From ef44fe1c828ef54c784bf132acaac3a2e6b8c272 Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Thu, 15 Apr 2021 15:18:58 +0200
Subject: [PATCH] auth/cephx: make KeyServer::build_session_auth_info() less
 confusing

The second KeyServer::build_session_auth_info() overload is used only
by the monitor, for mon <-> mon authentication.  The monitor passes in
service_secret (mon secret) and secret_id (-1).  The TTL is irrelevant
because there is no rotation.

However the signature doesn't make it obvious.  Clarify that
service_secret and secret_id are input parameters and info is the only
output parameter.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 6f12cd3688b753633c8ff29fb3bd64758f960b2b)
---
 src/auth/cephx/CephxKeyServer.cc | 6 +++---
 src/auth/cephx/CephxKeyServer.h  | 6 +++---
 src/mon/Monitor.cc               | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index 706f6eca01ad1..adfe74d2baba6 100644
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -450,9 +450,9 @@ int KeyServer::build_session_auth_info(uint32_t service_id,
 
 int KeyServer::build_session_auth_info(uint32_t service_id,
 				       const AuthTicket& parent_ticket,
-				       CephXSessionAuthInfo& info,
-				       CryptoKey& service_secret,
-				       uint64_t secret_id)
+				       const CryptoKey& service_secret,
+				       uint64_t secret_id,
+				       CephXSessionAuthInfo& info)
 {
   info.service_secret = service_secret;
   info.secret_id = secret_id;
diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 8b54a06ec6cf4..3576c42c2357a 100644
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -220,9 +220,9 @@ public:
 			      CephXSessionAuthInfo& info);
   int build_session_auth_info(uint32_t service_id,
 			      const AuthTicket& parent_ticket,
-			      CephXSessionAuthInfo& info,
-			      CryptoKey& service_secret,
-			      uint64_t secret_id);
+			      const CryptoKey& service_secret,
+			      uint64_t secret_id,
+			      CephXSessionAuthInfo& info);
 
   /* get current secret for specific service type */
   bool get_service_secret(uint32_t service_id, CryptoKey& secret,
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index b77a466d9b78e..11677b562e033 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6199,7 +6199,7 @@ bool Monitor::get_authorizer(int service_id, AuthAuthorizer **authorizer)
     }
 
     ret = key_server.build_session_auth_info(
-      service_id, auth_ticket_info.ticket, info, secret, (uint64_t)-1);
+      service_id, auth_ticket_info.ticket, secret, (uint64_t)-1, info);
     if (ret < 0) {
       dout(0) << __func__ << " failed to build mon session_auth_info "
 	      << cpp_strerror(ret) << dendl;
-- 
2.39.5