From: Ilya Dryomov <idryomov@gmail.com>
Date: Thu, 15 Apr 2021 13:18:58 +0000 (+0200)
Subject: auth/cephx: make KeyServer::build_session_auth_info() less confusing
X-Git-Tag: v15.2.11~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=90df5e6ff7f457b7a8748419ddc434c363b27106;p=ceph.git

auth/cephx: make KeyServer::build_session_auth_info() less confusing

The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication.  The monitor passes in
service_secret (mon secret) and secret_id (-1).  The TTL is irrelevant
because there is no rotation.

However the signature doesn't make it obvious.  Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 6f12cd3688b753633c8ff29fb3bd64758f960b2b)
---

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index 10fdadf07b0..a59bac4a14e 100644
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -449,9 +449,9 @@ int KeyServer::build_session_auth_info(uint32_t service_id,
 
 int KeyServer::build_session_auth_info(uint32_t service_id,
 				       const AuthTicket& parent_ticket,
-				       CephXSessionAuthInfo& info,
-				       CryptoKey& service_secret,
-				       uint64_t secret_id)
+				       const CryptoKey& service_secret,
+				       uint64_t secret_id,
+				       CephXSessionAuthInfo& info)
 {
   info.service_secret = service_secret;
   info.secret_id = secret_id;
diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index f04f2f9cc27..2449a6a1ad9 100644
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -221,9 +221,9 @@ public:
 			      CephXSessionAuthInfo& info);
   int build_session_auth_info(uint32_t service_id,
 			      const AuthTicket& parent_ticket,
-			      CephXSessionAuthInfo& info,
-			      CryptoKey& service_secret,
-			      uint64_t secret_id);
+			      const CryptoKey& service_secret,
+			      uint64_t secret_id,
+			      CephXSessionAuthInfo& info);
 
   /* get current secret for specific service type */
   bool get_service_secret(uint32_t service_id, CryptoKey& secret,
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 2b5a6da9e87..615e1251b7f 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6110,7 +6110,7 @@ bool Monitor::get_authorizer(int service_id, AuthAuthorizer **authorizer)
     }
 
     ret = key_server.build_session_auth_info(
-      service_id, auth_ticket_info.ticket, info, secret, (uint64_t)-1);
+      service_id, auth_ticket_info.ticket, secret, (uint64_t)-1, info);
     if (ret < 0) {
       dout(0) << __func__ << " failed to build mon session_auth_info "
 	      << cpp_strerror(ret) << dendl;