From ca96595c06fff0b0c3f78dfd45d5bb052e6a5e34 Mon Sep 17 00:00:00 2001
From: Yehuda Sadeh <yehuda@hq.newdream.net>
Date: Wed, 30 Sep 2009 17:03:46 -0700
Subject: [PATCH] auth: try to authorize with mon after authenticating

---
 src/mon/MonClient.cc | 27 +++++++++++++++++++++------
 src/mon/MonClient.h  |  7 +++++--
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index ad1b909606dd1..9b6965d030e25 100644
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -312,10 +312,25 @@ void MonClient::handle_auth(MAuthReply *m)
   if (ret == -EAGAIN) {
     auth.send_session_request(this, &auth_handler, 30.0);
   } else {
-    dout(0) << "done authenticating" << dendl;
-    state = MC_STATE_AUTHENTICATED;
-    authenticate_cond.SignalAll();
-    _open_session();
+    switch (state) {
+    case MC_STATE_AUTHENTICATING:
+      {
+        dout(0) << "done authenticating" << dendl;
+        state = MC_STATE_AUTHENTICATED;
+        auth.send_session_request(this, &authorize_handler, 30.0);
+      }
+      break;
+    case MC_STATE_AUTHENTICATED:
+      {
+        dout(0) << "done authorizing" << dendl;
+        state = MC_STATE_HAVE_SESSION;
+        authenticate_cond.SignalAll();
+        _open_session();
+      }
+      break;
+    default:
+      assert(false);
+    }
   }
 }
 
@@ -359,7 +374,7 @@ void MonClient::_open_session()
     return;
   }
 
-  if (state == MC_STATE_AUTHENTICATING)
+  if (state != MC_STATE_HAVE_SESSION)
     return;
 
   if (g_keyring.need_rotating_secrets()) {
@@ -484,7 +499,7 @@ int MonClient::wait_authenticate(double timeout)
   utime_t interval;
   interval += timeout;
 
-  if (state == MC_STATE_AUTHENTICATED)
+  if (state == MC_STATE_HAVE_SESSION)
     return 0;
 
   if (cur_mon < 0)
diff --git a/src/mon/MonClient.h b/src/mon/MonClient.h
index 3a06f26cf3b11..107b95fe99070 100644
--- a/src/mon/MonClient.h
+++ b/src/mon/MonClient.h
@@ -38,6 +38,7 @@ enum MonClientState {
   MC_STATE_NONE,
   MC_STATE_AUTHENTICATING,
   MC_STATE_AUTHENTICATED,
+  MC_STATE_HAVE_SESSION,
 };
 
 class MonClient : public Dispatcher, public AuthClient {
@@ -149,6 +150,7 @@ private:
 public:
   AuthClientHandler auth;
   AuthClientAuthenticateHandler auth_handler;
+  AuthClientAuthorizeHandler authorize_handler;
   double auth_timeout;
 public:
   void renew_subs() {
@@ -175,7 +177,8 @@ public:
 		timer(monc_lock),
 		hunting(false),
 		mounting(0), mount_err(0),
-                auth_handler(&auth, 0, 0) { }
+                auth_handler(&auth, CEPHX_PRINCIPAL_MON, 0),
+                authorize_handler(&auth, CEPHX_PRINCIPAL_MON) { }
   ~MonClient() {
     timer.cancel_all_events();
   }
@@ -228,7 +231,7 @@ public:
   void send_message(Message *m);
 
   void set_want_keys(uint32_t want) {
-    auth_handler.set_want_keys(want);
+    auth_handler.set_want_keys(want | CEPHX_PRINCIPAL_MON);
   }
 };
 
-- 
2.39.5