_id) {
-          SessionAuthInfo info;
-          int r = mon->keys_server.build_session_auth_info(service_id, auth_ticket_info, info);
-          if (r < 0) {
-            ret = r;
-            break;
-          }
-
-          info_vec.push_back(info);
-        }
-      }
-      build_cephx_response_header(request_type, ret, result_bl);
-      build_service_ticket_reply(auth_ticket_info.session_key, info_vec, result_bl);
-    }
-    break;
-  default:
-    ret = -EINVAL;
-    build_cephx_response_header(request_type, -EINVAL, result_bl);
-    break;
-  }
-
-  return ret;
-}
-
-void CephAuthService_X::build_cephx_response_header(int request_type, int status, bufferlist& bl)
-{
-  struct CephXResponseHeader header;
-  header.request_type = request_type;
-  header.status = status;
-  ::encode(header, bl);
-}
-
-
-// --------------
-
-AuthServiceHandler *AuthServiceManager::get_auth_handler(set<__u32>& supported)
-{
-  if (supported.count(CEPH_AUTH_CEPH)) {
-    return new CephAuthService_X(mon);
-  }
-  return NULL;
-}
-
-

diff --git a/src/auth/AuthServiceManager.h b/src/auth/AuthServiceManager.h
deleted file mode 100644 (file)
index 5f1692b..0000000
--- a/src/auth/AuthServiceManager.h
+++ /dev/null
@@ -1,44 +0,0 @@
-// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
-// vim: ts=8 sw=2 smarttab
-/*
- * Ceph - scalable distributed file system
- *
- * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2.1, as published by the Free Software 
- * Foundation.  See file COPYING.
- * 
- */
-
-#ifndef __AUTHSERVICEMANAGER_H
-#define __AUTHSERVICEMANAGER_H
-
-#include "include/types.h"
-#include "config.h"
-
-class Monitor;
-
-class AuthServiceHandler {
-protected:
-  Monitor *mon;
-
-public:
-  AuthServiceHandler(Monitor *m) : mon(m) { }
-  virtual ~AuthServiceHandler() { }
-
-  virtual int handle_request(bufferlist::iterator& indata, bufferlist& result) = 0;
-};
-
-class AuthServiceManager
-{
-  Monitor *mon;
-
-public:
-  AuthServiceManager(Monitor *m) : mon(m) {}
-
-  AuthServiceHandler *get_auth_handler(set<__u32>& supported);
-};
-
-#endif

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index c91cbe4d32a787c2dd6b1160f1ab01716e98608a..671ce58c7ea77fefc0222fc10bf1924702bdb09b 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -27,6 +27,8 @@
 #include "include/AuthLibrary.h"
 #include "common/Timer.h"
 
+#include "auth/AuthServiceHandler.h"
+
 #include "osd/osd_types.h"
 #include "osd/PG.h"  // yuck
 
@@ -335,7 +337,7 @@ bool AuthMonitor::preprocess_auth(MAuth *m)
     }
 
     if (!ret) {
-      s->auth_handler = auth_mgr.get_auth_handler(supported);
+      s->auth_handler = get_auth_handler(mon, supported);
       if (!s->auth_handler)
        ret = -EPERM;
     }

diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h
index 1a4426f9f5e87c4a23a3c061af952d86422d57dd..0aaad0908be436328bf475cc33570fbf72c30fd6 100644 (file)
--- a/src/mon/AuthMonitor.h
+++ b/src/mon/AuthMonitor.h
@@ -27,8 +27,6 @@ using namespace std;
 #include "include/AuthLibrary.h"
 
 #include "auth/KeysServer.h"
-#include "auth/AuthServiceManager.h"
-
 
 class MMonCommand;
 class MAuth;
@@ -40,8 +38,6 @@ class AuthMonitor : public PaxosService {
   vector<AuthLibIncremental> pending_auth;
   version_t last_rotating_ver;
 
-  AuthServiceManager auth_mgr;
-
   void on_active();
 
   void create_initial(bufferlist& bl);
@@ -78,8 +74,7 @@ class AuthMonitor : public PaxosService {
 
   void check_rotate();
  public:
-  AuthMonitor(Monitor *mn, Paxos *p) : PaxosService(mn, p), last_rotating_ver(0),
-                                      auth_mgr(mn) {}
+  AuthMonitor(Monitor *mn, Paxos *p) : PaxosService(mn, p), last_rotating_ver(0) {}
   void pre_auth(MAuth *m);
   
   void tick();  // check state, take actions

diff --git a/src/mon/Session.h b/src/mon/Session.h
index 25636b7b7f50abb9ddcbdedbbb7d372957d09535..1db67e6e94577ef537da4a611075976793c773f0 100644 (file)
--- a/src/mon/Session.h
+++ b/src/mon/Session.h
@@ -18,7 +18,7 @@
 #include "include/xlist.h"
 #include "msg/msg_types.h"
 
-#include "auth/AuthServiceManager.h"
+#include "auth/AuthServiceHandler.h"
 
 struct Session;