diff options
author | Tommi Virtanen <tommi.virtanen@dreamhost.com> | 2011-03-25 19:40:48 -0400 |
---|---|---|
committer | Sage Weil <sage@newdream.net> | 2011-03-29 15:11:19 -0400 |
commit | e2c3d29b4295c3eec18294bc34f0c99a7b9ae413 (patch) | |
tree | 29fbffeeed7e2774a4f87883ae01798079d85ed2 /net | |
parent | 8323c3aa74cd92465350294567142d12ffdcc963 (diff) |
libceph: Get secret from the kernel keys api when mounting with key=NAME.
Signed-off-by: Tommi Virtanen <tommi.virtanen@dreamhost.com>
Signed-off-by: Sage Weil <sage@newdream.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ceph/Kconfig | 1 | ||||
-rw-r--r-- | net/ceph/ceph_common.c | 58 |
2 files changed, 59 insertions, 0 deletions
diff --git a/net/ceph/Kconfig b/net/ceph/Kconfig index ad424049b0c..be683f2d401 100644 --- a/net/ceph/Kconfig +++ b/net/ceph/Kconfig | |||
@@ -4,6 +4,7 @@ config CEPH_LIB | |||
4 | select LIBCRC32C | 4 | select LIBCRC32C |
5 | select CRYPTO_AES | 5 | select CRYPTO_AES |
6 | select CRYPTO | 6 | select CRYPTO |
7 | select KEYS | ||
7 | default n | 8 | default n |
8 | help | 9 | help |
9 | Choose Y or M here to include cephlib, which provides the | 10 | Choose Y or M here to include cephlib, which provides the |
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index 02e084f29d2..c92bc8d5059 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c | |||
@@ -5,6 +5,8 @@ | |||
5 | #include <linux/fs.h> | 5 | #include <linux/fs.h> |
6 | #include <linux/inet.h> | 6 | #include <linux/inet.h> |
7 | #include <linux/in6.h> | 7 | #include <linux/in6.h> |
8 | #include <linux/key.h> | ||
9 | #include <keys/user-type.h> | ||
8 | #include <linux/module.h> | 10 | #include <linux/module.h> |
9 | #include <linux/mount.h> | 11 | #include <linux/mount.h> |
10 | #include <linux/parser.h> | 12 | #include <linux/parser.h> |
@@ -197,6 +199,7 @@ enum { | |||
197 | Opt_fsid, | 199 | Opt_fsid, |
198 | Opt_name, | 200 | Opt_name, |
199 | Opt_secret, | 201 | Opt_secret, |
202 | Opt_key, | ||
200 | Opt_ip, | 203 | Opt_ip, |
201 | Opt_last_string, | 204 | Opt_last_string, |
202 | /* string args above */ | 205 | /* string args above */ |
@@ -213,6 +216,7 @@ static match_table_t opt_tokens = { | |||
213 | {Opt_fsid, "fsid=%s"}, | 216 | {Opt_fsid, "fsid=%s"}, |
214 | {Opt_name, "name=%s"}, | 217 | {Opt_name, "name=%s"}, |
215 | {Opt_secret, "secret=%s"}, | 218 | {Opt_secret, "secret=%s"}, |
219 | {Opt_key, "key=%s"}, | ||
216 | {Opt_ip, "ip=%s"}, | 220 | {Opt_ip, "ip=%s"}, |
217 | /* string args above */ | 221 | /* string args above */ |
218 | {Opt_noshare, "noshare"}, | 222 | {Opt_noshare, "noshare"}, |
@@ -232,6 +236,50 @@ void ceph_destroy_options(struct ceph_options *opt) | |||
232 | } | 236 | } |
233 | EXPORT_SYMBOL(ceph_destroy_options); | 237 | EXPORT_SYMBOL(ceph_destroy_options); |
234 | 238 | ||
239 | /* get secret from key store */ | ||
240 | static int get_secret(struct ceph_crypto_key *dst, const char *name) { | ||
241 | struct key *ukey; | ||
242 | int key_err; | ||
243 | int err = 0; | ||
244 | struct user_key_payload *payload; | ||
245 | void *p; | ||
246 | |||
247 | ukey = request_key(&key_type_user, name, NULL); | ||
248 | if (!ukey || IS_ERR(ukey)) { | ||
249 | /* request_key errors don't map nicely to mount(2) | ||
250 | errors; don't even try, but still printk */ | ||
251 | key_err = PTR_ERR(ukey); | ||
252 | switch (key_err) { | ||
253 | case -ENOKEY: | ||
254 | pr_warning("ceph: Mount failed due to key not found: %s\n", name); | ||
255 | break; | ||
256 | case -EKEYEXPIRED: | ||
257 | pr_warning("ceph: Mount failed due to expired key: %s\n", name); | ||
258 | break; | ||
259 | case -EKEYREVOKED: | ||
260 | pr_warning("ceph: Mount failed due to revoked key: %s\n", name); | ||
261 | break; | ||
262 | default: | ||
263 | pr_warning("ceph: Mount failed due to unknown key error" | ||
264 | " %d: %s\n", key_err, name); | ||
265 | } | ||
266 | err = -EPERM; | ||
267 | goto out; | ||
268 | } | ||
269 | |||
270 | payload = ukey->payload.data; | ||
271 | p = payload->data; | ||
272 | err = ceph_crypto_key_decode(dst, &p, p + payload->datalen); | ||
273 | if (err) | ||
274 | goto out_key; | ||
275 | /* pass through, err is 0 */ | ||
276 | |||
277 | out_key: | ||
278 | key_put(ukey); | ||
279 | out: | ||
280 | return err; | ||
281 | } | ||
282 | |||
235 | int ceph_parse_options(struct ceph_options **popt, char *options, | 283 | int ceph_parse_options(struct ceph_options **popt, char *options, |
236 | const char *dev_name, const char *dev_name_end, | 284 | const char *dev_name, const char *dev_name_end, |
237 | int (*parse_extra_token)(char *c, void *private), | 285 | int (*parse_extra_token)(char *c, void *private), |
@@ -328,6 +376,16 @@ int ceph_parse_options(struct ceph_options **popt, char *options, | |||
328 | if (err < 0) | 376 | if (err < 0) |
329 | goto out; | 377 | goto out; |
330 | break; | 378 | break; |
379 | case Opt_key: | ||
380 | opt->key = kzalloc(sizeof(*opt->key), GFP_KERNEL); | ||
381 | if (!opt->key) { | ||
382 | err = -ENOMEM; | ||
383 | goto out; | ||
384 | } | ||
385 | err = get_secret(opt->key, argstr[0].from); | ||
386 | if (err < 0) | ||
387 | goto out; | ||
388 | break; | ||
331 | 389 | ||
332 | /* misc */ | 390 | /* misc */ |
333 | case Opt_osdtimeout: | 391 | case Opt_osdtimeout: |