From 979e81ad5adca2083deabf4d1b9cf9c89ce61763 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Fri, 23 Oct 2009 16:43:41 -0700 Subject: [PATCH] auth: clean up debug output a bit --- src/auth/cephx/CephxClientHandler.cc | 33 ++++++++++++++++---------- src/auth/cephx/CephxProtocol.cc | 3 +++ src/auth/cephx/CephxServiceHandler.cc | 34 +++++++++++++-------------- src/config.cc | 1 + src/config.h | 1 + 5 files changed, 43 insertions(+), 29 deletions(-) diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index fb68e72351ba9..e92e62abb7de8 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -20,9 +20,16 @@ #include "../KeyRing.h" +#include "config.h" + +#define DOUT_SUBSYS auth +#undef dout_prefix +#define dout_prefix *_dout << dbeginl << "cephx client: " + + int CephxClientHandler::build_request(bufferlist& bl) { - dout(0) << "state=" << state << dendl; + dout(0) << "build_request state " << state << dendl; switch (state) { case STATE_START: @@ -52,13 +59,15 @@ int CephxClientHandler::build_request(bufferlist& bl) req.key ^= *p; } ::encode(req, bl); + + dout(10) << "get auth session key: client_challenge " << req.client_challenge << dendl; } break; case STATE_GETTING_SESSION_KEYS: /* get service tickets */ { - dout(0) << "want=" << hex << want << " have=" << have << dec << dendl; + dout(0) << "get service keys: want=" << hex << want << " have=" << have << dec << dendl; CephXRequestHeader header; header.request_type = CEPHX_GET_PRINCIPAL_SESSION_KEY; @@ -87,7 +96,7 @@ int CephxClientHandler::build_request(bufferlist& bl) int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) { - dout(0) << "cephx handle_response ret = " << ret << " state " << state << dendl; + dout(10) << "handle_response ret = " << ret << " state " << state << dendl; if (ret < 0) return ret; // hrm! @@ -96,6 +105,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) CephXServerChallenge ch; ::decode(ch, indata); server_challenge = ch.server_challenge; + dout(10) << " got initial server challenge " << server_challenge << dendl; state = STATE_GETTING_MON_KEY; return -EAGAIN; } @@ -106,11 +116,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) switch (header.request_type) { case CEPHX_GET_AUTH_SESSION_KEY: { - dout(0) << "request_type=" << hex << header.request_type << dec << dendl; - dout(0) << "handle_cephx_response()" << dendl; - - dout(0) << "CEPHX_GET_AUTH_SESSION_KEY" << dendl; - + dout(10) << " get_auth_session_key" << dendl; CryptoKey secret; g_keyring.get_master(secret); @@ -118,7 +124,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) dout(0) << "could not verify service_ticket reply" << dendl; return -EPERM; } - dout(0) << "want=" << want << " have=" << have << dendl; + dout(10) << " want=" << want << " have=" << have << dendl; if (want != have) { state = STATE_GETTING_SESSION_KEYS; ret = -EAGAIN; @@ -132,7 +138,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) case CEPHX_GET_PRINCIPAL_SESSION_KEY: { CephXTicketHandler& ticket_handler = tickets.get_handler(CEPH_ENTITY_TYPE_AUTH); - dout(0) << "CEPHX_GET_PRINCIPAL_SESSION_KEY session_key " << ticket_handler.session_key << dendl; + dout(10) << " get_principal_session_key session_key " << ticket_handler.session_key << dendl; if (!tickets.verify_service_ticket_reply(ticket_handler.session_key, indata)) { dout(0) << "could not verify service_ticket reply" << dendl; @@ -147,6 +153,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) case CEPHX_GET_ROTATING_KEY: { + dout(10) << " get_rotating_key" << dendl; RotatingSecrets secrets; CryptoKey secret_key; g_keyring.get_master(secret_key); @@ -159,7 +166,8 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) break; default: - assert(0); + dout(0) << " unknown request_type " << header.request_type << dendl; + assert(0); } return ret; } @@ -168,13 +176,14 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata) AuthAuthorizer *CephxClientHandler::build_authorizer(uint32_t service_id) { - dout(0) << "going to build authorizer for peer_id=" << service_id << " service_id=" << service_id << dendl; + dout(10) << "build_authorizer for service " << service_id << dendl; return tickets.build_authorizer(service_id); } void CephxClientHandler::build_rotating_request(bufferlist& bl) { + dout(10) << "build_rotating_request" << dendl; CephXRequestHeader header; header.request_type = CEPHX_GET_ROTATING_KEY; ::encode(header, bl); diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc index 25ba61e5d24a0..7bf9130eb2802 100644 --- a/src/auth/cephx/CephxProtocol.cc +++ b/src/auth/cephx/CephxProtocol.cc @@ -4,6 +4,9 @@ #include "config.h" +#define DOUT_SUBSYS auth +#undef dout_prefix +#define dout_prefix *_dout << dbeginl << "cephx: " diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc index 780934e2ebd18..67bea6f753a39 100644 --- a/src/auth/cephx/CephxServiceHandler.cc +++ b/src/auth/cephx/CephxServiceHandler.cc @@ -25,13 +25,18 @@ #include "config.h" +#define DOUT_SUBSYS auth +#undef dout_prefix +#define dout_prefix *_dout << dbeginl << "cephx server " << entity_name << ": " int CephxServiceHandler::start_session(bufferlist& result_bl) { - CephXServerChallenge ch; get_random_bytes((char *)&server_challenge, sizeof(server_challenge)); if (!server_challenge) server_challenge = 1; // always non-zero. + dout(10) << "start_session server_challenge " << server_challenge << dendl; + + CephXServerChallenge ch; ch.server_challenge = server_challenge; ::encode(ch, result_bl); return CEPH_AUTH_CEPHX; @@ -41,13 +46,9 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist { int ret = 0; - dout(0) << "CephxServiceHandler: handle request" << dendl; - struct CephXRequestHeader cephx_header; ::decode(cephx_header, indata); - dout(0) << "op = " << cephx_header.request_type << dendl; - switch (cephx_header.request_type) { case CEPHX_GET_AUTH_SESSION_KEY: { @@ -57,9 +58,9 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist entity_name = req.name; CryptoKey secret; - dout(0) << "entity_name=" << entity_name.to_str() << dendl; + dout(10) << "handle_request get_auth_session_key for " << entity_name << dendl; if (!key_server->get_secret(entity_name, secret)) { - dout(0) << "couldn't find entity name: " << entity_name.to_str() << dendl; + dout(0) << "couldn't find entity name: " << entity_name << dendl; ret = -EPERM; break; } @@ -79,15 +80,13 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist for (int pos = 0; pos + sizeof(req.key) <= key_enc.length(); pos+=sizeof(req.key), p++) { expected_key ^= *p; } - dout(0) << "checking key: req.key=" << hex << req.key << " expected_key=" << expected_key << dec << dendl; + dout(0) << " checking key: req.key=" << hex << req.key << " expected_key=" << expected_key << dec << dendl; if (req.key != expected_key) { - dout(0) << "unexpected key: req.key=" << req.key << " expected_key=" << expected_key << dendl; + dout(0) << " unexpected key: req.key=" << req.key << " expected_key=" << expected_key << dendl; ret = -EPERM; break; } - dout(0) << "CEPHX_GET_AUTH_SESSION_KEY" << dendl; - CryptoKey session_key; CephXSessionAuthInfo info; @@ -105,7 +104,7 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist info.session_key = session_key; info.service_id = CEPH_ENTITY_TYPE_AUTH; if (!key_server->get_service_secret(CEPH_ENTITY_TYPE_AUTH, info.service_secret, info.secret_id)) { - dout(0) << "could not get service secret for auth subsystem" << dendl; + dout(0) << " could not get service secret for auth subsystem" << dendl; ret = -EIO; break; } @@ -120,14 +119,14 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist } if (!key_server->get_service_caps(entity_name, CEPH_ENTITY_TYPE_MON, caps)) { - dout(0) << "could not get mon caps for " << entity_name << dendl; + dout(0) << " could not get mon caps for " << entity_name << dendl; } } break; case CEPHX_GET_PRINCIPAL_SESSION_KEY: { - dout(0) << "CEPHX_GET_PRINCIPAL_SESSION_KEY " << cephx_header.request_type << dendl; + dout(10) << "handle_request get_principal_session_key" << dendl; bufferlist tmp_bl; CephXServiceTicketInfo auth_ticket_info; @@ -137,13 +136,13 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist CephXServiceTicketRequest ticket_req; ::decode(ticket_req, indata); - dout(0) << " ticket_req.keys = " << ticket_req.keys << dendl; + dout(10) << " ticket_req.keys = " << ticket_req.keys << dendl; ret = 0; vector info_vec; for (uint32_t service_id = 1; service_id <= ticket_req.keys; service_id <<= 1) { if (ticket_req.keys & service_id) { - dout(0) << " adding key for service " << service_id << dendl; + dout(10) << " adding key for service " << service_id << dendl; CephXSessionAuthInfo info; int r = key_server->build_session_auth_info(service_id, auth_ticket_info, info); if (r < 0) { @@ -160,7 +159,7 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist case CEPHX_GET_ROTATING_KEY: { - dout(10) << "getting rotating secret for " << entity_name << dendl; + dout(10) << "handle_request getting rotating secret for " << entity_name << dendl; build_cephx_response_header(cephx_header.request_type, 0, result_bl); key_server->get_rotating_encrypted(entity_name, result_bl); ret = 0; @@ -168,6 +167,7 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist break; default: + dout(10) << "handle_request unkonwn op " << cephx_header.request_type << dendl; return -EINVAL; } return ret; diff --git a/src/config.cc b/src/config.cc index 99764db1b7d27..e600156d1e83c 100644 --- a/src/config.cc +++ b/src/config.cc @@ -339,6 +339,7 @@ static struct config_option config_optionsp[] = { OPTION(debug_monc, 0, OPT_INT, 1), OPTION(debug_paxos, 0, OPT_INT, 0), OPTION(debug_tp, 0, OPT_INT, 0), + OPTION(debug_auth, 0, OPT_INT, 1), OPTION(keys_file, 'k', OPT_STR, "keys.bin"), OPTION(clock_lock, 0, OPT_BOOL, false), OPTION(clock_tare, 0, OPT_BOOL, false), diff --git a/src/config.h b/src/config.h index 0c85823fa77b7..9f8c26c18ddb6 100644 --- a/src/config.h +++ b/src/config.h @@ -102,6 +102,7 @@ struct md_config_t { int debug_monc; int debug_paxos; int debug_tp; + int debug_auth; // clock bool clock_lock; -- 2.39.5