auth: use global keyring, entity name

diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
index fba836157a1ac74fd43c4875f9139c9d13434a9c..e076c361dc38e01617c8513a3ca57ee0e69f9a94 100644 (file)
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -23,6 +23,23 @@
 
 using namespace std;
 
+KeyRing g_keyring;
+
+static void hexdump(string msg, const char *s, int len)
+{
+  int buf_len = len*4;
+  char buf[buf_len];
+  int pos = 0;
+  for (int i=0; i<len && pos<buf_len - 8; i++) {
+    if (i && !(i%8))
+      pos += snprintf(&buf[pos], buf_len-pos, " ");
+    if (i && !(i%16))
+      pos += snprintf(&buf[pos], buf_len-pos, "\n");
+    pos += snprintf(&buf[pos], buf_len-pos, "%.2x ", (int)(unsigned char)s[i]);
+  }
+  dout(0) << msg << ":\n" << buf << dendl;
+}
+
 
 
 bool KeyRing::load_master(const char *filename)

diff --git a/src/auth/KeyRing.h b/src/auth/KeyRing.h
index 5ecd5b65aa24671fa9fd8ff9b6950a194ea6b97c..171e6e8411c2d2e17665c923783c84674918b80c 100644 (file)
--- a/src/auth/KeyRing.h
+++ b/src/auth/KeyRing.h
@@ -40,6 +40,8 @@ public:
   bool need_rotating_secrets();
 };
 
+extern KeyRing g_keyring;
+
 
 
 #endif

diff --git a/src/common/common_init.cc b/src/common/common_init.cc
index 8dbed90f8c5239e73349281730cb965e7474c931..6fab0731367a5a19ed75d98c2a0c38a9ef8d23d3 100644 (file)
--- a/src/common/common_init.cc
+++ b/src/common/common_init.cc
@@ -4,6 +4,8 @@
 
 #include "include/color.h"
 
+#include "auth/KeyRing.h"
+
 void common_init(std::vector<const char*>& args, const char *module_type, bool daemon)
 {
   tls_init();
@@ -28,5 +30,11 @@ void common_init(std::vector<const char*>& args, const char *module_type, bool d
   // open log file?
   if (!g_conf.log_to_stdout)
     _dout_open_log();
+
+  if (g_keyring.load_master(g_conf.keys_file)) {
+    dout(0) << "successfuly loaded secret key from " << g_conf.keys_file << dendl;
+  } else {
+    dout(0) << "failed to load secret key from " << g_conf.keys_file << dendl;
+  }
 }
 

diff --git a/src/librados.cc b/src/librados.cc
index 849260c19e50d2be2faf599b4a1940fe7477110e..6b473e400e503b2d9bf407055719813127bb68ce 100644 (file)
--- a/src/librados.cc
+++ b/src/librados.cc
@@ -279,6 +279,7 @@ public:
 
 bool RadosClient::init()
 {
+  dout(0) << "entity name=" << g_conf.entity_name->to_str() << dendl;
   // get monmap
   if (monclient.build_initial_monmap() < 0)
     return false;

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index fbed75a5e4c5904d10a527302c5193004aa1f0fc..bb577595242f4a6de31a075859f14ac5e6947962 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -33,6 +33,7 @@
 #include "auth/Auth.h"
 #include "auth/AuthProtocol.h"
 #include "auth/KeysServer.h"
+#include "auth/KeyRing.h"
 
 #include "config.h"
 
@@ -243,7 +244,9 @@ void MonClient::init()
   dout(10) << "init" << dendl;
   messenger->add_dispatcher_head(this);
 
-  auth.init(*g_conf.entity_name);
+  entity_name = *g_conf.entity_name;
+
+  auth.init(entity_name);
 
   Mutex::Locker l(monc_lock);
   timer.add_event_after(10.0, new C_Tick(this));
@@ -360,7 +363,7 @@ void MonClient::_reopen_session()
   if (state == MC_STATE_AUTHENTICATING)
     return;
 
-  if (keyring && keyring->need_rotating_secrets())
+  if (g_keyring.need_rotating_secrets())
     _start_auth_rotating(KEY_ROTATE_TIME);
   dout(0) << "_reopen_session 2" << dendl;
 
@@ -397,7 +400,7 @@ void MonClient::tick()
 {
   dout(10) << "tick" << dendl;
 
-  if (keyring && keyring->need_rotating_secrets()) {
+  if (g_keyring.need_rotating_secrets()) {
     dout(0) << "MonClient::tick: need rotating secret" << dendl;
     _start_auth_rotating(KEY_ROTATE_TIME);
   }
@@ -509,17 +512,15 @@ void MonClient::handle_auth_rotating_response(MAuthRotating *m)
 
   auth_cond.Signal();
 
-  assert(keyring);
-
   dout(0) << "MonClient::handle_auth_rotating_response got_response status=" << m->status << " length=" << m->response_bl.length() << dendl;
 
   if (!m->status) {
     RotatingSecrets secrets;
     CryptoKey secret_key;
-    keyring->get_master(secret_key);
+    g_keyring.get_master(secret_key);
     bufferlist::iterator iter = m->response_bl.begin();
     if (decode_decrypt(secrets, secret_key, iter) == 0) {
-      keyring->set_rotating(secrets);
+      g_keyring.set_rotating(secrets);
     } else {
       derr(0) << "could not set rotating key: decode_decrypt failed" << dendl;
     }

diff --git a/src/mon/MonClient.h b/src/mon/MonClient.h
index 1cb9f3e631044cc32086086fd9d51a11785036a1..9bad754c0fb5b703efe94ec16166b04f25e229f9 100644 (file)
--- a/src/mon/MonClient.h
+++ b/src/mon/MonClient.h
@@ -24,7 +24,6 @@
 
 #include "auth/AuthClient.h"
 #include "auth/AuthClientHandler.h"
-#include "auth/KeyRing.h"
 
 #include "messages/MMonSubscribe.h"
 
@@ -84,7 +83,6 @@ private:
   Context *auth_timeout_event;
   bool auth_got_timeout;
   Cond auth_cond;
-  KeyRing *keyring;
 
   class C_AuthRotatingTimeout : public Context {
   protected:
@@ -189,7 +187,6 @@ public:
                hunting(false),
                 auth_timeout_event(NULL),
                 auth_got_timeout(false),
-                keyring(NULL),
                mounting(0), mount_err(0),
                 auth_handler(&auth, 0, 0) { }
   ~MonClient() {
@@ -203,8 +200,6 @@ public:
   int get_monmap();
   int get_monmap_privately();
 
-  void set_keyring(KeyRing *ring) { keyring = ring; }
-
   void send_mon_message(Message *m) {
     Mutex::Locker l(monc_lock);
     _send_mon_message(m);

diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
index ede276811cc970b0a6f6deb2cc364155fe86ed95..f2b82f56d6e16bb28cf4d0ce3b9f290980caaefb 100644 (file)
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -426,20 +426,6 @@ int OSD::init()
   
   monc->init();
 
-  EntityName ename;
-  ename.entity_type = CEPHX_PRINCIPAL_OSD;
-  ename.name = g_conf.id;
-
-  monc->set_keyring(&keyring);
-
-  if (keyring.load_master(g_conf.keys_file)) {
-    dout(0) << "successfuly loaded secret key from " << g_conf.keys_file << dendl;
-  } else {
-    dout(0) << "failed to load secret key from" << g_conf.keys_file << dendl;
-  }
-
-  monc->set_entity_name(ename);
-
   monc->sub_want("monmap", 0);
   monc->renew_subs();