From 1b8c1a14d0b5a25ba1ff94c48ecef9114c2ca955 Mon Sep 17 00:00:00 2001 From: Kefu Chai Date: Mon, 10 Dec 2018 15:56:26 +0800 Subject: [PATCH] auth: do not use GSS/KRB5 if ! HAVE_GSSAPI WITH_GSSAPI is a configure-time setting, so we should not compile krb5 related sources if this option is disabled. Signed-off-by: Kefu Chai --- src/auth/AuthAuthorizeHandler.cc | 8 ++++++-- src/auth/AuthClientHandler.cc | 4 ++++ src/auth/AuthServiceHandler.cc | 7 ++++++- src/auth/AuthSessionHandler.cc | 7 ++++++- src/auth/CMakeLists.txt | 12 ++++++++---- src/include/config-h.in.cmake | 3 +++ src/mon/CMakeLists.txt | 7 ++++++- 7 files changed, 39 insertions(+), 9 deletions(-) diff --git a/src/auth/AuthAuthorizeHandler.cc b/src/auth/AuthAuthorizeHandler.cc index dc4fcb74192..746a21ee01c 100644 --- a/src/auth/AuthAuthorizeHandler.cc +++ b/src/auth/AuthAuthorizeHandler.cc @@ -14,7 +14,9 @@ #include "AuthAuthorizeHandler.h" #include "cephx/CephxAuthorizeHandler.h" +#ifdef HAVE_GSSAPI #include "krb/KrbAuthorizeHandler.hpp" +#endif #include "none/AuthNoneAuthorizeHandler.h" AuthAuthorizeHandler *AuthAuthorizeHandlerRegistry::get_handler(int protocol) @@ -36,12 +38,14 @@ AuthAuthorizeHandler *AuthAuthorizeHandlerRegistry::get_handler(int protocol) case CEPH_AUTH_CEPHX: m_authorizers[protocol] = new CephxAuthorizeHandler(); return m_authorizers[protocol]; - +#ifdef HAVE_GSSAPI case CEPH_AUTH_GSS: m_authorizers[protocol] = new KrbAuthorizeHandler(); return m_authorizers[protocol]; +#endif + default: + return nullptr; } - return NULL; } AuthAuthorizeHandlerRegistry::~AuthAuthorizeHandlerRegistry() diff --git a/src/auth/AuthClientHandler.cc b/src/auth/AuthClientHandler.cc index ef76b993f5a..6d86c4e8e92 100644 --- a/src/auth/AuthClientHandler.cc +++ b/src/auth/AuthClientHandler.cc @@ -17,7 +17,9 @@ #include "AuthClientHandler.h" #include "cephx/CephxClientHandler.h" +#ifdef HAVE_GSSAPI #include "krb/KrbClientHandler.hpp" +#endif #include "none/AuthNoneClientHandler.h" @@ -30,8 +32,10 @@ AuthClientHandler::create(CephContext* cct, int proto, return new CephxClientHandler(cct, rkeys); case CEPH_AUTH_NONE: return new AuthNoneClientHandler{cct}; +#ifdef HAVE_GSSAPI case CEPH_AUTH_GSS: return new KrbClientHandler(cct); +#endif default: return NULL; } diff --git a/src/auth/AuthServiceHandler.cc b/src/auth/AuthServiceHandler.cc index 406a2ed3210..51c5c75da7b 100644 --- a/src/auth/AuthServiceHandler.cc +++ b/src/auth/AuthServiceHandler.cc @@ -14,7 +14,9 @@ #include "AuthServiceHandler.h" #include "cephx/CephxServiceHandler.h" +#ifdef HAVE_GSSAPI #include "krb/KrbServiceHandler.hpp" +#endif #include "none/AuthNoneServiceHandler.h" #define dout_subsys ceph_subsys_auth @@ -27,8 +29,11 @@ AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServ return new CephxServiceHandler(cct, ks); case CEPH_AUTH_NONE: return new AuthNoneServiceHandler(cct); +#ifdef HAVE_GSSAPI case CEPH_AUTH_GSS: return new KrbServiceHandler(cct, ks); +#endif + default: + return nullptr; } - return NULL; } diff --git a/src/auth/AuthSessionHandler.cc b/src/auth/AuthSessionHandler.cc index 14fc241110d..69fe9a7bb74 100644 --- a/src/auth/AuthSessionHandler.cc +++ b/src/auth/AuthSessionHandler.cc @@ -15,7 +15,9 @@ #include "common/debug.h" #include "AuthSessionHandler.h" #include "cephx/CephxSessionHandler.h" +#ifdef HAVE_GSSAPI #include "krb/KrbSessionHandler.hpp" +#endif #include "none/AuthNoneSessionHandler.h" #include "unknown/AuthUnknownSessionHandler.h" @@ -40,8 +42,11 @@ AuthSessionHandler *get_auth_session_handler(CephContext *cct, int protocol, Cry return new AuthNoneSessionHandler(cct, key); case CEPH_AUTH_UNKNOWN: return new AuthUnknownSessionHandler(cct, key); +#ifdef HAVE_GSSAPI case CEPH_AUTH_GSS: return new KrbSessionHandler(cct, key); +#endif + default: + return nullptr; } - return NULL; } diff --git a/src/auth/CMakeLists.txt b/src/auth/CMakeLists.txt index 1e21cd6b563..d24f9a5df3c 100644 --- a/src/auth/CMakeLists.txt +++ b/src/auth/CMakeLists.txt @@ -10,13 +10,17 @@ set(auth_srcs cephx/CephxClientHandler.cc cephx/CephxProtocol.cc cephx/CephxSessionHandler.cc - krb/KrbAuthorizeHandler.cpp - krb/KrbClientHandler.cpp - krb/KrbProtocol.cpp - krb/KrbSessionHandler.hpp none/AuthNoneAuthorizeHandler.cc unknown/AuthUnknownAuthorizeHandler.cc) +if(HAVE_GSSAPI) + list(APPEND auth_srcs + krb/KrbAuthorizeHandler.cpp + krb/KrbClientHandler.cpp + krb/KrbProtocol.cpp + krb/KrbSessionHandler.hpp) +endif() + add_library(common-auth-objs OBJECT ${auth_srcs}) if(WITH_SEASTAR) add_library(crimson-auth OBJECT ${auth_srcs}) diff --git a/src/include/config-h.in.cmake b/src/include/config-h.in.cmake index 329fb526feb..4d1d5d0f598 100644 --- a/src/include/config-h.in.cmake +++ b/src/include/config-h.in.cmake @@ -142,6 +142,9 @@ /* define if cephfs enabled */ #cmakedefine WITH_CEPHFS +/*define if GSSAPI/KRB5 enabled */ +#cmakedefine HAVE_GSSAPI + /* define if rbd enabled */ #cmakedefine WITH_RBD diff --git a/src/mon/CMakeLists.txt b/src/mon/CMakeLists.txt index d0dde1fcd4c..bcfd451de61 100644 --- a/src/mon/CMakeLists.txt +++ b/src/mon/CMakeLists.txt @@ -2,7 +2,6 @@ set(lib_mon_srcs ${CMAKE_SOURCE_DIR}/src/auth/cephx/CephxKeyServer.cc ${CMAKE_SOURCE_DIR}/src/auth/cephx/CephxServiceHandler.cc ${CMAKE_SOURCE_DIR}/src/auth/AuthServiceHandler.cc - ${CMAKE_SOURCE_DIR}/src/auth/krb/KrbServiceHandler.cpp ${osd_mon_files} Paxos.cc PaxosService.cc @@ -24,6 +23,12 @@ set(lib_mon_srcs ../mds/MDSAuthCaps.cc ../mgr/mgr_commands.cc ../osd/OSDCap.cc) + +if(HAVE_GSSAPI) + list(APPEND lib_mon_srcs + ${CMAKE_SOURCE_DIR}/src/auth/krb/KrbServiceHandler.cpp) +endif() + add_library(mon STATIC ${lib_mon_srcs} $) -- 2.39.5