mon: add authenticated flag in Session

Authentication is orthogonal to the caps; the client might have no
capabilities but still be authenticated such that we know *who* it is.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 5d7ed0c097dc068d4f6da4d761892dad151bb03a..8b7210e63beeefbf3bd2d1f8567ef029aadbb7ee 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -485,8 +485,10 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
 
       proto = s->auth_handler->start_session(entity_name, indata, response_bl, caps_info);
       ret = 0;
-      if (caps_info.allow_all)
+      if (caps_info.allow_all) {
        s->caps.set_allow_all();
+       s->authenticated = true;
+      }
     } else {
       // request
       ret = s->auth_handler->handle_request(indata, response_bl, s->global_id, caps_info, &auid);
@@ -506,6 +508,7 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
       }
       s->caps.parse(str, NULL);
       s->auid = auid;
+      s->authenticated = true;
       finished = true;
     }
   } catch (const buffer::error &err) {

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 8577d48c74839514c6702c6f6104aa5ea39ee685..2588482ae170864d2927f45fbc3144156a3dab4c 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3636,6 +3636,7 @@ void Monitor::handle_forward(MonOpRequestRef op)
     c->set_peer_type(m->client.name.type());
     c->set_features(m->con_features);
 
+    s->authenticated = true;
     s->caps = m->client_caps;
     dout(10) << " caps are " << s->caps << dendl;
     s->entity_name = m->entity_name;
@@ -3983,6 +3984,7 @@ void Monitor::_ms_dispatch(Message *m)
       dout(5) << __func__ << " setting monitor caps on this connection" << dendl;
       if (!s->caps.is_allow_all()) // but no need to repeatedly copy
         s->caps = *mon_caps;
+      s->authenticated = true;
     }
     s->put();
   } else {

diff --git a/src/mon/Session.h b/src/mon/Session.h
index aafd35c776044d3c97feacce0628852bc19e550b..4f7e5c3968277e85f5dc888f646127a7ad8d710d 100644 (file)
--- a/src/mon/Session.h
+++ b/src/mon/Session.h
@@ -51,6 +51,8 @@ struct MonSession : public RefCountedObject {
   uint64_t auid;
   uint64_t global_id;
 
+  bool authenticated = false;  ///< true if auth handshake is complete
+
   map<string, Subscription*> sub_map;
   epoch_t osd_epoch;           // the osdmap epoch sent to the mon client