msg: remove old ms_* auth methods from Dispatcher interface

In the mon there is an opportunity to further clean up the code around
get_authorizer().

Signed-off-by: Sage Weil <sage@redhat.com>

src/client/Client.cc

@@ -13990,14 +13990,6 @@ bool Client::ms_handle_refused(Connection *con)
   return false;
 }
 
-bool Client::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
-{
-  if (dest_type == CEPH_ENTITY_TYPE_MON)
-    return true;
-  *authorizer = monclient->build_authorizer(dest_type);
-  return true;
-}
-
 Inode *Client::get_quota_root(Inode *in, const UserPerm& perms)
 {
   Inode *quota_in = root_ancestor;

src/client/Client.h

@@ -923,7 +923,6 @@ protected:
   bool ms_handle_reset(Connection *con) override;
   void ms_handle_remote_reset(Connection *con) override;
   bool ms_handle_refused(Connection *con) override;
-  bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
 
   int authenticate();
 

src/librados/RadosClient.cc

@@ -56,16 +56,6 @@
 #undef dout_prefix
 #define dout_prefix *_dout << "librados: "
 
-bool librados::RadosClient::ms_get_authorizer(int dest_type,
-					      AuthAuthorizer **authorizer) {
-  //ldout(cct, 0) << "RadosClient::ms_get_authorizer type=" << dest_type << dendl;
-  /* monitor authorization is being handled on different layer */
-  if (dest_type == CEPH_ENTITY_TYPE_MON)
-    return true;
-  *authorizer = monclient.build_authorizer(dest_type);
-  return *authorizer != NULL;
-}
-
 librados::RadosClient::RadosClient(CephContext *cct_)
   : Dispatcher(cct_->get()),
     cct_deleter{cct_, [](CephContext *p) {p->put();}},

src/librados/RadosClient.h

@@ -61,7 +61,6 @@ private:
   bool _dispatch(Message *m);
   bool ms_dispatch(Message *m) override;
 
-  bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
   void ms_handle_connect(Connection *con) override;
   bool ms_handle_reset(Connection *con) override;
   void ms_handle_remote_reset(Connection *con) override;

src/mds/MDSDaemon.cc

@@ -1163,20 +1163,6 @@ bool MDSDaemon::ms_dispatch2(const ref_t<Message> &m)
   }
 }
 
-bool MDSDaemon::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
-{
-  dout(10) << "MDSDaemon::ms_get_authorizer type="
-           << ceph_entity_type_name(dest_type) << dendl;
-
-  /* monitor authorization is being handled on different layer */
-  if (dest_type == CEPH_ENTITY_TYPE_MON)
-    return true;
-
-  *authorizer = monc->build_authorizer(dest_type);
-  return *authorizer != NULL;
-}
-
-
 /*
  * high priority messages we always process
  */
@@ -1277,11 +1263,6 @@ bool MDSDaemon::ms_handle_refused(Connection *con)
   return false;
 }
 
-KeyStore *MDSDaemon::ms_get_auth1_authorizer_keystore()
-{
-  return monc->rotating_secrets.get();
-}
-
 bool MDSDaemon::parse_caps(const AuthCapsInfo& info, MDSAuthCaps& caps)
 {
   caps.clear();

src/mds/MDSDaemon.h

@@ -106,9 +106,7 @@ class MDSDaemon : public Dispatcher, public md_config_obs_t {
 
  private:
   bool ms_dispatch2(const ref_t<Message> &m) override;
-  bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
   int ms_handle_authentication(Connection *con) override;
-  KeyStore *ms_get_auth1_authorizer_keystore() override;
   void ms_handle_accept(Connection *con) override;
   void ms_handle_connect(Connection *con) override;
   bool ms_handle_reset(Connection *con) override;

src/mgr/DaemonServer.cc

@@ -158,11 +158,6 @@ entity_addrvec_t DaemonServer::get_myaddrs() const
   return msgr->get_myaddrs();
 }
 
-KeyStore *DaemonServer::ms_get_auth1_authorizer_keystore()
-{
-  return monc->rotating_secrets.get();
-}
-
 int DaemonServer::ms_handle_authentication(Connection *con)
 {
   MgrSession *s = new MgrSession(cct);
@@ -210,21 +205,6 @@ int DaemonServer::ms_handle_authentication(Connection *con)
   return 1;
 }
 
-bool DaemonServer::ms_get_authorizer(
-  int dest_type,
-  AuthAuthorizer **authorizer)
-{
-  dout(10) << "type=" << ceph_entity_type_name(dest_type) << dendl;
-
-  if (dest_type == CEPH_ENTITY_TYPE_MON) {
-    return true;
-  }
-
-  *authorizer = monc->build_authorizer(dest_type);
-  dout(20) << "got authorizer " << *authorizer << dendl;
-  return *authorizer != NULL;
-}
-
 bool DaemonServer::ms_handle_reset(Connection *con)
 {
   if (con->get_peer_type() == CEPH_ENTITY_TYPE_OSD) {

src/mgr/DaemonServer.h

@@ -142,8 +142,6 @@ public:
   bool ms_handle_reset(Connection *con) override;
   void ms_handle_remote_reset(Connection *con) override {}
   bool ms_handle_refused(Connection *con) override;
-  bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
-  KeyStore *ms_get_auth1_authorizer_keystore() override;
 
   bool handle_open(const ceph::ref_t<MMgrOpen>& m);
   bool handle_close(const ceph::ref_t<MMgrClose>& m);

src/mgr/MgrStandby.cc

@@ -452,15 +452,6 @@ bool MgrStandby::ms_dispatch2(const ref_t<Message>& m)
 }
 
 
-bool MgrStandby::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
-{
-  if (dest_type == CEPH_ENTITY_TYPE_MON)
-    return true;
-
-  *authorizer = monc.build_authorizer(dest_type);
-  return *authorizer != NULL;
-}
-
 bool MgrStandby::ms_handle_refused(Connection *con)
 {
   // do nothing for now

src/mgr/MgrStandby.h

@@ -74,7 +74,6 @@ public:
   bool ms_dispatch2(const ceph::ref_t<Message>& m) override;
   bool ms_handle_reset(Connection *con) override { return false; }
   void ms_handle_remote_reset(Connection *con) override {}
-  bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
   bool ms_handle_refused(Connection *con) override;
 
   int init();

src/mon/Monitor.cc

@@ -6021,7 +6021,7 @@ int Monitor::get_auth_request(
     return -EACCES;
   }
   AuthAuthorizer *auth;
-  if (!ms_get_authorizer(con->get_peer_type(), &auth)) {
+  if (!get_authorizer(con->get_peer_type(), &auth)) {
     return -EACCES;
   }
   auth_meta->authorizer.reset(auth);
@@ -6082,9 +6082,9 @@ int Monitor::handle_auth_bad_method(
   return -EACCES;
 }
 
-bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer)
+bool Monitor::get_authorizer(int service_id, AuthAuthorizer **authorizer)
 {
-  dout(10) << "ms_get_authorizer for " << ceph_entity_type_name(service_id)
+  dout(10) << "get_authorizer for " << ceph_entity_type_name(service_id)
 	   << dendl;
 
   if (is_shutdown())
@@ -6153,7 +6153,7 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer)
 
   CephXTicketBlob blob;
   if (!cephx_build_service_ticket_blob(cct, info, blob)) {
-    dout(0) << "ms_get_authorizer failed to build service ticket" << dendl;
+    dout(0) << "get_authorizer failed to build service ticket" << dendl;
     return false;
   }
   bufferlist ticket_data;
@@ -6170,11 +6170,6 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer)
   return true;
 }
 
-KeyStore *Monitor::ms_get_auth1_authorizer_keystore()
-{
-  return &keyring;
-}
-
 int Monitor::handle_auth_request(
   Connection *con,
   AuthConnectionMeta *auth_meta,

src/mon/Monitor.h

@@ -892,8 +892,7 @@ public:
   void dispatch_op(MonOpRequestRef op);
   //mon_caps is used for un-connected messages from monitors
   MonCap mon_caps;
-  bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
-  KeyStore *ms_get_auth1_authorizer_keystore();
+  bool get_authorizer(int dest_type, AuthAuthorizer **authorizer);
 public: // for AuthMonitor msgr1:
   int ms_handle_authentication(Connection *con) override;
 private:

src/msg/Dispatcher.h

@@ -23,10 +23,8 @@
 
 class Messenger;
 class Connection;
-class AuthAuthorizer;
 class CryptoKey;
 class CephContext;
-class AuthAuthorizerChallenge;
 class KeyStore;
 
 class Dispatcher {
@@ -216,32 +214,6 @@ public:
     return 0;
   }
 
-  /**
-   * get authentication keyring
-   *
-   * Return the keyring to use for authentication with msgr1.  Remove me
-   * someday.
-   */
-  virtual KeyStore* ms_get_auth1_authorizer_keystore() {
-    return nullptr;
-  }
-
-  /**
-   * Retrieve the AuthAuthorizer for the given peer type. It might not
-   * provide one if it knows there is no AuthAuthorizer for that type.
-   *
-   * @param dest_type The peer type we want the authorizer for.
-   * @param a Double pointer to an AuthAuthorizer. The Dispatcher will fill
-   * in *a with the correct AuthAuthorizer, if it can. Make sure that you have
-   * set *a to NULL before calling in.
-   * @param force_new Force the Dispatcher to wait for a new set of keys before
-   * returning the authorizer.
-   *
-   * @return True if this function call properly filled in *a, false otherwise.
-   */
-  virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer **a) {
-    return false;
-  }
   /**
    * @} //Authentication
    */

src/msg/Messenger.cc

@@ -97,60 +97,3 @@ int Messenger::bindv(const entity_addrvec_t& addrs)
   return bind(addrs.legacy_addr());
 }
 
-bool Messenger::ms_deliver_verify_authorizer(
-  Connection *con,
-  int peer_type,
-  int protocol,
-  bufferlist& authorizer,
-  bufferlist& authorizer_reply,
-  bool& isvalid,
-  CryptoKey& session_key,
-  std::string *connection_secret,
-  std::unique_ptr<AuthAuthorizerChallenge> *challenge)
-{
-  if (authorizer.length() == 0) {
-    for (auto dis : dispatchers) {
-      if (!dis->require_authorizer) {
-	//ldout(cct,10) << __func__ << " tolerating missing authorizer" << dendl;
-	isvalid = true;
-	return true;
-      }
-    }
-  }
-  AuthAuthorizeHandler *ah = auth_registry.get_handler(peer_type, protocol);
-  if (get_mytype() == CEPH_ENTITY_TYPE_MON &&
-      peer_type != CEPH_ENTITY_TYPE_MON) {
-    // the monitor doesn't do authenticators for msgr1.
-    isvalid = true;
-    return true;
-  }
-  if (!ah) {
-    lderr(cct) << __func__ << " no AuthAuthorizeHandler found for protocol "
-	       << protocol << dendl;
-    isvalid = false;
-    return false;
-  }
-
-  for (auto dis : dispatchers) {
-    KeyStore *ks = dis->ms_get_auth1_authorizer_keystore();
-    if (ks) {
-      isvalid = ah->verify_authorizer(
-	cct,
-	ks,
-	authorizer,
-	0,
-	&authorizer_reply,
-	&con->peer_name,
-	&con->peer_global_id,
-	&con->peer_caps_info,
-	&session_key,
-	connection_secret,
-	challenge);
-      if (isvalid) {
-	return dis->ms_handle_authentication(con)>=0;
-      }
-      return true;
-    }
-  }
-  return false;
-}

src/msg/Messenger.h

@@ -788,43 +788,6 @@ public:
     }
   }
 
-  /**
-   * Get the AuthAuthorizer for a new outgoing Connection.
-   *
-   * @param peer_type The peer type for the new Connection
-   * @param force_new True if we want to wait for new keys, false otherwise.
-   * @return A pointer to the AuthAuthorizer, if we have one; NULL otherwise
-   */
-  AuthAuthorizer *ms_deliver_get_authorizer(int peer_type) {
-    AuthAuthorizer *a = 0;
-    for (const auto& dispatcher : dispatchers) {
-      if (dispatcher->ms_get_authorizer(peer_type, &a))
-	return a;
-    }
-    return NULL;
-  }
-  /**
-   * Verify that the authorizer on a new incoming Connection is correct.
-   *
-   * @param con The new incoming Connection
-   * @param peer_type The type of the endpoint on the new Connection
-   * @param protocol The ID of the protocol in use (at time of writing, cephx or none)
-   * @param authorizer The authorization string supplied by the remote
-   * @param authorizer_reply Output param: The string we should send back to
-   * the remote to authorize ourselves. Only filled in if isvalid
-   * @param isvalid Output param: True if authorizer is valid, false otherwise
-   *
-   * @return True if we were able to prove or disprove correctness of
-   * authorizer, false otherwise.
-   */
-  bool ms_deliver_verify_authorizer(
-    Connection *con, int peer_type,
-    int protocol, ceph::buffer::list& authorizer, ceph::buffer::list& authorizer_reply,
-    bool& isvalid,
-    CryptoKey& session_key,
-    std::string *connection_secret,
-    std::unique_ptr<AuthAuthorizerChallenge> *challenge);
-
   /**
    * @} // Dispatcher Interfacing
    */

src/osd/OSD.cc

@@ -7244,27 +7244,6 @@ void OSD::ms_fast_dispatch(Message *m)
   OID_EVENT_TRACE_WITH_MSG(m, "MS_FAST_DISPATCH_END", false); 
 }
 
-bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
-{
-  dout(10) << "OSD::ms_get_authorizer type=" << ceph_entity_type_name(dest_type) << dendl;
-
-  if (is_stopping()) {
-    dout(10) << __func__ << " bailing, we are shutting down" << dendl;
-    return false;
-  }
-
-  if (dest_type == CEPH_ENTITY_TYPE_MON)
-    return true;
-
-  *authorizer = monc->build_authorizer(dest_type);
-  return *authorizer != NULL;
-}
-
-KeyStore *OSD::ms_get_auth1_authorizer_keystore()
-{
-  return monc->rotating_secrets.get();
-}
-
 int OSD::ms_handle_authentication(Connection *con)
 {
   int ret = 0;

src/osd/OSD.h

@@ -1668,18 +1668,6 @@ public:
     int ms_handle_authentication(Connection *con) override {
       return true;
     }
-    bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override {
-      // some pre-nautilus OSDs get confused if you include an
-      // authorizer but they are not expecting it.  do not try to authorize
-      // heartbeat connections until all OSDs are nautilus.
-      if (osd->get_osdmap()->require_osd_release >= CEPH_RELEASE_NAUTILUS) {
-	return osd->ms_get_authorizer(dest_type, authorizer);
-      }
-      return false;
-    }
-    KeyStore *ms_get_auth1_authorizer_keystore() override {
-      return osd->ms_get_auth1_authorizer_keystore();
-    }
   } heartbeat_dispatcher;
 
 private:
@@ -2201,12 +2189,10 @@ private:
   }
   void ms_fast_dispatch(Message *m) override;
   bool ms_dispatch(Message *m) override;
-  bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
   void ms_handle_connect(Connection *con) override;
   void ms_handle_fast_connect(Connection *con) override;
   void ms_handle_fast_accept(Connection *con) override;
   int ms_handle_authentication(Connection *con) override;
-  KeyStore *ms_get_auth1_authorizer_keystore() override;
   bool ms_handle_reset(Connection *con) override;
   void ms_handle_remote_reset(Connection *con) override {}
   bool ms_handle_refused(Connection *con) override;

src/osdc/Objecter.cc

@@ -4458,17 +4458,6 @@ bool Objecter::ms_handle_refused(Connection *con)
   return false;
 }
 
-bool Objecter::ms_get_authorizer(int dest_type,
-				 AuthAuthorizer **authorizer)
-{
-  if (!initialized)
-    return false;
-  if (dest_type == CEPH_ENTITY_TYPE_MON)
-    return true;
-  *authorizer = monc->build_authorizer(dest_type);
-  return *authorizer != NULL;
-}
-
 void Objecter::op_target_t::dump(Formatter *f) const
 {
   f->dump_stream("pg") << pgid;

src/osdc/Objecter.h

@@ -3066,8 +3066,6 @@ public:
   bool ms_handle_reset(Connection *con) override;
   void ms_handle_remote_reset(Connection *con) override;
   bool ms_handle_refused(Connection *con) override;
-  bool ms_get_authorizer(int dest_type,
-			 AuthAuthorizer **authorizer) override;
 
   void blacklist_self(bool set);
 

src/tools/cephfs/MDSUtility.cc

@@ -156,11 +156,3 @@ void MDSUtility::handle_fs_map(MFSMap* m)
 }
 
 
-bool MDSUtility::ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer)
-{
-  if (dest_type == CEPH_ENTITY_TYPE_MON)
-    return true;
-
-  *authorizer = monc->build_authorizer(dest_type);
-  return *authorizer != NULL;
-}

src/tools/cephfs/MDSUtility.h

@@ -51,7 +51,6 @@ public:
   bool ms_handle_reset(Connection *con) override { return false; }
   void ms_handle_remote_reset(Connection *con) override {}
   bool ms_handle_refused(Connection *con) override { return false; }
-  bool ms_get_authorizer(int dest_type, AuthAuthorizer **authorizer) override;
   int init();
   void shutdown();
 };