aboutsummaryrefslogtreecommitdiffstats
path: root/fs/ceph/messenger.c
diff options
context:
space:
mode:
authorSage Weil <sage@newdream.net>2009-11-18 19:19:57 -0500
committerSage Weil <sage@newdream.net>2009-11-18 19:19:57 -0500
commit4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc (patch)
treea77e9b4563022340361ca673ef2e1beebb538e2f /fs/ceph/messenger.c
parent5f44f142601bf94c448e2d463f0f18fd159da164 (diff)
ceph: negotiate authentication protocol; implement AUTH_NONE protocol
When we open a monitor session, we send an initial AUTH message listing the auth protocols we support, our entity name, and (possibly) a previously assigned global_id. The monitor chooses a protocol and responds with an initial message. Initially implement AUTH_NONE, a dummy protocol that provides no security, but works within the new framework. It generates 'authorizers' that are used when connecting to (mds, osd) services that simply state our entity name and global_id. This is a wire protocol change. Signed-off-by: Sage Weil <sage@newdream.net>
Diffstat (limited to 'fs/ceph/messenger.c')
-rw-r--r--fs/ceph/messenger.c54
1 files changed, 52 insertions, 2 deletions
diff --git a/fs/ceph/messenger.c b/fs/ceph/messenger.c
index d8a6a56a1571..0b1674854b25 100644
--- a/fs/ceph/messenger.c
+++ b/fs/ceph/messenger.c
@@ -550,6 +550,27 @@ static void prepare_write_keepalive(struct ceph_connection *con)
550 * Connection negotiation. 550 * Connection negotiation.
551 */ 551 */
552 552
553static void prepare_connect_authorizer(struct ceph_connection *con)
554{
555 void *auth_buf;
556 int auth_len = 0;
557 int auth_protocol = 0;
558
559 if (con->ops->get_authorizer)
560 con->ops->get_authorizer(con, &auth_buf, &auth_len,
561 &auth_protocol, &con->auth_reply_buf,
562 &con->auth_reply_buf_len,
563 con->auth_retry);
564
565 con->out_connect.authorizer_protocol = cpu_to_le32(auth_protocol);
566 con->out_connect.authorizer_len = cpu_to_le32(auth_len);
567
568 con->out_kvec[con->out_kvec_left].iov_base = auth_buf;
569 con->out_kvec[con->out_kvec_left].iov_len = auth_len;
570 con->out_kvec_left++;
571 con->out_kvec_bytes += auth_len;
572}
573
553/* 574/*
554 * We connected to a peer and are saying hello. 575 * We connected to a peer and are saying hello.
555 */ 576 */
@@ -592,6 +613,7 @@ static void prepare_write_connect(struct ceph_messenger *msgr,
592 613
593 dout("prepare_write_connect %p cseq=%d gseq=%d proto=%d\n", con, 614 dout("prepare_write_connect %p cseq=%d gseq=%d proto=%d\n", con,
594 con->connect_seq, global_seq, proto); 615 con->connect_seq, global_seq, proto);
616
595 con->out_connect.host_type = cpu_to_le32(CEPH_ENTITY_TYPE_CLIENT); 617 con->out_connect.host_type = cpu_to_le32(CEPH_ENTITY_TYPE_CLIENT);
596 con->out_connect.connect_seq = cpu_to_le32(con->connect_seq); 618 con->out_connect.connect_seq = cpu_to_le32(con->connect_seq);
597 con->out_connect.global_seq = cpu_to_le32(global_seq); 619 con->out_connect.global_seq = cpu_to_le32(global_seq);
@@ -611,6 +633,8 @@ static void prepare_write_connect(struct ceph_messenger *msgr,
611 con->out_kvec_cur = con->out_kvec; 633 con->out_kvec_cur = con->out_kvec;
612 con->out_more = 0; 634 con->out_more = 0;
613 set_bit(WRITE_PENDING, &con->state); 635 set_bit(WRITE_PENDING, &con->state);
636
637 prepare_connect_authorizer(con);
614} 638}
615 639
616 640
@@ -777,6 +801,13 @@ static void prepare_read_connect(struct ceph_connection *con)
777 con->in_base_pos = 0; 801 con->in_base_pos = 0;
778} 802}
779 803
804static void prepare_read_connect_retry(struct ceph_connection *con)
805{
806 dout("prepare_read_connect_retry %p\n", con);
807 con->in_base_pos = strlen(CEPH_BANNER) + sizeof(con->actual_peer_addr)
808 + sizeof(con->peer_addr_for_me);
809}
810
780static void prepare_read_ack(struct ceph_connection *con) 811static void prepare_read_ack(struct ceph_connection *con)
781{ 812{
782 dout("prepare_read_ack %p\n", con); 813 dout("prepare_read_ack %p\n", con);
@@ -853,9 +884,14 @@ static int read_partial_connect(struct ceph_connection *con)
853 ret = read_partial(con, &to, sizeof(con->in_reply), &con->in_reply); 884 ret = read_partial(con, &to, sizeof(con->in_reply), &con->in_reply);
854 if (ret <= 0) 885 if (ret <= 0)
855 goto out; 886 goto out;
887 ret = read_partial(con, &to, le32_to_cpu(con->in_reply.authorizer_len),
888 con->auth_reply_buf);
889 if (ret <= 0)
890 goto out;
856 891
857 dout("read_partial_connect %p connect_seq = %u, global_seq = %u\n", 892 dout("read_partial_connect %p tag %d, con_seq = %u, g_seq = %u\n",
858 con, le32_to_cpu(con->in_reply.connect_seq), 893 con, (int)con->in_reply.tag,
894 le32_to_cpu(con->in_reply.connect_seq),
859 le32_to_cpu(con->in_reply.global_seq)); 895 le32_to_cpu(con->in_reply.global_seq));
860out: 896out:
861 return ret; 897 return ret;
@@ -1051,6 +1087,20 @@ static int process_connect(struct ceph_connection *con)
1051 set_bit(CLOSED, &con->state); /* in case there's queued work */ 1087 set_bit(CLOSED, &con->state); /* in case there's queued work */
1052 return -1; 1088 return -1;
1053 1089
1090 case CEPH_MSGR_TAG_BADAUTHORIZER:
1091 con->auth_retry++;
1092 dout("process_connect %p got BADAUTHORIZER attempt %d\n", con,
1093 con->auth_retry);
1094 if (con->auth_retry == 2) {
1095 con->error_msg = "connect authorization failure";
1096 reset_connection(con);
1097 set_bit(CLOSED, &con->state);
1098 return -1;
1099 }
1100 con->auth_retry = 1;
1101 prepare_write_connect(con->msgr, con, 0);
1102 prepare_read_connect_retry(con);
1103 break;
1054 1104
1055 case CEPH_MSGR_TAG_RESETSESSION: 1105 case CEPH_MSGR_TAG_RESETSESSION:
1056 /* 1106 /*