From 707d32a59951aaf7d656b8ceade4b7ec32e02513 Mon Sep 17 00:00:00 2001 From: Ilya Dryomov Date: Mon, 29 Mar 2021 13:45:10 +0200 Subject: [PATCH] auth/CephxClientHandler: explain why skipping extra_tickets is needed Since nautilus, CEPHX_GET_AUTH_SESSION_KEY shares both the auth ticket and the service tickets, sparing an extra round-trip to get the service tickets via CEPHX_GET_PRINCIPAL_SESSION_KEY. This applies to msgr1 as well, but we don't take advantage of it on the client side. However, fixing CephxClientHandler to do the right thing breaks msgr1. Since msgr1 is on its way out, rather than also fixing MonClient just document the bug and the current behaviour. Signed-off-by: Ilya Dryomov --- src/auth/cephx/CephxClientHandler.cc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc index 412142ba53ff4..76ccca735800c 100644 --- a/src/auth/cephx/CephxClientHandler.cc +++ b/src/auth/cephx/CephxClientHandler.cc @@ -187,6 +187,22 @@ int CephxClientHandler::handle_response( ldout(cct, 10) << " got connection bl " << cbl.length() << " and extra tickets " << extra_tickets.length() << dendl; + // for msgr1, both session_key and connection_secret are NULL + // so we skip extra_tickets and incur an additional round-trip + // to get service tickets via CEPHX_GET_PRINCIPAL_SESSION_KEY + // as if talking to a pre-nautilus mon + // this wasn't intended but turns out to be needed because in + // msgr1 case MonClient doesn't explicitly wait for the monmap + // (which is shared together with CEPHX_GET_AUTH_SESSION_KEY + // reply) + // instead, it waits for CEPHX_GET_PRINCIPAL_SESSION_KEY reply + // which comes after the monmap and hence the monmap is always + // handled by the time authentication is considered finished + // if we start to always process extra_tickets here, MonClient + // would have no reason to send CEPHX_GET_PRINCIPAL_SESSION_KEY + // and RadosClient::connect() or similar could return with no + // actual monmap but just an initial bootstrap stub, leading + // to mon commands going out with zero fsid and other issues if (session_key && connection_secret) { CephXTicketHandler& ticket_handler = tickets.get_handler(CEPH_ENTITY_TYPE_AUTH); -- 2.47.3