auth/cephx: make KeyServer::build_session_auth_info() less confusing

The second KeyServer::build_session_auth_info() overload is used only by the monitor, for mon <-> mon authentication. The monitor passes in service_secret (mon secret) and secret_id (-1). The TTL is irrelevant because there is no rotation. However the signature doesn't make it obvious. Clarify that service_secret and secret_id are input parameters and info is the only output parameter. Signed-off-by: Ilya Dryomov <idryomov@gmail.com> (cherry picked from commit 6f12cd3)
ceph · Apr 16, 2021 · 4a484de · 4a484de
1 parent d5328bc
commit 4a484de
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 7 deletions.
diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
@@ -449,9 +449,9 @@ int KeyServer::build_session_auth_info(uint32_t service_id,
 
 int KeyServer::build_session_auth_info(uint32_t service_id,
 				       const AuthTicket& parent_ticket,
-				       CephXSessionAuthInfo& info,
-				       CryptoKey& service_secret,
-				       uint64_t secret_id)
+				       const CryptoKey& service_secret,
+				       uint64_t secret_id,
+				       CephXSessionAuthInfo& info)
 {
   info.service_secret = service_secret;
   info.secret_id = secret_id;

diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
@@ -222,9 +222,9 @@ class KeyServer : public KeyStore {
 			      CephXSessionAuthInfo& info);
   int build_session_auth_info(uint32_t service_id,
 			      const AuthTicket& parent_ticket,
-			      CephXSessionAuthInfo& info,
-			      CryptoKey& service_secret,
-			      uint64_t secret_id);
+			      const CryptoKey& service_secret,
+			      uint64_t secret_id,
+			      CephXSessionAuthInfo& info);
 
   /* get current secret for specific service type */
   bool get_service_secret(uint32_t service_id, CryptoKey& secret,

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
@@ -6203,7 +6203,7 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer)
     }
 
     ret = key_server.build_session_auth_info(
-      service_id, auth_ticket_info.ticket, info, secret, (uint64_t)-1);
+      service_id, auth_ticket_info.ticket, secret, (uint64_t)-1, info);
     if (ret < 0) {
       dout(0) << __func__ << " failed to build mon session_auth_info "
 	      << cpp_strerror(ret) << dendl;