vector<uint32_t> *preferred_modes,
bufferlist *out)
{
- AuthAuthorizer *auth;
- if (!ms_get_authorizer(con->get_peer_type(), &auth)) {
+ std::scoped_lock l(auth_lock);
+ if (con->get_peer_type() != CEPH_ENTITY_TYPE_MON) {
return -EACCES;
}
- if (con->get_peer_type() != CEPH_ENTITY_TYPE_MON) {
+ AuthAuthorizer *auth;
+ if (!ms_get_authorizer(con->get_peer_type(), &auth)) {
return -EACCES;
}
auth_meta->authorizer.reset(auth);
- *method = auth->protocol;
- auth_registry.get_supported_modes(CEPH_ENTITY_TYPE_MON, auth->protocol,
+ auth_registry.get_supported_modes(CEPH_ENTITY_TYPE_MON,
+ auth->protocol,
preferred_modes);
+ *method = auth->protocol;
*out = auth->bl;
return 0;
}
const bufferlist& bl,
bufferlist *reply)
{
+ std::scoped_lock l(auth_lock);
if (!auth_meta->authorizer) {
derr << __func__ << " no authorizer?" << dendl;
return -EACCES;
CryptoKey *session_key,
std::string *connection_secret)
{
+ std::scoped_lock l(auth_lock);
// verify authorizer reply
auto p = bl.begin();
if (!auth_meta->authorizer->verify_reply(p, connection_secret)) {
const bufferlist &payload,
bufferlist *reply)
{
+ std::scoped_lock l(auth_lock);
+
// NOTE: be careful, the Connection hasn't fully negotiated yet, so
// e.g., peer_features, peer_addrs, and others are still unknown.
SafeTimer timer;
Finisher finisher;
ThreadPool cpu_tp; ///< threadpool for CPU intensive work
-
+
+ ceph::mutex auth_lock = ceph::make_mutex("Monitor::auth_lock");
+
/// true if we have ever joined a quorum. if false, we are either a
/// new cluster, a newly joining monitor, or a just-upgraded
/// monitor.
projects / ceph.git / commitdiff