mon: use ms_handle_authentication to parse caps

The situation is a bit different here than the MDS and OSD because the
authentication happens from MAuth instead of ms_verify_authorizer, but
we are moving toward being more consistent.

Signed-off-by: Sage Weil <sage@redhat.com>

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 8f497ed443a5ec0e2918be7add3a67d9e36a0ffd..2c28a972b091c4a9931724d6e81a999412b8d88b 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -508,7 +508,6 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
   }
 
   int ret = 0;
-  AuthCapsInfo caps_info;
   MAuthReply *reply;
   bufferlist response_bl;
   auto indata = m->auth_payload.cbegin();
@@ -639,36 +638,22 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
   try {
     if (start) {
       // new session
-      proto = s->auth_handler->start_session(entity_name, indata, response_bl, caps_info);
+      proto = s->auth_handler->start_session(entity_name, indata, response_bl,
+                                            s->con->peer_caps_info);
       ret = 0;
-      if (caps_info.allow_all) {
-       s->caps.set_allow_all();
-       s->authenticated = true;
-       finished = true;
-      }
     } else {
       // request
       ret = s->auth_handler->handle_request(
        indata,
        response_bl,
        s->con->peer_global_id,
-       caps_info);
+       s->con->peer_caps_info);
     }
     if (ret == -EIO) {
       wait_for_active(op, new C_RetryMessage(this,op));
       goto done;
     }
-    if (caps_info.caps.length()) {
-      auto p = caps_info.caps.cbegin();
-      string str;
-      try {
-       decode(str, p);
-      } catch (const buffer::error &err) {
-       derr << "corrupt cap data for " << entity_name << " in auth db" << dendl;
-       str.clear();
-      }
-      s->caps.parse(str, NULL);
-      s->authenticated = true;
+    if (mon->ms_handle_authentication(s->con.get()) > 0) {
       finished = true;
     }
   } catch (const buffer::error &err) {

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index e5c9d895febe1086eb8f65282114dad51d193a4f..1c6fba4082d508d814c25eacd5ee67972d25f0e1 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -5802,3 +5802,55 @@ bool Monitor::ms_verify_authorizer(Connection *con, int peer_type,
   }
   return true;
 }
+
+int Monitor::ms_handle_authentication(Connection *con)
+{
+  auto priv = con->get_priv();
+  MonSession *s = static_cast<MonSession*>(priv.get());
+  if (!s) {
+    // must be msgr2, otherwise dispatch would have set up the session.
+    s = session_map.new_session(
+      entity_name_t(con->get_peer_type(), -1),  // we don't know yet
+      con->get_peer_addrs(),
+      con);
+    assert(s);
+    dout(10) << __func__ << " adding session " << s << " to con " << con
+            << dendl;
+    con->set_priv(s);
+    logger->set(l_mon_num_sessions, session_map.get_size());
+    logger->inc(l_mon_session_add);
+  }
+  dout(10) << __func__ << " session " << s << " con " << con
+          << " addr " << s->con->get_peer_addr()
+          << " " << *s << dendl;
+
+  AuthCapsInfo &caps_info = con->get_peer_caps_info();
+  if (caps_info.allow_all) {
+    s->caps.set_allow_all();
+    s->authenticated = true;
+  }
+  int ret = 1;
+  if (caps_info.caps.length()) {
+    bufferlist::const_iterator p = caps_info.caps.cbegin();
+    string str;
+    try {
+      decode(str, p);
+    } catch (const buffer::error &err) {
+      derr << __func__ << " corrupt cap data for " << con->get_peer_entity_name()
+          << " in auth db" << dendl;
+      str.clear();
+      ret = -EPERM;
+    }
+    if (ret >= 0) {
+      if (s->caps.parse(str, NULL)) {
+       s->authenticated = true;
+      } else {
+       derr << __func__ << " unparseable caps '" << str << "' for "
+            << con->get_peer_entity_name() << dendl;
+       ret = -EPERM;
+      }
+    }
+  }
+
+  return ret;
+}

diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h
index 2dffb7d002b470022a078bcb0da30a88fd918fd3..266b2ac9fb9fa71610029d7373fad55d8cf65316 100644 (file)
--- a/src/mon/Monitor.h
+++ b/src/mon/Monitor.h
@@ -888,6 +888,9 @@ public:
                            int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply,
                            bool& isvalid, CryptoKey& session_key,
                            std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
+public: // for AuthMonitor msgr1:
+  int ms_handle_authentication(Connection *con) override;
+private:
   bool ms_handle_reset(Connection *con) override;
   void ms_handle_remote_reset(Connection *con) override {}
   bool ms_handle_refused(Connection *con) override;