From 2157bcbf65a691d69fd52deb1fb5bb949b058f9c Mon Sep 17 00:00:00 2001
From: Peter Reiher <reiher@inktank.com>
Date: Mon, 29 Oct 2012 12:42:29 -0700
Subject: [PATCH] Temporary patch to a problem in Pipe related to monitor
 initialization.

Signed-off-by: Peter Reiher <reiher@inktank.com>
---
 src/auth/AuthAuthorizeHandler.cc |  3 +++
 src/msg/Pipe.cc                  | 32 +++++++++++++++++++++++---------
 2 files changed, 26 insertions(+), 9 deletions(-)

diff --git a/src/auth/AuthAuthorizeHandler.cc b/src/auth/AuthAuthorizeHandler.cc
index 78dd32f1f9c..c9c25900894 100644
--- a/src/auth/AuthAuthorizeHandler.cc
+++ b/src/auth/AuthAuthorizeHandler.cc
@@ -12,6 +12,7 @@
  *
  */
 
+#include "common/debug.h"
 #include "Auth.h"
 #include "AuthAuthorizeHandler.h"
 #include "cephx/CephxAuthorizeHandler.h"
@@ -19,6 +20,8 @@
 #include "AuthMethodList.h"
 #include "common/Mutex.h"
 
+#define dout_subsys ceph_subsys_auth
+
 AuthAuthorizeHandler *AuthAuthorizeHandlerRegistry::get_handler(int protocol)
 {
   if (!supported.is_supported_auth(protocol)) {
diff --git a/src/msg/Pipe.cc b/src/msg/Pipe.cc
index 431f3008208..5f69ba0b81f 100644
--- a/src/msg/Pipe.cc
+++ b/src/msg/Pipe.cc
@@ -311,19 +311,33 @@ int Pipe::accept()
     }
 
     msgr->lock.Unlock();
+
+    // As it stands, this code is not totally secure, since the first monitor pipe that gets set up isn't ready to verify authorizers.
+    // As a result, we just skip over verifying the authorizer.  Fixing it requires some surgery in monitor initialization.  PLR
+
     if (msgr->verify_authorizer(connection_state, peer_type,
-				connect.authorizer_protocol, authorizer, authorizer_reply, authorizer_valid, session_key) &&
-	!authorizer_valid) {
-      ldout(msgr->cct,0) << "accept bad authorizer" << dendl;
-      reply.tag = CEPH_MSGR_TAG_BADAUTHORIZER;
-      session_security = NULL;
-      goto reply;
+				connect.authorizer_protocol, authorizer, authorizer_reply, authorizer_valid, session_key) ) {
+	if (!authorizer_valid) {
+          ldout(msgr->cct,0) << "accept: got bad authorizer" << dendl;
+          reply.tag = CEPH_MSGR_TAG_BADAUTHORIZER;
+          session_security = NULL;
+          goto reply;
+        } 
+	else {
+
+          // We've verified the authorizer for this pipe, so set up the session security structure.  PLR
+
+          session_security = get_auth_session_handler(msgr->cct, connect.authorizer_protocol, session_key);
+        }
     }
+    else {
 
-    // We've verified the authorizer for this pipe, so set up the session security structure.  PLR
-
-    session_security = get_auth_session_handler(msgr->cct, connect.authorizer_protocol, session_key);
+      // verify_authorizer failed.  Don't set up session security, since we have no authorizer to get a key from.  PLR
 
+      ldout(msgr->cct,10) << "accept:  verify_authorizer failed, setting session_security to NULL." << dendl;
+      session_security = NULL;
+    }
+    
     msgr->lock.Lock();
     if (msgr->dispatch_queue.stop)
       goto shutting_down;