From a5322e28adaf832375148282d8728b62ac0a72a5 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Wed, 23 Sep 2009 13:03:56 -0700 Subject: [PATCH] mon: route all auth traffic through authmon --- src/messages/MAuthMon.h | 4 +- src/mon/AuthMonitor.cc | 93 +++++++++++++++++++++++++++++----------- src/mon/AuthMonitor.h | 21 ++++++--- src/mon/ClientMonitor.cc | 38 ---------------- src/mon/ClientMonitor.h | 7 +-- src/mon/Monitor.cc | 22 +++------- src/mon/Monitor.h | 1 - src/mon/Session.h | 3 ++ 8 files changed, 98 insertions(+), 91 deletions(-) diff --git a/src/messages/MAuthMon.h b/src/messages/MAuthMon.h index 8d54b593d95c0..2ec6d2637f212 100644 --- a/src/messages/MAuthMon.h +++ b/src/messages/MAuthMon.h @@ -12,8 +12,8 @@ * */ -#ifndef __MAUTH_H -#define __MAUTH_H +#ifndef __MAUTHMON_H +#define __MAUTHMON_H #include "include/AuthLibrary.h" #include "messages/PaxosServiceMessage.h" diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index b504c3cf960d3..480c34f12647b 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -18,6 +18,8 @@ #include "MonitorStore.h" #include "messages/MMonCommand.h" +#include "messages/MAuth.h" +#include "messages/MAuthReply.h" #include "messages/MAuthMon.h" #include "messages/MAuthMonAck.h" #include "messages/MAuthRotating.h" @@ -201,8 +203,14 @@ bool AuthMonitor::preprocess_query(PaxosServiceMessage *m) case MSG_MON_COMMAND: return preprocess_command((MMonCommand*)m); + case CEPH_MSG_AUTH: + return preprocess_auth((MAuth *)m); + + case MSG_AUTH_ROTATING: + return preprocess_auth_rotating((MAuthRotating *)m); + case MSG_AUTHMON: - return preprocess_auth((MAuthMon*)m); + return preprocess_auth_mon((MAuthMon*)m); default: assert(0); @@ -218,7 +226,7 @@ bool AuthMonitor::prepare_update(PaxosServiceMessage *m) case MSG_MON_COMMAND: return prepare_command((MMonCommand*)m); case MSG_AUTHMON: - return prepare_auth((MAuthMon*)m); + return prepare_auth_mon((MAuthMon*)m); default: assert(0); delete m; @@ -231,9 +239,65 @@ void AuthMonitor::committed() } -bool AuthMonitor::preprocess_auth(MAuthMon *m) + +bool AuthMonitor::preprocess_auth(MAuth *m) +{ + stringstream ss; + // already mounted? + dout(0) << "preprocess_auth() blob_size=" << m->get_auth_payload().length() << dendl; + entity_addr_t addr = m->get_orig_source_addr(); + + dout(0) << "preprocess_auth() addr=" << addr << dendl; + + AuthServiceHandler *handler = auth_mgr.get_auth_handler(addr); + assert(handler); + + bufferlist response_bl; + + int ret; + try { + ret = handler->handle_request(m->get_auth_payload(), response_bl); + } catch (buffer::error *err) { + ret = -EINVAL; + dout(0) << "caught error when trying to handle auth request, probably malformed request" << dendl; + } + MAuthReply *reply = new MAuthReply(&response_bl, ret); + + if (reply) { + mon->messenger->send_message(reply, + m->get_orig_source_inst()); + } else { + /* out of memory.. what are we supposed to do now? */ + } + return true; +} + + +bool AuthMonitor::preprocess_auth_rotating(MAuthRotating *m) { - dout(10) << "preprocess_auth " << *m << " from " << m->get_orig_source() << dendl; + dout(10) << "handle_request " << *m << " from " << m->get_orig_source() << dendl; + MAuthRotating *reply = new MAuthRotating(); + + if (!reply) + return true; + + if (keys_server.get_rotating_encrypted(m->entity_name, reply->response_bl)) { + reply->status = 0; + } else { + reply->status = -EPERM; + } + + mon->messenger->send_message(reply, m->get_orig_source_inst()); + delete m; + return true; +} + + +// auth mon + +bool AuthMonitor::preprocess_auth_mon(MAuthMon *m) +{ + dout(10) << "preprocess_auth_mon " << *m << " from " << m->get_orig_source() << dendl; int num_new = 0; for (deque::iterator p = m->info.begin(); @@ -249,7 +313,7 @@ bool AuthMonitor::preprocess_auth(MAuthMon *m) return false; } -bool AuthMonitor::prepare_auth(MAuthMon *m) +bool AuthMonitor::prepare_auth_mon(MAuthMon *m) { dout(10) << "prepare_auth " << *m << " from " << m->get_orig_source() << dendl; @@ -387,22 +451,3 @@ done: return false; } - -void AuthMonitor::handle_request(MAuthRotating *m) -{ - dout(10) << "handle_request " << *m << " from " << m->get_orig_source() << dendl; - MAuthRotating *reply = new MAuthRotating(); - - if (!reply) - return; - - if (keys_server.get_rotating_encrypted(m->entity_name, reply->response_bl)) { - reply->status = 0; - } else { - reply->status = -EPERM; - } - - mon->messenger->send_message(reply, m->get_orig_source_inst()); - delete m; -} - diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h index 85795077a4fee..4d15e5073b4f4 100644 --- a/src/mon/AuthMonitor.h +++ b/src/mon/AuthMonitor.h @@ -25,9 +25,13 @@ using namespace std; #include "mon/Monitor.h" #include "include/AuthLibrary.h" + #include "auth/KeysServer.h" +#include "auth/AuthServiceManager.h" + class MMonCommand; +class MAuth; class MAuthMon; class MAuthRotating; @@ -37,6 +41,8 @@ class AuthMonitor : public PaxosService { KeysServer keys_server; version_t last_rotating_ver; + AuthServiceManager auth_mgr; + void on_active(); void create_initial(bufferlist& bl); @@ -49,8 +55,12 @@ class AuthMonitor : public PaxosService { bool preprocess_query(PaxosServiceMessage *m); // true if processed. bool prepare_update(PaxosServiceMessage *m); - bool preprocess_auth(MAuthMon *m); - bool prepare_auth(MAuthMon *m); + bool preprocess_auth(MAuth *m); + + bool preprocess_auth_rotating(MAuthRotating *m); + + bool preprocess_auth_mon(MAuthMon *m); + bool prepare_auth_mon(MAuthMon *m); void _updated_auth(MAuthMon *m, entity_inst_t who); struct C_Auth : public Context { @@ -69,9 +79,10 @@ class AuthMonitor : public PaxosService { void check_rotate(); public: - AuthMonitor(Monitor *mn, Paxos *p) : PaxosService(mn, p), last_rotating_ver(0) { } - void handle_request(MAuthMon *m); - void handle_request(MAuthRotating *m); + AuthMonitor(Monitor *mn, Paxos *p) : PaxosService(mn, p), last_rotating_ver(0) { + auth_mgr.init(mn); + } + void pre_auth(MAuth *m); void tick(); // check state, take actions }; diff --git a/src/mon/ClientMonitor.cc b/src/mon/ClientMonitor.cc index 4820e85258243..4568d324da25b 100644 --- a/src/mon/ClientMonitor.cc +++ b/src/mon/ClientMonitor.cc @@ -20,8 +20,6 @@ #include "MonitorStore.h" #include "messages/MMonMap.h" -#include "messages/MAuth.h" -#include "messages/MAuthReply.h" #include "messages/MClientMount.h" #include "messages/MClientMountAck.h" #include "messages/MMonCommand.h" @@ -109,47 +107,11 @@ void ClientMonitor::encode_pending(bufferlist &bl) // ------- -bool ClientMonitor::check_auth(MAuth *m) -{ - stringstream ss; - // already mounted? - dout(0) << "ClientMonitor::check_auth() blob_size=" << m->get_auth_payload().length() << dendl; - entity_addr_t addr = m->get_orig_source_addr(); - - dout(0) << "ClientMonitor::check_auth() addr=" << addr << dendl; - - AuthServiceHandler* handler = auth_mgr.get_auth_handler(addr); - assert(handler); - - bufferlist response_bl; - - int ret; - try { - ret = handler->handle_request(m->get_auth_payload(), response_bl); - } catch (buffer::error *err) { - ret = -EINVAL; - dout(0) << "caught error when trying to handle auth request, probably malformed request" << dendl; - } - MAuthReply *reply = new MAuthReply(&response_bl, ret); - - if (reply) { - mon->messenger->send_message(reply, - m->get_orig_source_inst()); - } else { - /* out of memory.. what are we supposed to do now? */ - } - return true; -} - bool ClientMonitor::preprocess_query(PaxosServiceMessage *m) { dout(10) << "preprocess_query " << *m << " from " << m->get_orig_source_inst() << dendl; switch (m->get_type()) { - case CEPH_MSG_AUTH: - dout(0) << "YY preprocess_query" << dendl; - return check_auth((MAuth *)m); - case CEPH_MSG_CLIENT_MOUNT: return preprocess_mount((MClientMount *)m); diff --git a/src/mon/ClientMonitor.h b/src/mon/ClientMonitor.h index c1af686f17acd..adbcbd59b6b8b 100644 --- a/src/mon/ClientMonitor.h +++ b/src/mon/ClientMonitor.h @@ -31,8 +31,6 @@ using namespace std; #include "PaxosService.h" #include "ClientMap.h" -#include "auth/AuthServiceManager.h" - class Monitor; class Paxos; class MAuth; @@ -61,7 +59,6 @@ public: }; ClientMap client_map, pending_map; - AuthServiceManager auth_mgr; client_t next_client; private: @@ -74,8 +71,6 @@ private: void committed(); - bool check_auth(MAuth *m); - bool preprocess_mount(MClientMount *m); bool prepare_mount(MClientMount *m); void _mounted(client_t c, MClientMount *m); @@ -91,7 +86,7 @@ private: void on_election_start(); public: - ClientMonitor(Monitor *mn, Paxos *p) : PaxosService(mn, p), next_client(-1) { auth_mgr.init(mn); } + ClientMonitor(Monitor *mn, Paxos *p) : PaxosService(mn, p), next_client(-1) { } void tick(); // check state, take actions diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 709c01181acf1..0f7c0ec064060 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -404,9 +404,14 @@ bool Monitor::ms_dispatch(Message *m) paxos_service[PAXOS_MDSMAP]->dispatch((PaxosServiceMessage*)m); break; - // clients + // auth case CEPH_MSG_AUTH: - dout(0) << "Monitor::dispatch_impl() got CEPH_MSG_CLIENT_AUTH" << dendl; + case MSG_AUTH_ROTATING: + case MSG_AUTHMON: + paxos_service[PAXOS_AUTH]->dispatch((PaxosServiceMessage*)m); + break; + + // clients case CEPH_MSG_CLIENT_MOUNT: paxos_service[PAXOS_CLIENTMAP]->dispatch((PaxosServiceMessage*)m); break; @@ -464,9 +469,6 @@ bool Monitor::ms_dispatch(Message *m) handle_class((MClass *)m); break; - case MSG_AUTH_ROTATING: - handle_rotating((MAuthRotating *)m); - break; default: return false; } @@ -726,16 +728,6 @@ void Monitor::handle_class(MClass *m) } } -/* - get auth rotating secret request - */ - -void Monitor::handle_rotating(MAuthRotating *m) -{ - authmon()->handle_request(m); -} - - void Monitor::handle_route(MRoute *m) { dout(10) << "handle_route " << *m->msg << " to " << m->dest << dendl; diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h index f607c01d5c9ba..94062f13dccf7 100644 --- a/src/mon/Monitor.h +++ b/src/mon/Monitor.h @@ -146,7 +146,6 @@ public: void handle_command(class MMonCommand *m); void handle_observe(MMonObserve *m); void handle_class(MClass *m); - void handle_rotating(MAuthRotating *m); void handle_route(MRoute *m); void reply_command(MMonCommand *m, int rc, const string &rs, version_t version); diff --git a/src/mon/Session.h b/src/mon/Session.h index 60e2834a442ff..932483bfe1e55 100644 --- a/src/mon/Session.h +++ b/src/mon/Session.h @@ -17,6 +17,7 @@ #include "include/xlist.h" #include "msg/msg_types.h" +#include "auth/Crypto.h" struct Session; @@ -39,6 +40,8 @@ struct Session : public RefCountedObject { map sub_map; + CryptoKey session_key; + Session(entity_inst_t i) : inst(i), closed(false), item(this) {} ~Session() { generic_dout(0) << "~Session " << this << dendl; -- 2.39.5