auth: assert if auth_debug = true and secret_id == 0

Hunting #4282.

Signed-off-by: Sage Weil <sage@inktank.com>

diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc
index 483415fac02965062f9e2ed96a81bdb0fe42b463..8e55bcdd762e763bc2a2dbc643a688ef67821394 100644 (file)
--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -423,6 +423,8 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
     if (!keys->get_service_secret(service_id, ticket.secret_id, service_secret)) {
       ldout(cct, 0) << "verify_authorizer could not get service secret for service "
              << ceph_entity_type_name(service_id) << " secret_id=" << ticket.secret_id << dendl;
+      if (cct->_conf->auth_debug && ticket.secret_id == 0)
+       assert(0 == "got secret_id=0");
       return false;
     }
   }

diff --git a/src/common/config_opts.h b/src/common/config_opts.h
index f102dfab218c50fc9c78bf001d862caec2408fd9..09facc4c2d94c2a1a1b60b8f2389aad453dfe432 100644 (file)
--- a/src/common/config_opts.h
+++ b/src/common/config_opts.h
@@ -192,6 +192,7 @@ OPTION(cephx_service_require_signatures, OPT_BOOL, false)
 OPTION(cephx_sign_messages, OPT_BOOL, true)  // Default to signing session messages if supported
 OPTION(auth_mon_ticket_ttl, OPT_DOUBLE, 60*60*12)
 OPTION(auth_service_ticket_ttl, OPT_DOUBLE, 60*60)
+OPTION(auth_debug, OPT_BOOL, false)          // if true, assert when weird things happen
 OPTION(mon_client_hunt_interval, OPT_DOUBLE, 3.0)   // try new mon every N seconds until we connect
 OPTION(mon_client_ping_interval, OPT_DOUBLE, 10.0)  // ping every N seconds
 OPTION(mon_client_max_log_entries_per_message, OPT_INT, 1000)