From cf5fbb38b31263e652ec2d042ef54813ee2a0444 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@newdream.net>
Date: Fri, 23 Oct 2009 12:52:00 -0700
Subject: [PATCH] msgr: include authorizer_protocol in connect header

So that the remote end knows what kind of authorizer is
being given to them.

No negotiation is allowed at this stage, but this provides
a sanity check.
---
 src/include/msgr.h         | 1 +
 src/mon/Monitor.cc         | 8 ++++++--
 src/mon/Monitor.h          | 4 ++--
 src/msg/Dispatcher.h       | 2 +-
 src/msg/Messenger.h        | 5 +++--
 src/msg/SimpleMessenger.cc | 6 +++---
 src/msg/SimpleMessenger.h  | 2 +-
 src/osd/OSD.cc             | 8 +++++---
 src/osd/OSD.h              | 4 ++--
 9 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/src/include/msgr.h b/src/include/msgr.h
index cffdbacc19ba6..ac6f421461705 100644
--- a/src/include/msgr.h
+++ b/src/include/msgr.h
@@ -110,6 +110,7 @@ struct ceph_msg_connect {
 	__le32 global_seq;   /* count connections initiated by this host */
 	__le32 connect_seq;  /* count connections initiated in this session */
 	__le32 protocol_version;
+	__le32 authorizer_protocol;
 	__le32 authorizer_len;
 	__u8  flags;         /* CEPH_MSG_CONNECT_* */
 } __attribute__ ((packed));
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 5237f9b0cc18c..3c198c36603e5 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -907,14 +907,18 @@ bool Monitor::ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool
 }
 
 bool Monitor::ms_verify_authorizer(Connection *con, int peer_type,
-				    bufferlist& authorizer_data, bufferlist& authorizer_reply,
-				    bool& isvalid)
+				   int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply,
+				   bool& isvalid)
 {
   dout(0) << "Monitor::verify_authorizer start" << dendl;
 
+  if (protocol != CEPH_AUTH_CEPHX)
+    return false;
+
   bufferlist::iterator iter = authorizer_data.begin();
   AuthServiceTicketInfo auth_ticket_info;
 
+
   isvalid = true;
 
   if (!authorizer_data.length())
diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h
index 3927e1fb52cf9..a093426b502ea 100644
--- a/src/mon/Monitor.h
+++ b/src/mon/Monitor.h
@@ -206,8 +206,8 @@ public:
   bool ms_dispatch(Message *m);
   bool ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new);
   bool ms_verify_authorizer(Connection *con, int peer_type,
-				    bufferlist& authorizer_data, bufferlist& authorizer_reply,
-				    bool& isvalid);
+			    int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply,
+			    bool& isvalid);
   bool ms_handle_reset(Connection *con);
   void ms_handle_remote_reset(Connection *con) {}
 
diff --git a/src/msg/Dispatcher.h b/src/msg/Dispatcher.h
index f45e3a61c3a0f..bccf772b0b265 100644
--- a/src/msg/Dispatcher.h
+++ b/src/msg/Dispatcher.h
@@ -49,7 +49,7 @@ public:
   virtual bool ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new) { return false; };
   //  accepting side
   virtual bool ms_verify_authorizer(Connection *con, int peer_type,
-				    bufferlist& authorizer, bufferlist& authorizer_reply,
+				    int protocol, bufferlist& authorizer, bufferlist& authorizer_reply,
 				    bool& isvalid) { return false; };
 };
 
diff --git a/src/msg/Messenger.h b/src/msg/Messenger.h
index a6a6bf177038e..24c488aae3533 100644
--- a/src/msg/Messenger.h
+++ b/src/msg/Messenger.h
@@ -133,11 +133,12 @@ protected:
     return false;
   }
   bool ms_deliver_verify_authorizer(Connection *con, int peer_type,
-				    bufferlist& authorizer, bufferlist& authorizer_reply, bool& isvalid) {
+				    int protocol, bufferlist& authorizer, bufferlist& authorizer_reply,
+				    bool& isvalid) {
     for (list<Dispatcher*>::iterator p = dispatchers.begin();
 	 p != dispatchers.end();
 	 p++)
-      if ((*p)->ms_verify_authorizer(con, peer_type, authorizer, authorizer_reply, isvalid))
+      if ((*p)->ms_verify_authorizer(con, peer_type, protocol, authorizer, authorizer_reply, isvalid))
 	return true;
     return false;
   }
diff --git a/src/msg/SimpleMessenger.cc b/src/msg/SimpleMessenger.cc
index 2722d4724cd0c..92ed9ed991c0d 100644
--- a/src/msg/SimpleMessenger.cc
+++ b/src/msg/SimpleMessenger.cc
@@ -637,7 +637,7 @@ int SimpleMessenger::Pipe::accept()
     }
     
     if (rank->verify_authorizer(connection_state, peer_type,
-				authorizer, authorizer_reply, authorizer_valid) &&
+				connect.authorizer_protocol, authorizer, authorizer_reply, authorizer_valid) &&
 	!authorizer_valid) {
       dout(0) << "accept bad authorizer" << dendl;
       reply.tag = CEPH_MSGR_TAG_BADAUTHORIZER;
@@ -2163,13 +2163,13 @@ bool SimpleMessenger::get_authorizer(int peer_type, AuthAuthorizer& authorizer,
 }
 
 bool SimpleMessenger::verify_authorizer(Connection *con, int peer_type,
-					bufferlist& authorizer, bufferlist& authorizer_reply,
+					int protocol, bufferlist& authorizer, bufferlist& authorizer_reply,
 					bool& isvalid)
 {
   for (unsigned r = 0; r < max_local; r++) {
     if (!local[r])
       continue;
-    return local[r]->ms_deliver_verify_authorizer(con, peer_type, authorizer, authorizer_reply, isvalid);
+    return local[r]->ms_deliver_verify_authorizer(con, peer_type, protocol, authorizer, authorizer_reply, isvalid);
   }
   return false;
 }
diff --git a/src/msg/SimpleMessenger.h b/src/msg/SimpleMessenger.h
index 34f1c0bab3ec8..aecac863b50a7 100644
--- a/src/msg/SimpleMessenger.h
+++ b/src/msg/SimpleMessenger.h
@@ -434,7 +434,7 @@ public:
   }
 
   bool get_authorizer(int peer_type, AuthAuthorizer& bl, bool force_new);
-  bool verify_authorizer(Connection *con, int peer_type, bufferlist& auth, bufferlist& auth_reply,
+  bool verify_authorizer(Connection *con, int peer_type, int protocol, bufferlist& auth, bufferlist& auth_reply,
 			 bool& isvalid);
 
   Endpoint *register_entity(entity_name_t addr);
diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
index bbdf058448cf6..e0f4a0df4b468 100644
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -1515,14 +1515,16 @@ bool OSD::ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool forc
 }
 
 bool OSD::ms_verify_authorizer(Connection *con, int peer_type,
-				    bufferlist& authorizer_data, bufferlist& authorizer_reply,
-				    bool& isvalid)
+			       int protocol, bufferlist& authorizer_data, bufferlist& authorizer_reply,
+			       bool& isvalid)
 {
   AuthServiceTicketInfo auth_ticket_info;
   bufferlist::iterator iter = authorizer_data.begin();
 
+  if (protocol != CEPH_AUTH_CEPHX)
+    return false;
   if (!authorizer_data.length())
-    return -EPERM;
+    return false;
 
   int ret = verify_authorizer(g_keyring, iter, auth_ticket_info, authorizer_reply);
   dout(0) << "OSD::verify_authorizer returns " << ret << dendl;
diff --git a/src/osd/OSD.h b/src/osd/OSD.h
index f1c48b23b8eac..a074ca0af997a 100644
--- a/src/osd/OSD.h
+++ b/src/osd/OSD.h
@@ -855,8 +855,8 @@ protected:
   bool ms_dispatch(Message *m);
   bool ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool force_new);
   bool ms_verify_authorizer(Connection *con, int peer_type,
-				    bufferlist& authorizer, bufferlist& authorizer_reply,
-				    bool& isvalid);
+			    int protocol, bufferlist& authorizer, bufferlist& authorizer_reply,
+			    bool& isvalid);
   void ms_handle_connect(Connection *con);
   bool ms_handle_reset(Connection *con) { return false; }
   void ms_handle_remote_reset(Connection *con) {}
-- 
2.39.5