diff options
author | Sage Weil <sage@newdream.net> | 2010-05-25 18:39:06 -0400 |
---|---|---|
committer | Sage Weil <sage@newdream.net> | 2010-05-29 12:12:39 -0400 |
commit | a41359fa355e7b450c610ed8e913d5d75c3c9c3b (patch) | |
tree | 6dc6681f4350f0888ddcb55b5a21326069c200b2 | |
parent | 09c4d6a7d40dd26c1b35674c582382b7ea551368 (diff) |
ceph: renew auth tickets before they expire
We were only requesting renewal after our tickets expire; do so before
that. Most of the low-level logic for this was already there; just use
it.
Signed-off-by: Sage Weil <sage@newdream.net>
-rw-r--r-- | fs/ceph/auth.c | 2 | ||||
-rw-r--r-- | fs/ceph/auth.h | 6 | ||||
-rw-r--r-- | fs/ceph/auth_none.c | 8 | ||||
-rw-r--r-- | fs/ceph/auth_x.c | 12 |
4 files changed, 27 insertions, 1 deletions
diff --git a/fs/ceph/auth.c b/fs/ceph/auth.c index a28ebdf465d7..89490beaf537 100644 --- a/fs/ceph/auth.c +++ b/fs/ceph/auth.c | |||
@@ -246,7 +246,7 @@ int ceph_build_auth(struct ceph_auth_client *ac, | |||
246 | if (!ac->protocol) | 246 | if (!ac->protocol) |
247 | return ceph_auth_build_hello(ac, msg_buf, msg_len); | 247 | return ceph_auth_build_hello(ac, msg_buf, msg_len); |
248 | BUG_ON(!ac->ops); | 248 | BUG_ON(!ac->ops); |
249 | if (!ac->ops->is_authenticated(ac)) | 249 | if (ac->ops->should_authenticate(ac)) |
250 | return ceph_build_auth_request(ac, msg_buf, msg_len); | 250 | return ceph_build_auth_request(ac, msg_buf, msg_len); |
251 | return 0; | 251 | return 0; |
252 | } | 252 | } |
diff --git a/fs/ceph/auth.h b/fs/ceph/auth.h index 4429a707c021..d38a2fb4a137 100644 --- a/fs/ceph/auth.h +++ b/fs/ceph/auth.h | |||
@@ -24,6 +24,12 @@ struct ceph_auth_client_ops { | |||
24 | int (*is_authenticated)(struct ceph_auth_client *ac); | 24 | int (*is_authenticated)(struct ceph_auth_client *ac); |
25 | 25 | ||
26 | /* | 26 | /* |
27 | * true if we should (re)authenticate, e.g., when our tickets | ||
28 | * are getting old and crusty. | ||
29 | */ | ||
30 | int (*should_authenticate)(struct ceph_auth_client *ac); | ||
31 | |||
32 | /* | ||
27 | * build requests and process replies during monitor | 33 | * build requests and process replies during monitor |
28 | * handshake. if handle_reply returns -EAGAIN, we build | 34 | * handshake. if handle_reply returns -EAGAIN, we build |
29 | * another request. | 35 | * another request. |
diff --git a/fs/ceph/auth_none.c b/fs/ceph/auth_none.c index 24407c119291..ad1dc21286c7 100644 --- a/fs/ceph/auth_none.c +++ b/fs/ceph/auth_none.c | |||
@@ -31,6 +31,13 @@ static int is_authenticated(struct ceph_auth_client *ac) | |||
31 | return !xi->starting; | 31 | return !xi->starting; |
32 | } | 32 | } |
33 | 33 | ||
34 | static int should_authenticate(struct ceph_auth_client *ac) | ||
35 | { | ||
36 | struct ceph_auth_none_info *xi = ac->private; | ||
37 | |||
38 | return xi->starting; | ||
39 | } | ||
40 | |||
34 | /* | 41 | /* |
35 | * the generic auth code decode the global_id, and we carry no actual | 42 | * the generic auth code decode the global_id, and we carry no actual |
36 | * authenticate state, so nothing happens here. | 43 | * authenticate state, so nothing happens here. |
@@ -98,6 +105,7 @@ static const struct ceph_auth_client_ops ceph_auth_none_ops = { | |||
98 | .reset = reset, | 105 | .reset = reset, |
99 | .destroy = destroy, | 106 | .destroy = destroy, |
100 | .is_authenticated = is_authenticated, | 107 | .is_authenticated = is_authenticated, |
108 | .should_authenticate = should_authenticate, | ||
101 | .handle_reply = handle_reply, | 109 | .handle_reply = handle_reply, |
102 | .create_authorizer = ceph_auth_none_create_authorizer, | 110 | .create_authorizer = ceph_auth_none_create_authorizer, |
103 | .destroy_authorizer = ceph_auth_none_destroy_authorizer, | 111 | .destroy_authorizer = ceph_auth_none_destroy_authorizer, |
diff --git a/fs/ceph/auth_x.c b/fs/ceph/auth_x.c index 7b206231566d..83d4d2785ffe 100644 --- a/fs/ceph/auth_x.c +++ b/fs/ceph/auth_x.c | |||
@@ -27,6 +27,17 @@ static int ceph_x_is_authenticated(struct ceph_auth_client *ac) | |||
27 | return (ac->want_keys & xi->have_keys) == ac->want_keys; | 27 | return (ac->want_keys & xi->have_keys) == ac->want_keys; |
28 | } | 28 | } |
29 | 29 | ||
30 | static int ceph_x_should_authenticate(struct ceph_auth_client *ac) | ||
31 | { | ||
32 | struct ceph_x_info *xi = ac->private; | ||
33 | int need; | ||
34 | |||
35 | ceph_x_validate_tickets(ac, &need); | ||
36 | dout("ceph_x_should_authenticate want=%d need=%d have=%d\n", | ||
37 | ac->want_keys, need, xi->have_keys); | ||
38 | return need != 0; | ||
39 | } | ||
40 | |||
30 | static int ceph_x_encrypt_buflen(int ilen) | 41 | static int ceph_x_encrypt_buflen(int ilen) |
31 | { | 42 | { |
32 | return sizeof(struct ceph_x_encrypt_header) + ilen + 16 + | 43 | return sizeof(struct ceph_x_encrypt_header) + ilen + 16 + |
@@ -620,6 +631,7 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac, | |||
620 | static const struct ceph_auth_client_ops ceph_x_ops = { | 631 | static const struct ceph_auth_client_ops ceph_x_ops = { |
621 | .name = "x", | 632 | .name = "x", |
622 | .is_authenticated = ceph_x_is_authenticated, | 633 | .is_authenticated = ceph_x_is_authenticated, |
634 | .should_authenticate = ceph_x_should_authenticate, | ||
623 | .build_request = ceph_x_build_request, | 635 | .build_request = ceph_x_build_request, |
624 | .handle_reply = ceph_x_handle_reply, | 636 | .handle_reply = ceph_x_handle_reply, |
625 | .create_authorizer = ceph_x_create_authorizer, | 637 | .create_authorizer = ceph_x_create_authorizer, |