From 66a3946fec142748bf72fdc3280c8bb3dc3f5239 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Thu, 1 Feb 2018 09:01:31 -0600 Subject: [PATCH] mon: add authenticated flag in Session Authentication is orthogonal to the caps; the client might have no capabilities but still be authenticated such that we know *who* it is. Signed-off-by: Sage Weil --- src/mon/AuthMonitor.cc | 5 ++++- src/mon/Monitor.cc | 2 ++ src/mon/Session.h | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 5d7ed0c097dc0..8b7210e63beee 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -485,8 +485,10 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable) proto = s->auth_handler->start_session(entity_name, indata, response_bl, caps_info); ret = 0; - if (caps_info.allow_all) + if (caps_info.allow_all) { s->caps.set_allow_all(); + s->authenticated = true; + } } else { // request ret = s->auth_handler->handle_request(indata, response_bl, s->global_id, caps_info, &auid); @@ -506,6 +508,7 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable) } s->caps.parse(str, NULL); s->auid = auid; + s->authenticated = true; finished = true; } } catch (const buffer::error &err) { diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 8577d48c74839..2588482ae1708 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -3636,6 +3636,7 @@ void Monitor::handle_forward(MonOpRequestRef op) c->set_peer_type(m->client.name.type()); c->set_features(m->con_features); + s->authenticated = true; s->caps = m->client_caps; dout(10) << " caps are " << s->caps << dendl; s->entity_name = m->entity_name; @@ -3983,6 +3984,7 @@ void Monitor::_ms_dispatch(Message *m) dout(5) << __func__ << " setting monitor caps on this connection" << dendl; if (!s->caps.is_allow_all()) // but no need to repeatedly copy s->caps = *mon_caps; + s->authenticated = true; } s->put(); } else { diff --git a/src/mon/Session.h b/src/mon/Session.h index aafd35c776044..4f7e5c3968277 100644 --- a/src/mon/Session.h +++ b/src/mon/Session.h @@ -51,6 +51,8 @@ struct MonSession : public RefCountedObject { uint64_t auid; uint64_t global_id; + bool authenticated = false; ///< true if auth handshake is complete + map sub_map; epoch_t osd_epoch; // the osdmap epoch sent to the mon client -- 2.39.5