ceph: negotiate authentication protocol; implement AUTH_NONE protocol

When we open a monitor session, we send an initial AUTH message listing the auth protocols we support, our entity name, and (possibly) a previously assigned global_id. The monitor chooses a protocol and responds with an initial message. Initially implement AUTH_NONE, a dummy protocol that provides no security, but works within the new framework. It generates 'authorizers' that are used when connecting to (mds, osd) services that simply state our entity name and global_id. This is a wire protocol change. Signed-off-by: Sage Weil <sage@newdream.net>
author: Sage Weil <sage@newdream.net> 2009-11-18 19:19:57 -0500
committer: Sage Weil <sage@newdream.net> 2009-11-18 19:19:57 -0500
commit: 4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc (patch)
tree: a77e9b4563022340361ca673ef2e1beebb538e2f /fs/ceph/mds_client.c
parent: 5f44f142601bf94c448e2d463f0f18fd159da164 (diff)
1 files changed, 65 insertions, 4 deletions
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
index 69feeb1c9819..8a285158aecc 100644
--- a/fs/ceph/mds_client.c
+++ b/fs/ceph/mds_client.c
@@ -8,6 +8,7 @@
 #include "super.h"
 #include "messenger.h"
 #include "decode.h"
+#include "auth.h"
 /*
 * A cluster of MDS (metadata server) daemons is responsible for
@@ -274,8 +275,12 @@ void ceph_put_mds_session(struct ceph_mds_session *s)
 {
        dout("mdsc put_session %p %d -> %d\n", s,
             atomic_read(&s->s_ref), atomic_read(&s->s_ref)-1);
-        if (atomic_dec_and_test(&s->s_ref))
+        if (atomic_dec_and_test(&s->s_ref)) {
+                if (s->s_authorizer)
+                        s->s_mdsc->client->monc.auth->ops->destroy_authorizer(
+                                s->s_mdsc->client->monc.auth, s->s_authorizer);
                kfree(s);
+        }
 }
 /*
@@ -2777,9 +2782,15 @@ void ceph_mdsc_handle_map(struct ceph_mds_client *mdsc, struct ceph_msg *msg)
        ceph_decode_need(&p, end, sizeof(fsid)+2*sizeof(u32), bad);
        ceph_decode_copy(&p, &fsid, sizeof(fsid));
-        if (ceph_fsid_compare(&fsid, &mdsc->client->monc.monmap->fsid)) {
+        if (mdsc->client->monc.have_fsid) {
-                pr_err("got mdsmap with wrong fsid\n");
+                if (ceph_fsid_compare(&fsid,
-                return;
+                                      &mdsc->client->monc.monmap->fsid)) {
+                        pr_err("got mdsmap with wrong fsid\n");
+                        return;
+                }
+        } else {
+                ceph_fsid_set(&mdsc->client->monc.monmap->fsid, &fsid);
+                mdsc->client->monc.have_fsid = true;
        }
        epoch = ceph_decode_32(&p);
        maplen = ceph_decode_32(&p);
@@ -2895,10 +2906,60 @@ static void dispatch(struct ceph_connection *con, struct ceph_msg *msg)
        ceph_msg_put(msg);
 }
+/*
+ * authentication
+ */
+static int get_authorizer(struct ceph_connection *con,
+                          void **buf, int *len, int *proto,
+                          void **reply_buf, int *reply_len, int force_new)
+{
+        struct ceph_mds_session *s = con->private;
+        struct ceph_mds_client *mdsc = s->s_mdsc;
+        struct ceph_auth_client *ac = mdsc->client->monc.auth;
+        int ret = 0;
+        if (force_new && s->s_authorizer) {
+                ac->ops->destroy_authorizer(ac, s->s_authorizer);
+                s->s_authorizer = NULL;
+        }
+        if (s->s_authorizer == NULL) {
+                if (ac->ops->create_authorizer) {
+                        ret = ac->ops->create_authorizer(
+                                ac, CEPH_ENTITY_TYPE_MDS,
+                                &s->s_authorizer,
+                                &s->s_authorizer_buf,
+                                &s->s_authorizer_buf_len,
+                                &s->s_authorizer_reply_buf,
+                                &s->s_authorizer_reply_buf_len);
+                        if (ret)
+                                return ret;
+                }
+        }
+        *proto = ac->protocol;
+        *buf = s->s_authorizer_buf;
+        *len = s->s_authorizer_buf_len;
+        *reply_buf = s->s_authorizer_reply_buf;
+        *reply_len = s->s_authorizer_reply_buf_len;
+        return 0;
+}
+static int verify_authorizer_reply(struct ceph_connection *con, int len)
+{
+        struct ceph_mds_session *s = con->private;
+        struct ceph_mds_client *mdsc = s->s_mdsc;
+        struct ceph_auth_client *ac = mdsc->client->monc.auth;
+        return ac->ops->verify_authorizer_reply(ac, s->s_authorizer, len);
+}
 const static struct ceph_connection_operations mds_con_ops = {
        .get = con_get,
        .put = con_put,
        .dispatch = dispatch,
+        .get_authorizer = get_authorizer,
+        .verify_authorizer_reply = verify_authorizer_reply,
        .peer_reset = peer_reset,
        .alloc_msg = ceph_alloc_msg,
        .alloc_middle = ceph_alloc_middle,
author	Sage Weil <sage@newdream.net>	2009-11-18 19:19:57 -0500
committer	Sage Weil <sage@newdream.net>	2009-11-18 19:19:57 -0500
commit	4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc (patch)
tree	a77e9b4563022340361ca673ef2e1beebb538e2f /fs/ceph/mds_client.c
parent	5f44f142601bf94c448e2d463f0f18fd159da164 (diff)

diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index 69feeb1c9819..8a285158aecc 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c
@@ -8,6 +8,7 @@
8	#include "super.h"	8	#include "super.h"
9	#include "messenger.h"	9	#include "messenger.h"
10	#include "decode.h"	10	#include "decode.h"
		11	#include "auth.h"
11		12
12	/*	13	/*
13	* A cluster of MDS (metadata server) daemons is responsible for	14	* A cluster of MDS (metadata server) daemons is responsible for
@@ -274,8 +275,12 @@ void ceph_put_mds_session(struct ceph_mds_session *s)
274	{	275	{
275	dout("mdsc put_session %p %d -> %d\n", s,	276	dout("mdsc put_session %p %d -> %d\n", s,
276	atomic_read(&s->s_ref), atomic_read(&s->s_ref)-1);	277	atomic_read(&s->s_ref), atomic_read(&s->s_ref)-1);
277	if (atomic_dec_and_test(&s->s_ref))	278	if (atomic_dec_and_test(&s->s_ref)) {
		279	if (s->s_authorizer)
		280	s->s_mdsc->client->monc.auth->ops->destroy_authorizer(
		281	s->s_mdsc->client->monc.auth, s->s_authorizer);
278	kfree(s);	282	kfree(s);
		283	}
279	}	284	}
280		285
281	/*	286	/*
@@ -2777,9 +2782,15 @@ void ceph_mdsc_handle_map(struct ceph_mds_client mdsc, struct ceph_msg msg)
2777		2782
2778	ceph_decode_need(&p, end, sizeof(fsid)+2*sizeof(u32), bad);	2783	ceph_decode_need(&p, end, sizeof(fsid)+2*sizeof(u32), bad);
2779	ceph_decode_copy(&p, &fsid, sizeof(fsid));	2784	ceph_decode_copy(&p, &fsid, sizeof(fsid));
2780	if (ceph_fsid_compare(&fsid, &mdsc->client->monc.monmap->fsid)) {	2785	if (mdsc->client->monc.have_fsid) {
2781	pr_err("got mdsmap with wrong fsid\n");	2786	if (ceph_fsid_compare(&fsid,
2782	return;	2787	&mdsc->client->monc.monmap->fsid)) {
		2788	pr_err("got mdsmap with wrong fsid\n");
		2789	return;
		2790	}
		2791	} else {
		2792	ceph_fsid_set(&mdsc->client->monc.monmap->fsid, &fsid);
		2793	mdsc->client->monc.have_fsid = true;
2783	}	2794	}
2784	epoch = ceph_decode_32(&p);	2795	epoch = ceph_decode_32(&p);
2785	maplen = ceph_decode_32(&p);	2796	maplen = ceph_decode_32(&p);
@@ -2895,10 +2906,60 @@ static void dispatch(struct ceph_connection con, struct ceph_msg msg)
2895	ceph_msg_put(msg);	2906	ceph_msg_put(msg);
2896	}	2907	}
2897		2908
		2909	/*
		2910	* authentication
		2911	*/
		2912	static int get_authorizer(struct ceph_connection *con,
		2913	void *buf, int len, int *proto,
		2914	void *reply_buf, int reply_len, int force_new)
		2915	{
		2916	struct ceph_mds_session *s = con->private;
		2917	struct ceph_mds_client *mdsc = s->s_mdsc;
		2918	struct ceph_auth_client *ac = mdsc->client->monc.auth;
		2919	int ret = 0;
		2920
		2921	if (force_new && s->s_authorizer) {
		2922	ac->ops->destroy_authorizer(ac, s->s_authorizer);
		2923	s->s_authorizer = NULL;
		2924	}
		2925	if (s->s_authorizer == NULL) {
		2926	if (ac->ops->create_authorizer) {
		2927	ret = ac->ops->create_authorizer(
		2928	ac, CEPH_ENTITY_TYPE_MDS,
		2929	&s->s_authorizer,
		2930	&s->s_authorizer_buf,
		2931	&s->s_authorizer_buf_len,
		2932	&s->s_authorizer_reply_buf,
		2933	&s->s_authorizer_reply_buf_len);
		2934	if (ret)
		2935	return ret;
		2936	}
		2937	}
		2938
		2939	*proto = ac->protocol;
		2940	*buf = s->s_authorizer_buf;
		2941	*len = s->s_authorizer_buf_len;
		2942	*reply_buf = s->s_authorizer_reply_buf;
		2943	*reply_len = s->s_authorizer_reply_buf_len;
		2944	return 0;
		2945	}
		2946
		2947
		2948	static int verify_authorizer_reply(struct ceph_connection *con, int len)
		2949	{
		2950	struct ceph_mds_session *s = con->private;
		2951	struct ceph_mds_client *mdsc = s->s_mdsc;
		2952	struct ceph_auth_client *ac = mdsc->client->monc.auth;
		2953
		2954	return ac->ops->verify_authorizer_reply(ac, s->s_authorizer, len);
		2955	}
		2956
2898	const static struct ceph_connection_operations mds_con_ops = {	2957	const static struct ceph_connection_operations mds_con_ops = {
2899	.get = con_get,	2958	.get = con_get,
2900	.put = con_put,	2959	.put = con_put,
2901	.dispatch = dispatch,	2960	.dispatch = dispatch,
		2961	.get_authorizer = get_authorizer,
		2962	.verify_authorizer_reply = verify_authorizer_reply,
2902	.peer_reset = peer_reset,	2963	.peer_reset = peer_reset,
2903	.alloc_msg = ceph_alloc_msg,	2964	.alloc_msg = ceph_alloc_msg,
2904	.alloc_middle = ceph_alloc_middle,	2965	.alloc_middle = ceph_alloc_middle,