#include "krb/KrbServiceHandler.hpp"
#endif
#include "none/AuthNoneServiceHandler.h"
+#include "common/dout.h"
#define dout_subsys ceph_subsys_auth
+int AuthServiceHandler::start_session(const EntityName& entity_name,
+ uint64_t global_id,
+ bool is_new_global_id,
+ ceph::buffer::list *result,
+ AuthCapsInfo *caps)
+{
+ ceph_assert(!this->entity_name.get_type() && !this->global_id);
+
+ ldout(cct, 10) << __func__ << " entity_name=" << entity_name
+ << " global_id=" << global_id << " is_new_global_id="
+ << is_new_global_id << dendl;
+ this->entity_name = entity_name;
+ this->global_id = global_id;
+
+ return do_start_session(is_new_global_id, result, caps);
+}
+
AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServer *ks)
{
switch (type) {
struct AuthServiceHandler {
protected:
CephContext *cct;
-public:
EntityName entity_name;
- uint64_t global_id;
+ uint64_t global_id = 0;
- explicit AuthServiceHandler(CephContext *cct_) : cct(cct_), global_id(0) {}
+public:
+ explicit AuthServiceHandler(CephContext *cct_) : cct(cct_) {}
virtual ~AuthServiceHandler() { }
- virtual int start_session(const EntityName& name,
- ceph::buffer::list *result,
- AuthCapsInfo *caps) = 0;
+ int start_session(const EntityName& entity_name,
+ uint64_t global_id,
+ bool is_new_global_id,
+ ceph::buffer::list *result,
+ AuthCapsInfo *caps);
virtual int handle_request(ceph::buffer::list::const_iterator& indata,
size_t connection_secret_required_length,
ceph::buffer::list *result,
CryptoKey *session_key,
std::string *connection_secret) = 0;
- EntityName& get_entity_name() { return entity_name; }
+ const EntityName& get_entity_name() { return entity_name; }
+ uint64_t get_global_id() { return global_id; }
+
+private:
+ virtual int do_start_session(bool is_new_global_id,
+ ceph::buffer::list *result,
+ AuthCapsInfo *caps) = 0;
};
extern AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServer *ks);
using ceph::decode;
using ceph::encode;
-int CephxServiceHandler::start_session(
- const EntityName& name,
+int CephxServiceHandler::do_start_session(
+ bool is_new_global_id,
bufferlist *result_bl,
AuthCapsInfo *caps)
{
- entity_name = name;
-
uint64_t min = 1; // always non-zero
uint64_t max = std::numeric_limits<uint64_t>::max();
server_challenge = ceph::util::generate_random_number<uint64_t>(min, max);
: AuthServiceHandler(cct_), key_server(ks), server_challenge(0) {}
~CephxServiceHandler() override {}
- int start_session(const EntityName& name,
- ceph::buffer::list *result_bl,
- AuthCapsInfo *caps) override;
int handle_request(
ceph::buffer::list::const_iterator& indata,
size_t connection_secret_required_length,
std::string *connection_secret) override;
private:
+ int do_start_session(bool is_new_global_id,
+ ceph::buffer::list *result_bl,
+ AuthCapsInfo *caps) override;
+
void build_cephx_response_header(int request_type, int status,
ceph::buffer::list& bl);
};
return result;
}
-int KrbServiceHandler::start_session(
- const EntityName& name,
+int KrbServiceHandler::do_start_session(
+ bool is_new_global_id,
bufferlist *buff_list,
AuthCapsInfo *caps)
{
gss_buffer_in.length = gss_service_name.length();
gss_buffer_in.value = (const_cast<char*>(gss_service_name.c_str()));
- entity_name = name;
gss_major_status = gss_import_name(&gss_minor_status,
&gss_buffer_in,
CryptoKey *session_key,
std::string *connection_secret) override;
- int start_session(const EntityName& name,
- bufferlist *buff_list,
- AuthCapsInfo *caps) override;
-
private:
+ int do_start_session(bool is_new_global_id,
+ ceph::buffer::list *buff_list,
+ AuthCapsInfo *caps) override;
+
gss_buffer_desc m_gss_buffer_out;
gss_cred_id_t m_gss_credentials;
gss_ctx_id_t m_gss_sec_ctx;
: AuthServiceHandler(cct_) {}
~AuthNoneServiceHandler() override {}
- int start_session(const EntityName& name,
- ceph::buffer::list *result_bl,
- AuthCapsInfo *caps) override {
- entity_name = name;
- caps->allow_all = true;
- return 1;
- }
int handle_request(ceph::buffer::list::const_iterator& indata,
size_t connection_secret_required_length,
ceph::buffer::list *result_bl,
std::string *connection_secret) override {
return 0;
}
+
+private:
+ int do_start_session(bool is_new_global_id,
+ ceph::buffer::list *result_bl,
+ AuthCapsInfo *caps) override {
+ caps->allow_all = true;
+ return 1;
+ }
};
#endif
bool start = false;
bool finished = false;
EntityName entity_name;
+ bool is_new_global_id = false;
// set up handler?
if (m->protocol == 0 && !s->auth_handler) {
ceph_assert(!paxos_writable);
return false;
}
+ is_new_global_id = true;
}
try {
if (start) {
// new session
ret = s->auth_handler->start_session(entity_name,
+ s->con->peer_global_id,
+ is_new_global_id,
&response_bl,
&s->con->peer_caps_info);
} else {
// are supported by the client if we require it. for msgr2 that
// is not necessary.
+ bool is_new_global_id = false;
if (!con->peer_global_id) {
con->peer_global_id = authmon()->_assign_global_id();
if (!con->peer_global_id) {
dout(1) << __func__ << " failed to assign global_id" << dendl;
return -EBUSY;
}
- dout(10) << __func__ << " assigned global_id " << con->peer_global_id
- << dendl;
+ is_new_global_id = true;
}
// set up partial session
r = s->auth_handler->start_session(
entity_name,
+ con->peer_global_id,
+ is_new_global_id,
reply,
&con->peer_caps_info);
} else {
projects / ceph.git / commitdiff