auth: fix client and server side negotiation

diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 1fcc0276bc71a49385d208973a5a35544eaca374..9967eb260f3d66a147f4866d842bafa64753d7c9 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -172,7 +172,7 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist
     break;
 
   default:
-    dout(10) << "handle_request unkonwn op " << cephx_header.request_type << dendl;
+    dout(10) << "handle_request unknown op " << cephx_header.request_type << dendl;
     return -EINVAL;
   }
   return ret;

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index bffc69af1973844ef718096c0e221af86987a8c9..96c2ebfb22f33b0a220cfd643f169e5bf41763e1 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -373,7 +373,7 @@ bool AuthMonitor::prep_auth(MAuth *m, bool paxos_writable)
   EntityName entity_name;
 
   // set up handler?
-  if (m->protocol == 0 &&!s->auth_handler) {
+  if (m->protocol == 0 && !s->auth_handler) {
     set<__u32> supported;
     
     try {
@@ -392,16 +392,23 @@ bool AuthMonitor::prep_auth(MAuth *m, bool paxos_writable)
       goto reply;
     }
     start = true;
-  } else {
-    ret = -EINVAL;  // can only select protocol once per connection
-    goto reply;
+  } else if (!s->auth_handler) {
+      dout(0) << "protocol specified but no s->auth_handler" << dendl;
+      ret = -EINVAL;
+      goto reply;
   }
 
-  // assign a new global_id?
+  /* assign a new global_id? we assume this should only happen on the first
+     request. If a client tries to send it later, it'll screw up its auth
+     session */
   if (!s->global_id) {
     s->global_id = assign_global_id(m, paxos_writable);
     if (!s->global_id) {
       s->put();
+
+      delete s->auth_handler;
+      s->auth_handler = NULL;
+
       if (mon->is_leader())
        return false;
       return true;
@@ -417,6 +424,10 @@ bool AuthMonitor::prep_auth(MAuth *m, bool paxos_writable)
       // request
       ret = s->auth_handler->handle_request(indata, response_bl, s->global_id, caps_info);
     }
+    if (ret == -EIO) {
+      paxos->wait_for_active(new C_RetryMessage(this, m));
+      goto done;
+    }
     s->caps.set_allow_all(caps_info.allow_all);
     if (caps_info.caps.length()) {
       bufferlist::iterator iter = caps_info.caps.begin();
@@ -427,9 +438,10 @@ bool AuthMonitor::prep_auth(MAuth *m, bool paxos_writable)
     dout(0) << "caught error when trying to handle auth request, probably malformed request" << dendl;
   }
 
- reply:
+reply:
   reply = new MAuthReply(proto, &response_bl, ret, s->global_id);
   mon->messenger->send_message(reply, m->get_orig_source_inst());
+done:
   s->put();
   return true;
 }

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index 87cffa18132fa0c4c09d11a24d7d5d2dfaaa1242..8c54b2cfb5b72b3a7f58729b94972cc71c82d731 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -294,26 +294,18 @@ void MonClient::handle_auth(MAuthReply *m)
       }
       auth->set_want_keys(want_keys);
       auth->init(entity_name);
+      auth->set_global_id(global_id);
     } else {
       auth->reset();
     }
     state = MC_STATE_AUTHENTICATING;
-  } else {
-    try {
-      __u8 assigned_id;
-      ::decode(assigned_id, p);
-      if (assigned_id) {
-        ::decode(global_id, p);
-        clientid = global_id;
-        auth->set_global_id(global_id);
-        dout(10) << "my global_id is " << auth->get_global_id() << dendl;
-      }
-    } catch (buffer::error *err) {
-      delete m;
-      return;
-    }
   }
   assert(auth);
+  if (m->global_id) {
+    global_id = m->global_id;
+    auth->set_global_id(global_id);
+    dout(10) << "my global_id is " << m->global_id << dendl;
+  }
 
   int ret = auth->handle_response(m->result, p);
   delete m;
@@ -385,6 +377,7 @@ void MonClient::_reopen_session()
     m->protocol = 0;
     ::encode(auth_supported, m->auth_payload);
     ::encode(entity_name, m->auth_payload);
+    ::encode(global_id, m->auth_payload);
     _send_mon_message(m, true);
   }
 

diff --git a/src/vstart.sh b/src/vstart.sh
index d307a4da787b6b190dd956ebf8209350c6513257..c6e0dd77bb36564cae73ba4da040e37681b3fff6 100755 (executable)
--- a/src/vstart.sh
+++ b/src/vstart.sh
@@ -334,8 +334,9 @@ EOF
        mon = "allow rwx"
        osd = "allow rwx"
 EOF
-               fi
                $SUDO $CEPH_BIN/authtool --gen-key --name=osd.$osd --caps=$osd_caps $key_fn
+               fi
+               echo adding osd$osd key to auth repository
                $SUDO $CEPH_ADM -i $key_fn auth add osd.$osd
            fi
        fi