auth: remove global instance of auth_supported

Wrap it in a class.

Instantiate locally, or keep a copy around if we'll need it often.

Factor out the protocol selection into an AuthSupported method.  Prefer
larger ids, for lack of a better policy.

Signed-off-by: Sage Weil <sage.weil@dreamhost.com>

src/auth/AuthAuthorizeHandler.cc

@@ -21,7 +21,7 @@
 
 AuthAuthorizeHandler *AuthAuthorizeHandlerRegistry::get_handler(int protocol)
 {
-  if (!is_supported_auth(protocol, cct)) {
+  if (!supported.is_supported_auth(protocol)) {
     return NULL;
   }
   

src/auth/AuthAuthorizeHandler.h

@@ -16,6 +16,7 @@
 #define CEPH_AUTHAUTHORIZEHANDLER_H
 
 #include "Auth.h"
+#include "AuthSupported.h"
 #include "include/types.h"
 
 class CephContext;
@@ -34,10 +35,11 @@ class AuthAuthorizeHandlerRegistry {
   Mutex m_lock;
   map<int,AuthAuthorizeHandler*> m_authorizers;
   CephContext *cct;
+  AuthSupported supported;
 
 public:
   AuthAuthorizeHandlerRegistry(CephContext *cct_)
-    : m_lock("AuthAuthorizeHandlerRegistry::m_lock"), cct(cct_)
+    : m_lock("AuthAuthorizeHandlerRegistry::m_lock"), cct(cct_), supported(cct_)
   {}
   ~AuthAuthorizeHandlerRegistry();
   

src/auth/AuthServiceHandler.cc

@@ -21,14 +21,13 @@
 #define DOUT_SUBSYS auth
 
 
-AuthServiceHandler *get_auth_service_handler(CephContext *cct, KeyServer *ks,
-					     set<__u32>& supported)
+AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServer *ks)
 {
-  if (is_supported_auth(CEPH_AUTH_CEPHX, cct) && supported.count(CEPH_AUTH_CEPHX))
+  switch (type) {
+  case CEPH_AUTH_CEPHX:
     return new CephxServiceHandler(cct, ks);
-  if (is_supported_auth(CEPH_AUTH_NONE, cct) && supported.count(CEPH_AUTH_NONE))
+  case CEPH_AUTH_NONE:
     return new AuthNoneServiceHandler(cct);
+  }
   return NULL;
 }
-
-

src/auth/AuthServiceHandler.h

@@ -39,7 +39,6 @@ public:
   EntityName& get_entity_name() { return entity_name; }
 };
 
-extern AuthServiceHandler *get_auth_service_handler(CephContext *cct,
-				KeyServer *ks, set<__u32>& supported);
+extern AuthServiceHandler *get_auth_service_handler(int type, CephContext *cct, KeyServer *ks);
 
 #endif

src/auth/AuthSupported.cc

@@ -19,11 +19,9 @@
 
 #define DOUT_SUBSYS auth
 
-static bool _supported_initialized = false;
-static Mutex _supported_lock("auth_supported_init");
-static set<int> auth_supported;
+#include "AuthSupported.h"
 
-static void _init_supported(CephContext *cct)
+AuthSupported::AuthSupported(CephContext *cct)
 {
   string str = cct->_conf->auth_supported;
   list<string> sup_list;
@@ -37,19 +35,17 @@ static void _init_supported(CephContext *cct)
       lderr(cct) << "WARNING: unknown auth protocol defined: " << *iter << dendl;
     }
   }
-  _supported_initialized = true;
 }
 
-
-bool is_supported_auth(int auth_type, CephContext *cct)
+bool AuthSupported::is_supported_auth(int auth_type)
 {
-  {
-    Mutex::Locker lock(_supported_lock);
-    if (!_supported_initialized) {
-      _init_supported(cct);
-    }
-  }
   return auth_supported.count(auth_type);
 }
 
-
+int AuthSupported::pick(const set<__u32>& supp)
+{
+  for (set<__u32>::const_reverse_iterator p = supp.rbegin(); p != supp.rend(); ++p)
+    if (is_supported_auth(*p))
+      return *p;
+  return CEPH_AUTH_NONE;
+}

src/auth/AuthSupported.h

@@ -15,10 +15,19 @@
 #ifndef CEPH_AUTHSUPPORTED_H
 #define CEPH_AUTHSUPPORTED_H
 
-#include <map>
+#include "include/inttypes.h"
+#include <set>
 
 class CephContext;
 
-extern bool is_supported_auth(int auth_type, CephContext *cct);
+class AuthSupported {
+  std::set<int> auth_supported;
+public:
+  AuthSupported(CephContext *cct);
+
+  bool is_supported_auth(int auth_type);
+  int pick(const std::set<__u32>& supported);
+};
+
 
 #endif

src/auth/KeyRing.cc

@@ -38,7 +38,9 @@ KeyRing *KeyRing::from_ceph_context(CephContext *cct)
   bool found_key = false;
   auto_ptr < KeyRing > keyring(new KeyRing());
 
-  if (!is_supported_auth(CEPH_AUTH_CEPHX, cct)) {
+  AuthSupported supported(cct);
+
+  if (!supported.is_supported_auth(CEPH_AUTH_CEPHX)) {
     ldout(cct, 2) << "KeyRing::from_ceph_context: CephX auth is not supported." << dendl;
     return keyring.release();
   }

src/mon/AuthMonitor.cc

@@ -365,8 +365,8 @@ bool AuthMonitor::prep_auth(MAuth *m, bool paxos_writable)
       goto reply;
     }
 
-    s->auth_handler = get_auth_service_handler(g_ceph_context,
-					       &mon->key_server, supported);
+    int type = mon->auth_supported.pick(supported);
+    s->auth_handler = get_auth_service_handler(type, g_ceph_context, &mon->key_server);
     if (!s->auth_handler) {
       ret = -ENOTSUP;
       goto reply;

src/mon/Monitor.cc

@@ -109,6 +109,7 @@ Monitor::Monitor(CephContext* cct_, string nm, MonitorStore *s, Messenger *m, Mo
   monmap(map),
   clog(cct_, messenger, monmap, NULL, LogClient::FLAG_MON),
   key_server(cct),
+  auth_supported(cct),
   store(s),
   
   state(STATE_STARTING), stopping(false),
@@ -1151,7 +1152,7 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer, boo
   if (service_id != CEPH_ENTITY_TYPE_MON)
     return false;
 
-  if (!is_supported_auth(CEPH_AUTH_CEPHX, g_ceph_context))
+  if (!auth_supported.is_supported_auth(CEPH_AUTH_CEPHX))
     return false;
 
   CephXServiceTicketInfo auth_ticket_info;
@@ -1208,7 +1209,7 @@ bool Monitor::ms_verify_authorizer(Connection *con, int peer_type,
 	   << " protocol " << protocol << dendl;
 
   if (peer_type == CEPH_ENTITY_TYPE_MON &&
-      is_supported_auth(CEPH_AUTH_CEPHX, g_ceph_context)) {
+      auth_supported.is_supported_auth(CEPH_AUTH_CEPHX)) {
     // monitor, and cephx is enabled
     isvalid = false;
     if (protocol == CEPH_AUTH_CEPHX) {

src/mon/Monitor.h

@@ -38,6 +38,7 @@
 #include "common/LogClient.h"
 
 #include "auth/cephx/CephxKeyServer.h"
+#include "auth/AuthSupported.h"
 
 #include "perfglue/heap_profiler.h"
 
@@ -72,6 +73,8 @@ public:
   LogClient clog;
   KeyServer key_server;
 
+  AuthSupported auth_supported;
+
 private:
   void new_tick();
   friend class C_Mon_Tick;