mon: share mon keyring with KeyServer

This will let us authenticate against items in the mon keyring, like the
mon. key itself.

Signed-off-by: Sage Weil <sage@inktank.com>

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index a1944b3bb2979e5a333f9f335cbcf6b2a84159b3..ffa579fd4fe4ff487e6e3121ace34fef3655ae53 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -130,8 +130,10 @@ bool KeyServerData::get_caps(CephContext *cct, const EntityName& name,
 #define dout_prefix *_dout << "cephx keyserver: "
 
 
-KeyServer::KeyServer(CephContext *cct_)
-  : cct(cct_), lock("KeyServer::lock")
+KeyServer::KeyServer(CephContext *cct_, KeyRing *extra_secrets)
+  : cct(cct_),
+    data(extra_secrets),
+    lock("KeyServer::lock")
 {
 }
 

diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 2fc316d9f0966540f3e1df00df3ca4d754c17980..60b424b0bd56f02e929d851e1b386db5f5e27226 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -29,12 +29,16 @@ struct KeyServerData {
 
   /* for each entity */
   map<EntityName, EntityAuth> secrets;
+  KeyRing *extra_secrets;
 
   /* for each service type */
   version_t rotating_ver;
   map<uint32_t, RotatingSecrets> rotating_secrets;
 
-  KeyServerData() : version(0), rotating_ver(0) {}
+  KeyServerData(KeyRing *extra)
+    : version(0),
+      extra_secrets(extra),
+      rotating_ver(0) {}
 
   void encode(bufferlist& bl) const {
      __u8 struct_v = 1;
@@ -195,7 +199,7 @@ class KeyServer : public KeyStore {
   bool _get_service_caps(const EntityName& name, uint32_t service_id,
        AuthCapsInfo& caps) const;
 public:
-  KeyServer(CephContext *cct_);
+  KeyServer(CephContext *cct_, KeyRing *extra_secrets);
   bool generate_secret(CryptoKey& secret);
 
   bool get_secret(const EntityName& name, CryptoKey& secret) const;
@@ -284,7 +288,4 @@ public:
 WRITE_CLASS_ENCODER(KeyServer);
 
 
-
-
-
 #endif

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 3f2f287e08afdeba8720a8d92e76e02e5d764c04..c491031482cb7780106d49900418b01ac0ac0b6e 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -98,7 +98,7 @@ Monitor::Monitor(CephContext* cct_, string nm, MonitorStore *s, Messenger *m, Mo
   logger(NULL), cluster_logger(NULL), cluster_logger_registered(false),
   monmap(map),
   clog(cct_, messenger, monmap, LogClient::FLAG_MON),
-  key_server(cct),
+  key_server(cct, &keyring),
   auth_supported(cct),
   store(s),
   

diff --git a/src/testkeys.cc b/src/testkeys.cc
index c120921a3cf2205a4166167716b017c79003c6af..27c38124ade17a971eef17786807a90db8900034 100644 (file)
--- a/src/testkeys.cc
+++ b/src/testkeys.cc
@@ -13,8 +13,8 @@ int main(int argc, const char **argv)
 
   global_init(NULL, args, CEPH_ENTITY_TYPE_CLIENT, CODE_ENVIRONMENT_UTILITY, 0);
   common_init_finish(g_ceph_context);
-
-  KeyServer server(g_ceph_context);
+  KeyRing extra;
+  KeyServer server(g_ceph_context, &extra);
 
   generic_dout(0) << "server created" << dendl;