From c878561c93f86b69281fd1cef4f7d9de8d3e2317 Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Thu, 29 Oct 2009 16:35:13 -0700 Subject: [PATCH] auth: configuratble supported auth type --- src/Makefile.am | 1 + src/auth/AuthServiceHandler.cc | 36 ++++++++++++++++- src/common/str_list.cc | 70 ++++++++++++++++++++++++++++++++++ src/config.cc | 1 + src/config.h | 1 + src/include/str_list.h | 12 ++++++ src/mon/MonClient.cc | 24 ++++++++++-- src/mon/MonClient.h | 2 + 8 files changed, 141 insertions(+), 6 deletions(-) create mode 100644 src/common/str_list.cc create mode 100644 src/include/str_list.h diff --git a/src/Makefile.am b/src/Makefile.am index edb528d4e7c16..b242440878660 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -311,6 +311,7 @@ libcommon_files = \ common/ConfUtils.cc \ common/MemoryModel.cc \ common/armor.c \ + common/str_list.cc \ mon/MonMap.cc \ mon/MonClient.cc \ osd/OSDMap.cc \ diff --git a/src/auth/AuthServiceHandler.cc b/src/auth/AuthServiceHandler.cc index 28dc884a8b861..d153ccc6858ee 100644 --- a/src/auth/AuthServiceHandler.cc +++ b/src/auth/AuthServiceHandler.cc @@ -15,12 +15,44 @@ #include "AuthServiceHandler.h" #include "cephx/CephxServiceHandler.h" #include "none/AuthNoneServiceHandler.h" +#include "common/Mutex.h" +#include "include/str_list.h" +#include "config.h" + +static bool _supported_initialized = false; +static Mutex _supported_lock("auth_service_handler_init"); +static map auth_supported; + +static void _init_supported(void) +{ + string str = g_conf.supported_auth; + list sup_list; + get_str_list(str, sup_list); + for (list::iterator iter = sup_list.begin(); iter != sup_list.end(); ++iter) { + if (iter->compare("cephx") == 0) { + dout(0) << "supporting cephx auth protocol" << dendl; + auth_supported[CEPH_AUTH_CEPHX] = true; + } else if (iter->compare("none") == 0) { + auth_supported[CEPH_AUTH_NONE] = true; + dout(0) << "supporting *none* auth protocol" << dendl; + } else { + dout(0) << "WARNING: unknown auth protocol defined: " << *iter << dendl; + } + } + _supported_initialized = true; +} AuthServiceHandler *get_auth_service_handler(KeyServer *ks, set<__u32>& supported) { - if (supported.count(CEPH_AUTH_CEPHX)) + { + Mutex::Locker lock(_supported_lock); + if (!_supported_initialized) { + _init_supported(); + } + } + if (auth_supported[CEPH_AUTH_CEPHX] && supported.count(CEPH_AUTH_CEPHX)) return new CephxServiceHandler(ks); - if (supported.count(CEPH_AUTH_NONE)) + if (auth_supported[CEPH_AUTH_NONE] && supported.count(CEPH_AUTH_NONE)) return new AuthNoneServiceHandler(); return NULL; } diff --git a/src/common/str_list.cc b/src/common/str_list.cc new file mode 100644 index 0000000000000..8b2b5b163018e --- /dev/null +++ b/src/common/str_list.cc @@ -0,0 +1,70 @@ +#include +#include +#include + +using namespace std; + +static bool get_next_token(string s, size_t& pos, string& token) +{ + int start = s.find_first_not_of(" \t", pos); + int end; + + if (s[start]== ',') { + end = start + 1; + } else { + end = s.find_first_of(";,= \t", start+1); + } + + if (start < 0) { + return false; + } + + if (end < 0) { + end=s.size(); + } + + token = s.substr(start, end - start); + + pos = end; + + return true; +} + +bool get_str_list(string& str, list& str_list) +{ + size_t pos = 0; + string token; + + str_list.clear(); + + while (pos < str.size()) { + if (get_next_token(str, pos, token)) { + if (token.compare(",") != 0 && token.size() > 0) { + str_list.push_back(token); + } + } + } + + return true; +} + + +bool get_str_set(string& str, set& str_set) +{ + size_t pos = 0; + string token; + + str_set.clear(); + + while (pos < str.size()) { + if (get_next_token(str, pos, token)) { + if (token.compare(",") != 0 && token.size() > 0) { + str_set.insert(token); + } + } + } + + return true; +} + + diff --git a/src/config.cc b/src/config.cc index cfcc04b37a53f..9751bb6a7e336 100644 --- a/src/config.cc +++ b/src/config.cc @@ -341,6 +341,7 @@ static struct config_option config_optionsp[] = { OPTION(debug_tp, 0, OPT_INT, 0), OPTION(debug_auth, 0, OPT_INT, 1), OPTION(keys_file, 'k', OPT_STR, "keys.bin"), + OPTION(supported_auth, 0, OPT_STR, "cephx, none"), OPTION(clock_lock, 0, OPT_BOOL, false), OPTION(clock_tare, 0, OPT_BOOL, false), OPTION(ms_tcp_nodelay, 0, OPT_BOOL, true), diff --git a/src/config.h b/src/config.h index 9f8c26c18ddb6..aa2293d36d985 100644 --- a/src/config.h +++ b/src/config.h @@ -110,6 +110,7 @@ struct md_config_t { // auth char *keys_file; + char *supported_auth; // messenger diff --git a/src/include/str_list.h b/src/include/str_list.h new file mode 100644 index 0000000000000..9246b0be94b20 --- /dev/null +++ b/src/include/str_list.h @@ -0,0 +1,12 @@ +#ifndef __STRLIST_H +#define __STRLIST_H + +#include +#include +#include + +extern bool get_str_list(std::string& str, std::list& str_list); +extern bool get_str_set(std::string& str, std::set& str_list); + + +#endif diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc index e822302cf22c1..598befdaa22d6 100644 --- a/src/mon/MonClient.cc +++ b/src/mon/MonClient.cc @@ -32,6 +32,8 @@ #include "auth/Auth.h" #include "auth/KeyRing.h" +#include "include/str_list.h" + #include "config.h" @@ -241,6 +243,23 @@ void MonClient::init() Mutex::Locker l(monc_lock); timer.add_event_after(10.0, new C_Tick(this)); + + + auth_supported.clear(); + string str = g_conf.supported_auth; + list sup_list; + get_str_list(str, sup_list); + for (list::iterator iter = sup_list.begin(); iter != sup_list.end(); ++iter) { + if (iter->compare("cephx") == 0) { + dout(0) << "supporting cephx auth protocol" << dendl; + auth_supported.insert(CEPH_AUTH_CEPHX); + } else if (iter->compare("none") == 0) { + auth_supported.insert(CEPH_AUTH_NONE); + dout(0) << "supporting *none* auth protocol" << dendl; + } else { + dout(0) << "WARNING: unknown auth protocol defined: " << *iter << dendl; + } + } } void MonClient::shutdown() @@ -408,12 +427,9 @@ void MonClient::_reopen_session() if (state != MC_STATE_HAVE_SESSION) { state = MC_STATE_NEGOTIATING; - set<__u32> supported; - supported.insert(CEPH_AUTH_CEPHX); - /* supported.insert(CEPH_AUTH_NONE); */ MAuth *m = new MAuth; m->protocol = 0; - ::encode(supported, m->auth_payload); + ::encode(auth_supported, m->auth_payload); ::encode(entity_name, m->auth_payload); _send_mon_message(m, true); } diff --git a/src/mon/MonClient.h b/src/mon/MonClient.h index 0240703c9841e..1ba4019c02730 100644 --- a/src/mon/MonClient.h +++ b/src/mon/MonClient.h @@ -58,6 +58,8 @@ private: Mutex monc_lock; SafeTimer timer; + set<__u32> auth_supported; + bool ms_dispatch(Message *m); bool ms_handle_reset(Connection *con); void ms_handle_remote_reset(Connection *con) {} -- 2.39.5