From 596fcff1ed002e094240f8be76d002b2116c0745 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Mon, 14 Jan 2019 17:18:13 -0600 Subject: [PATCH] mon: only all ms_handle_authentication() if auth method says we're done Previously we would call ms_handle_authentication() possibly multiple times, and without knowning whether it might succeed. Instead, only call it when start_session() or handle_request() returns >0 to indicate that we should. Signed-off-by: Sage Weil --- src/auth/cephx/CephxServiceHandler.cc | 5 +++++ src/auth/none/AuthNoneServiceHandler.h | 2 +- src/auth/unknown/AuthUnknownServiceHandler.h | 2 +- src/mon/AuthMonitor.cc | 9 ++++++--- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc index 091e791e642..948834649f7 100644 --- a/src/auth/cephx/CephxServiceHandler.cc +++ b/src/auth/cephx/CephxServiceHandler.cc @@ -139,18 +139,23 @@ int CephxServiceHandler::handle_request( cct, eauth.key, info_vec, should_enc_ticket, old_ticket_info.session_key, *result_bl)) { ret = -EIO; + break; } if (!key_server->get_service_caps(entity_name, CEPH_ENTITY_TYPE_MON, *caps)) { ldout(cct, 0) << " could not get mon caps for " << entity_name << dendl; ret = -EACCES; + break; } else { char *caps_str = caps->caps.c_str(); if (!caps_str || !caps_str[0]) { ldout(cct,0) << "mon caps null for " << entity_name << dendl; ret = -EACCES; + break; } + // caller should try to finish authentication + ret = 1; } } break; diff --git a/src/auth/none/AuthNoneServiceHandler.h b/src/auth/none/AuthNoneServiceHandler.h index 11771be6ef3..07d68ddda87 100644 --- a/src/auth/none/AuthNoneServiceHandler.h +++ b/src/auth/none/AuthNoneServiceHandler.h @@ -31,7 +31,7 @@ public: AuthCapsInfo *caps) override { entity_name = name; caps->allow_all = true; - return 0; + return 1; } int handle_request(bufferlist::const_iterator& indata, bufferlist *result_bl, diff --git a/src/auth/unknown/AuthUnknownServiceHandler.h b/src/auth/unknown/AuthUnknownServiceHandler.h index b7cdf480877..b353959dde1 100644 --- a/src/auth/unknown/AuthUnknownServiceHandler.h +++ b/src/auth/unknown/AuthUnknownServiceHandler.h @@ -29,7 +29,7 @@ public: int start_session(const EntityName& name, bufferlist *result_bl, AuthCapsInfo *caps) { - return 0; + return 1; } int handle_request(bufferlist::iterator& indata, bufferlist *result_bl, diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 3acc879e9a0..f160eb852b5 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -654,9 +654,12 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable) wait_for_active(op, new C_RetryMessage(this,op)); goto done; } - if (!s->authenticated && - mon->ms_handle_authentication(s->con.get()) > 0) { - finished = true; + if (ret > 0) { + if (!s->authenticated && + mon->ms_handle_authentication(s->con.get()) > 0) { + finished = true; + } + ret = 0; } } catch (const buffer::error &err) { ret = -EINVAL; -- 2.39.5