From: Sage Weil Date: Sun, 12 Aug 2018 20:00:44 +0000 (-0500) Subject: auth: remove auid args from handle_request and verify_authorizer X-Git-Tag: v14.0.1~431^2~8 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=3752b67ec9d0e90e80c78b81bec5c218bad5c35e;p=ceph.git auth: remove auid args from handle_request and verify_authorizer Signed-off-by: Sage Weil --- diff --git a/src/auth/AuthAuthorizeHandler.h b/src/auth/AuthAuthorizeHandler.h index 7473267dc4d4..d2de7e1964e3 100644 --- a/src/auth/AuthAuthorizeHandler.h +++ b/src/auth/AuthAuthorizeHandler.h @@ -34,7 +34,6 @@ struct AuthAuthorizeHandler { bufferlist& authorizer_data, bufferlist& authorizer_reply, EntityName& entity_name, uint64_t& global_id, AuthCapsInfo& caps_info, CryptoKey& session_key, - uint64_t *auid, std::unique_ptr *challenge) = 0; virtual int authorizer_session_crypto() = 0; }; diff --git a/src/auth/AuthServiceHandler.h b/src/auth/AuthServiceHandler.h index 51551f4cf8da..2230c75c71ff 100644 --- a/src/auth/AuthServiceHandler.h +++ b/src/auth/AuthServiceHandler.h @@ -36,7 +36,7 @@ public: virtual ~AuthServiceHandler() { } virtual int start_session(EntityName& name, bufferlist::const_iterator& indata, bufferlist& result, AuthCapsInfo& caps) = 0; - virtual int handle_request(bufferlist::const_iterator& indata, bufferlist& result, uint64_t& global_id, AuthCapsInfo& caps, uint64_t *auid = NULL) = 0; + virtual int handle_request(bufferlist::const_iterator& indata, bufferlist& result, uint64_t& global_id, AuthCapsInfo& caps) = 0; EntityName& get_entity_name() { return entity_name; } }; diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc index e589ff4ee7e9..8e1c778dceea 100644 --- a/src/auth/cephx/CephxAuthorizeHandler.cc +++ b/src/auth/cephx/CephxAuthorizeHandler.cc @@ -10,7 +10,7 @@ bool CephxAuthorizeHandler::verify_authorizer( CephContext *cct, KeyStore *keys, bufferlist& authorizer_data, bufferlist& authorizer_reply, EntityName& entity_name, uint64_t& global_id, AuthCapsInfo& caps_info, - CryptoKey& session_key, uint64_t *auid, + CryptoKey& session_key, std::unique_ptr *challenge) { auto iter = authorizer_data.cbegin(); @@ -30,7 +30,6 @@ bool CephxAuthorizeHandler::verify_authorizer( entity_name = auth_ticket_info.ticket.name; global_id = auth_ticket_info.ticket.global_id; session_key = auth_ticket_info.session_key; - if (auid) *auid = auth_ticket_info.ticket.auid; } return isvalid; diff --git a/src/auth/cephx/CephxAuthorizeHandler.h b/src/auth/cephx/CephxAuthorizeHandler.h index 8fa40aa71275..ab11d2c37cb1 100644 --- a/src/auth/cephx/CephxAuthorizeHandler.h +++ b/src/auth/cephx/CephxAuthorizeHandler.h @@ -23,7 +23,7 @@ struct CephxAuthorizeHandler : public AuthAuthorizeHandler { bool verify_authorizer(CephContext *cct, KeyStore *keys, bufferlist& authorizer_data, bufferlist& authorizer_reply, EntityName& entity_name, uint64_t& global_id, - AuthCapsInfo& caps_info, CryptoKey& session_key, uint64_t *auid, + AuthCapsInfo& caps_info, CryptoKey& session_key, std::unique_ptr *challenge) override; int authorizer_session_crypto() override; }; diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc index ea2d852cae1b..07593c468649 100644 --- a/src/auth/cephx/CephxServiceHandler.cc +++ b/src/auth/cephx/CephxServiceHandler.cc @@ -42,7 +42,7 @@ int CephxServiceHandler::start_session(EntityName& name, bufferlist::const_itera return CEPH_AUTH_CEPHX; } -int CephxServiceHandler::handle_request(bufferlist::const_iterator& indata, bufferlist& result_bl, uint64_t& global_id, AuthCapsInfo& caps, uint64_t *auid) +int CephxServiceHandler::handle_request(bufferlist::const_iterator& indata, bufferlist& result_bl, uint64_t& global_id, AuthCapsInfo& caps) { int ret = 0; @@ -113,8 +113,6 @@ int CephxServiceHandler::handle_request(bufferlist::const_iterator& indata, buff info.ticket.auid = eauth.auid; info.validity += cct->_conf->auth_mon_ticket_ttl; - if (auid) *auid = eauth.auid; - key_server->generate_secret(session_key); info.session_key = session_key; diff --git a/src/auth/cephx/CephxServiceHandler.h b/src/auth/cephx/CephxServiceHandler.h index b51ee5f13738..e961e38814ea 100644 --- a/src/auth/cephx/CephxServiceHandler.h +++ b/src/auth/cephx/CephxServiceHandler.h @@ -30,7 +30,7 @@ public: ~CephxServiceHandler() override {} int start_session(EntityName& name, bufferlist::const_iterator& indata, bufferlist& result_bl, AuthCapsInfo& caps) override; - int handle_request(bufferlist::const_iterator& indata, bufferlist& result_bl, uint64_t& global_id, AuthCapsInfo& caps, uint64_t *auid = NULL) override; + int handle_request(bufferlist::const_iterator& indata, bufferlist& result_bl, uint64_t& global_id, AuthCapsInfo& caps) override; void build_cephx_response_header(int request_type, int status, bufferlist& bl); }; diff --git a/src/auth/none/AuthNoneAuthorizeHandler.cc b/src/auth/none/AuthNoneAuthorizeHandler.cc index d7e42c1b9ac7..723b463fe926 100644 --- a/src/auth/none/AuthNoneAuthorizeHandler.cc +++ b/src/auth/none/AuthNoneAuthorizeHandler.cc @@ -22,7 +22,6 @@ bool AuthNoneAuthorizeHandler::verify_authorizer( bufferlist& authorizer_data, bufferlist& authorizer_reply, EntityName& entity_name, uint64_t& global_id, AuthCapsInfo& caps_info, CryptoKey& session_key, - uint64_t *auid, std::unique_ptr *challenge) { auto iter = authorizer_data.cbegin(); diff --git a/src/auth/none/AuthNoneAuthorizeHandler.h b/src/auth/none/AuthNoneAuthorizeHandler.h index 0ce542bf678e..7dcd029b8e39 100644 --- a/src/auth/none/AuthNoneAuthorizeHandler.h +++ b/src/auth/none/AuthNoneAuthorizeHandler.h @@ -23,7 +23,7 @@ struct AuthNoneAuthorizeHandler : public AuthAuthorizeHandler { bool verify_authorizer(CephContext *cct, KeyStore *keys, bufferlist& authorizer_data, bufferlist& authorizer_reply, EntityName& entity_name, uint64_t& global_id, - AuthCapsInfo& caps_info, CryptoKey& session_key, uint64_t *auid, + AuthCapsInfo& caps_info, CryptoKey& session_key, std::unique_ptr *challenge) override; int authorizer_session_crypto() override; }; diff --git a/src/auth/none/AuthNoneServiceHandler.h b/src/auth/none/AuthNoneServiceHandler.h index f784d641b126..449143894924 100644 --- a/src/auth/none/AuthNoneServiceHandler.h +++ b/src/auth/none/AuthNoneServiceHandler.h @@ -31,7 +31,7 @@ public: caps.allow_all = true; return CEPH_AUTH_NONE; } - int handle_request(bufferlist::const_iterator& indata, bufferlist& result_bl, uint64_t& global_id, AuthCapsInfo& caps, uint64_t *auid = NULL) override { + int handle_request(bufferlist::const_iterator& indata, bufferlist& result_bl, uint64_t& global_id, AuthCapsInfo& caps) override { return 0; } void build_cephx_response_header(int request_type, int status, bufferlist& bl) { } diff --git a/src/auth/unknown/AuthUnknownAuthorizeHandler.cc b/src/auth/unknown/AuthUnknownAuthorizeHandler.cc index 90e00ef579a5..1f59401fe41c 100644 --- a/src/auth/unknown/AuthUnknownAuthorizeHandler.cc +++ b/src/auth/unknown/AuthUnknownAuthorizeHandler.cc @@ -19,7 +19,6 @@ bool AuthUnknownAuthorizeHandler::verify_authorizer( bufferlist& authorizer_data, bufferlist& authorizer_reply, EntityName& entity_name, uint64_t& global_id, AuthCapsInfo& caps_info, CryptoKey& session_key, - uint64_t *auid, std::unique_ptr *challenge) { // For unknown authorizers, there's nothing to verify. They're "OK" by definition. PLR diff --git a/src/auth/unknown/AuthUnknownAuthorizeHandler.h b/src/auth/unknown/AuthUnknownAuthorizeHandler.h index e052af5def7d..fdbcd1c3d95b 100644 --- a/src/auth/unknown/AuthUnknownAuthorizeHandler.h +++ b/src/auth/unknown/AuthUnknownAuthorizeHandler.h @@ -23,7 +23,7 @@ struct AuthUnknownAuthorizeHandler : public AuthAuthorizeHandler { bool verify_authorizer(CephContext *cct, KeyStore *keys, bufferlist& authorizer_data, bufferlist& authorizer_reply, EntityName& entity_name, uint64_t& global_id, - AuthCapsInfo& caps_info, CryptoKey& session_key, uint64_t *auid, + AuthCapsInfo& caps_info, CryptoKey& session_key, std::unique_ptr *challenge) override; int authorizer_session_crypto() override; }; diff --git a/src/auth/unknown/AuthUnknownServiceHandler.h b/src/auth/unknown/AuthUnknownServiceHandler.h index 5c1e511e5837..f89174d9aa13 100644 --- a/src/auth/unknown/AuthUnknownServiceHandler.h +++ b/src/auth/unknown/AuthUnknownServiceHandler.h @@ -29,7 +29,7 @@ public: int start_session(EntityName& name, bufferlist::iterator& indata, bufferlist& result_bl, AuthCapsInfo& caps) { return CEPH_AUTH_UNKNOWN; } - int handle_request(bufferlist::iterator& indata, bufferlist& result_bl, uint64_t& global_id, AuthCapsInfo& caps, uint64_t *auid = NULL) { + int handle_request(bufferlist::iterator& indata, bufferlist& result_bl, uint64_t& global_id, AuthCapsInfo& caps) { ceph_abort(); // shouldn't get called return 0; } diff --git a/src/mds/MDSDaemon.cc b/src/mds/MDSDaemon.cc index bc247f02105b..16d6821f1349 100644 --- a/src/mds/MDSDaemon.cc +++ b/src/mds/MDSDaemon.cc @@ -1308,7 +1308,7 @@ bool MDSDaemon::ms_verify_authorizer(Connection *con, int peer_type, is_valid = authorize_handler->verify_authorizer( cct, keys, authorizer_data, authorizer_reply, name, global_id, caps_info, - session_key, nullptr, challenge); + session_key, challenge); } else { dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; is_valid = false; diff --git a/src/mgr/DaemonServer.cc b/src/mgr/DaemonServer.cc index 0a802227ce04..ce30ac879e1b 100644 --- a/src/mgr/DaemonServer.cc +++ b/src/mgr/DaemonServer.cc @@ -195,7 +195,6 @@ bool DaemonServer::ms_verify_authorizer( authorizer_reply, s->entity_name, s->global_id, caps_info, session_key, - nullptr, challenge); } else { dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 7611152095ce..33c3f2bc2d97 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -647,7 +647,7 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable) } } else { // request - ret = s->auth_handler->handle_request(indata, response_bl, s->global_id, caps_info, &auid); + ret = s->auth_handler->handle_request(indata, response_bl, s->global_id, caps_info); } if (ret == -EIO) { wait_for_active(op, new C_RetryMessage(this,op)); diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc index 02e50f00141b..1e08ad43eecd 100644 --- a/src/osd/OSD.cc +++ b/src/osd/OSD.cc @@ -6634,7 +6634,7 @@ bool OSD::ms_verify_authorizer( isvalid = authorize_handler->verify_authorizer( cct, keys, authorizer_data, authorizer_reply, name, global_id, caps_info, session_key, - &auid, challenge); + challenge); } else { dout(10) << __func__ << " no rotating_keys (yet), denied" << dendl; isvalid = false;