From d6ad32338da61ebf9c429381596e801b4ab12515 Mon Sep 17 00:00:00 2001
From: Marcus Watts <mwatts@redhat.com>
Date: Tue, 11 Nov 2025 16:17:58 -0500
Subject: [PATCH] tools/monmaptool: allow monmap ciphers to be modified on an
 existing monmap

With this change, the following options
	--auth-allowed_ciphers
	--auth-service-cipher
	--auth-preferred-cipher
can now be set in an existing monmap.

Signed-off-by: Marcus Watts <mwatts@redhat.com>
---
 src/tools/monmaptool.cc | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/tools/monmaptool.cc b/src/tools/monmaptool.cc
index 3fb248654be..fef5e93ce36 100644
--- a/src/tools/monmaptool.cc
+++ b/src/tools/monmaptool.cc
@@ -59,6 +59,10 @@ void helpful_exit()
   exit(1);
 }
 
+#define SET_SERVICE_CIPHER 1
+#define SET_ALLOWED_CIPHERS 2
+#define SET_PREFERRED_CIPHER 4
+
 struct feature_op_t {
   enum type_t {
     PERSISTENT,
@@ -219,6 +223,7 @@ int main(int argc, const char **argv)
   int auth_service_cipher = CEPH_CRYPTO_AES256KRB5;
   std::vector<int> auth_allowed_ciphers = {CEPH_CRYPTO_AES256KRB5};
   int auth_preferred_cipher = CEPH_CRYPTO_AES256KRB5;
+  int modified_ciphers = 0;
 
   auto cct = global_init(NULL, args, CEPH_ENTITY_TYPE_CLIENT,
 			 CODE_ENVIRONMENT_UTILITY,
@@ -327,6 +332,7 @@ int main(int argc, const char **argv)
         helpful_exit();
       }
       auth_service_cipher = c;
+      modified_ciphers |= SET_SERVICE_CIPHER;
     } else if (ceph_argparse_witharg(args, i, &val, "--auth-allowed-ciphers", (char*)NULL)) {
       std::vector<std::string> v;
       std::vector<int> ciphers;
@@ -340,6 +346,7 @@ int main(int argc, const char **argv)
         ciphers.push_back(c);
       }
       auth_allowed_ciphers = std::move(ciphers);
+      modified_ciphers |= SET_ALLOWED_CIPHERS;
     } else if (ceph_argparse_witharg(args, i, &val, "--auth-preferred-cipher", (char*)NULL)) {
       int c = CryptoManager::get_key_type(val);
       if (c < 0) {
@@ -347,6 +354,7 @@ int main(int argc, const char **argv)
         helpful_exit();
       }
       auth_preferred_cipher = c;
+      modified_ciphers |= SET_PREFERRED_CIPHER;
     } else {
       ++i;
     }
@@ -503,6 +511,14 @@ int main(int argc, const char **argv)
     }
     monmap.remove(p);
   }
+  if (modified_ciphers & SET_SERVICE_CIPHER)
+    monmap.auth_service_cipher = auth_service_cipher;
+  if (modified_ciphers & SET_ALLOWED_CIPHERS)
+    monmap.auth_allowed_ciphers = auth_allowed_ciphers;
+  if (modified_ciphers & SET_PREFERRED_CIPHER)
+    monmap.auth_preferred_cipher = auth_preferred_cipher;
+  if (modified_ciphers)
+    modified = true;
 
   if (!print && !modified && !show_features) {
     cerr << "no action specified" << std::endl;
-- 
2.47.3