From 48527c8b0690af3823b90f4bf807b7d41f15dd75 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Fri, 23 Oct 2009 13:40:01 -0700 Subject: [PATCH] msgr: put AuthAuthorizer on heap, set protocol field during connect This paves the way for making it an abstract parent class. --- src/auth/Auth.h | 1 + src/auth/AuthClientHandler.cc | 11 ---------- src/auth/AuthClientHandler.h | 2 +- src/auth/cephx/CephxClientHandler.cc | 16 ++++++++++++++ src/auth/cephx/CephxClientHandler.h | 3 +++ src/client/Client.cc | 4 ++-- src/client/Client.h | 2 +- src/librados.cc | 5 +++-- src/mds/MDS.cc | 5 +++-- src/mds/MDS.h | 2 +- src/msg/Dispatcher.h | 2 +- src/msg/Messenger.h | 9 ++++---- src/msg/SimpleMessenger.cc | 33 ++++++++++++++++------------ src/msg/SimpleMessenger.h | 2 +- src/osd/OSD.cc | 8 +++++-- src/osd/OSD.h | 2 +- 16 files changed, 64 insertions(+), 43 deletions(-) diff --git a/src/auth/Auth.h b/src/auth/Auth.h index e5acb429fef75..ccec796e3d818 100644 --- a/src/auth/Auth.h +++ b/src/auth/Auth.h @@ -228,6 +228,7 @@ struct AuthAuthorizer { CryptoKey session_key; utime_t timestamp; + __u32 protocol; bufferlist bl; bool build_authorizer(); diff --git a/src/auth/AuthClientHandler.cc b/src/auth/AuthClientHandler.cc index 56c1f3fee9750..201bb8d0cd4ff 100644 --- a/src/auth/AuthClientHandler.cc +++ b/src/auth/AuthClientHandler.cc @@ -33,14 +33,3 @@ AuthClientHandler *get_auth_client_handler(int proto) } } -bool AuthClientHandler::build_authorizer(uint32_t service_id, AuthAuthorizer& authorizer) -{ - dout(0) << "going to build authorizer for peer_id=" << service_id << " service_id=" << service_id << dendl; - - if (!tickets.build_authorizer(service_id, authorizer)) - return false; - - dout(0) << "authorizer built successfully" << dendl; - return true; -} - diff --git a/src/auth/AuthClientHandler.h b/src/auth/AuthClientHandler.h index 9fdb0e2c61244..de257b0ce0690 100644 --- a/src/auth/AuthClientHandler.h +++ b/src/auth/AuthClientHandler.h @@ -65,7 +65,7 @@ public: virtual void tick() = 0; - bool build_authorizer(uint32_t service_id, AuthAuthorizer& authorizer); + virtual AuthAuthorizer *build_authorizer(uint32_t service_id) = 0; }; diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index dbca5167aeb20..d274341aea4ee 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -85,6 +85,9 @@ int CephxClientHandler::build_request(bufferlist& bl) int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) { dout(0) << "cephx handle_response ret = " << ret << " state " << state << dendl; + + if (ret < 0) + return ret; // hrm! if (state == STATE_START) { CephXServerChallenge ch; @@ -151,3 +154,16 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) } + +AuthAuthorizer *CephxClientHandler::build_authorizer(uint32_t service_id) +{ + dout(0) << "going to build authorizer for peer_id=" << service_id << " service_id=" << service_id << dendl; + + AuthAuthorizer *a = new AuthAuthorizer; + if (!tickets.build_authorizer(service_id, authorizer)) + return 0; + + dout(0) << "authorizer built successfully" << dendl; + return a; +} + diff --git a/src/auth/cephx/CephxClientHandler.h b/src/auth/cephx/CephxClientHandler.h index abb7772023117..0896bedb70a0e 100644 --- a/src/auth/cephx/CephxClientHandler.h +++ b/src/auth/cephx/CephxClientHandler.h @@ -43,6 +43,9 @@ public: int get_protocol() { return CEPH_AUTH_CEPHX; } void tick() {} + + AuthAuthorizer *build_authorizer(uint32_t service_id); + }; #endif diff --git a/src/client/Client.cc b/src/client/Client.cc index 02ca472a420e2..0a7f40fd75fdf 100644 --- a/src/client/Client.cc +++ b/src/client/Client.cc @@ -5954,9 +5954,9 @@ void Client::ms_handle_remote_reset(Connection *con) objecter->ms_handle_remote_reset(con); } -bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new) +bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) { if (dest_type == CEPH_ENTITY_TYPE_MON) return true; - return monclient->auth->build_authorizer(dest_type, authorizer); + return monclient->auth->build_authorizer(dest_type); } diff --git a/src/client/Client.h b/src/client/Client.h index 17eae0856b705..a5afede2e0544 100644 --- a/src/client/Client.h +++ b/src/client/Client.h @@ -1096,7 +1096,7 @@ protected: void ms_handle_connect(Connection *con); bool ms_handle_reset(Connection *con); void ms_handle_remote_reset(Connection *con); - bool ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new); + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new); public: diff --git a/src/librados.cc b/src/librados.cc index a0c55546b9f68..2167a77eeb70b 100644 --- a/src/librados.cc +++ b/src/librados.cc @@ -58,12 +58,13 @@ class RadosClient : public Dispatcher bool _dispatch(Message *m); bool ms_dispatch(Message *m); - bool ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new) { + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) { dout(0) << "RadosClient::ms_get_authorizer type=" << dest_type << dendl; /* monitor authorization is being handled on different layer */ if (dest_type == CEPH_ENTITY_TYPE_MON) return true; - return monclient.auth->build_authorizer(dest_type, authorizer); + *authorizer = monclient.auth->build_authorizer(dest_type); + return *authorizer != NULL; } void ms_handle_connect(Connection *con); bool ms_handle_reset(Connection *con); diff --git a/src/mds/MDS.cc b/src/mds/MDS.cc index 30bcca23b0777..5479015654fef 100644 --- a/src/mds/MDS.cc +++ b/src/mds/MDS.cc @@ -1155,7 +1155,7 @@ bool MDS::ms_dispatch(Message *m) return ret; } -bool MDS::ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new) +bool MDS::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) { dout(0) << "OSD::ms_get_authorizer type=" << dest_type << dendl; @@ -1168,7 +1168,8 @@ bool MDS::ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool forc return false; } - return monc->auth->build_authorizer(dest_type, authorizer); + *authorizer = monc->auth->build_authorizer(dest_type); + return *authorizer != NULL; } bool MDS::_dispatch(Message *m) diff --git a/src/mds/MDS.h b/src/mds/MDS.h index f9406b5952030..aec3716834679 100644 --- a/src/mds/MDS.h +++ b/src/mds/MDS.h @@ -304,7 +304,7 @@ class MDS : public Dispatcher { private: bool ms_dispatch(Message *m); - bool ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new); + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new); public: MDS(const char *n, Messenger *m, MonClient *mc); diff --git a/src/msg/Dispatcher.h b/src/msg/Dispatcher.h index bccf772b0b265..d38745874b469 100644 --- a/src/msg/Dispatcher.h +++ b/src/msg/Dispatcher.h @@ -46,7 +46,7 @@ public: // authorization handshake provides mutual authentication of peers. // connecting side - virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new) { return false; }; + virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, bool force_new) { return false; }; // accepting side virtual bool ms_verify_authorizer(Connection *con, int peer_type, int protocol, bufferlist& authorizer, bufferlist& authorizer_reply, diff --git a/src/msg/Messenger.h b/src/msg/Messenger.h index 24c488aae3533..3d54981e15e3a 100644 --- a/src/msg/Messenger.h +++ b/src/msg/Messenger.h @@ -124,13 +124,14 @@ protected: (*p)->ms_handle_remote_reset(con); } - bool ms_deliver_get_authorizer(int peer_type, AuthAuthorizer& authorizer, bool force_new) { + AuthAuthorizer *ms_deliver_get_authorizer(int peer_type, bool force_new) { + AuthAuthorizer *a; for (list::iterator p = dispatchers.begin(); p != dispatchers.end(); p++) - if ((*p)->ms_get_authorizer(peer_type, authorizer, force_new)) - return true; - return false; + if ((*p)->ms_get_authorizer(peer_type, &a, force_new)) + return a; + return NULL; } bool ms_deliver_verify_authorizer(Connection *con, int peer_type, int protocol, bufferlist& authorizer, bufferlist& authorizer_reply, diff --git a/src/msg/SimpleMessenger.cc b/src/msg/SimpleMessenger.cc index 92ed9ed991c0d..f9629d345d898 100644 --- a/src/msg/SimpleMessenger.cc +++ b/src/msg/SimpleMessenger.cc @@ -866,7 +866,7 @@ int SimpleMessenger::Pipe::connect() char banner[strlen(CEPH_BANNER)]; entity_addr_t paddr; entity_addr_t peer_addr_for_me, socket_addr; - AuthAuthorizer authorizer; + AuthAuthorizer *authorizer = NULL; bufferlist authorizer_reply; // create socket? @@ -964,7 +964,7 @@ int SimpleMessenger::Pipe::connect() } dout(10) << "connect sent my addr " << rank->rank_addr << dendl; - rank->get_authorizer(peer_type, authorizer, false); + rank->get_authorizer(peer_type, false); while (1) { ceph_msg_connect connect; @@ -972,8 +972,10 @@ int SimpleMessenger::Pipe::connect() connect.global_seq = gseq; connect.connect_seq = cseq; connect.protocol_version = get_proto_version(rank->my_type, peer_type, true); - connect.authorizer_len = authorizer.bl.length(); - dout(10) << "connect.authorizer_len=" << connect.authorizer_len << dendl; + connect.authorizer_protocol = authorizer ? authorizer->protocol : 0; + connect.authorizer_len = authorizer ? authorizer->bl.length() : 0; + if (authorizer) + dout(10) << "connect.authorizer_len=" << connect.authorizer_len << dendl; connect.flags = 0; if (policy.lossy) connect.flags |= CEPH_MSG_CONNECT_LOSSY; // this is fyi, actually, server decides! @@ -983,9 +985,9 @@ int SimpleMessenger::Pipe::connect() msg.msg_iov = msgvec; msg.msg_iovlen = 1; msglen = msgvec[0].iov_len; - if (authorizer.bl.length()) { - msgvec[1].iov_base = authorizer.bl.c_str(); - msgvec[1].iov_len = authorizer.bl.length(); + if (authorizer) { + msgvec[1].iov_base = authorizer->bl.c_str(); + msgvec[1].iov_len = authorizer->bl.length(); msg.msg_iovlen++; msglen += msgvec[1].iov_len; } @@ -1022,14 +1024,15 @@ int SimpleMessenger::Pipe::connect() authorizer_reply.push_back(bp); } - if (authorizer.bl.length()) { + if (authorizer && authorizer->bl.length()) { bufferlist::iterator iter = authorizer_reply.begin(); dout(10) << "verifying authorize reply, len=" << authorizer_reply.length() << dendl; - if (!authorizer.verify_reply(iter)) { + if (!authorizer->verify_reply(iter)) { dout(0) << "failed verifying authorize reply" << dendl; goto fail; } } + delete authorizer; lock.Lock(); if (state != STATE_CONNECTING) { @@ -1048,9 +1051,8 @@ int SimpleMessenger::Pipe::connect() if (got_bad_auth) goto stop_locked; got_bad_auth = true; - authorizer.clear(); lock.Unlock(); - rank->get_authorizer(peer_type, authorizer, true); // try harder + authorizer = rank->get_authorizer(peer_type, true); // try harder continue; } if (reply.tag == CEPH_MSGR_TAG_RESETSESSION) { @@ -2152,14 +2154,17 @@ SimpleMessenger::Pipe *SimpleMessenger::connect_rank(const entity_addr_t& addr, -bool SimpleMessenger::get_authorizer(int peer_type, AuthAuthorizer& authorizer, bool force_new) +AuthAuthorizer *SimpleMessenger::get_authorizer(int peer_type, bool force_new) { + AuthAuthorizer *a; for (unsigned r = 0; r < max_local; r++) { if (!local[r]) continue; - return local[r]->ms_deliver_get_authorizer(peer_type, authorizer, force_new); + a = local[r]->ms_deliver_get_authorizer(peer_type, force_new); + if (a) + return a; } - return false; + return 0; } bool SimpleMessenger::verify_authorizer(Connection *con, int peer_type, diff --git a/src/msg/SimpleMessenger.h b/src/msg/SimpleMessenger.h index aecac863b50a7..d3b379d918107 100644 --- a/src/msg/SimpleMessenger.h +++ b/src/msg/SimpleMessenger.h @@ -433,7 +433,7 @@ public: return ++global_seq; } - bool get_authorizer(int peer_type, AuthAuthorizer& bl, bool force_new); + AuthAuthorizer *get_authorizer(int peer_type, bool force_new); bool verify_authorizer(Connection *con, int peer_type, int protocol, bufferlist& auth, bufferlist& auth_reply, bool& isvalid); diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc index 913c3806f553b..2fa6b6085113b 100644 --- a/src/osd/OSD.cc +++ b/src/osd/OSD.cc @@ -1502,16 +1502,20 @@ bool OSD::ms_dispatch(Message *m) return true; } -bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new) +bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) { dout(0) << "OSD::ms_get_authorizer type=" << dest_type << dendl; + if (dest_type == CEPH_ENTITY_TYPE_MON) + return true; + if (force_new) { if (monc->wait_auth_rotating(10) < 0) return false; } - return monc->auth->build_authorizer(dest_type, authorizer); + *authorizer = monc->auth->build_authorizer(dest_type); + return *authorizer != NULL; } bool OSD::ms_verify_authorizer(Connection *con, int peer_type, diff --git a/src/osd/OSD.h b/src/osd/OSD.h index a074ca0af997a..2e2abb12ac8c4 100644 --- a/src/osd/OSD.h +++ b/src/osd/OSD.h @@ -853,7 +853,7 @@ protected: private: bool ms_dispatch(Message *m); - bool ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new); + bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new); bool ms_verify_authorizer(Connection *con, int peer_type, int protocol, bufferlist& authorizer, bufferlist& authorizer_reply, bool& isvalid); -- 2.39.5