ceph: allow renewal of auth credentials

Add infrastructure to allow the mon_client to periodically renew its auth credentials. Also add a messenger callback that will force such a renewal if a peer rejects our authenticator. Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net> Signed-off-by: Sage Weil <sage@newdream.net>
author: Sage Weil <sage@newdream.net> 2010-02-02 19:21:06 -0500
committer: Sage Weil <sage@newdream.net> 2010-02-10 18:04:47 -0500
commit: 9bd2e6f8ba71facf1cadb7154a7e0e4d345a6aba (patch)
tree: 1c1bb4d2f769eca05443b98334fe0fbdb3b977c2 /fs/ceph/auth.c
parent: 8b6e4f2d8b21c25225b1ce8d53a2e03b92cc8522 (diff)
1 files changed, 43 insertions, 18 deletions
diff --git a/fs/ceph/auth.c b/fs/ceph/auth.c
index 32f2e2a021ab..d5872d4f92bf 100644
--- a/fs/ceph/auth.c
+++ b/fs/ceph/auth.c
@@ -125,6 +125,30 @@ bad:
        return -ERANGE;
 }
+int ceph_build_auth_request(struct ceph_auth_client *ac,
+                           void *msg_buf, size_t msg_len)
+{
+        struct ceph_mon_request_header *monhdr = msg_buf;
+        void *p = monhdr + 1;
+        void *end = msg_buf + msg_len;
+        int ret;
+        monhdr->have_version = 0;
+        monhdr->session_mon = cpu_to_le16(-1);
+        monhdr->session_mon_tid = 0;
+        ceph_encode_32(&p, ac->protocol);
+        ret = ac->ops->build_request(ac, p + sizeof(u32), end);
+        if (ret < 0) {
+                pr_err("error %d building request\n", ret);
+                return ret;
+        }
+        dout(" built request %d bytes\n", ret);
+        ceph_encode_32(&p, ret);
+        return p + ret - msg_buf;
+}
 /*
 * Handle auth message from monitor.
 */
@@ -188,28 +212,13 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac,
                                goto out;
                        }
                }
+                ac->negotiating = false;
        }
        ret = ac->ops->handle_reply(ac, result, payload, payload_end);
        if (ret == -EAGAIN) {
-                struct ceph_mon_request_header *monhdr = reply_buf;
+                return ceph_build_auth_request(ac, reply_buf, reply_len);
-                void *p = reply_buf + 1;
-                void *end = reply_buf + reply_len;
-                monhdr->have_version = 0;
-                monhdr->session_mon = cpu_to_le16(-1);
-                monhdr->session_mon_tid = 0;
-                ceph_encode_32(&p, ac->protocol);
-                ret = ac->ops->build_request(ac, p + sizeof(u32), end);
-                if (ret < 0) {
-                        pr_err("error %d building request\n", ret);
-                        goto out;
-                }
-                dout(" built request %d bytes\n", ret);
-                ceph_encode_32(&p, ret);
-                return p + ret - reply_buf;
        } else if (ret) {
                pr_err("authentication error %d\n", ret);
                return ret;
@@ -222,4 +231,20 @@ out:
        return ret;
 }
+int ceph_build_auth(struct ceph_auth_client *ac,
+                    void *msg_buf, size_t msg_len)
+{
+        if (!ac->protocol)
+                return ceph_auth_build_hello(ac, msg_buf, msg_len);
+        BUG_ON(!ac->ops);
+        if (!ac->ops->is_authenticated(ac))
+                return ceph_build_auth_request(ac, msg_buf, msg_len);
+        return 0;
+}
+int ceph_auth_is_authenticated(struct ceph_auth_client *ac)
+{
+        if (!ac->ops)
+                return 0;
+        return ac->ops->is_authenticated(ac);
+}
author	Sage Weil <sage@newdream.net>	2010-02-02 19:21:06 -0500
committer	Sage Weil <sage@newdream.net>	2010-02-10 18:04:47 -0500
commit	9bd2e6f8ba71facf1cadb7154a7e0e4d345a6aba (patch)
tree	1c1bb4d2f769eca05443b98334fe0fbdb3b977c2 /fs/ceph/auth.c
parent	8b6e4f2d8b21c25225b1ce8d53a2e03b92cc8522 (diff)

diff --git a/fs/ceph/auth.c b/fs/ceph/auth.c index 32f2e2a021ab..d5872d4f92bf 100644 --- a/fs/ceph/auth.c +++ b/fs/ceph/auth.c
@@ -125,6 +125,30 @@ bad:
125	return -ERANGE;	125	return -ERANGE;
126	}	126	}
127		127
		128	int ceph_build_auth_request(struct ceph_auth_client *ac,
		129	void *msg_buf, size_t msg_len)
		130	{
		131	struct ceph_mon_request_header *monhdr = msg_buf;
		132	void *p = monhdr + 1;
		133	void *end = msg_buf + msg_len;
		134	int ret;
		135
		136	monhdr->have_version = 0;
		137	monhdr->session_mon = cpu_to_le16(-1);
		138	monhdr->session_mon_tid = 0;
		139
		140	ceph_encode_32(&p, ac->protocol);
		141
		142	ret = ac->ops->build_request(ac, p + sizeof(u32), end);
		143	if (ret < 0) {
		144	pr_err("error %d building request\n", ret);
		145	return ret;
		146	}
		147	dout(" built request %d bytes\n", ret);
		148	ceph_encode_32(&p, ret);
		149	return p + ret - msg_buf;
		150	}
		151
128	/*	152	/*
129	* Handle auth message from monitor.	153	* Handle auth message from monitor.
130	*/	154	*/
@@ -188,28 +212,13 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac,
188	goto out;	212	goto out;
189	}	213	}
190	}	214	}
		215
		216	ac->negotiating = false;
191	}	217	}
192		218
193	ret = ac->ops->handle_reply(ac, result, payload, payload_end);	219	ret = ac->ops->handle_reply(ac, result, payload, payload_end);
194	if (ret == -EAGAIN) {	220	if (ret == -EAGAIN) {
195	struct ceph_mon_request_header *monhdr = reply_buf;	221	return ceph_build_auth_request(ac, reply_buf, reply_len);
196	void *p = reply_buf + 1;
197	void *end = reply_buf + reply_len;
198
199	monhdr->have_version = 0;
200	monhdr->session_mon = cpu_to_le16(-1);
201	monhdr->session_mon_tid = 0;
202
203	ceph_encode_32(&p, ac->protocol);
204
205	ret = ac->ops->build_request(ac, p + sizeof(u32), end);
206	if (ret < 0) {
207	pr_err("error %d building request\n", ret);
208	goto out;
209	}
210	dout(" built request %d bytes\n", ret);
211	ceph_encode_32(&p, ret);
212	return p + ret - reply_buf;
213	} else if (ret) {	222	} else if (ret) {
214	pr_err("authentication error %d\n", ret);	223	pr_err("authentication error %d\n", ret);
215	return ret;	224	return ret;
@@ -222,4 +231,20 @@ out:
222	return ret;	231	return ret;
223	}	232	}
224		233
		234	int ceph_build_auth(struct ceph_auth_client *ac,
		235	void *msg_buf, size_t msg_len)
		236	{
		237	if (!ac->protocol)
		238	return ceph_auth_build_hello(ac, msg_buf, msg_len);
		239	BUG_ON(!ac->ops);
		240	if (!ac->ops->is_authenticated(ac))
		241	return ceph_build_auth_request(ac, msg_buf, msg_len);
		242	return 0;
		243	}
225		244
		245	int ceph_auth_is_authenticated(struct ceph_auth_client *ac)
		246	{
		247	if (!ac->ops)
		248	return 0;
		249	return ac->ops->is_authenticated(ac);
		250	}