From c44ebceedbc87c4ee9000d2d6820ee6f6faea2c1 Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Mon, 26 Oct 2009 16:25:19 -0700 Subject: [PATCH] auth: send request for tickets when needed --- src/auth/AuthClientHandler.h | 1 + src/auth/cephx/CephxClientHandler.cc | 6 ++++++ src/auth/cephx/CephxClientHandler.h | 2 +- src/auth/cephx/CephxProtocol.cc | 3 ++- src/mon/MonClient.cc | 7 +++++++ 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/auth/AuthClientHandler.h b/src/auth/AuthClientHandler.h index f0947d1671e47..35a13b17a0cb8 100644 --- a/src/auth/AuthClientHandler.h +++ b/src/auth/AuthClientHandler.h @@ -70,6 +70,7 @@ public: virtual AuthAuthorizer *build_authorizer(uint32_t service_id) = 0; virtual void validate_tickets() = 0; + virtual bool need_tickets() = 0; }; diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index 72e703e864645..f3919ad4a4ce5 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -190,3 +190,9 @@ void CephxClientHandler::validate_tickets() tickets.validate_tickets(want, need); } +bool CephxClientHandler::need_tickets() +{ + validate_tickets(); + return (need != 0); +} + diff --git a/src/auth/cephx/CephxClientHandler.h b/src/auth/cephx/CephxClientHandler.h index 5967f7968c3e2..f1da845353e94 100644 --- a/src/auth/cephx/CephxClientHandler.h +++ b/src/auth/cephx/CephxClientHandler.h @@ -53,7 +53,7 @@ public: AuthAuthorizer *build_authorizer(uint32_t service_id); void validate_tickets(); - + bool need_tickets(); }; #endif diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc index afe0b23cf5187..dcdcb13226ce2 100644 --- a/src/auth/cephx/CephxProtocol.cc +++ b/src/auth/cephx/CephxProtocol.cc @@ -80,7 +80,8 @@ bool CephXTicketHandler::verify_service_ticket_reply(CryptoKey& secret, ::decode(ticket, indata); dout(10) << "verify_service_ticket_reply service " << ceph_entity_type_name(service_id) << " secret_id " << ticket.secret_id - << " session_key " << msg_a.session_key << dendl; + << " session_key " << msg_a.session_key + << " validity=" << msg_a.validity << dendl; session_key = msg_a.session_key; has_key_flag = true; return true; diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc index fca473745b4e1..2a6df410a1db9 100644 --- a/src/mon/MonClient.cc +++ b/src/mon/MonClient.cc @@ -537,6 +537,13 @@ int MonClient::wait_authenticate(double timeout) int MonClient::_check_auth_rotating() { + if (state == MC_STATE_HAVE_SESSION && auth && auth->need_tickets()) { + MAuth *m = new MAuth; + m->protocol = auth->get_protocol(); + auth->build_request(m->auth_payload); + _send_mon_message(m); + } + if (!g_keyring.need_rotating_secrets()) return 0; -- 2.39.5