From 7bc2abfd3bfbe0b306201c1575bbb4ff57dc7b07 Mon Sep 17 00:00:00 2001 From: Yingxin Cheng Date: Mon, 11 Mar 2019 16:19:24 +0800 Subject: [PATCH] crimson/net: dummy auth for protocol v2 Signed-off-by: Yingxin Cheng --- src/crimson/auth/AuthClient.h | 53 +++++++++++++++++++++ src/crimson/auth/AuthServer.h | 72 +++++++++++++++++++++++++++++ src/crimson/auth/DummyAuth.h | 67 +++++++++++++++++++++++++++ src/crimson/net/Messenger.h | 16 +++++++ src/crimson/net/ProtocolV2.cc | 3 ++ src/test/crimson/test_alien_echo.cc | 7 +++ 6 files changed, 218 insertions(+) create mode 100644 src/crimson/auth/AuthClient.h create mode 100644 src/crimson/auth/AuthServer.h create mode 100644 src/crimson/auth/DummyAuth.h diff --git a/src/crimson/auth/AuthClient.h b/src/crimson/auth/AuthClient.h new file mode 100644 index 00000000000..9d737e079c7 --- /dev/null +++ b/src/crimson/auth/AuthClient.h @@ -0,0 +1,53 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#pragma once + +#include +#include "crimson/net/Fwd.h" + +class CryptoKey; + +namespace ceph::auth { + +// TODO: revisit interfaces for non-dummy implementations +class AuthClient { +public: + virtual ~AuthClient() {} + + // Build an authentication request to begin the handshake + virtual int get_auth_request( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + uint32_t *method, + std::vector *preferred_modes, + bufferlist *out) = 0; + + // Handle server's request to continue the handshake + virtual int handle_auth_reply_more( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + const bufferlist& bl, + bufferlist *reply) = 0; + + // Handle server's indication that authentication succeeded + virtual int handle_auth_done( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + uint64_t global_id, + uint32_t con_mode, + const bufferlist& bl, + CryptoKey *session_key, + std::string *connection_secret) = 0; + + // Handle server's indication that the previous auth attempt failed + virtual int handle_auth_bad_method( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + uint32_t old_auth_method, + int result, + const std::vector& allowed_methods, + const std::vector& allowed_modes) = 0; +}; + +} // namespace ceph::auth diff --git a/src/crimson/auth/AuthServer.h b/src/crimson/auth/AuthServer.h new file mode 100644 index 00000000000..e15d47bb159 --- /dev/null +++ b/src/crimson/auth/AuthServer.h @@ -0,0 +1,72 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#pragma once + +#include +#include "auth/AuthAuthorizeHandler.h" +#include "crimson/net/Fwd.h" + +namespace ceph::auth { + +// TODO: revisit interfaces for non-dummy implementations +class AuthServer { +public: + // TODO: + // AuthRegistry auth_registry; + + AuthServer() {} + virtual ~AuthServer() {} + + // Get authentication methods and connection modes for the given peer type + virtual void get_supported_auth_methods( + int peer_type, + std::vector *methods, + std::vector *modes = nullptr) { + // auth_registry.get_supported_methods(peer_type, methods, modes); + *methods = { CEPH_AUTH_NONE }; + if (modes != nullptr) { + *modes = { CEPH_CON_MODE_CRC }; + } + } + + // Get support connection modes for the given peer type and auth method + virtual void get_supported_con_modes( + int peer_type, + uint32_t auth_method, + std::vector *modes) { + // auth_registry.get_supported_modes(peer_type, auth_method, modes); + *modes = { CEPH_CON_MODE_CRC }; + } + + // Get support connection modes for the given peer type and auth method + virtual uint32_t pick_con_mode( + int peer_type, + uint32_t auth_method, + const std::vector& preferred_modes) { + // return auth_registry.pick_mode(peer_type, auth_method, preferred_modes); + ceph_assert(auth_method == CEPH_AUTH_NONE); + ceph_assert(preferred_modes.size() && + preferred_modes[0] == CEPH_CON_MODE_CRC); + return CEPH_CON_MODE_CRC; + } + + // return an AuthAuthorizeHandler for the given peer type and auth method + AuthAuthorizeHandler *get_auth_authorize_handler( + int peer_type, + int auth_method) { + // return auth_registry.get_handler(peer_type, auth_method); + return nullptr; + } + + // Handle an authentication request on an incoming connection + virtual int handle_auth_request( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + bool more, //< true if this is not the first part of the handshake + uint32_t auth_method, + const bufferlist& bl, + bufferlist *reply) = 0; +}; + +} // namespace ceph::auth diff --git a/src/crimson/auth/DummyAuth.h b/src/crimson/auth/DummyAuth.h new file mode 100644 index 00000000000..e6fc720cad6 --- /dev/null +++ b/src/crimson/auth/DummyAuth.h @@ -0,0 +1,67 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#include "AuthClient.h" +#include "AuthServer.h" + +namespace ceph::auth { + +class DummyAuthClientServer : public AuthClient, + public AuthServer { +public: + DummyAuthClientServer() {} + + // client + int get_auth_request( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + uint32_t *method, + std::vector *preferred_modes, + bufferlist *out) override { + *method = CEPH_AUTH_NONE; + *preferred_modes = { CEPH_CON_MODE_CRC }; + return 0; + } + + int handle_auth_reply_more( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + const bufferlist& bl, + bufferlist *reply) override { + ceph_abort(); + } + + int handle_auth_done( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + uint64_t global_id, + uint32_t con_mode, + const bufferlist& bl, + CryptoKey *session_key, + std::string *connection_secret) { + return 0; + } + + int handle_auth_bad_method( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + uint32_t old_auth_method, + int result, + const std::vector& allowed_methods, + const std::vector& allowed_modes) override { + ceph_abort(); + } + + // server + int handle_auth_request( + ceph::net::ConnectionRef conn, + AuthConnectionMetaRef auth_meta, + bool more, + uint32_t auth_method, + const bufferlist& bl, + bufferlist *reply) override { + return 1; + } +}; + +} // namespace ceph::auth diff --git a/src/crimson/net/Messenger.h b/src/crimson/net/Messenger.h index e3a684e32f0..ed6037ca273 100644 --- a/src/crimson/net/Messenger.h +++ b/src/crimson/net/Messenger.h @@ -22,6 +22,11 @@ class AuthAuthorizer; +namespace ceph::auth { +class AuthClient; +class AuthServer; +} + namespace ceph::net { using Throttle = ceph::thread::Throttle; @@ -33,6 +38,10 @@ class Messenger { uint32_t global_seq = 0; uint32_t crc_flags = 0; + public: + ceph::auth::AuthClient *auth_client = 0; + ceph::auth::AuthServer *auth_server = 0; + public: Messenger(const entity_name_t& name) : my_name(name) @@ -88,6 +97,13 @@ class Messenger { crc_flags |= MSG_CRC_HEADER; } + void set_auth_client(ceph::auth::AuthClient *ac) { + auth_client = ac; + } + void set_auth_server(ceph::auth::AuthServer *as) { + auth_server = as; + } + // get the local messenger shard if it is accessed by another core virtual Messenger* get_local_shard() { return this; diff --git a/src/crimson/net/ProtocolV2.cc b/src/crimson/net/ProtocolV2.cc index 94919fc8cab..40b90e40835 100644 --- a/src/crimson/net/ProtocolV2.cc +++ b/src/crimson/net/ProtocolV2.cc @@ -5,6 +5,9 @@ #include "include/msgr.h" +#include "crimson/auth/AuthClient.h" +#include "crimson/auth/AuthServer.h" + #include "Dispatcher.h" #include "Errors.h" #include "Socket.h" diff --git a/src/test/crimson/test_alien_echo.cc b/src/test/crimson/test_alien_echo.cc index e5f0218b907..bcec1a8455c 100644 --- a/src/test/crimson/test_alien_echo.cc +++ b/src/test/crimson/test_alien_echo.cc @@ -2,6 +2,7 @@ #include "auth/Auth.h" #include "messages/MPing.h" +#include "crimson/auth/DummyAuth.h" #include "crimson/net/Connection.h" #include "crimson/net/Dispatcher.h" #include "crimson/net/Messenger.h" @@ -37,6 +38,7 @@ struct DummyAuthAuthorizer : public AuthAuthorizer { struct Server { ceph::thread::Throttle byte_throttler; ceph::net::Messenger& msgr; + ceph::auth::DummyAuthClientServer dummy_auth; struct ServerDispatcher : ceph::net::Dispatcher { unsigned count = 0; seastar::condition_variable on_reply; @@ -73,6 +75,7 @@ struct Server { struct Client { ceph::thread::Throttle byte_throttler; ceph::net::Messenger& msgr; + ceph::auth::DummyAuthClientServer dummy_auth; struct ClientDispatcher : ceph::net::Dispatcher { unsigned count = 0; seastar::condition_variable on_reply; @@ -161,6 +164,8 @@ seastar_echo(const entity_addr_t addr, echo_role role, unsigned count) // bind the server server.msgr.set_policy_throttler(entity_name_t::TYPE_OSD, &server.byte_throttler); + server.msgr.set_auth_client(&server.dummy_auth); + server.msgr.set_auth_server(&server.dummy_auth); return server.msgr.bind(entity_addrvec_t{addr}) .then([&server] { return server.msgr.start(&server.dispatcher); @@ -183,6 +188,8 @@ seastar_echo(const entity_addr_t addr, echo_role role, unsigned count) std::cout << "client sending to " << addr << std::endl; client.msgr.set_policy_throttler(entity_name_t::TYPE_OSD, &client.byte_throttler); + client.msgr.set_auth_client(&client.dummy_auth); + client.msgr.set_auth_server(&client.dummy_auth); return client.msgr.start(&client.dispatcher) .then([addr, &client] { return client.msgr.connect(addr, entity_name_t::TYPE_OSD);