diff options
| author | Ilya Dryomov <idryomov@gmail.com> | 2015-10-28 18:52:06 -0400 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@gmail.com> | 2015-11-02 17:37:46 -0500 |
| commit | a51983e4dd2d4d63912aab939f657c4cd476e21a (patch) | |
| tree | cb8d56d2a5e64990d2177c17dec527c41c24a000 /net/ceph | |
| parent | 859bff51dc5e92ddfb5eb6f17b8040d9311095bb (diff) | |
libceph: add nocephx_sign_messages option
Support for message signing was merged into 3.19, along with
nocephx_require_signatures option. But, all that option does is allow
the kernel client to talk to clusters that don't support MSG_AUTH
feature bit. That's pretty useless, given that it's been supported
since bobtail.
Meanwhile, if one disables message signing on the server side with
"cephx sign messages = false", it becomes impossible to use the kernel
client since it expects messages to be signed if MSG_AUTH was
negotiated. Add nocephx_sign_messages option to support this use case.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'net/ceph')
| -rw-r--r-- | net/ceph/auth_x.c | 7 | ||||
| -rw-r--r-- | net/ceph/ceph_common.c | 12 | ||||
| -rw-r--r-- | net/ceph/messenger.c | 2 |
3 files changed, 20 insertions, 1 deletions
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 3a544ca6b5ce..10d87753ed87 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c | |||
| @@ -8,6 +8,7 @@ | |||
| 8 | 8 | ||
| 9 | #include <linux/ceph/decode.h> | 9 | #include <linux/ceph/decode.h> |
| 10 | #include <linux/ceph/auth.h> | 10 | #include <linux/ceph/auth.h> |
| 11 | #include <linux/ceph/libceph.h> | ||
| 11 | #include <linux/ceph/messenger.h> | 12 | #include <linux/ceph/messenger.h> |
| 12 | 13 | ||
| 13 | #include "crypto.h" | 14 | #include "crypto.h" |
| @@ -698,6 +699,9 @@ static int ceph_x_sign_message(struct ceph_auth_handshake *auth, | |||
| 698 | { | 699 | { |
| 699 | int ret; | 700 | int ret; |
| 700 | 701 | ||
| 702 | if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN)) | ||
| 703 | return 0; | ||
| 704 | |||
| 701 | ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer, | 705 | ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer, |
| 702 | msg, &msg->footer.sig); | 706 | msg, &msg->footer.sig); |
| 703 | if (ret < 0) | 707 | if (ret < 0) |
| @@ -712,6 +716,9 @@ static int ceph_x_check_message_signature(struct ceph_auth_handshake *auth, | |||
| 712 | __le64 sig_check; | 716 | __le64 sig_check; |
| 713 | int ret; | 717 | int ret; |
| 714 | 718 | ||
| 719 | if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN)) | ||
| 720 | return 0; | ||
| 721 | |||
| 715 | ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer, | 722 | ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer, |
| 716 | msg, &sig_check); | 723 | msg, &sig_check); |
| 717 | if (ret < 0) | 724 | if (ret < 0) |
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index d1494d1a8592..6b4d3a1684de 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c | |||
| @@ -245,6 +245,8 @@ enum { | |||
| 245 | Opt_nocrc, | 245 | Opt_nocrc, |
| 246 | Opt_cephx_require_signatures, | 246 | Opt_cephx_require_signatures, |
| 247 | Opt_nocephx_require_signatures, | 247 | Opt_nocephx_require_signatures, |
| 248 | Opt_cephx_sign_messages, | ||
| 249 | Opt_nocephx_sign_messages, | ||
| 248 | Opt_tcp_nodelay, | 250 | Opt_tcp_nodelay, |
| 249 | Opt_notcp_nodelay, | 251 | Opt_notcp_nodelay, |
| 250 | }; | 252 | }; |
| @@ -267,6 +269,8 @@ static match_table_t opt_tokens = { | |||
| 267 | {Opt_nocrc, "nocrc"}, | 269 | {Opt_nocrc, "nocrc"}, |
| 268 | {Opt_cephx_require_signatures, "cephx_require_signatures"}, | 270 | {Opt_cephx_require_signatures, "cephx_require_signatures"}, |
| 269 | {Opt_nocephx_require_signatures, "nocephx_require_signatures"}, | 271 | {Opt_nocephx_require_signatures, "nocephx_require_signatures"}, |
| 272 | {Opt_cephx_sign_messages, "cephx_sign_messages"}, | ||
| 273 | {Opt_nocephx_sign_messages, "nocephx_sign_messages"}, | ||
| 270 | {Opt_tcp_nodelay, "tcp_nodelay"}, | 274 | {Opt_tcp_nodelay, "tcp_nodelay"}, |
| 271 | {Opt_notcp_nodelay, "notcp_nodelay"}, | 275 | {Opt_notcp_nodelay, "notcp_nodelay"}, |
| 272 | {-1, NULL} | 276 | {-1, NULL} |
| @@ -491,6 +495,12 @@ ceph_parse_options(char *options, const char *dev_name, | |||
| 491 | case Opt_nocephx_require_signatures: | 495 | case Opt_nocephx_require_signatures: |
| 492 | opt->flags |= CEPH_OPT_NOMSGAUTH; | 496 | opt->flags |= CEPH_OPT_NOMSGAUTH; |
| 493 | break; | 497 | break; |
| 498 | case Opt_cephx_sign_messages: | ||
| 499 | opt->flags &= ~CEPH_OPT_NOMSGSIGN; | ||
| 500 | break; | ||
| 501 | case Opt_nocephx_sign_messages: | ||
| 502 | opt->flags |= CEPH_OPT_NOMSGSIGN; | ||
| 503 | break; | ||
| 494 | 504 | ||
| 495 | case Opt_tcp_nodelay: | 505 | case Opt_tcp_nodelay: |
| 496 | opt->flags |= CEPH_OPT_TCP_NODELAY; | 506 | opt->flags |= CEPH_OPT_TCP_NODELAY; |
| @@ -534,6 +544,8 @@ int ceph_print_client_options(struct seq_file *m, struct ceph_client *client) | |||
| 534 | seq_puts(m, "nocrc,"); | 544 | seq_puts(m, "nocrc,"); |
| 535 | if (opt->flags & CEPH_OPT_NOMSGAUTH) | 545 | if (opt->flags & CEPH_OPT_NOMSGAUTH) |
| 536 | seq_puts(m, "nocephx_require_signatures,"); | 546 | seq_puts(m, "nocephx_require_signatures,"); |
| 547 | if (opt->flags & CEPH_OPT_NOMSGSIGN) | ||
| 548 | seq_puts(m, "nocephx_sign_messages,"); | ||
| 537 | if ((opt->flags & CEPH_OPT_TCP_NODELAY) == 0) | 549 | if ((opt->flags & CEPH_OPT_TCP_NODELAY) == 0) |
| 538 | seq_puts(m, "notcp_nodelay,"); | 550 | seq_puts(m, "notcp_nodelay,"); |
| 539 | 551 | ||
diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index 11108076bac3..0cc5608b2c8f 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c | |||
| @@ -2677,7 +2677,7 @@ more: | |||
| 2677 | if (ret <= 0) { | 2677 | if (ret <= 0) { |
| 2678 | switch (ret) { | 2678 | switch (ret) { |
| 2679 | case -EBADMSG: | 2679 | case -EBADMSG: |
| 2680 | con->error_msg = "bad crc"; | 2680 | con->error_msg = "bad crc/signature"; |
| 2681 | /* fall through */ | 2681 | /* fall through */ |
| 2682 | case -EBADE: | 2682 | case -EBADE: |
| 2683 | ret = -EIO; | 2683 | ret = -EIO; |