From: Sage Weil <sage@redhat.com>
Date: Thu, 1 Feb 2018 15:01:31 +0000 (-0600)
Subject: mon: add authenticated flag in Session
X-Git-Tag: wip-pdonnell-testing-20180317.202121~121^2~27
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=66a3946fec142748bf72fdc3280c8bb3dc3f5239;p=ceph-ci.git

mon: add authenticated flag in Session

Authentication is orthogonal to the caps; the client might have no
capabilities but still be authenticated such that we know *who* it is.

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 5d7ed0c097d..8b7210e63be 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -485,8 +485,10 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
 
       proto = s->auth_handler->start_session(entity_name, indata, response_bl, caps_info);
       ret = 0;
-      if (caps_info.allow_all)
+      if (caps_info.allow_all) {
 	s->caps.set_allow_all();
+	s->authenticated = true;
+      }
     } else {
       // request
       ret = s->auth_handler->handle_request(indata, response_bl, s->global_id, caps_info, &auid);
@@ -506,6 +508,7 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
       }
       s->caps.parse(str, NULL);
       s->auid = auid;
+      s->authenticated = true;
       finished = true;
     }
   } catch (const buffer::error &err) {
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 8577d48c748..2588482ae17 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3636,6 +3636,7 @@ void Monitor::handle_forward(MonOpRequestRef op)
     c->set_peer_type(m->client.name.type());
     c->set_features(m->con_features);
 
+    s->authenticated = true;
     s->caps = m->client_caps;
     dout(10) << " caps are " << s->caps << dendl;
     s->entity_name = m->entity_name;
@@ -3983,6 +3984,7 @@ void Monitor::_ms_dispatch(Message *m)
       dout(5) << __func__ << " setting monitor caps on this connection" << dendl;
       if (!s->caps.is_allow_all()) // but no need to repeatedly copy
         s->caps = *mon_caps;
+      s->authenticated = true;
     }
     s->put();
   } else {
diff --git a/src/mon/Session.h b/src/mon/Session.h
index aafd35c7760..4f7e5c39682 100644
--- a/src/mon/Session.h
+++ b/src/mon/Session.h
@@ -51,6 +51,8 @@ struct MonSession : public RefCountedObject {
   uint64_t auid;
   uint64_t global_id;
 
+  bool authenticated = false;  ///< true if auth handshake is complete
+
   map<string, Subscription*> sub_map;
   epoch_t osd_epoch;		// the osdmap epoch sent to the mon client