From 6c7b34adc94df58353ac29687af2a5e6c6734fcd Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Tue, 11 Sep 2018 16:53:15 -0500
Subject: [PATCH] mon: use ms_handle_authentication to parse caps

The situation is a bit different here than the MDS and OSD because the
authentication happens from MAuth instead of ms_verify_authorizer, but
we are moving toward being more consistent.

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mon/AuthMonitor.cc | 23 ++++---------------
 src/mon/Monitor.cc     | 52 ++++++++++++++++++++++++++++++++++++++++++
 src/mon/Monitor.h      |  3 +++
 3 files changed, 59 insertions(+), 19 deletions(-)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 8f497ed443a..2c28a972b09 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -508,7 +508,6 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
   }
 
   int ret = 0;
-  AuthCapsInfo caps_info;
   MAuthReply *reply;
   bufferlist response_bl;
   auto indata = m->auth_payload.cbegin();
@@ -639,36 +638,22 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
   try {
     if (start) {
       // new session
-      proto = s->auth_handler->start_session(entity_name, indata, response_bl, caps_info);
+      proto = s->auth_handler->start_session(entity_name, indata, response_bl,
+					     s->con->peer_caps_info);
       ret = 0;
-      if (caps_info.allow_all) {
-	s->caps.set_allow_all();
-	s->authenticated = true;
-	finished = true;
-      }
     } else {
       // request
       ret = s->auth_handler->handle_request(
 	indata,
 	response_bl,
 	s->con->peer_global_id,
-	caps_info);
+	s->con->peer_caps_info);
     }
     if (ret == -EIO) {
       wait_for_active(op, new C_RetryMessage(this,op));
       goto done;
     }
-    if (caps_info.caps.length()) {
-      auto p = caps_info.caps.cbegin();
-      string str;
-      try {
-	decode(str, p);
-      } catch (const buffer::error &err) {
-	derr << "corrupt cap data for " << entity_name << " in auth db" << dendl;
-	str.clear();
-      }
-      s->caps.parse(str, NULL);
-      s->authenticated = true;
+    if (mon->ms_handle_authentication(s->con.get()) > 0) {
       finished = true;
     }
   } catch (const buffer::error &err) {
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index e5c9d895feb..1c6fba4082d 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -5802,3 +5802,55 @@ bool Monitor::ms_verify_authorizer(Connection *con, int peer_type,
   }
   return true;
 }
+
+int Monitor::ms_handle_authentication(Connection *con)
+{
+  auto priv = con->get_priv();
+  MonSession *s = static_cast<MonSession*>(priv.get());
+  if (!s) {
+    // must be msgr2, otherwise dispatch would have set up the session.
+    s = session_map.new_session(
+      entity_name_t(con->get_peer_type(), -1),  // we don't know yet
+      con->get_peer_addrs(),
+      con);
+    assert(s);
+    dout(10) << __func__ << " adding session " << s << " to con " << con
+	     << dendl;
+    con->set_priv(s);
+    logger->set(l_mon_num_sessions, session_map.get_size());
+    logger->inc(l_mon_session_add);
+  }
+  dout(10) << __func__ << " session " << s << " con " << con
+	   << " addr " << s->con->get_peer_addr()
+	   << " " << *s << dendl;
+
+  AuthCapsInfo &caps_info = con->get_peer_caps_info();
+  if (caps_info.allow_all) {
+    s->caps.set_allow_all();
+    s->authenticated = true;
+  }
+  int ret = 1;
+  if (caps_info.caps.length()) {
+    bufferlist::const_iterator p = caps_info.caps.cbegin();
+    string str;
+    try {
+      decode(str, p);
+    } catch (const buffer::error &err) {
+      derr << __func__ << " corrupt cap data for " << con->get_peer_entity_name()
+	   << " in auth db" << dendl;
+      str.clear();
+      ret = -EPERM;
+    }
+    if (ret >= 0) {
+      if (s->caps.parse(str, NULL)) {
+	s->authenticated = true;
+      } else {
+	derr << __func__ << " unparseable caps '" << str << "' for "
+	     << con->get_peer_entity_name() << dendl;
+	ret = -EPERM;
+      }
+    }
+  }
+
+  return ret;
+}
diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h
index 2dffb7d002b..266b2ac9fb9 100644
--- a/src/mon/Monitor.h
+++ b/src/mon/Monitor.h
@@ -888,6 +888,9 @@ public:
 			    int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply,
 			    bool& isvalid, CryptoKey& session_key,
 			    std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
+public: // for AuthMonitor msgr1:
+  int ms_handle_authentication(Connection *con) override;
+private:
   bool ms_handle_reset(Connection *con) override;
   void ms_handle_remote_reset(Connection *con) override {}
   bool ms_handle_refused(Connection *con) override;
-- 
2.39.5