aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/ceph/auth_x.c18
-rw-r--r--net/ceph/auth_x.h1
2 files changed, 12 insertions, 7 deletions
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 7e38b729696a..77f3885c16bc 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -293,6 +293,11 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
293 dout("build_authorizer for %s %p\n", 293 dout("build_authorizer for %s %p\n",
294 ceph_entity_type_name(th->service), au); 294 ceph_entity_type_name(th->service), au);
295 295
296 ceph_crypto_key_destroy(&au->session_key);
297 ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);
298 if (ret)
299 return ret;
300
296 maxlen = sizeof(*msg_a) + sizeof(msg_b) + 301 maxlen = sizeof(*msg_a) + sizeof(msg_b) +
297 ceph_x_encrypt_buflen(ticket_blob_len); 302 ceph_x_encrypt_buflen(ticket_blob_len);
298 dout(" need len %d\n", maxlen); 303 dout(" need len %d\n", maxlen);
@@ -302,8 +307,10 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
302 } 307 }
303 if (!au->buf) { 308 if (!au->buf) {
304 au->buf = ceph_buffer_new(maxlen, GFP_NOFS); 309 au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
305 if (!au->buf) 310 if (!au->buf) {
311 ceph_crypto_key_destroy(&au->session_key);
306 return -ENOMEM; 312 return -ENOMEM;
313 }
307 } 314 }
308 au->service = th->service; 315 au->service = th->service;
309 au->secret_id = th->secret_id; 316 au->secret_id = th->secret_id;
@@ -329,7 +336,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
329 get_random_bytes(&au->nonce, sizeof(au->nonce)); 336 get_random_bytes(&au->nonce, sizeof(au->nonce));
330 msg_b.struct_v = 1; 337 msg_b.struct_v = 1;
331 msg_b.nonce = cpu_to_le64(au->nonce); 338 msg_b.nonce = cpu_to_le64(au->nonce);
332 ret = ceph_x_encrypt(&th->session_key, &msg_b, sizeof(msg_b), 339 ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b),
333 p, end - p); 340 p, end - p);
334 if (ret < 0) 341 if (ret < 0)
335 goto out_buf; 342 goto out_buf;
@@ -588,17 +595,13 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
588 struct ceph_authorizer *a, size_t len) 595 struct ceph_authorizer *a, size_t len)
589{ 596{
590 struct ceph_x_authorizer *au = (void *)a; 597 struct ceph_x_authorizer *au = (void *)a;
591 struct ceph_x_ticket_handler *th;
592 int ret = 0; 598 int ret = 0;
593 struct ceph_x_authorize_reply reply; 599 struct ceph_x_authorize_reply reply;
594 void *preply = &reply; 600 void *preply = &reply;
595 void *p = au->reply_buf; 601 void *p = au->reply_buf;
596 void *end = p + sizeof(au->reply_buf); 602 void *end = p + sizeof(au->reply_buf);
597 603
598 th = get_ticket_handler(ac, au->service); 604 ret = ceph_x_decrypt(&au->session_key, &p, end, &preply, sizeof(reply));
599 if (IS_ERR(th))
600 return PTR_ERR(th);
601 ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply));
602 if (ret < 0) 605 if (ret < 0)
603 return ret; 606 return ret;
604 if (ret != sizeof(reply)) 607 if (ret != sizeof(reply))
@@ -618,6 +621,7 @@ static void ceph_x_destroy_authorizer(struct ceph_auth_client *ac,
618{ 621{
619 struct ceph_x_authorizer *au = (void *)a; 622 struct ceph_x_authorizer *au = (void *)a;
620 623
624 ceph_crypto_key_destroy(&au->session_key);
621 ceph_buffer_put(au->buf); 625 ceph_buffer_put(au->buf);
622 kfree(au); 626 kfree(au);
623} 627}
diff --git a/net/ceph/auth_x.h b/net/ceph/auth_x.h
index 65ee72082d99..e8b7c6917d47 100644
--- a/net/ceph/auth_x.h
+++ b/net/ceph/auth_x.h
@@ -26,6 +26,7 @@ struct ceph_x_ticket_handler {
26 26
27 27
28struct ceph_x_authorizer { 28struct ceph_x_authorizer {
29 struct ceph_crypto_key session_key;
29 struct ceph_buffer *buf; 30 struct ceph_buffer *buf;
30 unsigned int service; 31 unsigned int service;
31 u64 nonce; 32 u64 nonce;
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-10 01:34:10 -0400