diff options
| -rw-r--r-- | fs/ceph/super.c | 2 | ||||
| -rw-r--r-- | include/linux/ceph/auth.h | 4 | ||||
| -rw-r--r-- | include/linux/ceph/libceph.h | 2 | ||||
| -rw-r--r-- | net/ceph/auth.c | 8 | ||||
| -rw-r--r-- | net/ceph/auth_x.c | 8 | ||||
| -rw-r--r-- | net/ceph/ceph_common.c | 43 | ||||
| -rw-r--r-- | net/ceph/crypto.c | 11 | ||||
| -rw-r--r-- | net/ceph/crypto.h | 2 | ||||
| -rw-r--r-- | net/ceph/mon_client.c | 2 |
9 files changed, 63 insertions, 19 deletions
diff --git a/fs/ceph/super.c b/fs/ceph/super.c index a9e78b4a258c..f2f77fd3c14c 100644 --- a/fs/ceph/super.c +++ b/fs/ceph/super.c | |||
| @@ -353,7 +353,7 @@ static int ceph_show_options(struct seq_file *m, struct vfsmount *mnt) | |||
| 353 | 353 | ||
| 354 | if (opt->name) | 354 | if (opt->name) |
| 355 | seq_printf(m, ",name=%s", opt->name); | 355 | seq_printf(m, ",name=%s", opt->name); |
| 356 | if (opt->secret) | 356 | if (opt->key) |
| 357 | seq_puts(m, ",secret=<hidden>"); | 357 | seq_puts(m, ",secret=<hidden>"); |
| 358 | 358 | ||
| 359 | if (opt->mount_timeout != CEPH_MOUNT_TIMEOUT_DEFAULT) | 359 | if (opt->mount_timeout != CEPH_MOUNT_TIMEOUT_DEFAULT) |
diff --git a/include/linux/ceph/auth.h b/include/linux/ceph/auth.h index 7fff521d7eb5..aa13392a7efb 100644 --- a/include/linux/ceph/auth.h +++ b/include/linux/ceph/auth.h | |||
| @@ -67,12 +67,12 @@ struct ceph_auth_client { | |||
| 67 | bool negotiating; /* true if negotiating protocol */ | 67 | bool negotiating; /* true if negotiating protocol */ |
| 68 | const char *name; /* entity name */ | 68 | const char *name; /* entity name */ |
| 69 | u64 global_id; /* our unique id in system */ | 69 | u64 global_id; /* our unique id in system */ |
| 70 | const char *secret; /* our secret key */ | 70 | const struct ceph_crypto_key *key; /* our secret key */ |
| 71 | unsigned want_keys; /* which services we want */ | 71 | unsigned want_keys; /* which services we want */ |
| 72 | }; | 72 | }; |
| 73 | 73 | ||
| 74 | extern struct ceph_auth_client *ceph_auth_init(const char *name, | 74 | extern struct ceph_auth_client *ceph_auth_init(const char *name, |
| 75 | const char *secret); | 75 | const struct ceph_crypto_key *key); |
| 76 | extern void ceph_auth_destroy(struct ceph_auth_client *ac); | 76 | extern void ceph_auth_destroy(struct ceph_auth_client *ac); |
| 77 | 77 | ||
| 78 | extern void ceph_auth_reset(struct ceph_auth_client *ac); | 78 | extern void ceph_auth_reset(struct ceph_auth_client *ac); |
diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h index 0d2e0fffb470..6365f041745b 100644 --- a/include/linux/ceph/libceph.h +++ b/include/linux/ceph/libceph.h | |||
| @@ -61,7 +61,7 @@ struct ceph_options { | |||
| 61 | pointer type of args */ | 61 | pointer type of args */ |
| 62 | int num_mon; | 62 | int num_mon; |
| 63 | char *name; | 63 | char *name; |
| 64 | char *secret; | 64 | struct ceph_crypto_key *key; |
| 65 | }; | 65 | }; |
| 66 | 66 | ||
| 67 | /* | 67 | /* |
diff --git a/net/ceph/auth.c b/net/ceph/auth.c index 549c1f43e1d5..b4bf4ac090f1 100644 --- a/net/ceph/auth.c +++ b/net/ceph/auth.c | |||
| @@ -35,12 +35,12 @@ static int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol) | |||
| 35 | /* | 35 | /* |
| 36 | * setup, teardown. | 36 | * setup, teardown. |
| 37 | */ | 37 | */ |
| 38 | struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret) | 38 | struct ceph_auth_client *ceph_auth_init(const char *name, const struct ceph_crypto_key *key) |
| 39 | { | 39 | { |
| 40 | struct ceph_auth_client *ac; | 40 | struct ceph_auth_client *ac; |
| 41 | int ret; | 41 | int ret; |
| 42 | 42 | ||
| 43 | dout("auth_init name '%s' secret '%s'\n", name, secret); | 43 | dout("auth_init name '%s'\n", name); |
| 44 | 44 | ||
| 45 | ret = -ENOMEM; | 45 | ret = -ENOMEM; |
| 46 | ac = kzalloc(sizeof(*ac), GFP_NOFS); | 46 | ac = kzalloc(sizeof(*ac), GFP_NOFS); |
| @@ -52,8 +52,8 @@ struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret) | |||
| 52 | ac->name = name; | 52 | ac->name = name; |
| 53 | else | 53 | else |
| 54 | ac->name = CEPH_AUTH_NAME_DEFAULT; | 54 | ac->name = CEPH_AUTH_NAME_DEFAULT; |
| 55 | dout("auth_init name %s secret %s\n", ac->name, secret); | 55 | dout("auth_init name %s\n", ac->name); |
| 56 | ac->secret = secret; | 56 | ac->key = key; |
| 57 | return ac; | 57 | return ac; |
| 58 | 58 | ||
| 59 | out: | 59 | out: |
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index 7fd5dfcf6e18..1587dc6010c6 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c | |||
| @@ -662,14 +662,16 @@ int ceph_x_init(struct ceph_auth_client *ac) | |||
| 662 | goto out; | 662 | goto out; |
| 663 | 663 | ||
| 664 | ret = -EINVAL; | 664 | ret = -EINVAL; |
| 665 | if (!ac->secret) { | 665 | if (!ac->key) { |
| 666 | pr_err("no secret set (for auth_x protocol)\n"); | 666 | pr_err("no secret set (for auth_x protocol)\n"); |
| 667 | goto out_nomem; | 667 | goto out_nomem; |
| 668 | } | 668 | } |
| 669 | 669 | ||
| 670 | ret = ceph_crypto_key_unarmor(&xi->secret, ac->secret); | 670 | ret = ceph_crypto_key_clone(&xi->secret, ac->key); |
| 671 | if (ret) | 671 | if (ret < 0) { |
| 672 | pr_err("cannot clone key: %d\n", ret); | ||
| 672 | goto out_nomem; | 673 | goto out_nomem; |
| 674 | } | ||
| 673 | 675 | ||
| 674 | xi->starting = true; | 676 | xi->starting = true; |
| 675 | xi->ticket_handlers = RB_ROOT; | 677 | xi->ticket_handlers = RB_ROOT; |
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index 9bbb356b12e7..02e084f29d24 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c | |||
| @@ -20,6 +20,7 @@ | |||
| 20 | #include <linux/ceph/decode.h> | 20 | #include <linux/ceph/decode.h> |
| 21 | #include <linux/ceph/mon_client.h> | 21 | #include <linux/ceph/mon_client.h> |
| 22 | #include <linux/ceph/auth.h> | 22 | #include <linux/ceph/auth.h> |
| 23 | #include "crypto.h" | ||
| 23 | 24 | ||
| 24 | 25 | ||
| 25 | 26 | ||
| @@ -117,9 +118,29 @@ int ceph_compare_options(struct ceph_options *new_opt, | |||
| 117 | if (ret) | 118 | if (ret) |
| 118 | return ret; | 119 | return ret; |
| 119 | 120 | ||
| 120 | ret = strcmp_null(opt1->secret, opt2->secret); | 121 | if (opt1->key && !opt2->key) |
| 121 | if (ret) | 122 | return -1; |
| 122 | return ret; | 123 | if (!opt1->key && opt2->key) |
| 124 | return 1; | ||
| 125 | if (opt1->key && opt2->key) { | ||
| 126 | if (opt1->key->type != opt2->key->type) | ||
| 127 | return -1; | ||
| 128 | if (opt1->key->created.tv_sec != opt2->key->created.tv_sec) | ||
| 129 | return -1; | ||
| 130 | if (opt1->key->created.tv_nsec != opt2->key->created.tv_nsec) | ||
| 131 | return -1; | ||
| 132 | if (opt1->key->len != opt2->key->len) | ||
| 133 | return -1; | ||
| 134 | if (opt1->key->key && !opt2->key->key) | ||
| 135 | return -1; | ||
| 136 | if (!opt1->key->key && opt2->key->key) | ||
| 137 | return 1; | ||
| 138 | if (opt1->key->key && opt2->key->key) { | ||
| 139 | ret = memcmp(opt1->key->key, opt2->key->key, opt1->key->len); | ||
| 140 | if (ret) | ||
| 141 | return ret; | ||
| 142 | } | ||
| 143 | } | ||
| 123 | 144 | ||
| 124 | /* any matching mon ip implies a match */ | 145 | /* any matching mon ip implies a match */ |
| 125 | for (i = 0; i < opt1->num_mon; i++) { | 146 | for (i = 0; i < opt1->num_mon; i++) { |
| @@ -203,7 +224,10 @@ void ceph_destroy_options(struct ceph_options *opt) | |||
| 203 | { | 224 | { |
| 204 | dout("destroy_options %p\n", opt); | 225 | dout("destroy_options %p\n", opt); |
| 205 | kfree(opt->name); | 226 | kfree(opt->name); |
| 206 | kfree(opt->secret); | 227 | if (opt->key) { |
| 228 | ceph_crypto_key_destroy(opt->key); | ||
| 229 | kfree(opt->key); | ||
| 230 | } | ||
| 207 | kfree(opt); | 231 | kfree(opt); |
| 208 | } | 232 | } |
| 209 | EXPORT_SYMBOL(ceph_destroy_options); | 233 | EXPORT_SYMBOL(ceph_destroy_options); |
| @@ -295,9 +319,14 @@ int ceph_parse_options(struct ceph_options **popt, char *options, | |||
| 295 | GFP_KERNEL); | 319 | GFP_KERNEL); |
| 296 | break; | 320 | break; |
| 297 | case Opt_secret: | 321 | case Opt_secret: |
| 298 | opt->secret = kstrndup(argstr[0].from, | 322 | opt->key = kzalloc(sizeof(*opt->key), GFP_KERNEL); |
| 299 | argstr[0].to-argstr[0].from, | 323 | if (!opt->key) { |
| 300 | GFP_KERNEL); | 324 | err = -ENOMEM; |
| 325 | goto out; | ||
| 326 | } | ||
| 327 | err = ceph_crypto_key_unarmor(opt->key, argstr[0].from); | ||
| 328 | if (err < 0) | ||
| 329 | goto out; | ||
| 301 | break; | 330 | break; |
| 302 | 331 | ||
| 303 | /* misc */ | 332 | /* misc */ |
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index 7b505b0c983f..75f0893fa11f 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c | |||
| @@ -9,6 +9,17 @@ | |||
| 9 | #include <linux/ceph/decode.h> | 9 | #include <linux/ceph/decode.h> |
| 10 | #include "crypto.h" | 10 | #include "crypto.h" |
| 11 | 11 | ||
| 12 | int ceph_crypto_key_clone(struct ceph_crypto_key *dst, | ||
| 13 | const struct ceph_crypto_key *src) | ||
| 14 | { | ||
| 15 | memcpy(dst, src, sizeof(struct ceph_crypto_key)); | ||
| 16 | dst->key = kmalloc(src->len, GFP_NOFS); | ||
| 17 | if (!dst->key) | ||
| 18 | return -ENOMEM; | ||
| 19 | memcpy(dst->key, src->key, src->len); | ||
| 20 | return 0; | ||
| 21 | } | ||
| 22 | |||
| 12 | int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end) | 23 | int ceph_crypto_key_encode(struct ceph_crypto_key *key, void **p, void *end) |
| 13 | { | 24 | { |
| 14 | if (*p + sizeof(u16) + sizeof(key->created) + | 25 | if (*p + sizeof(u16) + sizeof(key->created) + |
diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h index f9eccace592b..6cf6edc91ec4 100644 --- a/net/ceph/crypto.h +++ b/net/ceph/crypto.h | |||
| @@ -19,6 +19,8 @@ static inline void ceph_crypto_key_destroy(struct ceph_crypto_key *key) | |||
| 19 | kfree(key->key); | 19 | kfree(key->key); |
| 20 | } | 20 | } |
| 21 | 21 | ||
| 22 | extern int ceph_crypto_key_clone(struct ceph_crypto_key *dst, | ||
| 23 | const struct ceph_crypto_key *src); | ||
| 22 | extern int ceph_crypto_key_encode(struct ceph_crypto_key *key, | 24 | extern int ceph_crypto_key_encode(struct ceph_crypto_key *key, |
| 23 | void **p, void *end); | 25 | void **p, void *end); |
| 24 | extern int ceph_crypto_key_decode(struct ceph_crypto_key *key, | 26 | extern int ceph_crypto_key_decode(struct ceph_crypto_key *key, |
diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c index 8a079399174a..cbe31fa45508 100644 --- a/net/ceph/mon_client.c +++ b/net/ceph/mon_client.c | |||
| @@ -759,7 +759,7 @@ int ceph_monc_init(struct ceph_mon_client *monc, struct ceph_client *cl) | |||
| 759 | 759 | ||
| 760 | /* authentication */ | 760 | /* authentication */ |
| 761 | monc->auth = ceph_auth_init(cl->options->name, | 761 | monc->auth = ceph_auth_init(cl->options->name, |
| 762 | cl->options->secret); | 762 | cl->options->key); |
| 763 | if (IS_ERR(monc->auth)) | 763 | if (IS_ERR(monc->auth)) |
| 764 | return PTR_ERR(monc->auth); | 764 | return PTR_ERR(monc->auth); |
| 765 | monc->auth->want_keys = | 765 | monc->auth->want_keys = |