From: Sage Weil Date: Thu, 13 Sep 2018 19:38:21 +0000 (-0500) Subject: msg: remove unused ms_verify_authorizer X-Git-Tag: v14.0.1~26^2~7 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=1e3517a31eae221b216f95fe2224f6edea8544ae;p=ceph.git msg: remove unused ms_verify_authorizer Signed-off-by: Sage Weil --- diff --git a/src/mds/MDSDaemon.cc b/src/mds/MDSDaemon.cc index 9e8c8fbb5d9e3..8f87301761a20 100644 --- a/src/mds/MDSDaemon.cc +++ b/src/mds/MDSDaemon.cc @@ -1297,50 +1297,6 @@ bool MDSDaemon::ms_handle_refused(Connection *con) return false; } -bool MDSDaemon::ms_verify_authorizer(Connection *con, int peer_type, - int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply, - bool& is_valid, CryptoKey& session_key, - std::unique_ptr *challenge) -{ - Mutex::Locker l(mds_lock); - if (stopping) { - return false; - } - if (beacon.get_want_state() == CEPH_MDS_STATE_DNE) - return false; - - AuthAuthorizeHandler *authorize_handler = 0; - switch (peer_type) { - case CEPH_ENTITY_TYPE_MDS: - authorize_handler = authorize_handler_cluster_registry->get_handler(protocol); - break; - default: - authorize_handler = authorize_handler_service_registry->get_handler(protocol); - } - if (!authorize_handler) { - dout(0) << "No AuthAuthorizeHandler found for protocol " << protocol << dendl; - is_valid = false; - return true; - } - - if (auto keys = monc->rotating_secrets.get(); keys) { - is_valid = authorize_handler->verify_authorizer( - cct, keys, - authorizer_data, authorizer_reply, - con->peer_name, con->peer_global_id, - con->peer_caps_info, - session_key, challenge); - } else { - dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; - is_valid = false; - } - - if (is_valid) { - ms_handle_authentication(con); - } - return true; -} - KeyStore *MDSDaemon::ms_get_auth1_authorizer_keystore() { return monc->rotating_secrets.get(); diff --git a/src/mds/MDSDaemon.h b/src/mds/MDSDaemon.h index 0043cb5f750b8..688ea3843f900 100644 --- a/src/mds/MDSDaemon.h +++ b/src/mds/MDSDaemon.h @@ -111,10 +111,6 @@ class MDSDaemon : public Dispatcher, public md_config_obs_t { private: bool ms_dispatch2(const Message::ref &m) override; bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; - bool ms_verify_authorizer(Connection *con, int peer_type, - int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override; int ms_handle_authentication(Connection *con) override; KeyStore *ms_get_auth1_authorizer_keystore() override; void ms_handle_accept(Connection *con) override; diff --git a/src/mgr/DaemonServer.cc b/src/mgr/DaemonServer.cc index d6dfde3bf0583..bd351d69b24db 100644 --- a/src/mgr/DaemonServer.cc +++ b/src/mgr/DaemonServer.cc @@ -166,51 +166,6 @@ KeyStore *DaemonServer::ms_get_auth1_authorizer_keystore() return monc->rotating_secrets.get(); } -bool DaemonServer::ms_verify_authorizer( - Connection *con, - int peer_type, - int protocol, - ceph::bufferlist& authorizer_data, - ceph::bufferlist& authorizer_reply, - bool& is_valid, - CryptoKey& session_key, - std::unique_ptr *challenge) -{ - AuthAuthorizeHandler *handler = nullptr; - if (peer_type == CEPH_ENTITY_TYPE_OSD || - peer_type == CEPH_ENTITY_TYPE_MON || - peer_type == CEPH_ENTITY_TYPE_MDS || - peer_type == CEPH_ENTITY_TYPE_MGR) { - handler = auth_cluster_registry.get_handler(protocol); - } else { - handler = auth_service_registry.get_handler(protocol); - } - if (!handler) { - dout(0) << "No AuthAuthorizeHandler found for protocol " << protocol << dendl; - is_valid = false; - return true; - } - - if (auto keys = monc->rotating_secrets.get(); keys) { - is_valid = handler->verify_authorizer( - cct, keys, - authorizer_data, - authorizer_reply, con->peer_name, - con->peer_global_id, con->peer_caps_info, - session_key, - challenge); - } else { - dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; - is_valid = false; - } - - if (is_valid) { - ms_handle_authentication(con); - } - - return true; -} - int DaemonServer::ms_handle_authentication(Connection *con) { int ret = 0; diff --git a/src/mgr/DaemonServer.h b/src/mgr/DaemonServer.h index 1f78d3f8acfb5..6ccab441cf54b 100644 --- a/src/mgr/DaemonServer.h +++ b/src/mgr/DaemonServer.h @@ -151,15 +151,6 @@ public: bool ms_handle_refused(Connection *con) override; bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; - bool ms_verify_authorizer( - Connection *con, - int peer_type, - int protocol, - ceph::bufferlist& authorizer, - ceph::bufferlist& authorizer_reply, - bool& isvalid, - CryptoKey& session_key, - std::unique_ptr *challenge) override; KeyStore *ms_get_auth1_authorizer_keystore() override; bool handle_open(MMgrOpen *m); diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 84036041214fa..713c0179b5e8e 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -5758,47 +5758,6 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer, return true; } -bool Monitor::ms_verify_authorizer(Connection *con, int peer_type, - int protocol, bufferlist& authorizer_data, - bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) -{ - dout(10) << "ms_verify_authorizer " << con->get_peer_addr() - << " " << ceph_entity_type_name(peer_type) - << " protocol " << protocol << dendl; - - if (is_shutdown()) - return false; - - if (peer_type == CEPH_ENTITY_TYPE_MON && - auth_cluster_required.is_supported_auth(CEPH_AUTH_CEPHX)) { - // monitor, and cephx is enabled - isvalid = false; - if (protocol == CEPH_AUTH_CEPHX) { - auto iter = authorizer_data.cbegin(); - CephXServiceTicketInfo auth_ticket_info; - - if (authorizer_data.length()) { - bool ret = cephx_verify_authorizer(g_ceph_context, &keyring, iter, - auth_ticket_info, challenge, authorizer_reply); - if (ret) { - session_key = auth_ticket_info.session_key; - isvalid = true; - } else { - dout(0) << "ms_verify_authorizer bad authorizer from mon " << con->get_peer_addr() << dendl; - } - } - } else { - dout(0) << "ms_verify_authorizer cephx enabled, but no authorizer (required for mon)" << dendl; - } - } else { - // who cares. - isvalid = true; - } - return true; -} - KeyStore *Monitor::ms_get_auth1_authorizer_keystore() { return &keyring; diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h index 1c4f36f8e2499..f511e5f6334a7 100644 --- a/src/mon/Monitor.h +++ b/src/mon/Monitor.h @@ -884,10 +884,6 @@ public: //mon_caps is used for un-connected messages from monitors MonCap mon_caps; bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; - bool ms_verify_authorizer(Connection *con, int peer_type, - int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override; KeyStore *ms_get_auth1_authorizer_keystore(); public: // for AuthMonitor msgr1: int ms_handle_authentication(Connection *con) override; diff --git a/src/msg/Dispatcher.h b/src/msg/Dispatcher.h index d1ba4f2b1553a..c0b6115698466 100644 --- a/src/msg/Dispatcher.h +++ b/src/msg/Dispatcher.h @@ -239,30 +239,6 @@ public: * @return True if this function call properly filled in *a, false otherwise. */ virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, bool force_new) { return false; } - /** - * Verify the authorizer for a new incoming Connection. - * - * @param con The new incoming Connection - * @param peer_type The type of the endpoint which initiated this Connection - * @param protocol The ID of the protocol in use (at time of writing, cephx or none) - * @param authorizer The authorization string supplied by the remote - * @param authorizer_reply Output param: The string we should send back to - * the remote to authorize ourselves. Only filled in if isvalid - * @param isvalid Output param: True if authorizer is valid, false otherwise - * - * @return True if we were able to prove or disprove correctness of - * authorizer, false otherwise. - */ - virtual bool ms_verify_authorizer(Connection *con, - int peer_type, - int protocol, - ceph::bufferlist& authorizer, - ceph::bufferlist& authorizer_reply, - bool& isvalid, - CryptoKey& session_key, - std::unique_ptr *challenge) { - return false; - } /** * @} //Authentication */ diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc index 6ab07de167c4a..6f18c6454c609 100644 --- a/src/osd/OSD.cc +++ b/src/osd/OSD.cc @@ -6880,54 +6880,6 @@ bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool for return *authorizer != NULL; } - -bool OSD::ms_verify_authorizer( - Connection *con, int peer_type, - int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) -{ - AuthAuthorizeHandler *authorize_handler = 0; - switch (peer_type) { - case CEPH_ENTITY_TYPE_MDS: - /* - * note: mds is technically a client from our perspective, but - * this makes the 'cluster' consistent w/ monitor's usage. - */ - case CEPH_ENTITY_TYPE_OSD: - case CEPH_ENTITY_TYPE_MGR: - authorize_handler = authorize_handler_cluster_registry->get_handler(protocol); - break; - default: - authorize_handler = authorize_handler_service_registry->get_handler(protocol); - } - if (!authorize_handler) { - dout(0) << "No AuthAuthorizeHandler found for protocol " << protocol << dendl; - isvalid = false; - return true; - } - - auto keys = monc->rotating_secrets.get(); - if (keys) { - isvalid = authorize_handler->verify_authorizer( - cct, keys, - authorizer_data, authorizer_reply, - con->peer_name, - con->peer_global_id, - con->peer_caps_info, - session_key, - challenge); - } else { - dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; - isvalid = false; - } - - if (isvalid) { - ms_handle_authentication(con); - } - return true; -} - KeyStore *OSD::ms_get_auth1_authorizer_keystore() { return monc->rotating_secrets.get(); diff --git a/src/osd/OSD.h b/src/osd/OSD.h index 25c4ffbbaa300..c6b3faf5002b5 100644 --- a/src/osd/OSD.h +++ b/src/osd/OSD.h @@ -1651,13 +1651,6 @@ public: bool ms_handle_refused(Connection *con) override { return osd->ms_handle_refused(con); } - bool ms_verify_authorizer(Connection *con, int peer_type, - int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override { - isvalid = true; - return true; - } int ms_handle_authentication(Connection *con) override { return true; } @@ -2187,10 +2180,6 @@ private: void ms_fast_preprocess(Message *m) override; bool ms_dispatch(Message *m) override; bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override; - bool ms_verify_authorizer(Connection *con, int peer_type, - int protocol, bufferlist& authorizer, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override; void ms_handle_connect(Connection *con) override; void ms_handle_fast_connect(Connection *con) override; void ms_handle_fast_accept(Connection *con) override; diff --git a/src/test/messenger/simple_dispatcher.h b/src/test/messenger/simple_dispatcher.h index adef942f92b75..cc598237fec14 100644 --- a/src/test/messenger/simple_dispatcher.h +++ b/src/test/messenger/simple_dispatcher.h @@ -97,30 +97,6 @@ public: bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, bool force_new) override { return false; }; - /** - * Verify the authorizer for a new incoming Connection. - * - * @param con The new incoming Connection - * @param peer_type The type of the endpoint which initiated this Connection - * @param protocol The ID of the protocol in use (at time of writing, cephx - * or none) - * @param authorizer The authorization string supplied by the remote - * @param authorizer_reply Output param: The string we should send back to - * the remote to authorize ourselves. Only filled in if isvalid - * @param isvalid Output param: True if authorizer is valid, false otherwise - * - * @return True if we were able to prove or disprove correctness of - * authorizer, false otherwise. - */ - bool ms_verify_authorizer(Connection *con, int peer_type, - int protocol, bufferlist& authorizer, - bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override { - /* always succeed */ - isvalid = true; - return true; - }; int ms_handle_authentication(Connection *con) override { return 1; } diff --git a/src/test/messenger/xio_dispatcher.h b/src/test/messenger/xio_dispatcher.h index 495fa3a752166..6ab9d92dd1667 100644 --- a/src/test/messenger/xio_dispatcher.h +++ b/src/test/messenger/xio_dispatcher.h @@ -97,30 +97,6 @@ public: virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, bool force_new) { return false; }; - /** - * Verify the authorizer for a new incoming Connection. - * - * @param con The new incoming Connection - * @param peer_type The type of the endpoint which initiated this Connection - * @param protocol The ID of the protocol in use (at time of writing, cephx - * or none) - * @param authorizer The authorization string supplied by the remote - * @param authorizer_reply Output param: The string we should send back to - * the remote to authorize ourselves. Only filled in if isvalid - * @param isvalid Output param: True if authorizer is valid, false otherwise - * - * @return True if we were able to prove or disprove correctness of - * authorizer, false otherwise. - */ - virtual bool ms_verify_authorizer(Connection *con, int peer_type, - int protocol, bufferlist& authorizer, - bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) { - /* always succeed */ - isvalid = true; - return true; - }; }; diff --git a/src/test/msgr/perf_msgr_client.cc b/src/test/msgr/perf_msgr_client.cc index aaf3be46780f0..992217e341daf 100644 --- a/src/test/msgr/perf_msgr_client.cc +++ b/src/test/msgr/perf_msgr_client.cc @@ -56,13 +56,6 @@ class MessengerClient { bool ms_handle_reset(Connection *con) override { return true; } void ms_handle_remote_reset(Connection *con) override {} bool ms_handle_refused(Connection *con) override { return false; } - bool ms_verify_authorizer(Connection *con, int peer_type, int protocol, - bufferlist& authorizer, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override { - isvalid = true; - return true; - } int ms_handle_authentication(Connection *con) override { return 1; } diff --git a/src/test/msgr/perf_msgr_server.cc b/src/test/msgr/perf_msgr_server.cc index e3e6dc740e56d..d5b5ba8170d38 100644 --- a/src/test/msgr/perf_msgr_server.cc +++ b/src/test/msgr/perf_msgr_server.cc @@ -99,13 +99,6 @@ class ServerDispatcher : public Dispatcher { //cerr << __func__ << " reply message=" << m << std::endl; op_wq.queue(m); } - bool ms_verify_authorizer(Connection *con, int peer_type, int protocol, - bufferlist& authorizer, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override { - isvalid = true; - return true; - } int ms_handle_authentication(Connection *con) override { return 1; } diff --git a/src/test/msgr/test_msgr.cc b/src/test/msgr/test_msgr.cc index 063465498cc52..38d91e33dff6c 100644 --- a/src/test/msgr/test_msgr.cc +++ b/src/test/msgr/test_msgr.cc @@ -198,14 +198,6 @@ class FakeDispatcher : public Dispatcher { cond.Signal(); } - bool ms_verify_authorizer(Connection *con, int peer_type, int protocol, - bufferlist& authorizer, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override { - isvalid = true; - return true; - } - int ms_handle_authentication(Connection *con) override { return 1; } @@ -921,14 +913,6 @@ class SyntheticDispatcher : public Dispatcher { } } - bool ms_verify_authorizer(Connection *con, int peer_type, int protocol, - bufferlist& authorizer, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override { - isvalid = true; - return true; - } - int ms_handle_authentication(Connection *con) override { return 1; } @@ -1472,13 +1456,6 @@ class MarkdownDispatcher : public Dispatcher { void ms_fast_dispatch(Message *m) override { ceph_abort(); } - bool ms_verify_authorizer(Connection *con, int peer_type, int protocol, - bufferlist& authorizer, bufferlist& authorizer_reply, - bool& isvalid, CryptoKey& session_key, - std::unique_ptr *challenge) override { - isvalid = true; - return true; - } int ms_handle_authentication(Connection *con) override { return 1; }