auth/cephx: make KeyServer::build_session_auth_info() less confusing

The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication.  The monitor passes in
service_secret (mon secret) and secret_id (-1).  The TTL is irrelevant
because there is no rotation.

However the signature doesn't make it obvious.  Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 6f12cd3688b753633c8ff29fb3bd64758f960b2b)

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index 706f6eca01ad14f50245cc2dda055f2c159c681b..adfe74d2baba681b5fcdb88a67bbe16e76d81c2f 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -450,9 +450,9 @@ int KeyServer::build_session_auth_info(uint32_t service_id,
 
 int KeyServer::build_session_auth_info(uint32_t service_id,
                                       const AuthTicket& parent_ticket,
-                                      CephXSessionAuthInfo& info,
-                                      CryptoKey& service_secret,
-                                      uint64_t secret_id)
+                                      const CryptoKey& service_secret,
+                                      uint64_t secret_id,
+                                      CephXSessionAuthInfo& info)
 {
   info.service_secret = service_secret;
   info.secret_id = secret_id;

diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 8b54a06ec6cf45c73e28920f903dad59480b60c7..3576c42c2357adad37bc1ce804d45558240c51ba 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -220,9 +220,9 @@ public:
                              CephXSessionAuthInfo& info);
   int build_session_auth_info(uint32_t service_id,
                              const AuthTicket& parent_ticket,
-                             CephXSessionAuthInfo& info,
-                             CryptoKey& service_secret,
-                             uint64_t secret_id);
+                             const CryptoKey& service_secret,
+                             uint64_t secret_id,
+                             CephXSessionAuthInfo& info);
 
   /* get current secret for specific service type */
   bool get_service_secret(uint32_t service_id, CryptoKey& secret,

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index b77a466d9b78e24bcdaf951525ef6e5d586bb3e0..11677b562e033c82837427184594c07c463c7fa8 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6199,7 +6199,7 @@ bool Monitor::get_authorizer(int service_id, AuthAuthorizer **authorizer)
     }
 
     ret = key_server.build_session_auth_info(
-      service_id, auth_ticket_info.ticket, info, secret, (uint64_t)-1);
+      service_id, auth_ticket_info.ticket, secret, (uint64_t)-1, info);
     if (ret < 0) {
       dout(0) << __func__ << " failed to build mon session_auth_info "
              << cpp_strerror(ret) << dendl;