From 37f42d60773241366dd008558d61ffb569852db0 Mon Sep 17 00:00:00 2001
From: Yehuda Sadeh <yehuda@hq.newdream.net>
Date: Wed, 30 Sep 2009 14:02:08 -0700
Subject: [PATCH] auth: mds gets rotating secrets

---
 src/auth/Auth.h      |  6 ++++++
 src/mds/MDS.cc       |  5 +++--
 src/mon/MonClient.cc | 24 ++----------------------
 3 files changed, 11 insertions(+), 24 deletions(-)

diff --git a/src/auth/Auth.h b/src/auth/Auth.h
index bb2684db7d38f..13052ebde253b 100644
--- a/src/auth/Auth.h
+++ b/src/auth/Auth.h
@@ -324,6 +324,12 @@ int encode_encrypt(const T& t, CryptoKey& key, bufferlist& out) {
   return 0;
 }
 
+static inline bool auth_principal_needs_rotating_keys(EntityName& name)
+{
+  return ((name.entity_type == CEPHX_PRINCIPAL_OSD) ||
+          (name.entity_type == CEPHX_PRINCIPAL_MDS));
+}
+
 /*
  * Verify authorizer and generate reply authorizer
  */
diff --git a/src/mds/MDS.cc b/src/mds/MDS.cc
index 27613e647afd4..a9eae366554d1 100644
--- a/src/mds/MDS.cc
+++ b/src/mds/MDS.cc
@@ -383,6 +383,9 @@ int MDS::init()
 
   monc->get_monmap();
 
+  monc->wait_authenticate(30.0);
+  monc->wait_auth_rotating(30.0);
+
   mds_lock.Lock();
 
   // starting beacon.  this will induce an MDSMap from the monitor
@@ -395,8 +398,6 @@ int MDS::init()
 
   monc->sub_want("mdsmap", 0);
   monc->renew_subs();
-  monc->wait_authenticate(30.0);
-  monc->wait_auth_rotating(30.0);
 
   // schedule tick
   reset_tick();
diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index 52c26368be08e..d408983b709c9 100644
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -501,7 +501,7 @@ int MonClient::authorize(double timeout)
 
 int MonClient::_start_auth_rotating()
 {
-  if (entity_name.entity_type != CEPHX_PRINCIPAL_OSD)
+  if (!auth_principal_needs_rotating_keys(entity_name))
     return 0;
 
   MAuthRotating *m = new MAuthRotating();
@@ -512,26 +512,6 @@ int MonClient::_start_auth_rotating()
 
   dout(0) << "MonClient::_start_auth_rotating sending message" << dendl;
   _send_mon_message(m);
-#if 0
-  auth_timeout_event = new C_AuthRotatingTimeout(this, timeout);
-  if (!auth_timeout_event)
-    return -ENOMEM;
-  timer.add_event_after(timeout, auth_timeout_event);
-
-  dout(0) << "MonClient::_start_auth_rotating waiting" << dendl;
-  auth_cond.Wait(monc_lock);
-  dout(0) << "MonClient::_start_auth_rotating wait ended" << dendl;
-
-  if (auth_got_timeout) {
-    dout(0) << "MonClient::_start_auth_rotating got timeout" << dendl;
-    return -ETIMEDOUT;
-  }
-
-  if (auth_timeout_event) {
-    timer.cancel_event(auth_timeout_event);
-    auth_timeout_event = NULL;
-  }
-#endif
 
   return 0;
 }
@@ -550,7 +530,7 @@ int MonClient::wait_auth_rotating(double timeout)
 {
   Mutex::Locker l(monc_lock);
 
-  if (entity_name.entity_type != CEPHX_PRINCIPAL_OSD)
+  if (!auth_principal_needs_rotating_keys(entity_name))
     return 0;
 
   if (!g_keyring.need_rotating_secrets())
-- 
2.39.5