From 3119022dd42153e1c35551bd3b19a1e19bc3eb58 Mon Sep 17 00:00:00 2001 From: Josh Durgin Date: Wed, 9 Apr 2014 14:04:15 -0700 Subject: [PATCH] auth: separate writes of build_request() into prepare_build_request() validate_tickets() updates internal state, as does tickets.get_handler(). Move them into a new method called before build_request() so build_request() can be declared const. Signed-off-by: Josh Durgin --- src/auth/AuthClientHandler.h | 1 + src/auth/cephx/CephxClientHandler.cc | 25 ++++++++++++--------- src/auth/cephx/CephxClientHandler.h | 5 ++++- src/auth/none/AuthNoneClientHandler.h | 1 + src/auth/unknown/AuthUnknownClientHandler.h | 1 + src/mon/MonClient.cc | 2 ++ 6 files changed, 23 insertions(+), 12 deletions(-) diff --git a/src/auth/AuthClientHandler.h b/src/auth/AuthClientHandler.h index ec86ce875608d..6a22140f7287b 100644 --- a/src/auth/AuthClientHandler.h +++ b/src/auth/AuthClientHandler.h @@ -61,6 +61,7 @@ public: virtual int get_protocol() = 0; virtual void reset() = 0; + virtual void prepare_build_request() = 0; virtual int build_request(bufferlist& bl) = 0; virtual int handle_response(int ret, bufferlist::iterator& iter) = 0; virtual bool build_rotating_request(bufferlist& bl) = 0; diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index 8a8f44da69762..7df5658c7db48 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -31,16 +31,7 @@ int CephxClientHandler::build_request(bufferlist& bl) { ldout(cct, 10) << "build_request" << dendl; - ldout(cct, 10) << "validate_tickets: want=" << want << " need=" << need << " have=" << have << dendl; - - lock.get_write(); - validate_tickets(); - lock.put_write(); - RWLock::RLocker l(lock); - ldout(cct, 10) << "want=" << want << " need=" << need << " have=" << have << dendl; - - CephXTicketHandler& ticket_handler = tickets.get_handler(CEPH_ENTITY_TYPE_AUTH); if (need & CEPH_ENTITY_TYPE_AUTH) { /* authenticate */ @@ -61,7 +52,7 @@ int CephxClientHandler::build_request(bufferlist& bl) return -EIO; } - req.old_ticket = ticket_handler.ticket; + req.old_ticket = ticket_handler->ticket; if (req.old_ticket.blob.length()) { ldout(cct, 20) << "old ticket len=" << req.old_ticket.blob.length() << dendl; @@ -81,7 +72,7 @@ int CephxClientHandler::build_request(bufferlist& bl) header.request_type = CEPHX_GET_PRINCIPAL_SESSION_KEY; ::encode(header, bl); - CephXAuthorizer *authorizer = ticket_handler.build_authorizer(global_id); + CephXAuthorizer *authorizer = ticket_handler->build_authorizer(global_id); if (!authorizer) return -EINVAL; bl.claim_append(authorizer->bl); @@ -198,6 +189,18 @@ bool CephxClientHandler::build_rotating_request(bufferlist& bl) return true; } +void CephxClientHandler::prepare_build_request() +{ + RWLock::WLocker l(lock); + ldout(cct, 10) << "validate_tickets: want=" << want << " need=" << need + << " have=" << have << dendl; + validate_tickets(); + ldout(cct, 10) << "want=" << want << " need=" << need << " have=" << have + << dendl; + + ticket_handler = &(tickets.get_handler(CEPH_ENTITY_TYPE_AUTH)); +} + void CephxClientHandler::validate_tickets() { // lock should be held for write diff --git a/src/auth/cephx/CephxClientHandler.h b/src/auth/cephx/CephxClientHandler.h index eb0f5b64f11d8..024cfb990aa8a 100644 --- a/src/auth/cephx/CephxClientHandler.h +++ b/src/auth/cephx/CephxClientHandler.h @@ -27,7 +27,8 @@ class CephxClientHandler : public AuthClientHandler { uint64_t server_challenge; CephXTicketManager tickets; - + CephXTicketHandler* ticket_handler; + RotatingKeyRing *rotating_secrets; KeyRing *keyring; @@ -37,6 +38,7 @@ public: starting(false), server_challenge(0), tickets(cct_), + ticket_handler(NULL), rotating_secrets(rsecrets), keyring(rsecrets->get_keyring()) { @@ -48,6 +50,7 @@ public: starting = true; server_challenge = 0; } + void prepare_build_request(); int build_request(bufferlist& bl); int handle_response(int ret, bufferlist::iterator& iter); bool build_rotating_request(bufferlist& bl); diff --git a/src/auth/none/AuthNoneClientHandler.h b/src/auth/none/AuthNoneClientHandler.h index d86a02a160218..509ada8d454f6 100644 --- a/src/auth/none/AuthNoneClientHandler.h +++ b/src/auth/none/AuthNoneClientHandler.h @@ -27,6 +27,7 @@ public: void reset() { } + void prepare_build_request() {} int build_request(bufferlist& bl) { return 0; } int handle_response(int ret, bufferlist::iterator& iter) { return 0; } bool build_rotating_request(bufferlist& bl) { return false; } diff --git a/src/auth/unknown/AuthUnknownClientHandler.h b/src/auth/unknown/AuthUnknownClientHandler.h index ba30eced508ab..71ff0f4faed19 100644 --- a/src/auth/unknown/AuthUnknownClientHandler.h +++ b/src/auth/unknown/AuthUnknownClientHandler.h @@ -27,6 +27,7 @@ public: void reset() { } + void prepare_build_request() {} int build_request(bufferlist& bl) { return 0; } int handle_response(int ret, bufferlist::iterator& iter) { return 0; } bool build_rotating_request(bufferlist& bl) { return false; } diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc index af76476f8ce83..f30be1b05f55c 100644 --- a/src/mon/MonClient.cc +++ b/src/mon/MonClient.cc @@ -504,6 +504,7 @@ void MonClient::handle_auth(MAuthReply *m) if (ret == -EAGAIN) { MAuth *ma = new MAuth; ma->protocol = auth->get_protocol(); + auth->prepare_build_request(); ret = auth->build_request(ma->auth_payload); _send_mon_message(ma, true); return; @@ -777,6 +778,7 @@ int MonClient::_check_auth_tickets() ldout(cct, 10) << "_check_auth_tickets getting new tickets!" << dendl; MAuth *m = new MAuth; m->protocol = auth->get_protocol(); + auth->prepare_build_request(); auth->build_request(m->auth_payload); _send_mon_message(m); } -- 2.39.5