From a3908a68988970ebe3473e9e87a8f46e1f69a634 Mon Sep 17 00:00:00 2001 From: Peter Reiher Date: Fri, 7 Dec 2012 16:32:31 -0800 Subject: [PATCH] auth: changed order of test for legacy and new authentication Changed order of test for legacy and new configuration options in several places. Signed-off-by: Peter Reiher --- src/auth/AuthMethodList.cc | 3 +++ src/mds/MDS.cc | 12 ++++++------ src/mon/MonClient.cc | 26 ++++++++++++++------------ src/mon/Monitor.cc | 8 ++++---- src/osd/OSD.cc | 12 ++++++------ 5 files changed, 33 insertions(+), 28 deletions(-) diff --git a/src/auth/AuthMethodList.cc b/src/auth/AuthMethodList.cc index f310cc0d0d1e0..dc181f92041c5 100644 --- a/src/auth/AuthMethodList.cc +++ b/src/auth/AuthMethodList.cc @@ -39,6 +39,9 @@ AuthMethodList::AuthMethodList(CephContext *cct, string str) lderr(cct) << "WARNING: unknown auth protocol defined: " << *iter << dendl; } } + if (auth_supported.empty()) { + auth_supported.push_back(CEPH_AUTH_CEPHX); + } } bool AuthMethodList::is_supported_auth(int auth_type) diff --git a/src/mds/MDS.cc b/src/mds/MDS.cc index 9b2417bdfde8e..d71405643f4bb 100644 --- a/src/mds/MDS.cc +++ b/src/mds/MDS.cc @@ -90,13 +90,13 @@ MDS::MDS(const std::string &n, Messenger *m, MonClient *mc) : mds_lock("MDS::mds_lock"), timer(m->cct, mds_lock), authorize_handler_cluster_registry(new AuthAuthorizeHandlerRegistry(m->cct, - m->cct->_conf->auth_cluster_required.length() ? - m->cct->_conf->auth_cluster_required : - m->cct->_conf->auth_supported)), + m->cct->_conf->auth_supported.length() ? + m->cct->_conf->auth_supported : + m->cct->_conf->auth_cluster_required)), authorize_handler_service_registry(new AuthAuthorizeHandlerRegistry(m->cct, - m->cct->_conf->auth_service_required.length() ? - m->cct->_conf->auth_service_required : - m->cct->_conf->auth_supported)), + m->cct->_conf->auth_supported.length() ? + m->cct->_conf->auth_supported : + m->cct->_conf->auth_service_required)), name(n), whoami(-1), incarnation(0), standby_for_rank(MDSMap::MDS_NO_STANDBY_PREF), diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc index b705b3def0091..6ffe8e8d6da9c 100644 --- a/src/mon/MonClient.cc +++ b/src/mon/MonClient.cc @@ -269,13 +269,13 @@ int MonClient::init() if (r == -ENOENT) { // do we care? string method; - if (entity_name.get_type() == CEPH_ENTITY_TYPE_MDS || - entity_name.get_type() == CEPH_ENTITY_TYPE_OSD) + if (cct->_conf->auth_supported.length() != 0) + method = cct->_conf->auth_supported; + else if (entity_name.get_type() == CEPH_ENTITY_TYPE_MDS || + entity_name.get_type() == CEPH_ENTITY_TYPE_OSD) method = cct->_conf->auth_cluster_required; else method = cct->_conf->auth_client_required; - if (method.length() == 0) - method = cct->_conf->auth_supported; AuthMethodList supported(cct, method); if (!supported.is_supported_auth(CEPH_AUTH_CEPHX)) { ldout(cct, 2) << "cephx auth is not supported, ignoring absence of keyring" << dendl; @@ -294,14 +294,16 @@ int MonClient::init() schedule_tick(); string method; - if (entity_name.get_type() == CEPH_ENTITY_TYPE_OSD || - entity_name.get_type() == CEPH_ENTITY_TYPE_MDS || - entity_name.get_type() == CEPH_ENTITY_TYPE_MON) - method = cct->_conf->auth_cluster_required; - else - method = cct->_conf->auth_client_required; - auth_supported = new AuthMethodList(cct, method.length() ? method : cct->_conf->auth_supported); - ldout(cct, 10) << "auth_supported " << auth_supported->get_supported_set() << dendl; + if (cct->_conf->auth_supported.length() != 0) + method = cct->_conf->auth_supported; + else if (entity_name.get_type() == CEPH_ENTITY_TYPE_OSD || + entity_name.get_type() == CEPH_ENTITY_TYPE_MDS || + entity_name.get_type() == CEPH_ENTITY_TYPE_MON) + method = cct->_conf->auth_cluster_required; + else + method = cct->_conf->auth_client_required; + auth_supported = new AuthMethodList(cct, method); + ldout(cct, 10) << "auth_supported " << auth_supported->get_supported_set() << " method " << method << dendl; initialized = true; return 0; diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 91db2b0c20f7c..fcdad38f34f81 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -117,11 +117,11 @@ Monitor::Monitor(CephContext* cct_, string nm, MonitorStore *s, Messenger *m, Mo clog(cct_, messenger, monmap, LogClient::FLAG_MON), key_server(cct, &keyring), auth_cluster_required(cct, - cct->_conf->auth_cluster_required.length() ? - cct->_conf->auth_cluster_required : cct->_conf->auth_supported), + cct->_conf->auth_supported.length() ? + cct->_conf->auth_supported : cct->_conf->auth_cluster_required), auth_service_required(cct, - cct->_conf->auth_service_required.length() ? - cct->_conf->auth_service_required : cct->_conf->auth_supported), + cct->_conf->auth_supported.length() ? + cct->_conf->auth_supported : cct->_conf->auth_service_required), store(s), state(STATE_PROBING), diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc index 913157a850858..8490f6a2a2658 100644 --- a/src/osd/OSD.cc +++ b/src/osd/OSD.cc @@ -695,13 +695,13 @@ OSD::OSD(int id, Messenger *internal_messenger, Messenger *external_messenger, osd_lock("OSD::osd_lock"), timer(external_messenger->cct, osd_lock), authorize_handler_cluster_registry(new AuthAuthorizeHandlerRegistry(external_messenger->cct, - cct->_conf->auth_cluster_required.length() ? - cct->_conf->auth_cluster_required : - cct->_conf->auth_supported)), + cct->_conf->auth_supported.length() ? + cct->_conf->auth_supported : + cct->_conf->auth_cluster_required)), authorize_handler_service_registry(new AuthAuthorizeHandlerRegistry(external_messenger->cct, - cct->_conf->auth_service_required.length() ? - cct->_conf->auth_service_required : - cct->_conf->auth_supported)), + cct->_conf->auth_supported.length() ? + cct->_conf->auth_supported : + cct->_conf->auth_service_required)), cluster_messenger(internal_messenger), client_messenger(external_messenger), monc(mc), -- 2.39.5