From ef44fe1c828ef54c784bf132acaac3a2e6b8c272 Mon Sep 17 00:00:00 2001 From: Ilya Dryomov Date: Thu, 15 Apr 2021 15:18:58 +0200 Subject: [PATCH] auth/cephx: make KeyServer::build_session_auth_info() less confusing The second KeyServer::build_session_auth_info() overload is used only by the monitor, for mon <-> mon authentication. The monitor passes in service_secret (mon secret) and secret_id (-1). The TTL is irrelevant because there is no rotation. However the signature doesn't make it obvious. Clarify that service_secret and secret_id are input parameters and info is the only output parameter. Signed-off-by: Ilya Dryomov (cherry picked from commit 6f12cd3688b753633c8ff29fb3bd64758f960b2b) --- src/auth/cephx/CephxKeyServer.cc | 6 +++--- src/auth/cephx/CephxKeyServer.h | 6 +++--- src/mon/Monitor.cc | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc index 706f6eca01ad1..adfe74d2baba6 100644 --- a/src/auth/cephx/CephxKeyServer.cc +++ b/src/auth/cephx/CephxKeyServer.cc @@ -450,9 +450,9 @@ int KeyServer::build_session_auth_info(uint32_t service_id, int KeyServer::build_session_auth_info(uint32_t service_id, const AuthTicket& parent_ticket, - CephXSessionAuthInfo& info, - CryptoKey& service_secret, - uint64_t secret_id) + const CryptoKey& service_secret, + uint64_t secret_id, + CephXSessionAuthInfo& info) { info.service_secret = service_secret; info.secret_id = secret_id; diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h index 8b54a06ec6cf4..3576c42c2357a 100644 --- a/src/auth/cephx/CephxKeyServer.h +++ b/src/auth/cephx/CephxKeyServer.h @@ -220,9 +220,9 @@ public: CephXSessionAuthInfo& info); int build_session_auth_info(uint32_t service_id, const AuthTicket& parent_ticket, - CephXSessionAuthInfo& info, - CryptoKey& service_secret, - uint64_t secret_id); + const CryptoKey& service_secret, + uint64_t secret_id, + CephXSessionAuthInfo& info); /* get current secret for specific service type */ bool get_service_secret(uint32_t service_id, CryptoKey& secret, diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index b77a466d9b78e..11677b562e033 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -6199,7 +6199,7 @@ bool Monitor::get_authorizer(int service_id, AuthAuthorizer **authorizer) } ret = key_server.build_session_auth_info( - service_id, auth_ticket_info.ticket, info, secret, (uint64_t)-1); + service_id, auth_ticket_info.ticket, secret, (uint64_t)-1, info); if (ret < 0) { dout(0) << __func__ << " failed to build mon session_auth_info " << cpp_strerror(ret) << dendl; -- 2.39.5