From: Ilya Dryomov <idryomov@gmail.com>
Date: Sat, 17 Oct 2020 09:07:55 +0000 (+0200)
Subject: crimson/net: port proper cephx_* option handling
X-Git-Tag: v16.1.0~575^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d0036dbe3ef2aba531a06b56d87024c9554f5ff9;p=ceph.git

crimson/net: port proper cephx_* option handling

Port commits 949e2e595eda ("msg/async/ProtocolV1: resurrect "include
MGR as service when applying cephx settings"") and 6f5c4152ca2c
("msg/async/ProtocolV1: resurrect "implement cephx_*require_version
options"").

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---

diff --git a/src/crimson/net/ProtocolV1.cc b/src/crimson/net/ProtocolV1.cc
index eaed769dcd38..e0aa85694872 100644
--- a/src/crimson/net/ProtocolV1.cc
+++ b/src/crimson/net/ProtocolV1.cc
@@ -522,13 +522,31 @@ bool ProtocolV1::require_auth_feature() const
     return true;
   }
   if (h.connect.host_type == CEPH_ENTITY_TYPE_OSD ||
-      h.connect.host_type == CEPH_ENTITY_TYPE_MDS) {
+      h.connect.host_type == CEPH_ENTITY_TYPE_MDS ||
+      h.connect.host_type == CEPH_ENTITY_TYPE_MGR) {
     return local_conf()->cephx_cluster_require_signatures;
   } else {
     return local_conf()->cephx_service_require_signatures;
   }
 }
 
+bool ProtocolV1::require_cephx_v2_feature() const
+{
+  if (h.connect.authorizer_protocol != CEPH_AUTH_CEPHX) {
+    return false;
+  }
+  if (local_conf()->cephx_require_version >= 2) {
+    return true;
+  }
+  if (h.connect.host_type == CEPH_ENTITY_TYPE_OSD ||
+      h.connect.host_type == CEPH_ENTITY_TYPE_MDS ||
+      h.connect.host_type == CEPH_ENTITY_TYPE_MGR) {
+    return local_conf()->cephx_cluster_require_version >= 2;
+  } else {
+    return local_conf()->cephx_service_require_version >= 2;
+  }
+}
+
 seastar::future<stop_t> ProtocolV1::repeat_handle_connect()
 {
   return socket->read(sizeof(h.connect))
@@ -561,6 +579,9 @@ seastar::future<stop_t> ProtocolV1::repeat_handle_connect()
       if (require_auth_feature()) {
         conn.policy.features_required |= CEPH_FEATURE_MSG_AUTH;
       }
+      if (require_cephx_v2_feature()) {
+        conn.policy.features_required |= CEPH_FEATUREMASK_CEPHX_V2;
+      }
       if (auto feat_missing = conn.policy.features_required & ~(uint64_t)h.connect.features;
           feat_missing != 0) {
         return send_connect_reply(
diff --git a/src/crimson/net/ProtocolV1.h b/src/crimson/net/ProtocolV1.h
index 8ab0da186731..d7d642c57275 100644
--- a/src/crimson/net/ProtocolV1.h
+++ b/src/crimson/net/ProtocolV1.h
@@ -103,6 +103,7 @@ class ProtocolV1 final : public Protocol {
   seastar::future<stop_t> handle_connect_with_existing(
       SocketConnectionRef existing, bufferlist&& authorizer_reply);
   bool require_auth_feature() const;
+  bool require_cephx_v2_feature() const;
   seastar::future<stop_t> repeat_handle_connect();
 
   // open