From f255bbc3607f9f2529f355c89a7a4377c0609265 Mon Sep 17 00:00:00 2001
From: Yehuda Sadeh <yehuda@hq.newdream.net>
Date: Tue, 22 Sep 2009 12:13:35 -0700
Subject: [PATCH] auth: osd loads rotating keys on startup

---
 src/auth/KeyRing.cc    |  2 +-
 src/auth/KeysServer.cc |  2 ++
 src/mon/AuthMonitor.cc |  3 +--
 src/mon/MonClient.cc   | 20 +++++++++++++++-----
 src/mon/MonClient.h    |  5 ++++-
 src/osd/OSD.cc         |  2 ++
 6 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
index 47bc5f3c0f2c0..5a7302751a2f7 100644
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -55,7 +55,7 @@ bool KeyRing::load_master(const char *filename)
   struct stat st;
   int rc = fstat(fd, &st);
   if (rc != 0) {
-    dout(0) << "error stating key ring file " << filename << dendl;
+    dout(0) << "error stat'ing key ring file " << filename << dendl;
     return false;
   }
   __int32_t len = st.st_size;
diff --git a/src/auth/KeysServer.cc b/src/auth/KeysServer.cc
index 51892c2b11d98..143e2c73676f0 100644
--- a/src/auth/KeysServer.cc
+++ b/src/auth/KeysServer.cc
@@ -238,5 +238,7 @@ bool KeysServer::get_rotating_encrypted(EntityName& name, bufferlist& enc_bl)
   RotatingSecrets secrets = rotate_iter->second;
 
   encode_encrypt(secrets, specific_key, enc_bl);
+
+  return true;
 }
 
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 7cae40c99ce1a..b504c3cf960d3 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -147,7 +147,7 @@ bool AuthMonitor::update_from_paxos()
     inc.decode_entry(entry);
     switch (inc.op) {
     case AUTH_INC_ADD:
-      if (entry.rotating) {
+      if (!entry.rotating) {
         keys_server.add_secret(entry.name, entry.secret);
       } else {
         derr(0) << "got AUTH_INC_ADD with entry.rotating" << dendl;
@@ -293,7 +293,6 @@ bool AuthMonitor::preprocess_command(MMonCommand *m)
   if (m->cmd.size() > 1) {
     if (m->cmd[1] == "add" ||
         m->cmd[1] == "del" ||
-        m->cmd[1] == "activate" ||
         m->cmd[1] == "list") {
       return false;
     }
diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index e00747394c65c..1bb3b403196cf 100644
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -32,6 +32,7 @@
 
 #include "auth/Auth.h"
 #include "auth/AuthProtocol.h"
+#include "auth/KeysServer.h"
 
 #include "config.h"
 
@@ -335,7 +336,13 @@ void MonClient::_reopen_session()
 {
   dout(10) << "_reopen_session" << dendl;
   _pick_new_mon();
+
+  dout(0) << "_reopen_session 0" << dendl;
   auth.start_session(this, 30.0);
+  dout(0) << "_reopen_session 1" << dendl;
+  _start_auth_rotating(KEY_ROTATE_TIME);
+  dout(0) << "_reopen_session 2" << dendl;
+
   if (mounting)
     _send_mount();
   if (!sub_have.empty())
@@ -432,13 +439,16 @@ int MonClient::authorize(double timeout)
   return auth.authorize(CEPHX_PRINCIPAL_MON, timeout);
 }
 
-int MonClient::start_auth_rotating(EntityName& name, double timeout)
+int MonClient::_start_auth_rotating(double timeout)
 {
+  if (entity_name.entity_type != CEPHX_PRINCIPAL_OSD)
+    return 0;
+
   MAuthRotating *m = new MAuthRotating();
   if (!m)
     return -ENOMEM;
 
-  Mutex::Locker l(monc_lock);
+  m->entity_name = entity_name;
 
   _send_mon_message(m);
 
@@ -447,12 +457,12 @@ int MonClient::start_auth_rotating(EntityName& name, double timeout)
     return -ENOMEM;
   timer.add_event_after(timeout, auth_timeout_event);
 
-  dout(0) << "MonClient::start_auth_rotating waiting" << dendl;
+  dout(0) << "MonClient::_start_auth_rotating waiting" << dendl;
   auth_cond.Wait(monc_lock);
-  dout(0) << "MonClient::start_auth_rotating wait ended" << dendl;
+  dout(0) << "MonClient::_start_auth_rotating wait ended" << dendl;
 
   if (auth_got_timeout) {
-    dout(0) << "MonClient::start_auth_rotating got timeout" << dendl;
+    dout(0) << "MonClient::_start_auth_rotating got timeout" << dendl;
     return -ETIMEDOUT;
   }
 
diff --git a/src/mon/MonClient.h b/src/mon/MonClient.h
index 111c766a4cfbd..e82b103723a36 100644
--- a/src/mon/MonClient.h
+++ b/src/mon/MonClient.h
@@ -41,6 +41,8 @@ private:
 
   int cur_mon;
 
+  EntityName entity_name;
+
   entity_addr_t my_addr;
 
   Mutex monc_lock;
@@ -104,12 +106,13 @@ private:
   void handle_mount_ack(MClientMountAck* m);
 
 public:
+  void set_entity_name(EntityName name) { entity_name = name; }
   void _auth_rotating_timeout(double timeout) {
     auth_got_timeout = true;
     auth_cond.Signal();
   }
 
- int start_auth_rotating(EntityName& name, double timeout);
+  int _start_auth_rotating(double timeout);
 
   int mount(double mount_timeout);
   int authenticate(double timeout);
diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc
index 66bc5e8a18aff..f5ad0394ad8d9 100644
--- a/src/osd/OSD.cc
+++ b/src/osd/OSD.cc
@@ -428,6 +428,8 @@ int OSD::init()
   ename.entity_type = CEPHX_PRINCIPAL_OSD;
   ename.name = g_conf.id;
 
+  monc->set_entity_name(ename);
+
   monc->sub_want("monmap", 0);
   monc->renew_subs();  
 
-- 
2.39.5