diff options
| author | Yan, Zheng <zyan@redhat.com> | 2014-11-04 03:32:35 -0500 |
|---|---|---|
| committer | Ilya Dryomov <idryomov@redhat.com> | 2014-12-17 12:09:50 -0500 |
| commit | ae385eaf24dc39c1703049112e4265b9f93b7d86 (patch) | |
| tree | 2efff0dab643f262fad1e63e32db2ffcb779bf53 /net | |
| parent | e96a650a8174e20112b400e72e0b2429aa66de20 (diff) | |
libceph: store session key in cephx authorizer
Session key is required when calculating message signature. Save the session
key in authorizer, this avoid lookup ticket handler for each message
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ceph/auth_x.c | 18 | ||||
| -rw-r--r-- | net/ceph/auth_x.h | 1 |
2 files changed, 12 insertions, 7 deletions
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 7e38b729696a..77f3885c16bc 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c | |||
| @@ -293,6 +293,11 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, | |||
| 293 | dout("build_authorizer for %s %p\n", | 293 | dout("build_authorizer for %s %p\n", |
| 294 | ceph_entity_type_name(th->service), au); | 294 | ceph_entity_type_name(th->service), au); |
| 295 | 295 | ||
| 296 | ceph_crypto_key_destroy(&au->session_key); | ||
| 297 | ret = ceph_crypto_key_clone(&au->session_key, &th->session_key); | ||
| 298 | if (ret) | ||
| 299 | return ret; | ||
| 300 | |||
| 296 | maxlen = sizeof(*msg_a) + sizeof(msg_b) + | 301 | maxlen = sizeof(*msg_a) + sizeof(msg_b) + |
| 297 | ceph_x_encrypt_buflen(ticket_blob_len); | 302 | ceph_x_encrypt_buflen(ticket_blob_len); |
| 298 | dout(" need len %d\n", maxlen); | 303 | dout(" need len %d\n", maxlen); |
| @@ -302,8 +307,10 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, | |||
| 302 | } | 307 | } |
| 303 | if (!au->buf) { | 308 | if (!au->buf) { |
| 304 | au->buf = ceph_buffer_new(maxlen, GFP_NOFS); | 309 | au->buf = ceph_buffer_new(maxlen, GFP_NOFS); |
| 305 | if (!au->buf) | 310 | if (!au->buf) { |
| 311 | ceph_crypto_key_destroy(&au->session_key); | ||
| 306 | return -ENOMEM; | 312 | return -ENOMEM; |
| 313 | } | ||
| 307 | } | 314 | } |
| 308 | au->service = th->service; | 315 | au->service = th->service; |
| 309 | au->secret_id = th->secret_id; | 316 | au->secret_id = th->secret_id; |
| @@ -329,7 +336,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, | |||
| 329 | get_random_bytes(&au->nonce, sizeof(au->nonce)); | 336 | get_random_bytes(&au->nonce, sizeof(au->nonce)); |
| 330 | msg_b.struct_v = 1; | 337 | msg_b.struct_v = 1; |
| 331 | msg_b.nonce = cpu_to_le64(au->nonce); | 338 | msg_b.nonce = cpu_to_le64(au->nonce); |
| 332 | ret = ceph_x_encrypt(&th->session_key, &msg_b, sizeof(msg_b), | 339 | ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b), |
| 333 | p, end - p); | 340 | p, end - p); |
| 334 | if (ret < 0) | 341 | if (ret < 0) |
| 335 | goto out_buf; | 342 | goto out_buf; |
| @@ -588,17 +595,13 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, | |||
| 588 | struct ceph_authorizer *a, size_t len) | 595 | struct ceph_authorizer *a, size_t len) |
| 589 | { | 596 | { |
| 590 | struct ceph_x_authorizer *au = (void *)a; | 597 | struct ceph_x_authorizer *au = (void *)a; |
| 591 | struct ceph_x_ticket_handler *th; | ||
| 592 | int ret = 0; | 598 | int ret = 0; |
| 593 | struct ceph_x_authorize_reply reply; | 599 | struct ceph_x_authorize_reply reply; |
| 594 | void *preply = &reply; | 600 | void *preply = &reply; |
| 595 | void *p = au->reply_buf; | 601 | void *p = au->reply_buf; |
| 596 | void *end = p + sizeof(au->reply_buf); | 602 | void *end = p + sizeof(au->reply_buf); |
| 597 | 603 | ||
| 598 | th = get_ticket_handler(ac, au->service); | 604 | ret = ceph_x_decrypt(&au->session_key, &p, end, &preply, sizeof(reply)); |
| 599 | if (IS_ERR(th)) | ||
| 600 | return PTR_ERR(th); | ||
| 601 | ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply)); | ||
| 602 | if (ret < 0) | 605 | if (ret < 0) |
| 603 | return ret; | 606 | return ret; |
| 604 | if (ret != sizeof(reply)) | 607 | if (ret != sizeof(reply)) |
| @@ -618,6 +621,7 @@ static void ceph_x_destroy_authorizer(struct ceph_auth_client *ac, | |||
| 618 | { | 621 | { |
| 619 | struct ceph_x_authorizer *au = (void *)a; | 622 | struct ceph_x_authorizer *au = (void *)a; |
| 620 | 623 | ||
| 624 | ceph_crypto_key_destroy(&au->session_key); | ||
| 621 | ceph_buffer_put(au->buf); | 625 | ceph_buffer_put(au->buf); |
| 622 | kfree(au); | 626 | kfree(au); |
| 623 | } | 627 | } |
diff --git a/net/ceph/auth_x.h b/net/ceph/auth_x.h index 65ee72082d99..e8b7c6917d47 100644 --- a/net/ceph/auth_x.h +++ b/net/ceph/auth_x.h | |||
| @@ -26,6 +26,7 @@ struct ceph_x_ticket_handler { | |||
| 26 | 26 | ||
| 27 | 27 | ||
| 28 | struct ceph_x_authorizer { | 28 | struct ceph_x_authorizer { |
| 29 | struct ceph_crypto_key session_key; | ||
| 29 | struct ceph_buffer *buf; | 30 | struct ceph_buffer *buf; |
| 30 | unsigned int service; | 31 | unsigned int service; |
| 31 | u64 nonce; | 32 | u64 nonce; |