From faa5fb559138fb56a5f9ee397629436472ba92f3 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@newdream.net>
Date: Mon, 5 Oct 2009 13:53:28 -0700
Subject: [PATCH] msgr: get_authorizer hook?

---
 src/include/msgr.h         |  2 ++
 src/msg/Dispatcher.h       |  7 +++++++
 src/msg/SimpleMessenger.cc | 10 ++++++++++
 3 files changed, 19 insertions(+)

diff --git a/src/include/msgr.h b/src/include/msgr.h
index 73921ae43faad..8e5c1b5e6bf9a 100644
--- a/src/include/msgr.h
+++ b/src/include/msgr.h
@@ -104,6 +104,7 @@ struct ceph_msg_connect {
 	__le32 global_seq;   /* count connections initiated by this host */
 	__le32 connect_seq;  /* count connections initiated in this session */
 	__le32 protocol_version;
+	__le32 authorizer_len;
 	__u8  flags;         /* CEPH_MSG_CONNECT_* */
 } __attribute__ ((packed));
 
@@ -112,6 +113,7 @@ struct ceph_msg_connect_reply {
 	__le32 global_seq;
 	__le32 connect_seq;
 	__le32 protocol_version;
+	__le32 authorizer_len;
 	__u8 flags;
 } __attribute__ ((packed));
 
diff --git a/src/msg/Dispatcher.h b/src/msg/Dispatcher.h
index 822a8f33c4e46..e5f853cb849e2 100644
--- a/src/msg/Dispatcher.h
+++ b/src/msg/Dispatcher.h
@@ -42,6 +42,13 @@ public:
   // on deliberate reset of connection by remote
   //  implies incoming messages dropped; possibly/probably some of our previous outgoing too.
   virtual void ms_handle_remote_reset(Connection *con, const entity_addr_t& peer) = 0;
+
+  
+  // authorization handshake provides mutual authentication of peers.
+  //  connecting side
+  virtual bool ms_get_authorizer(int dest_type, bufferlist& authorizer);
+  //  accepting side
+  virtual bool ms_verify_authorizer(Connection *con, bufferlist& authorizer, bufferlist& authorizer_reply);
 };
 
 #endif
diff --git a/src/msg/SimpleMessenger.cc b/src/msg/SimpleMessenger.cc
index 738c2216035d6..11845e94a6c58 100644
--- a/src/msg/SimpleMessenger.cc
+++ b/src/msg/SimpleMessenger.cc
@@ -939,12 +939,16 @@ int SimpleMessenger::Pipe::connect()
   }
   dout(10) << "connect sent my addr " << rank->rank_addr << dendl;
 
+  bufferlist authorizer;
+  //get_authorizer(peer_type, authorizer);
+
   while (1) {
     ceph_msg_connect connect;
     connect.host_type = rank->my_type;
     connect.global_seq = gseq;
     connect.connect_seq = cseq;
     connect.protocol_version = get_proto_version(rank->my_type, peer_type, true);
+    connect.authorizer_len = authorizer.length();
     connect.flags = 0;
     if (policy.lossy_tx)
       connect.flags |= CEPH_MSG_CONNECT_LOSSY;
@@ -954,6 +958,12 @@ int SimpleMessenger::Pipe::connect()
     msg.msg_iov = msgvec;
     msg.msg_iovlen = 1;
     msglen = msgvec[0].iov_len;
+    if (authorizer.length()) {
+      msgvec[1].iov_base = authorizer.c_str();
+      msgvec[1].iov_len = authorizer.length();
+      msg.msg_iovlen++;
+      msglen += msgvec[1].iov_len;
+    }
 
     dout(10) << "connect sending gseq=" << gseq << " cseq=" << cseq
 	     << " proto=" << connect.protocol_version << dendl;
-- 
2.39.5