From 2109a913f3ad0fcf18a239101b5a078157013ce9 Mon Sep 17 00:00:00 2001
From: Yehuda Sadeh <yehuda@hq.newdream.net>
Date: Tue, 20 Oct 2009 12:43:44 -0700
Subject: [PATCH] auth: get rid of AuthorizeServer

---
 src/Makefile.am             |   2 -
 src/auth/AuthorizeServer.cc | 146 ------------------------------------
 src/auth/AuthorizeServer.h  |  52 -------------
 src/mon/Monitor.cc          |  77 +++++++++++++++++--
 src/mon/Monitor.h           |   8 +-
 src/osd/OSD.cc              |   6 +-
 src/osd/OSD.h               |   3 -
 7 files changed, 78 insertions(+), 216 deletions(-)
 delete mode 100644 src/auth/AuthorizeServer.cc
 delete mode 100644 src/auth/AuthorizeServer.h

diff --git a/src/Makefile.am b/src/Makefile.am
index 6fa20faf0cb03..4ba886ca7139a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -290,7 +290,6 @@ libcommon_a_SOURCES = \
 libcommon_files = \
 	auth/Auth.cc \
 	auth/AuthClientHandler.cc \
-	auth/AuthorizeServer.cc \
 	auth/AuthServiceManager.cc \
 	auth/Crypto.cc \
 	auth/ExportControl.cc \
@@ -394,7 +393,6 @@ libclient_a_SOURCES = \
 # that autotools doesn't magically identify.
 noinst_HEADERS = \
 	auth/Auth.h\
-	auth/AuthorizeServer.h\
 	auth/AuthProtocol.h\
 	auth/AuthServiceManager.h\
 	auth/KeyRing.h\
diff --git a/src/auth/AuthorizeServer.cc b/src/auth/AuthorizeServer.cc
deleted file mode 100644
index 51d92a8c7a39f..0000000000000
--- a/src/auth/AuthorizeServer.cc
+++ /dev/null
@@ -1,146 +0,0 @@
-// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
-// vim: ts=8 sw=2 smarttab
-/*
- * Ceph - scalable distributed file system
- *
- * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2.1, as published by the Free Software 
- * Foundation.  See file COPYING.
- * 
- */
-
-#include <string>
-
-using namespace std;
-
-#include "config.h"
-
-#include "AuthorizeServer.h"
-#include "Auth.h"
-#include "msg/SimpleMessenger.h"
-#include "messages/MAuthorize.h"
-#include "messages/MAuthReply.h"
-#include "mon/Session.h"
-
-AuthorizeServer::~AuthorizeServer()
-{
-}
-
-bool AuthorizeServer::init()
-{
-  messenger->add_dispatcher_tail(this);
-  return true;
-}
-
-bool AuthorizeServer::ms_dispatch(Message *m)
-{
-  lock.Lock();
-  bool ret = _dispatch(m);
-  lock.Unlock();
-  return ret;
-}
-
-bool AuthorizeServer::_dispatch(Message *m)
-{
-  switch (m->get_type()) {
-  case CEPH_MSG_AUTHORIZE:
-      handle_request((class MAuthorize*)m);
-    break;
-  default:
-    return false;
-  }
-  return true;
-}
-
-void AuthorizeServer::handle_request(MAuthorize *m)
-{
-  dout(0) << "AuthorizeServer::handle_request() blob_size=" << m->get_auth_payload().length() << dendl;
-  int ret = 0;
-
-  Session *s = (Session *)m->get_connection()->get_priv();
-  s->put();
-
-  bufferlist response_bl;
-  bufferlist::iterator indata = m->auth_payload.begin();
-
-  CephXPremable pre;
-  ::decode(pre, indata);
-  dout(0) << "CephXPremable id=" << pre.trans_id << dendl;
-  ::encode(pre, response_bl);
-
-  // handle the request
-  try {
-    ret = do_authorize(indata, response_bl);
-  } catch (buffer::error *err) {
-    ret = -EINVAL;
-    dout(0) << "caught error when trying to handle authorize request, probably malformed request" << dendl;
-  }
-  MAuthReply *reply = new MAuthReply(&response_bl, ret);
-  messenger->send_message(reply, m->get_orig_source_inst());
-}
-
-int AuthorizeServer::do_authorize(bufferlist::iterator& indata, bufferlist& result_bl)
-{
-  struct CephXRequestHeader cephx_header;
-
-  ::decode(cephx_header, indata);
-
-  uint16_t request_type = cephx_header.request_type & CEPHX_REQUEST_TYPE_MASK;
-  int ret;
-
-  dout(0) << "request_type=" << request_type << dendl;
-
-  switch (request_type) {
-  case CEPHX_OPEN_SESSION:
-    {
-      dout(0) << "CEPHX_OPEN_SESSION " << cephx_header.request_type << dendl;
-
-      bufferlist tmp_bl;
-      ret = verify_authorizer(0, indata, tmp_bl);
-      result_bl.claim_append(tmp_bl);
-    }
-    break;
-  default:
-    ret = -EINVAL;
-    break;
-  }
-  build_cephx_response_header(request_type, ret, result_bl);
-
-  return ret;
-}
-
-int AuthorizeServer::verify_authorizer(int peer_type, bufferlist::iterator& indata, bufferlist& result_bl)
-{
-  int ret = 0;
-  AuthServiceTicketInfo auth_ticket_info;
-  try {
-    if (!::verify_authorizer(*keys, indata, auth_ticket_info, result_bl)) {
-      dout(0) << "could not verify authorizer" << dendl;
-      ret = -EPERM;
-    }
-    dout(0) << "caps len=" << auth_ticket_info.ticket.caps.length() << dendl;
-    if (auth_ticket_info.ticket.caps.length()) {
-      string caps;
-      bufferlist::iterator iter = auth_ticket_info.ticket.caps.begin();
-      ::decode(caps, iter);
-      dout(0) << "got caps: " << caps << dendl;
-    }
-  } catch (buffer::error *err) {
-    ret = -EINVAL;
-  }
-
-  return ret;
-}
-
-void AuthorizeServer::build_cephx_response_header(int request_type, int status, bufferlist& bl)
-{
-  struct CephXResponseHeader header;
-  header.request_type = request_type;
-  header.status = status;
-  ::encode(header, bl);
-}
-
-
diff --git a/src/auth/AuthorizeServer.h b/src/auth/AuthorizeServer.h
deleted file mode 100644
index a61e3ebb3ff00..0000000000000
--- a/src/auth/AuthorizeServer.h
+++ /dev/null
@@ -1,52 +0,0 @@
-// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
-// vim: ts=8 sw=2 smarttab
-/*
- * Ceph - scalable distributed file system
- *
- * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
- *
- * This is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License version 2.1, as published by the Free Software 
- * Foundation.  See file COPYING.
- * 
- */
-
-#ifndef __AUTHORIZESERVER_H
-#define __AUTHORIZESERVER_H
-
-#include "config.h"
-
-#include "msg/SimpleMessenger.h"
-
-class Messenger;
-class KeysKeeper;
-class Message;
-class MAuthorize;
-
-class AuthorizeServer : public Dispatcher {
-  Messenger *messenger;
-
-  bool _dispatch(Message *m);
-  bool ms_dispatch(Message *m);
-
-  bool ms_handle_reset(Connection *con, const entity_addr_t& peer) { return false; }
-  void ms_handle_failure(Connection *con, Message *m, const entity_addr_t& peer) { }
-  void ms_handle_remote_reset(Connection *con, const entity_addr_t& peer) {}
-
-  KeysKeeper *keys;
-
-  Mutex lock;
-
-  int do_authorize(bufferlist::iterator& indata, bufferlist& result_bl);
-  void build_cephx_response_header(int request_type, int status, bufferlist& bl);
-public:
-  AuthorizeServer(Messenger *m, KeysKeeper *k) : messenger(m), keys(k), lock("auth_server") {}
-  ~AuthorizeServer();
-
-  bool init();
-  void handle_request(MAuthorize *m);
-  int verify_authorizer(int peer_type, bufferlist::iterator& indata, bufferlist& result_bl);
-};
-
-#endif
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 10853059290ac..3b1cc96cfa1b8 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -40,6 +40,9 @@
 #include "messages/MMonSubscribe.h"
 #include "messages/MMonSubscribeAck.h"
 
+#include "messages/MAuthorize.h"
+#include "messages/MAuthReply.h"
+
 #include "common/Timer.h"
 #include "common/Clock.h"
 
@@ -53,8 +56,6 @@
 
 #include "osd/OSDMap.h"
 
-#include "auth/AuthorizeServer.h"
-
 #include "config.h"
 
 #define DOUT_SUBSYS mon
@@ -80,7 +81,6 @@ Monitor::Monitor(int w, MonitorStore *s, Messenger *m, MonMap *map) :
   monmap(map),
   logclient(messenger, monmap),
   timer(lock), tick_timer(0),
-  authorizer(m, &keys_server),
   store(s),
   
   state(STATE_STARTING), stopping(false),
@@ -135,7 +135,6 @@ void Monitor::init()
   // i'm ready!
   messenger->add_dispatcher_tail(this);
   messenger->add_dispatcher_head(&logclient);
-  authorizer.init();
   
   // start ticker
   reset_tick();
@@ -496,6 +495,11 @@ bool Monitor::ms_dispatch(Message *m)
     case MSG_CLASS:
       handle_class((MClass *)m);
       break;
+
+    case CEPH_MSG_AUTHORIZE:
+      handle_authorize((class MAuthorize*)m);
+      break;
+
       
     default:
       ret = false;
@@ -763,6 +767,68 @@ void Monitor::handle_route(MRoute *m)
   delete m;
 }
 
+void Monitor::handle_authorize(MAuthorize *m)
+{
+  dout(0) << "AuthorizeServer::handle_request() blob_size=" << m->get_auth_payload().length() << dendl;
+  int ret = 0;
+
+  Session *s = (Session *)m->get_connection()->get_priv();
+  s->put();
+
+  bufferlist response_bl;
+  bufferlist::iterator indata = m->auth_payload.begin();
+
+  CephXPremable pre;
+  ::decode(pre, indata);
+  dout(0) << "CephXPremable id=" << pre.trans_id << dendl;
+  ::encode(pre, response_bl);
+
+  // handle the request
+  try {
+    ret = do_authorize(indata, response_bl);
+  } catch (buffer::error *err) {
+    ret = -EINVAL;
+    dout(0) << "caught error when trying to handle authorize request, probably malformed request" << dendl;
+  }
+  MAuthReply *reply = new MAuthReply(&response_bl, ret);
+  messenger->send_message(reply, m->get_orig_source_inst());
+}
+
+int Monitor::do_authorize(bufferlist::iterator& indata, bufferlist& result_bl)
+{
+  struct CephXRequestHeader cephx_header;
+
+  ::decode(cephx_header, indata);
+
+  uint16_t request_type = cephx_header.request_type & CEPHX_REQUEST_TYPE_MASK;
+  int ret;
+
+  dout(0) << "request_type=" << request_type << dendl;
+
+  switch (request_type) {
+  case CEPHX_OPEN_SESSION:
+    {
+      dout(0) << "CEPHX_OPEN_SESSION " << cephx_header.request_type << dendl;
+      AuthServiceTicketInfo auth_ticket_info;
+
+      bufferlist tmp_bl;
+      ret = verify_authorizer(keys_server, indata, auth_ticket_info, tmp_bl);
+      result_bl.claim_append(tmp_bl);
+    }
+    break;
+  default:
+    ret = -EINVAL;
+    break;
+  }
+
+  struct CephXResponseHeader header;
+  header.request_type = request_type;
+  header.status = ret;
+  ::encode(header, result_bl);
+
+  return ret;
+}
+
 bool Monitor::ms_get_authorizer(int dest_type, bufferlist& authorizer, bool force_new)
 {
   AuthServiceTicketInfo auth_ticket_info;
@@ -826,13 +892,14 @@ bool Monitor::ms_verify_authorizer(Connection *con, int peer_type,
   dout(0) << "Monitor::verify_authorizer start" << dendl;
 
   bufferlist::iterator iter = authorizer_data.begin();
+  AuthServiceTicketInfo auth_ticket_info;
 
   isvalid = true;
 
   if (!authorizer_data.length())
     return true; /* we're not picky */
 
-  int ret = authorizer.verify_authorizer(peer_type, iter, authorizer_reply);
+  int ret = verify_authorizer(keys_server, iter, auth_ticket_info, authorizer_reply);
   dout(0) << "Monitor::verify_authorizer returns " << ret << dendl;
 
   isvalid = (ret >= 0);
diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h
index 235373051fe6d..9c8fa47385866 100644
--- a/src/mon/Monitor.h
+++ b/src/mon/Monitor.h
@@ -38,7 +38,6 @@
 #include "common/LogClient.h"
 
 #include "auth/KeysServer.h"
-#include "auth/AuthorizeServer.h"
 
 
 class MonitorStore;
@@ -50,10 +49,9 @@ class MMonObserve;
 class MMonSubscribe;
 class MClass;
 class MAuthRotating;
+class MAuthorize;
 class MRoute;
 
-class AuthorizeServer;
-
 class Monitor : public Dispatcher {
 public:
   // me
@@ -74,7 +72,6 @@ public:
 
   KeysServer keys_server;
 
-  AuthorizeServer authorizer;
 
 
   // -- local storage --
@@ -157,6 +154,9 @@ public:
   void handle_observe(MMonObserve *m);
   void handle_class(MClass *m);
   void handle_route(MRoute *m);
+  void handle_authorize(MAuthorize *m);
+
+  int do_authorize(bufferlist::iterator& indata, bufferlist& result_bl);
 
   void reply_command(MMonCommand *m, int rc, const string &rs, version_t version);
   void reply_command(MMonCommand *m, int rc, const string &rs, bufferlist& rdata, version_t version);
diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
index 01939f495fa27..6524629c1fd48 100644
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -233,7 +233,6 @@ OSD::OSD(int id, Messenger *m, Messenger *hbm, MonClient *mc, const char *dev, c
   logger(NULL),
   store(NULL),
   logclient(messenger, &mc->monmap),
-  authorizer(m, &g_keyring),
   whoami(id),
   dev_path(dev), journal_path(jdev),
   state(STATE_BOOTING), boot_epoch(0), up_epoch(0),
@@ -425,8 +424,6 @@ int OSD::init()
 
   heartbeat_messenger->add_dispatcher_head(&heartbeat_dispatcher);
 
-  authorizer.init();
-  
   monc->init();
 
   monc->sub_want("monmap", 0);
@@ -1532,12 +1529,13 @@ bool OSD::ms_verify_authorizer(Connection *con, int peer_type,
 				    bufferlist& authorizer_data, bufferlist& authorizer_reply,
 				    bool& isvalid)
 {
+  AuthServiceTicketInfo auth_ticket_info;
   bufferlist::iterator iter = authorizer_data.begin();
 
   if (!authorizer_data.length())
     return -EPERM;
 
-  int ret = authorizer.verify_authorizer(peer_type, iter, authorizer_reply);
+  int ret = verify_authorizer(g_keyring, iter, auth_ticket_info, authorizer_reply);
   dout(0) << "OSD::verify_authorizer returns " << ret << dendl;
 
   isvalid = (ret >= 0);
diff --git a/src/osd/OSD.h b/src/osd/OSD.h
index 8341bf0c869c8..3e58af2001092 100644
--- a/src/osd/OSD.h
+++ b/src/osd/OSD.h
@@ -32,7 +32,6 @@
 #include "include/LogEntry.h"
 
 #include "auth/KeyRing.h"
-#include "auth/AuthorizeServer.h"
 
 #include <map>
 using namespace std;
@@ -105,8 +104,6 @@ protected:
 
   LogClient   logclient;
 
-  AuthorizeServer authorizer;
-
 
   int whoami;
   const char *dev_path, *journal_path;
-- 
2.39.5