return false;
}
-bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new)
+bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
{
if (dest_type == CEPH_ENTITY_TYPE_MON)
return true;
bool ms_handle_reset(Connection *con) override;
void ms_handle_remote_reset(Connection *con) override;
bool ms_handle_refused(Connection *con) override;
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
int authenticate();
namespace ceph::net
{
seastar::future<std::unique_ptr<AuthAuthorizer>>
-Dispatcher::ms_get_authorizer(peer_type_t, bool force_new)
+Dispatcher::ms_get_authorizer(peer_type_t)
{
return seastar::make_ready_future<std::unique_ptr<AuthAuthorizer>>(nullptr);
}
return seastar::make_ready_future<msgr_tag_t, bufferlist>(0, bufferlist{});
}
virtual seastar::future<std::unique_ptr<AuthAuthorizer>>
- ms_get_authorizer(peer_type_t, bool force_new);
+ ms_get_authorizer(peer_type_t);
};
} // namespace ceph::net
// this is fyi, actually, server decides!
h.connect.flags = policy.lossy ? CEPH_MSG_CONNECT_LOSSY : 0;
- return dispatcher.ms_get_authorizer(peer_type, false)
+ return dispatcher.ms_get_authorizer(peer_type)
.then([this](auto&& auth) {
h.authorizer = std::move(auth);
bufferlist bl;
#define dout_prefix *_dout << "librados: "
bool librados::RadosClient::ms_get_authorizer(int dest_type,
- AuthAuthorizer **authorizer,
- bool force_new) {
+ AuthAuthorizer **authorizer) {
//ldout(cct, 0) << "RadosClient::ms_get_authorizer type=" << dest_type << dendl;
/* monitor authorization is being handled on different layer */
if (dest_type == CEPH_ENTITY_TYPE_MON)
bool _dispatch(Message *m);
bool ms_dispatch(Message *m) override;
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
void ms_handle_connect(Connection *con) override;
bool ms_handle_reset(Connection *con) override;
void ms_handle_remote_reset(Connection *con) override;
}
}
-bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new)
+bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
{
dout(10) << "MDSDaemon::ms_get_authorizer type="
<< ceph_entity_type_name(dest_type) << dendl;
if (dest_type == CEPH_ENTITY_TYPE_MON)
return true;
- if (force_new) {
- auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
- if (monc->wait_auth_rotating(timeout) < 0)
- return false;
- }
-
*authorizer = monc->build_authorizer(dest_type);
return *authorizer != NULL;
}
private:
bool ms_dispatch2(const Message::ref &m) override;
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
int ms_handle_authentication(Connection *con) override;
KeyStore *ms_get_auth1_authorizer_keystore() override;
void ms_handle_accept(Connection *con) override;
return ret;
}
-bool DaemonServer::ms_get_authorizer(int dest_type,
- AuthAuthorizer **authorizer, bool force_new)
+bool DaemonServer::ms_get_authorizer(
+ int dest_type,
+ AuthAuthorizer **authorizer)
{
dout(10) << "type=" << ceph_entity_type_name(dest_type) << dendl;
return true;
}
- if (force_new) {
- auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
- if (monc->wait_auth_rotating(timeout) < 0)
- return false;
- }
-
*authorizer = monc->build_authorizer(dest_type);
dout(20) << "got authorizer " << *authorizer << dendl;
return *authorizer != NULL;
bool ms_handle_reset(Connection *con) override;
void ms_handle_remote_reset(Connection *con) override {}
bool ms_handle_refused(Connection *con) override;
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
- bool force_new) override;
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
KeyStore *ms_get_auth1_authorizer_keystore() override;
bool handle_open(MMgrOpen *m);
}
-bool MgrStandby::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
- bool force_new)
+bool MgrStandby::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
{
if (dest_type == CEPH_ENTITY_TYPE_MON)
return true;
- if (force_new) {
- auto timeout = cct->_conf.get_val<int64_t>("rotating_keys_renewal_timeout");
- if (monc.wait_auth_rotating(timeout) < 0)
- return false;
- }
-
*authorizer = monc.build_authorizer(dest_type);
return *authorizer != NULL;
}
bool ms_dispatch(Message *m) override;
bool ms_handle_reset(Connection *con) override { return false; }
void ms_handle_remote_reset(Connection *con) override {}
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
- bool force_new) override;
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
bool ms_handle_refused(Connection *con) override;
int init();
}
}
-bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer,
- bool force_new)
+bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer)
{
dout(10) << "ms_get_authorizer for " << ceph_entity_type_name(service_id)
<< dendl;
void dispatch_op(MonOpRequestRef op);
//mon_caps is used for un-connected messages from monitors
MonCap mon_caps;
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
KeyStore *ms_get_auth1_authorizer_keystore();
public: // for AuthMonitor msgr1:
int ms_handle_authentication(Connection *con) override;
*
* @return True if this function call properly filled in *a, false otherwise.
*/
- virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, bool force_new) { return false; }
+ virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) {
+ return false;
+ }
/**
* @} //Authentication
*/
* @param force_new True if we want to wait for new keys, false otherwise.
* @return A pointer to the AuthAuthorizer, if we have one; NULL otherwise
*/
- AuthAuthorizer *ms_deliver_get_authorizer(int peer_type, bool force_new) {
+ AuthAuthorizer *ms_deliver_get_authorizer(int peer_type) {
AuthAuthorizer *a = 0;
for (const auto& dispatcher : dispatchers) {
- if (dispatcher->ms_get_authorizer(peer_type, &a, force_new))
+ if (dispatcher->ms_get_authorizer(peer_type, &a))
return a;
}
return NULL;
ldout(cct, 20) << __func__ << dendl;
if (!authorizer) {
- authorizer = messenger->ms_deliver_get_authorizer(connection->peer_type,
- false);
+ authorizer = messenger->ms_deliver_get_authorizer(connection->peer_type);
}
ceph_msg_connect connect;
if (!authorizer) {
authorizer =
- messenger->ms_deliver_get_authorizer(connection->peer_type, false);
+ messenger->ms_deliver_get_authorizer(connection->peer_type);
}
ceph_msg_connect connect;
while (1) {
if (!authorizer) {
- authorizer = msgr->ms_deliver_get_authorizer(peer_type, false);
+ authorizer = msgr->ms_deliver_get_authorizer(peer_type);
}
bufferlist authorizer_reply;
}
}
-bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new)
+bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
{
dout(10) << "OSD::ms_get_authorizer type=" << ceph_entity_type_name(dest_type) << dendl;
if (dest_type == CEPH_ENTITY_TYPE_MON)
return true;
- if (force_new) {
- /* the MonClient checks keys every tick(), so we should just wait for that cycle
- to get through */
- auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
- if (monc->wait_auth_rotating(timeout) < 0) {
- derr << "OSD::ms_get_authorizer wait_auth_rotating failed" << dendl;
- return false;
- }
- }
-
*authorizer = monc->build_authorizer(dest_type);
return *authorizer != NULL;
}
int ms_handle_authentication(Connection *con) override {
return true;
}
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
- bool force_new) override {
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override {
// some pre-nautilus OSDs get confused if you include an
// authorizer but they are not expecting it. do not try to authorize
// heartbeat connections until all OSDs are nautilus.
if (osd->get_osdmap()->require_osd_release >= CEPH_RELEASE_NAUTILUS) {
- return osd->ms_get_authorizer(dest_type, authorizer, force_new);
+ return osd->ms_get_authorizer(dest_type, authorizer);
}
return false;
}
void ms_fast_dispatch(Message *m) override;
void ms_fast_preprocess(Message *m) override;
bool ms_dispatch(Message *m) override;
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
void ms_handle_connect(Connection *con) override;
void ms_handle_fast_connect(Connection *con) override;
void ms_handle_fast_accept(Connection *con) override;
}
bool Objecter::ms_get_authorizer(int dest_type,
- AuthAuthorizer **authorizer,
- bool force_new)
+ AuthAuthorizer **authorizer)
{
if (!initialized)
return false;
void ms_handle_remote_reset(Connection *con) override;
bool ms_handle_refused(Connection *con) override;
bool ms_get_authorizer(int dest_type,
- AuthAuthorizer **authorizer,
- bool force_new) override;
+ AuthAuthorizer **authorizer) override;
void blacklist_self(bool set);
0, bufferlist{});
}
seastar::future<std::unique_ptr<AuthAuthorizer>>
- ms_get_authorizer(peer_type_t, bool) override {
+ ms_get_authorizer(peer_type_t) override {
return seastar::make_ready_future<std::unique_ptr<AuthAuthorizer>>(
new DummyAuthAuthorizer{});
}
* @param a Double pointer to an AuthAuthorizer. The Dispatcher will fill
* in *a with the correct AuthAuthorizer, if it can. Make sure that you have
* set *a to NULL before calling in.
- * @param force_new Force the Dispatcher to wait for a new set of keys before
- * returning the authorizer.
*
* @return True if this function call properly filled in *a, false otherwise.
*/
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **a,
- bool force_new) override { return false; };
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) override {
+ return false;
+ };
int ms_handle_authentication(Connection *con) override {
return 1;
* @param a Double pointer to an AuthAuthorizer. The Dispatcher will fill
* in *a with the correct AuthAuthorizer, if it can. Make sure that you have
* set *a to NULL before calling in.
- * @param force_new Force the Dispatcher to wait for a new set of keys before
- * returning the authorizer.
*
* @return True if this function call properly filled in *a, false otherwise.
*/
- virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a,
- bool force_new) { return false; };
+ virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) {
+ return false;
+ };
};
}
-bool MDSUtility::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
- bool force_new)
+bool MDSUtility::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
{
if (dest_type == CEPH_ENTITY_TYPE_MON)
return true;
- if (force_new) {
- auto timeout =
- g_ceph_context->_conf.get_val<int64_t>("rotating_keys_renewal_timeout");
- if (monc->wait_auth_rotating(timeout) < 0)
- return false;
- }
-
*authorizer = monc->build_authorizer(dest_type);
return *authorizer != NULL;
}
bool ms_handle_reset(Connection *con) override { return false; }
void ms_handle_remote_reset(Connection *con) override {}
bool ms_handle_refused(Connection *con) override { return false; }
- bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
- bool force_new) override;
+ bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
int init();
void shutdown();
};
projects / ceph.git / commitdiff