From d03c96e5d24ae3b5f9134f9dc9416f2b1b2687c4 Mon Sep 17 00:00:00 2001 From: Colin Patrick McCabe Date: Tue, 14 Jun 2011 12:10:07 -0700 Subject: [PATCH] auth: de-globalize AuthServiceHandler and pals Signed-off-by: Colin McCabe --- src/auth/AuthServiceHandler.cc | 7 +++--- src/auth/AuthServiceHandler.h | 9 ++++++-- src/auth/cephx/CephxServiceHandler.cc | 32 +++++++++++++------------- src/auth/cephx/CephxServiceHandler.h | 3 ++- src/auth/none/AuthNoneServiceHandler.h | 5 +++- src/mon/AuthMonitor.cc | 3 ++- 6 files changed, 35 insertions(+), 24 deletions(-) diff --git a/src/auth/AuthServiceHandler.cc b/src/auth/AuthServiceHandler.cc index 36646576387f3..665a7d65f512d 100644 --- a/src/auth/AuthServiceHandler.cc +++ b/src/auth/AuthServiceHandler.cc @@ -21,12 +21,13 @@ #define DOUT_SUBSYS auth -AuthServiceHandler *get_auth_service_handler(KeyServer *ks, set<__u32>& supported) +AuthServiceHandler *get_auth_service_handler(CephContext *cct, KeyServer *ks, + set<__u32>& supported) { if (is_supported_auth(CEPH_AUTH_CEPHX) && supported.count(CEPH_AUTH_CEPHX)) - return new CephxServiceHandler(ks); + return new CephxServiceHandler(cct, ks); if (is_supported_auth(CEPH_AUTH_NONE) && supported.count(CEPH_AUTH_NONE)) - return new AuthNoneServiceHandler(); + return new AuthNoneServiceHandler(cct); return NULL; } diff --git a/src/auth/AuthServiceHandler.h b/src/auth/AuthServiceHandler.h index b496f5ad6a196..b9e809e845fae 100644 --- a/src/auth/AuthServiceHandler.h +++ b/src/auth/AuthServiceHandler.h @@ -19,13 +19,17 @@ #include "common/config.h" #include "Auth.h" +class CephContext; class KeyServer; struct AuthServiceHandler { +protected: + CephContext *cct; +public: EntityName entity_name; uint64_t global_id; - AuthServiceHandler() : global_id(0) {} + AuthServiceHandler(CephContext *cct_) : cct(cct_), global_id(0) {} virtual ~AuthServiceHandler() { } @@ -35,6 +39,7 @@ struct AuthServiceHandler { EntityName& get_entity_name() { return entity_name; } }; -extern AuthServiceHandler *get_auth_service_handler(KeyServer *ks, set<__u32>& supported); +extern AuthServiceHandler *get_auth_service_handler(CephContext *cct, + KeyServer *ks, set<__u32>& supported); #endif diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc index a58bc04d5bfc1..08035a34bf085 100644 --- a/src/auth/cephx/CephxServiceHandler.cc +++ b/src/auth/cephx/CephxServiceHandler.cc @@ -36,7 +36,7 @@ int CephxServiceHandler::start_session(EntityName& name, bufferlist::iterator& i get_random_bytes((char *)&server_challenge, sizeof(server_challenge)); if (!server_challenge) server_challenge = 1; // always non-zero. - dout(10) << "start_session server_challenge " << hex << server_challenge << dec << dendl; + ldout(cct, 10) << "start_session server_challenge " << hex << server_challenge << dec << dendl; CephXServerChallenge ch; ch.server_challenge = server_challenge; @@ -55,14 +55,14 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist switch (cephx_header.request_type) { case CEPHX_GET_AUTH_SESSION_KEY: { - dout(10) << "handle_request get_auth_session_key for " << entity_name << dendl; + ldout(cct, 10) << "handle_request get_auth_session_key for " << entity_name << dendl; CephXAuthenticate req; ::decode(req, indata); CryptoKey secret; if (!key_server->get_secret(entity_name, secret)) { - dout(0) << "couldn't find entity name: " << entity_name << dendl; + ldout(cct, 0) << "couldn't find entity name: " << entity_name << dendl; ret = -EPERM; break; } @@ -75,10 +75,10 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist uint64_t expected_key; cephx_calc_client_server_challenge(secret, server_challenge, req.client_challenge, &expected_key); - dout(20) << " checking key: req.key=" << hex << req.key + ldout(cct, 20) << " checking key: req.key=" << hex << req.key << " expected_key=" << expected_key << dec << dendl; if (req.key != expected_key) { - dout(0) << " unexpected key: req.key=" << hex << req.key + ldout(cct, 0) << " unexpected key: req.key=" << hex << req.key << " expected_key=" << expected_key << dec << dendl; ret = -EPERM; break; @@ -98,15 +98,15 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist if (cephx_decode_ticket(&g_ceph_context, key_server, CEPH_ENTITY_TYPE_AUTH, req.old_ticket, old_ticket_info)) { global_id = old_ticket_info.ticket.global_id; - dout(10) << "decoded old_ticket with global_id=" << global_id << dendl; + ldout(cct, 10) << "decoded old_ticket with global_id=" << global_id << dendl; should_enc_ticket = true; } - info.ticket.init_timestamps(g_clock.now(), g_conf->auth_mon_ticket_ttl); + info.ticket.init_timestamps(g_clock.now(), cct->_conf->auth_mon_ticket_ttl); info.ticket.name = entity_name; info.ticket.global_id = global_id; info.ticket.auid = eauth.auid; - info.validity += g_conf->auth_mon_ticket_ttl; + info.validity += cct->_conf->auth_mon_ticket_ttl; if (auid) *auid = eauth.auid; @@ -115,7 +115,7 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist info.session_key = session_key; info.service_id = CEPH_ENTITY_TYPE_AUTH; if (!key_server->get_service_secret(CEPH_ENTITY_TYPE_AUTH, info.service_secret, info.secret_id)) { - dout(0) << " could not get service secret for auth subsystem" << dendl; + ldout(cct, 0) << " could not get service secret for auth subsystem" << dendl; ret = -EIO; break; } @@ -130,14 +130,14 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist } if (!key_server->get_service_caps(entity_name, CEPH_ENTITY_TYPE_MON, caps)) { - dout(0) << " could not get mon caps for " << entity_name << dendl; + ldout(cct, 0) << " could not get mon caps for " << entity_name << dendl; } } break; case CEPHX_GET_PRINCIPAL_SESSION_KEY: { - dout(10) << "handle_request get_principal_session_key" << dendl; + ldout(cct, 10) << "handle_request get_principal_session_key" << dendl; bufferlist tmp_bl; CephXServiceTicketInfo auth_ticket_info; @@ -148,20 +148,20 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist CephXServiceTicketRequest ticket_req; ::decode(ticket_req, indata); - dout(10) << " ticket_req.keys = " << ticket_req.keys << dendl; + ldout(cct, 10) << " ticket_req.keys = " << ticket_req.keys << dendl; ret = 0; vector info_vec; for (uint32_t service_id = 1; service_id <= ticket_req.keys; service_id <<= 1) { if (ticket_req.keys & service_id) { - dout(10) << " adding key for service " << ceph_entity_type_name(service_id) << dendl; + ldout(cct, 10) << " adding key for service " << ceph_entity_type_name(service_id) << dendl; CephXSessionAuthInfo info; int r = key_server->build_session_auth_info(service_id, auth_ticket_info, info); if (r < 0) { ret = r; break; } - info.validity += g_conf->auth_service_ticket_ttl; + info.validity += cct->_conf->auth_service_ticket_ttl; info_vec.push_back(info); } } @@ -173,7 +173,7 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist case CEPHX_GET_ROTATING_KEY: { - dout(10) << "handle_request getting rotating secret for " << entity_name << dendl; + ldout(cct, 10) << "handle_request getting rotating secret for " << entity_name << dendl; build_cephx_response_header(cephx_header.request_type, 0, result_bl); key_server->get_rotating_encrypted(entity_name, result_bl); ret = 0; @@ -181,7 +181,7 @@ int CephxServiceHandler::handle_request(bufferlist::iterator& indata, bufferlist break; default: - dout(10) << "handle_request unknown op " << cephx_header.request_type << dendl; + ldout(cct, 10) << "handle_request unknown op " << cephx_header.request_type << dendl; return -EINVAL; } return ret; diff --git a/src/auth/cephx/CephxServiceHandler.h b/src/auth/cephx/CephxServiceHandler.h index a063b1a13c7aa..3649d3b5d57bd 100644 --- a/src/auth/cephx/CephxServiceHandler.h +++ b/src/auth/cephx/CephxServiceHandler.h @@ -25,7 +25,8 @@ class CephxServiceHandler : public AuthServiceHandler { uint64_t server_challenge; public: - CephxServiceHandler(KeyServer *ks) : key_server(ks), server_challenge(0) {} + CephxServiceHandler(CephContext *cct_, KeyServer *ks) + : AuthServiceHandler(cct_), key_server(ks), server_challenge(0) {} ~CephxServiceHandler() {} int start_session(EntityName& name, bufferlist::iterator& indata, bufferlist& result_bl, AuthCapsInfo& caps); diff --git a/src/auth/none/AuthNoneServiceHandler.h b/src/auth/none/AuthNoneServiceHandler.h index 69364bdfcec82..1c37d79e75514 100644 --- a/src/auth/none/AuthNoneServiceHandler.h +++ b/src/auth/none/AuthNoneServiceHandler.h @@ -18,9 +18,12 @@ #include "../AuthServiceHandler.h" #include "../Auth.h" +class CephContext; + class AuthNoneServiceHandler : public AuthServiceHandler { public: - AuthNoneServiceHandler() {} + AuthNoneServiceHandler(CephContext *cct_) + : AuthServiceHandler(cct_) {} ~AuthNoneServiceHandler() {} int start_session(EntityName& name, bufferlist::iterator& indata, bufferlist& result_bl, AuthCapsInfo& caps) { diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 4cfc0769a233e..5a0b88ebcb908 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -365,7 +365,8 @@ bool AuthMonitor::prep_auth(MAuth *m, bool paxos_writable) goto reply; } - s->auth_handler = get_auth_service_handler(&mon->key_server, supported); + s->auth_handler = get_auth_service_handler(&g_ceph_context, + &mon->key_server, supported); if (!s->auth_handler) { ret = -ENOTSUP; goto reply; -- 2.39.5