From ec5ee926bdc2011c9b96073e6588e11cbba2fecf Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Tue, 9 Mar 2021 16:33:55 +0100
Subject: [PATCH] auth/AuthServiceHandler: keep track of global_id and whether
 it is new

AuthServiceHandler already has global_id field, but it is unused.
Revive it and let the handler know whether global_id is newly assigned
by the monitor or provided by the client.

Lift the setting of entity_name into AuthServiceHandler.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit b50b6abd60e730176a7ef602bdd25d789a3c467d)
---
 src/auth/AuthServiceHandler.cc         | 18 ++++++++++++++++++
 src/auth/AuthServiceHandler.h          | 22 +++++++++++++++-------
 src/auth/cephx/CephxServiceHandler.cc  |  6 ++----
 src/auth/cephx/CephxServiceHandler.h   |  7 ++++---
 src/auth/krb/KrbServiceHandler.cpp     |  5 ++---
 src/auth/krb/KrbServiceHandler.hpp     |  8 ++++----
 src/auth/none/AuthNoneServiceHandler.h | 15 ++++++++-------
 src/mon/AuthMonitor.cc                 |  4 ++++
 src/mon/Monitor.cc                     |  6 ++++--
 9 files changed, 61 insertions(+), 30 deletions(-)

diff --git a/src/auth/AuthServiceHandler.cc b/src/auth/AuthServiceHandler.cc
index 51c5c75da7bf7..6e70de41dbd32 100644
--- a/src/auth/AuthServiceHandler.cc
+++ b/src/auth/AuthServiceHandler.cc
@@ -18,10 +18,28 @@
 #include "krb/KrbServiceHandler.hpp"
 #endif
 #include "none/AuthNoneServiceHandler.h"
+#include "common/dout.h"
 
 #define dout_subsys ceph_subsys_auth
 
 
+int AuthServiceHandler::start_session(const EntityName& entity_name,
+				      uint64_t global_id,
+				      bool is_new_global_id,
+				      ceph::buffer::list *result,
+				      AuthCapsInfo *caps)
+{
+  ceph_assert(!this->entity_name.get_type() && !this->global_id);
+
+  ldout(cct, 10) << __func__ << " entity_name=" << entity_name
+		 << " global_id=" << global_id << " is_new_global_id="
+		 << is_new_global_id << dendl;
+  this->entity_name = entity_name;
+  this->global_id = global_id;
+
+  return do_start_session(is_new_global_id, result, caps);
+}
+
 AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServer *ks)
 {
   switch (type) {
diff --git a/src/auth/AuthServiceHandler.h b/src/auth/AuthServiceHandler.h
index a6dfe019817d1..89619d17cd825 100644
--- a/src/auth/AuthServiceHandler.h
+++ b/src/auth/AuthServiceHandler.h
@@ -28,17 +28,19 @@ struct AuthCapsInfo;
 struct AuthServiceHandler {
 protected:
   CephContext *cct;
-public:
   EntityName entity_name;
-  uint64_t global_id;
+  uint64_t global_id = 0;
 
-  explicit AuthServiceHandler(CephContext *cct_) : cct(cct_), global_id(0) {}
+public:
+  explicit AuthServiceHandler(CephContext *cct_) : cct(cct_) {}
 
   virtual ~AuthServiceHandler() { }
 
-  virtual int start_session(const EntityName& name,
-			    ceph::buffer::list *result,
-			    AuthCapsInfo *caps) = 0;
+  int start_session(const EntityName& entity_name,
+		    uint64_t global_id,
+		    bool is_new_global_id,
+		    ceph::buffer::list *result,
+		    AuthCapsInfo *caps);
   virtual int handle_request(ceph::buffer::list::const_iterator& indata,
 			     size_t connection_secret_required_length,
 			     ceph::buffer::list *result,
@@ -47,7 +49,13 @@ public:
 			     CryptoKey *session_key,
 			     std::string *connection_secret) = 0;
 
-  EntityName& get_entity_name() { return entity_name; }
+  const EntityName& get_entity_name() { return entity_name; }
+  uint64_t get_global_id() { return global_id; }
+
+private:
+  virtual int do_start_session(bool is_new_global_id,
+			       ceph::buffer::list *result,
+			       AuthCapsInfo *caps) = 0;
 };
 
 extern AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServer *ks);
diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 129dd96465ee7..8760ce0f83972 100644
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -35,13 +35,11 @@ using ceph::bufferlist;
 using ceph::decode;
 using ceph::encode;
 
-int CephxServiceHandler::start_session(
-  const EntityName& name,
+int CephxServiceHandler::do_start_session(
+  bool is_new_global_id,
   bufferlist *result_bl,
   AuthCapsInfo *caps)
 {
-  entity_name = name;
-
   uint64_t min = 1; // always non-zero
   uint64_t max = std::numeric_limits<uint64_t>::max();
   server_challenge = ceph::util::generate_random_number<uint64_t>(min, max);
diff --git a/src/auth/cephx/CephxServiceHandler.h b/src/auth/cephx/CephxServiceHandler.h
index e770f140c8043..88d49c79b19af 100644
--- a/src/auth/cephx/CephxServiceHandler.h
+++ b/src/auth/cephx/CephxServiceHandler.h
@@ -29,9 +29,6 @@ public:
     : AuthServiceHandler(cct_), key_server(ks), server_challenge(0) {}
   ~CephxServiceHandler() override {}
   
-  int start_session(const EntityName& name,
-		    ceph::buffer::list *result_bl,
-		    AuthCapsInfo *caps) override;
   int handle_request(
     ceph::buffer::list::const_iterator& indata,
     size_t connection_secret_required_length,
@@ -42,6 +39,10 @@ public:
     std::string *connection_secret) override;
 
 private:
+  int do_start_session(bool is_new_global_id,
+		       ceph::buffer::list *result_bl,
+		       AuthCapsInfo *caps) override;
+
   void build_cephx_response_header(int request_type, int status,
 				   ceph::buffer::list& bl);
 };
diff --git a/src/auth/krb/KrbServiceHandler.cpp b/src/auth/krb/KrbServiceHandler.cpp
index be1510cd621af..0b51097499c9e 100644
--- a/src/auth/krb/KrbServiceHandler.cpp
+++ b/src/auth/krb/KrbServiceHandler.cpp
@@ -152,8 +152,8 @@ int KrbServiceHandler::handle_request(
   return result;
 }
 
-int KrbServiceHandler::start_session(
-  const EntityName& name,
+int KrbServiceHandler::do_start_session(
+  bool is_new_global_id,
   bufferlist *buff_list,
   AuthCapsInfo *caps)
 {
@@ -167,7 +167,6 @@ int KrbServiceHandler::start_session(
 
   gss_buffer_in.length = gss_service_name.length();
   gss_buffer_in.value  = (const_cast<char*>(gss_service_name.c_str()));
-  entity_name = name;
 
   gss_major_status = gss_import_name(&gss_minor_status, 
                                      &gss_buffer_in, 
diff --git a/src/auth/krb/KrbServiceHandler.hpp b/src/auth/krb/KrbServiceHandler.hpp
index c1179cc3f0cd2..69236098acb76 100644
--- a/src/auth/krb/KrbServiceHandler.hpp
+++ b/src/auth/krb/KrbServiceHandler.hpp
@@ -45,11 +45,11 @@ class KrbServiceHandler : public AuthServiceHandler {
 		       CryptoKey *session_key,
 		       std::string *connection_secret) override;
 
-    int start_session(const EntityName& name,
-		      bufferlist *buff_list,
-                      AuthCapsInfo *caps) override;
-
   private:
+    int do_start_session(bool is_new_global_id,
+			 ceph::buffer::list *buff_list,
+			 AuthCapsInfo *caps) override;
+
     gss_buffer_desc m_gss_buffer_out;
     gss_cred_id_t m_gss_credentials; 
     gss_ctx_id_t m_gss_sec_ctx; 
diff --git a/src/auth/none/AuthNoneServiceHandler.h b/src/auth/none/AuthNoneServiceHandler.h
index a16838eecb27c..7ceb2ff4ba7a2 100644
--- a/src/auth/none/AuthNoneServiceHandler.h
+++ b/src/auth/none/AuthNoneServiceHandler.h
@@ -25,13 +25,6 @@ public:
     : AuthServiceHandler(cct_) {}
   ~AuthNoneServiceHandler() override {}
   
-  int start_session(const EntityName& name,
-		    ceph::buffer::list *result_bl,
-		    AuthCapsInfo *caps) override {
-    entity_name = name;
-    caps->allow_all = true;
-    return 1;
-  }
   int handle_request(ceph::buffer::list::const_iterator& indata,
 		     size_t connection_secret_required_length,
 		     ceph::buffer::list *result_bl,
@@ -41,6 +34,14 @@ public:
 		     std::string *connection_secret) override {
     return 0;
   }
+
+private:
+  int do_start_session(bool is_new_global_id,
+		       ceph::buffer::list *result_bl,
+		       AuthCapsInfo *caps) override {
+    caps->allow_all = true;
+    return 1;
+  }
 };
 
 #endif
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index d4226a93b647a..abbe124a4e95f 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -615,6 +615,7 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
   bool start = false;
   bool finished = false;
   EntityName entity_name;
+  bool is_new_global_id = false;
 
   // set up handler?
   if (m->protocol == 0 && !s->auth_handler) {
@@ -734,12 +735,15 @@ bool AuthMonitor::prep_auth(MonOpRequestRef op, bool paxos_writable)
       ceph_assert(!paxos_writable);
       return false;
     }
+    is_new_global_id = true;
   }
 
   try {
     if (start) {
       // new session
       ret = s->auth_handler->start_session(entity_name,
+					   s->con->peer_global_id,
+					   is_new_global_id,
 					   &response_bl,
 					   &s->con->peer_caps_info);
     } else {
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index b8772b53d75b3..3a66c5025eb63 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6341,14 +6341,14 @@ int Monitor::handle_auth_request(
     // are supported by the client if we require it.  for msgr2 that
     // is not necessary.
 
+    bool is_new_global_id = false;
     if (!con->peer_global_id) {
       con->peer_global_id = authmon()->_assign_global_id();
       if (!con->peer_global_id) {
 	dout(1) << __func__ << " failed to assign global_id" << dendl;
 	return -EBUSY;
       }
-      dout(10) << __func__ << "  assigned global_id " << con->peer_global_id
-	       << dendl;
+      is_new_global_id = true;
     }
 
     // set up partial session
@@ -6358,6 +6358,8 @@ int Monitor::handle_auth_request(
 
     r = s->auth_handler->start_session(
       entity_name,
+      con->peer_global_id,
+      is_new_global_id,
       reply,
       &con->peer_caps_info);
   } else {
-- 
2.39.5