From b89673bf00ced510d49ac1ecf929c77e87eba2ae Mon Sep 17 00:00:00 2001
From: Yehuda Sadeh <yehuda@hq.newdream.net>
Date: Wed, 28 Oct 2009 11:01:16 -0700
Subject: [PATCH] auth: mon does not filter messages that come from mon

---
 src/auth/AuthServiceHandler.h        | 2 ++
 src/auth/cephx/CephxProtocol.cc      | 2 +-
 src/auth/cephx/CephxServiceHandler.h | 1 +
 src/mon/AuthMonitor.cc               | 1 +
 src/mon/Monitor.cc                   | 2 +-
 5 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/auth/AuthServiceHandler.h b/src/auth/AuthServiceHandler.h
index 88702236f4590..9b8835df5bbc1 100644
--- a/src/auth/AuthServiceHandler.h
+++ b/src/auth/AuthServiceHandler.h
@@ -25,6 +25,8 @@ struct AuthServiceHandler {
 
   virtual int start_session(bufferlist& result) = 0;
   virtual int handle_request(bufferlist::iterator& indata, bufferlist& result, bufferlist& caps) = 0;
+
+  virtual EntityName& get_entity_name() = 0;
 };
 
 extern AuthServiceHandler *get_auth_service_handler(KeyServer *ks, set<__u32>& supported);
diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc
index f1df2f85a3eb2..18703c4182ddc 100644
--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -138,7 +138,7 @@ void CephXTicketManager::set_have_need_key(uint32_t service_id, uint32_t& have,
   if (iter == tickets_map.end()) {
     have &= ~service_id;
     need |= service_id;
-    dout(0) << "couldn't find entry for service_id " << service_id << dendl;
+    dout(10) << "couldn't find entry for service_id " << service_id << dendl;
     return;
   }
 
diff --git a/src/auth/cephx/CephxServiceHandler.h b/src/auth/cephx/CephxServiceHandler.h
index 67e7da4459c73..e144f482d3537 100644
--- a/src/auth/cephx/CephxServiceHandler.h
+++ b/src/auth/cephx/CephxServiceHandler.h
@@ -32,6 +32,7 @@ public:
   int start_session(bufferlist& result_bl);
   int handle_request(bufferlist::iterator& indata, bufferlist& result_bl, bufferlist& caps);
   void build_cephx_response_header(int request_type, int status, bufferlist& bl);
+  EntityName& get_entity_name() { return entity_name; }
 };
 
 #endif
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index b9bd4da58f301..39cd46ad5c3c6 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -291,6 +291,7 @@ bool AuthMonitor::preprocess_auth(MAuth *m)
     // handle the request
     try {
       ret = s->auth_handler->handle_request(indata, response_bl, caps);
+      dout(20) << "handled request for entity_name=" << s->auth_handler->get_entity_name().to_str() << dendl;
       if (caps.length()) {
         bufferlist::iterator iter = caps.begin();
         s->caps.parse(iter);
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 607048cb7c6e5..ca8715d5a4ac5 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -524,7 +524,7 @@ do { \
 
 #define ALLOW_MESSAGES_FROM(peers) \
 do { \
-  if ((connection && connection->get_peer_type() & (peers)) == 0) { \
+  if ((connection && connection->get_peer_type() & (peers | CEPH_ENTITY_TYPE_MON)) == 0) { \
     dout(0) << "filtered out request, peer=" << connection->get_peer_type() \
            << " allowing=" << #peers << " message=" << *m << dendl; \
     delete m; \
-- 
2.39.5