From: Sage Weil Date: Mon, 14 Jan 2019 23:00:17 +0000 (-0600) Subject: msg/async: separate TAG_AUTH_REQUEST_MORE and TAG_AUTH_REPLY_MORE X-Git-Tag: v14.1.0~183^2~65 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1c40968bd5299ba3012a22ffe83af7f11ce2480c;p=ceph.git msg/async: separate TAG_AUTH_REQUEST_MORE and TAG_AUTH_REPLY_MORE Signed-off-by: Sage Weil --- diff --git a/doc/dev/msgr2.rst b/doc/dev/msgr2.rst index 122828185527..d6f4c66555d6 100644 --- a/doc/dev/msgr2.rst +++ b/doc/dev/msgr2.rst @@ -128,7 +128,12 @@ Authentication - Sent when the authentication fails -* TAG_AUTH_MORE: server->client or client->server:: +* TAG_AUTH_REPLY_MORE: server->client:: + + __le32 len; + method specific payload + +* TAG_AUTH_REQUEST_MORE: client->server:: __le32 len; method specific payload diff --git a/src/msg/async/ProtocolV2.cc b/src/msg/async/ProtocolV2.cc index 6d781312d540..1cfd1b5bf87d 100644 --- a/src/msg/async/ProtocolV2.cc +++ b/src/msg/async/ProtocolV2.cc @@ -289,9 +289,17 @@ struct AuthBadAuthFrame inline std::string &error_msg() { return get_val<1>(); } }; -struct AuthMoreFrame - : public PayloadFrame { - const ProtocolV2::Tag tag = ProtocolV2::Tag::AUTH_MORE; +struct AuthReplyMoreFrame + : public PayloadFrame { + const ProtocolV2::Tag tag = ProtocolV2::Tag::AUTH_REPLY_MORE; + using PayloadFrame::PayloadFrame; + + inline bufferlist &auth_payload() { return get_val<1>(); } +}; + +struct AuthRequestMoreFrame + : public PayloadFrame { + const ProtocolV2::Tag tag = ProtocolV2::Tag::AUTH_REQUEST_MORE; using PayloadFrame::PayloadFrame; inline bufferlist &auth_payload() { return get_val<1>(); } @@ -1441,7 +1449,8 @@ CtPtr ProtocolV2::handle_read_frame_length_and_tag(char *buffer, int r) { case Tag::AUTH_REQUEST: case Tag::AUTH_BAD_METHOD: case Tag::AUTH_BAD_AUTH: - case Tag::AUTH_MORE: + case Tag::AUTH_REPLY_MORE: + case Tag::AUTH_REQUEST_MORE: case Tag::AUTH_DONE: case Tag::IDENT: case Tag::IDENT_MISSING_FEATURES: @@ -1488,8 +1497,10 @@ CtPtr ProtocolV2::handle_frame_payload(char *buffer, int r) { return handle_auth_bad_method(buffer, next_payload_len); case Tag::AUTH_BAD_AUTH: return handle_auth_bad_auth(buffer, next_payload_len); - case Tag::AUTH_MORE: - return handle_auth_more(buffer, next_payload_len); + case Tag::AUTH_REPLY_MORE: + return handle_auth_reply_more(buffer, next_payload_len); + case Tag::AUTH_REQUEST_MORE: + return handle_auth_request_more(buffer, next_payload_len); case Tag::AUTH_DONE: return handle_auth_done(buffer, next_payload_len); case Tag::IDENT: @@ -1516,37 +1527,6 @@ CtPtr ProtocolV2::handle_frame_payload(char *buffer, int r) { return nullptr; } -CtPtr ProtocolV2::handle_auth_more(char *payload, uint32_t length) { - ldout(cct, 20) << __func__ << " payload_len=" << length << dendl; - - AuthMoreFrame auth_more(payload, length); - ldout(cct, 5) << __func__ - << " auth more len=" << auth_more.auth_payload().length() - << dendl; - - if (state == CONNECTING) { - ldout(cct, 10) << __func__ << " connect got auth challenge" << dendl; - if (auth_method == CEPH_AUTH_CEPHX) { - ceph_assert(authorizer); - authorizer->add_challenge(cct, auth_more.auth_payload()); - AuthMoreFrame more_reply(authorizer->bl.length(), authorizer->bl); - return WRITE(more_reply.get_buffer(), "auth more", read_frame); - } else { - ceph_abort("Auth method %d not implemented", auth_method); - } - } else if (state == ACCEPTING) { - if (auth_method == CEPH_AUTH_CEPHX) { - return _handle_authorizer(auth_more.auth_payload()); - } else { - ceph_abort("Auth method %d not implemented", auth_method); - } - } else { - ceph_abort(); - } - - return nullptr; -} - CtPtr ProtocolV2::handle_ident(char *payload, uint32_t length) { if (state == CONNECTING) { return handle_server_ident(payload, length); @@ -2208,6 +2188,26 @@ CtPtr ProtocolV2::handle_auth_bad_auth(char *payload, uint32_t length) { return _fault(); } +CtPtr ProtocolV2::handle_auth_reply_more(char *payload, uint32_t length) +{ + ldout(cct, 20) << __func__ << " payload_len=" << length << dendl; + + AuthReplyMoreFrame auth_more(payload, length); + ldout(cct, 5) << __func__ + << " auth reply more len=" << auth_more.auth_payload().length() + << dendl; + ldout(cct, 10) << __func__ << " connect got auth challenge" << dendl; + if (auth_method == CEPH_AUTH_CEPHX) { + ceph_assert(authorizer); + authorizer->add_challenge(cct, auth_more.auth_payload()); + AuthRequestMoreFrame more_reply(authorizer->bl.length(), authorizer->bl); + return WRITE(more_reply.get_buffer(), "auth request more", read_frame); + } else { + ceph_abort("Auth method %d not implemented", auth_method); + } + return nullptr; +} + CtPtr ProtocolV2::handle_auth_done(char *payload, uint32_t length) { ldout(cct, 20) << __func__ << " payload_len=" << length << dendl; @@ -2496,10 +2496,10 @@ CtPtr ProtocolV2::handle_auth_request(char *payload, uint32_t length) { auth_method = auth_request.method(); - return _handle_authorizer(auth_request.auth_payload()); + return _handle_authorizer(auth_request.auth_payload(), false); } -CtPtr ProtocolV2::_handle_authorizer(bufferlist& auth_payload) +CtPtr ProtocolV2::_handle_authorizer(bufferlist& auth_payload, bool more) { bool authorizer_valid; bufferlist authorizer_reply; @@ -2525,8 +2525,8 @@ CtPtr ProtocolV2::_handle_authorizer(bufferlist& auth_payload) if (!had_challenge && authorizer_challenge) { ldout(cct, 10) << __func__ << " challenging authorizer" << dendl; ceph_assert(authorizer_reply.length()); - AuthMoreFrame more(authorizer_reply.length(), authorizer_reply); - return WRITE(more.get_buffer(), "auth more", read_frame); + AuthReplyMoreFrame more(authorizer_reply.length(), authorizer_reply); + return WRITE(more.get_buffer(), "auth reply more", read_frame); } else { ldout(cct, 0) << __func__ << " got bad authorizer, auth_reply_len=" << authorizer_reply.length() << dendl; @@ -2564,6 +2564,17 @@ CtPtr ProtocolV2::_handle_authorizer(bufferlist& auth_payload) return WRITE(auth_done.get_buffer(), "auth done", read_frame); } +CtPtr ProtocolV2::handle_auth_request_more(char *payload, uint32_t length) +{ + ldout(cct, 20) << __func__ << " payload_len=" << length << dendl; + + AuthRequestMoreFrame auth_more(payload, length); + ldout(cct, 5) << __func__ + << " auth request more len=" << auth_more.auth_payload().length() + << dendl; + return _handle_authorizer(auth_more.auth_payload(), true); +} + CtPtr ProtocolV2::handle_client_ident(char *payload, uint32_t length) { ldout(cct, 20) << __func__ << " payload_len=" << std::dec << length << dendl; diff --git a/src/msg/async/ProtocolV2.h b/src/msg/async/ProtocolV2.h index f2b5d766cb27..6006f59abfb5 100644 --- a/src/msg/async/ProtocolV2.h +++ b/src/msg/async/ProtocolV2.h @@ -51,7 +51,8 @@ public: AUTH_REQUEST, AUTH_BAD_METHOD, AUTH_BAD_AUTH, - AUTH_MORE, + AUTH_REPLY_MORE, + AUTH_REQUEST_MORE, AUTH_DONE, IDENT, IDENT_MISSING_FEATURES, @@ -170,7 +171,6 @@ private: Ct *read_frame(); Ct *handle_read_frame_length_and_tag(char *buffer, int r); Ct *handle_frame_payload(char *buffer, int r); - Ct *handle_auth_more(char *payload, uint32_t length); Ct *handle_ident(char *payload, uint32_t length); Ct *ready(); @@ -235,6 +235,7 @@ private: Ct *send_auth_request(std::vector &allowed_methods); Ct *handle_auth_bad_method(char *payload, uint32_t length); Ct *handle_auth_bad_auth(char *payload, uint32_t length); + Ct *handle_auth_reply_more(char *payload, uint32_t length); Ct *handle_auth_done(char *payload, uint32_t length); Ct *send_client_ident(); Ct *send_reconnect(); @@ -254,7 +255,8 @@ private: Ct *start_server_banner_exchange(); Ct *post_server_banner_exchange(); Ct *handle_auth_request(char *payload, uint32_t length); - Ct *_handle_authorizer(bufferlist& auth_payload); + Ct *handle_auth_request_more(char *payload, uint32_t length); + Ct *_handle_authorizer(bufferlist& auth_payload, bool more); Ct *handle_client_ident(char *payload, uint32_t length); Ct *handle_ident_missing_features_write(int r); Ct *handle_reconnect(char *payload, uint32_t length);