mirror of
https://github.com/ceph/ceph
synced 2025-01-01 08:32:24 +00:00
Merge PR #25998 into master
* refs/pull/25998/head: msg/Dispatcher: remove force_new arg from ms_get_authorizer() crimson/net: drop authenticator retry msg/simple: remove forced authorizer refresh Reviewed-by: Ricardo Dias <rdias@suse.com> Reviewed-by: xie xingguo <xie.xingguo@zte.com.cn>
This commit is contained in:
Sage Weil
commit
39f9e8db4d
@ -13936,7 +13936,7 @@ bool Client::ms_handle_refused(Connection *con)
|
||||
return false;
|
||||
}
|
||||
|
||||
bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new)
|
||||
bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
|
||||
{
|
||||
if (dest_type == CEPH_ENTITY_TYPE_MON)
|
||||
return true;
|
||||
|
||||
@ -924,7 +924,7 @@ protected:
|
||||
bool ms_handle_reset(Connection *con) override;
|
||||
void ms_handle_remote_reset(Connection *con) override;
|
||||
bool ms_handle_refused(Connection *con) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
|
||||
|
||||
int authenticate();
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
namespace ceph::net
|
||||
{
|
||||
seastar::future<std::unique_ptr<AuthAuthorizer>>
|
||||
Dispatcher::ms_get_authorizer(peer_type_t, bool force_new)
|
||||
Dispatcher::ms_get_authorizer(peer_type_t)
|
||||
{
|
||||
return seastar::make_ready_future<std::unique_ptr<AuthAuthorizer>>(nullptr);
|
||||
}
|
||||
|
||||
@ -53,7 +53,7 @@ class Dispatcher {
|
||||
return seastar::make_ready_future<msgr_tag_t, bufferlist>(0, bufferlist{});
|
||||
}
|
||||
virtual seastar::future<std::unique_ptr<AuthAuthorizer>>
|
||||
ms_get_authorizer(peer_type_t, bool force_new);
|
||||
ms_get_authorizer(peer_type_t);
|
||||
};
|
||||
|
||||
} // namespace ceph::net
|
||||
|
||||
@ -648,17 +648,8 @@ SocketConnection::handle_connect_reply(msgr_tag_t tag)
|
||||
logger().error("{} connect protocol version mispatch", __func__);
|
||||
throw std::system_error(make_error_code(error::negotiation_failure));
|
||||
case CEPH_MSGR_TAG_BADAUTHORIZER:
|
||||
if (h.got_bad_auth) {
|
||||
logger().error("{} got bad authorizer", __func__);
|
||||
throw std::system_error(make_error_code(error::negotiation_failure));
|
||||
}
|
||||
h.got_bad_auth = true;
|
||||
// try harder
|
||||
return dispatcher.ms_get_authorizer(peer_type, true)
|
||||
.then([this](auto&& auth) {
|
||||
h.authorizer = std::move(auth);
|
||||
return stop_t::no;
|
||||
});
|
||||
logger().error("{} got bad authorizer", __func__);
|
||||
throw std::system_error(make_error_code(error::negotiation_failure));
|
||||
case CEPH_MSGR_TAG_RESETSESSION:
|
||||
reset_session();
|
||||
return seastar::make_ready_future<stop_t>(stop_t::no);
|
||||
@ -746,7 +737,7 @@ SocketConnection::repeat_connect()
|
||||
// this is fyi, actually, server decides!
|
||||
h.connect.flags = policy.lossy ? CEPH_MSG_CONNECT_LOSSY : 0;
|
||||
|
||||
return dispatcher.ms_get_authorizer(peer_type, false)
|
||||
return dispatcher.ms_get_authorizer(peer_type)
|
||||
.then([this](auto&& auth) {
|
||||
h.authorizer = std::move(auth);
|
||||
bufferlist bl;
|
||||
|
||||
@ -68,7 +68,6 @@ class SocketConnection : public Connection {
|
||||
struct Handshake {
|
||||
ceph_msg_connect connect;
|
||||
ceph_msg_connect_reply reply;
|
||||
bool got_bad_auth = false;
|
||||
std::unique_ptr<AuthAuthorizer> authorizer;
|
||||
std::chrono::milliseconds backoff;
|
||||
uint32_t connect_seq = 0;
|
||||
|
||||
@ -57,8 +57,7 @@
|
||||
#define dout_prefix *_dout << "librados: "
|
||||
|
||||
bool librados::RadosClient::ms_get_authorizer(int dest_type,
|
||||
AuthAuthorizer **authorizer,
|
||||
bool force_new) {
|
||||
AuthAuthorizer **authorizer) {
|
||||
//ldout(cct, 0) << "RadosClient::ms_get_authorizer type=" << dest_type << dendl;
|
||||
/* monitor authorization is being handled on different layer */
|
||||
if (dest_type == CEPH_ENTITY_TYPE_MON)
|
||||
|
||||
@ -61,7 +61,7 @@ private:
|
||||
bool _dispatch(Message *m);
|
||||
bool ms_dispatch(Message *m) override;
|
||||
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
|
||||
void ms_handle_connect(Connection *con) override;
|
||||
bool ms_handle_reset(Connection *con) override;
|
||||
void ms_handle_remote_reset(Connection *con) override;
|
||||
|
||||
@ -1169,7 +1169,7 @@ bool MDSDaemon::ms_dispatch2(const Message::ref &m)
|
||||
}
|
||||
}
|
||||
|
||||
bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new)
|
||||
bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
|
||||
{
|
||||
dout(10) << "MDSDaemon::ms_get_authorizer type="
|
||||
<< ceph_entity_type_name(dest_type) << dendl;
|
||||
@ -1178,12 +1178,6 @@ bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bo
|
||||
if (dest_type == CEPH_ENTITY_TYPE_MON)
|
||||
return true;
|
||||
|
||||
if (force_new) {
|
||||
auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
|
||||
if (monc->wait_auth_rotating(timeout) < 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
*authorizer = monc->build_authorizer(dest_type);
|
||||
return *authorizer != NULL;
|
||||
}
|
||||
|
||||
@ -110,7 +110,7 @@ class MDSDaemon : public Dispatcher, public md_config_obs_t {
|
||||
|
||||
private:
|
||||
bool ms_dispatch2(const Message::ref &m) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
|
||||
int ms_handle_authentication(Connection *con) override;
|
||||
KeyStore *ms_get_auth1_authorizer_keystore() override;
|
||||
void ms_handle_accept(Connection *con) override;
|
||||
|
||||
@ -217,8 +217,9 @@ int DaemonServer::ms_handle_authentication(Connection *con)
|
||||
return ret;
|
||||
}
|
||||
|
||||
bool DaemonServer::ms_get_authorizer(int dest_type,
|
||||
AuthAuthorizer **authorizer, bool force_new)
|
||||
bool DaemonServer::ms_get_authorizer(
|
||||
int dest_type,
|
||||
AuthAuthorizer **authorizer)
|
||||
{
|
||||
dout(10) << "type=" << ceph_entity_type_name(dest_type) << dendl;
|
||||
|
||||
@ -226,12 +227,6 @@ bool DaemonServer::ms_get_authorizer(int dest_type,
|
||||
return true;
|
||||
}
|
||||
|
||||
if (force_new) {
|
||||
auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
|
||||
if (monc->wait_auth_rotating(timeout) < 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
*authorizer = monc->build_authorizer(dest_type);
|
||||
dout(20) << "got authorizer " << *authorizer << dendl;
|
||||
return *authorizer != NULL;
|
||||
|
||||
@ -149,8 +149,7 @@ public:
|
||||
bool ms_handle_reset(Connection *con) override;
|
||||
void ms_handle_remote_reset(Connection *con) override {}
|
||||
bool ms_handle_refused(Connection *con) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
|
||||
bool force_new) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
|
||||
KeyStore *ms_get_auth1_authorizer_keystore() override;
|
||||
|
||||
bool handle_open(MMgrOpen *m);
|
||||
|
||||
@ -429,18 +429,11 @@ bool MgrStandby::ms_dispatch(Message *m)
|
||||
}
|
||||
|
||||
|
||||
bool MgrStandby::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
|
||||
bool force_new)
|
||||
bool MgrStandby::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
|
||||
{
|
||||
if (dest_type == CEPH_ENTITY_TYPE_MON)
|
||||
return true;
|
||||
|
||||
if (force_new) {
|
||||
auto timeout = cct->_conf.get_val<int64_t>("rotating_keys_renewal_timeout");
|
||||
if (monc.wait_auth_rotating(timeout) < 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
*authorizer = monc.build_authorizer(dest_type);
|
||||
return *authorizer != NULL;
|
||||
}
|
||||
|
||||
@ -73,8 +73,7 @@ public:
|
||||
bool ms_dispatch(Message *m) override;
|
||||
bool ms_handle_reset(Connection *con) override { return false; }
|
||||
void ms_handle_remote_reset(Connection *con) override {}
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
|
||||
bool force_new) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
|
||||
bool ms_handle_refused(Connection *con) override;
|
||||
|
||||
int init();
|
||||
|
||||
@ -5859,8 +5859,7 @@ void Monitor::extract_save_mon_key(KeyRing& keyring)
|
||||
}
|
||||
}
|
||||
|
||||
bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer,
|
||||
bool force_new)
|
||||
bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer)
|
||||
{
|
||||
dout(10) << "ms_get_authorizer for " << ceph_entity_type_name(service_id)
|
||||
<< dendl;
|
||||
|
||||
@ -892,7 +892,7 @@ public:
|
||||
void dispatch_op(MonOpRequestRef op);
|
||||
//mon_caps is used for un-connected messages from monitors
|
||||
MonCap mon_caps;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
|
||||
KeyStore *ms_get_auth1_authorizer_keystore();
|
||||
public: // for AuthMonitor msgr1:
|
||||
int ms_handle_authentication(Connection *con) override;
|
||||
|
||||
@ -238,7 +238,9 @@ public:
|
||||
*
|
||||
* @return True if this function call properly filled in *a, false otherwise.
|
||||
*/
|
||||
virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a, bool force_new) { return false; }
|
||||
virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) {
|
||||
return false;
|
||||
}
|
||||
/**
|
||||
* @} //Authentication
|
||||
*/
|
||||
|
||||
@ -752,10 +752,10 @@ public:
|
||||
* @param force_new True if we want to wait for new keys, false otherwise.
|
||||
* @return A pointer to the AuthAuthorizer, if we have one; NULL otherwise
|
||||
*/
|
||||
AuthAuthorizer *ms_deliver_get_authorizer(int peer_type, bool force_new) {
|
||||
AuthAuthorizer *ms_deliver_get_authorizer(int peer_type) {
|
||||
AuthAuthorizer *a = 0;
|
||||
for (const auto& dispatcher : dispatchers) {
|
||||
if (dispatcher->ms_get_authorizer(peer_type, &a, force_new))
|
||||
if (dispatcher->ms_get_authorizer(peer_type, &a))
|
||||
return a;
|
||||
}
|
||||
return NULL;
|
||||
|
||||
@ -1419,8 +1419,7 @@ CtPtr ProtocolV1::send_connect_message() {
|
||||
ldout(cct, 20) << __func__ << dendl;
|
||||
|
||||
if (!authorizer) {
|
||||
authorizer = messenger->ms_deliver_get_authorizer(connection->peer_type,
|
||||
false);
|
||||
authorizer = messenger->ms_deliver_get_authorizer(connection->peer_type);
|
||||
}
|
||||
|
||||
ceph_msg_connect connect;
|
||||
|
||||
@ -1450,7 +1450,7 @@ CtPtr ProtocolV2::send_connect_message() {
|
||||
|
||||
if (!authorizer) {
|
||||
authorizer =
|
||||
messenger->ms_deliver_get_authorizer(connection->peer_type, false);
|
||||
messenger->ms_deliver_get_authorizer(connection->peer_type);
|
||||
}
|
||||
|
||||
ceph_msg_connect connect;
|
||||
|
||||
@ -993,8 +993,6 @@ void Pipe::set_socket_options()
|
||||
|
||||
int Pipe::connect()
|
||||
{
|
||||
bool got_bad_auth = false;
|
||||
|
||||
ldout(msgr->cct,10) << "connect " << connect_seq << dendl;
|
||||
ceph_assert(pipe_lock.is_locked());
|
||||
|
||||
@ -1148,7 +1146,7 @@ int Pipe::connect()
|
||||
|
||||
while (1) {
|
||||
if (!authorizer) {
|
||||
authorizer = msgr->ms_deliver_get_authorizer(peer_type, false);
|
||||
authorizer = msgr->ms_deliver_get_authorizer(peer_type);
|
||||
}
|
||||
bufferlist authorizer_reply;
|
||||
|
||||
@ -1260,13 +1258,7 @@ int Pipe::connect()
|
||||
|
||||
if (reply.tag == CEPH_MSGR_TAG_BADAUTHORIZER) {
|
||||
ldout(msgr->cct,0) << "connect got BADAUTHORIZER" << dendl;
|
||||
if (got_bad_auth)
|
||||
goto stop_locked;
|
||||
got_bad_auth = true;
|
||||
pipe_lock.Unlock();
|
||||
delete authorizer;
|
||||
authorizer = msgr->ms_deliver_get_authorizer(peer_type, true);
|
||||
continue;
|
||||
goto fail_locked;
|
||||
}
|
||||
if (reply.tag == CEPH_MSGR_TAG_RESETSESSION) {
|
||||
ldout(msgr->cct,0) << "connect got RESETSESSION" << dendl;
|
||||
|
||||
@ -7035,7 +7035,7 @@ void OSD::ms_fast_preprocess(Message *m)
|
||||
}
|
||||
}
|
||||
|
||||
bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new)
|
||||
bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
|
||||
{
|
||||
dout(10) << "OSD::ms_get_authorizer type=" << ceph_entity_type_name(dest_type) << dendl;
|
||||
|
||||
@ -7047,16 +7047,6 @@ bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool for
|
||||
if (dest_type == CEPH_ENTITY_TYPE_MON)
|
||||
return true;
|
||||
|
||||
if (force_new) {
|
||||
/* the MonClient checks keys every tick(), so we should just wait for that cycle
|
||||
to get through */
|
||||
auto timeout = g_conf().get_val<int64_t>("rotating_keys_renewal_timeout");
|
||||
if (monc->wait_auth_rotating(timeout) < 0) {
|
||||
derr << "OSD::ms_get_authorizer wait_auth_rotating failed" << dendl;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
*authorizer = monc->build_authorizer(dest_type);
|
||||
return *authorizer != NULL;
|
||||
}
|
||||
|
||||
@ -1661,13 +1661,12 @@ public:
|
||||
int ms_handle_authentication(Connection *con) override {
|
||||
return true;
|
||||
}
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
|
||||
bool force_new) override {
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override {
|
||||
// some pre-nautilus OSDs get confused if you include an
|
||||
// authorizer but they are not expecting it. do not try to authorize
|
||||
// heartbeat connections until all OSDs are nautilus.
|
||||
if (osd->get_osdmap()->require_osd_release >= CEPH_RELEASE_NAUTILUS) {
|
||||
return osd->ms_get_authorizer(dest_type, authorizer, force_new);
|
||||
return osd->ms_get_authorizer(dest_type, authorizer);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
@ -2197,7 +2196,7 @@ private:
|
||||
void ms_fast_dispatch(Message *m) override;
|
||||
void ms_fast_preprocess(Message *m) override;
|
||||
bool ms_dispatch(Message *m) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer, bool force_new) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
|
||||
void ms_handle_connect(Connection *con) override;
|
||||
void ms_handle_fast_connect(Connection *con) override;
|
||||
void ms_handle_fast_accept(Connection *con) override;
|
||||
|
||||
@ -4415,8 +4415,7 @@ bool Objecter::ms_handle_refused(Connection *con)
|
||||
}
|
||||
|
||||
bool Objecter::ms_get_authorizer(int dest_type,
|
||||
AuthAuthorizer **authorizer,
|
||||
bool force_new)
|
||||
AuthAuthorizer **authorizer)
|
||||
{
|
||||
if (!initialized)
|
||||
return false;
|
||||
|
||||
@ -3047,8 +3047,7 @@ public:
|
||||
void ms_handle_remote_reset(Connection *con) override;
|
||||
bool ms_handle_refused(Connection *con) override;
|
||||
bool ms_get_authorizer(int dest_type,
|
||||
AuthAuthorizer **authorizer,
|
||||
bool force_new) override;
|
||||
AuthAuthorizer **authorizer) override;
|
||||
|
||||
void blacklist_self(bool set);
|
||||
|
||||
|
||||
@ -60,7 +60,7 @@ struct Server {
|
||||
0, bufferlist{});
|
||||
}
|
||||
seastar::future<std::unique_ptr<AuthAuthorizer>>
|
||||
ms_get_authorizer(peer_type_t, bool) override {
|
||||
ms_get_authorizer(peer_type_t) override {
|
||||
return seastar::make_ready_future<std::unique_ptr<AuthAuthorizer>>(
|
||||
new DummyAuthAuthorizer{});
|
||||
}
|
||||
|
||||
@ -89,13 +89,12 @@ public:
|
||||
* @param a Double pointer to an AuthAuthorizer. The Dispatcher will fill
|
||||
* in *a with the correct AuthAuthorizer, if it can. Make sure that you have
|
||||
* set *a to NULL before calling in.
|
||||
* @param force_new Force the Dispatcher to wait for a new set of keys before
|
||||
* returning the authorizer.
|
||||
*
|
||||
* @return True if this function call properly filled in *a, false otherwise.
|
||||
*/
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **a,
|
||||
bool force_new) override { return false; };
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) override {
|
||||
return false;
|
||||
};
|
||||
|
||||
int ms_handle_authentication(Connection *con) override {
|
||||
return 1;
|
||||
|
||||
@ -89,13 +89,12 @@ public:
|
||||
* @param a Double pointer to an AuthAuthorizer. The Dispatcher will fill
|
||||
* in *a with the correct AuthAuthorizer, if it can. Make sure that you have
|
||||
* set *a to NULL before calling in.
|
||||
* @param force_new Force the Dispatcher to wait for a new set of keys before
|
||||
* returning the authorizer.
|
||||
*
|
||||
* @return True if this function call properly filled in *a, false otherwise.
|
||||
*/
|
||||
virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a,
|
||||
bool force_new) { return false; };
|
||||
virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) {
|
||||
return false;
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
|
||||
@ -156,19 +156,11 @@ void MDSUtility::handle_fs_map(MFSMap* m)
|
||||
}
|
||||
|
||||
|
||||
bool MDSUtility::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
|
||||
bool force_new)
|
||||
bool MDSUtility::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
|
||||
{
|
||||
if (dest_type == CEPH_ENTITY_TYPE_MON)
|
||||
return true;
|
||||
|
||||
if (force_new) {
|
||||
auto timeout =
|
||||
g_ceph_context->_conf.get_val<int64_t>("rotating_keys_renewal_timeout");
|
||||
if (monc->wait_auth_rotating(timeout) < 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
*authorizer = monc->build_authorizer(dest_type);
|
||||
return *authorizer != NULL;
|
||||
}
|
||||
|
||||
@ -51,8 +51,7 @@ public:
|
||||
bool ms_handle_reset(Connection *con) override { return false; }
|
||||
void ms_handle_remote_reset(Connection *con) override {}
|
||||
bool ms_handle_refused(Connection *con) override { return false; }
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer,
|
||||
bool force_new) override;
|
||||
bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
|
||||
int init();
|
||||
void shutdown();
|
||||
};
|
||||
|
||||
Loading…
Reference in New Issue
Block a user