diff options
-rw-r--r-- | fs/ceph/mds_client.c | 7 | ||||
-rw-r--r-- | include/linux/ceph/auth.h | 3 | ||||
-rw-r--r-- | net/ceph/auth_x.c | 23 | ||||
-rw-r--r-- | net/ceph/auth_x.h | 1 | ||||
-rw-r--r-- | net/ceph/osd_client.c | 5 |
5 files changed, 38 insertions, 1 deletions
diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c index 0db6f5206d11..010ff83d640b 100644 --- a/fs/ceph/mds_client.c +++ b/fs/ceph/mds_client.c | |||
@@ -3445,7 +3445,12 @@ static struct ceph_auth_handshake *get_authorizer(struct ceph_connection *con, | |||
3445 | } | 3445 | } |
3446 | if (!auth->authorizer && ac->ops && ac->ops->create_authorizer) { | 3446 | if (!auth->authorizer && ac->ops && ac->ops->create_authorizer) { |
3447 | int ret = ac->ops->create_authorizer(ac, CEPH_ENTITY_TYPE_MDS, | 3447 | int ret = ac->ops->create_authorizer(ac, CEPH_ENTITY_TYPE_MDS, |
3448 | auth); | 3448 | auth); |
3449 | if (ret) | ||
3450 | return ERR_PTR(ret); | ||
3451 | } else if (ac->ops && ac->ops_update_authorizer) { | ||
3452 | int ret = ac->ops->update_authorizer(ac, CEPH_ENTITY_TYPE_MDS, | ||
3453 | auth); | ||
3449 | if (ret) | 3454 | if (ret) |
3450 | return ERR_PTR(ret); | 3455 | return ERR_PTR(ret); |
3451 | } | 3456 | } |
diff --git a/include/linux/ceph/auth.h b/include/linux/ceph/auth.h index d4080f309b56..73e973e70026 100644 --- a/include/linux/ceph/auth.h +++ b/include/linux/ceph/auth.h | |||
@@ -52,6 +52,9 @@ struct ceph_auth_client_ops { | |||
52 | */ | 52 | */ |
53 | int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type, | 53 | int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type, |
54 | struct ceph_auth_handshake *auth); | 54 | struct ceph_auth_handshake *auth); |
55 | /* ensure that an existing authorizer is up to date */ | ||
56 | int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type, | ||
57 | struct ceph_auth_handshake *auth); | ||
55 | int (*verify_authorizer_reply)(struct ceph_auth_client *ac, | 58 | int (*verify_authorizer_reply)(struct ceph_auth_client *ac, |
56 | struct ceph_authorizer *a, size_t len); | 59 | struct ceph_authorizer *a, size_t len); |
57 | void (*destroy_authorizer)(struct ceph_auth_client *ac, | 60 | void (*destroy_authorizer)(struct ceph_auth_client *ac, |
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index bd8758dbfded..2d5981555cd6 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c | |||
@@ -298,6 +298,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac, | |||
298 | return -ENOMEM; | 298 | return -ENOMEM; |
299 | } | 299 | } |
300 | au->service = th->service; | 300 | au->service = th->service; |
301 | au->secret_id = th->secret_id; | ||
301 | 302 | ||
302 | msg_a = au->buf->vec.iov_base; | 303 | msg_a = au->buf->vec.iov_base; |
303 | msg_a->struct_v = 1; | 304 | msg_a->struct_v = 1; |
@@ -555,6 +556,27 @@ static int ceph_x_create_authorizer( | |||
555 | return 0; | 556 | return 0; |
556 | } | 557 | } |
557 | 558 | ||
559 | static int ceph_x_update_authorizer( | ||
560 | struct ceph_auth_client *ac, int peer_type, | ||
561 | struct ceph_auth_handshake *auth) | ||
562 | { | ||
563 | struct ceph_x_authorizer *au; | ||
564 | struct ceph_x_ticket_handler *th; | ||
565 | int ret; | ||
566 | |||
567 | th = get_ticket_handler(ac, peer_type); | ||
568 | if (IS_ERR(th)) | ||
569 | return PTR_ERR(th); | ||
570 | |||
571 | au = (struct ceph_x_authorizer *)auth->authorizer; | ||
572 | if (au->secret_id < th->secret_id) { | ||
573 | dout("ceph_x_update_authorizer service %u secret %llu < %llu\n", | ||
574 | au->service, au->secret_id, th->secret_id); | ||
575 | return ceph_x_build_authorizer(ac, th, au); | ||
576 | } | ||
577 | return 0; | ||
578 | } | ||
579 | |||
558 | static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, | 580 | static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, |
559 | struct ceph_authorizer *a, size_t len) | 581 | struct ceph_authorizer *a, size_t len) |
560 | { | 582 | { |
@@ -641,6 +663,7 @@ static const struct ceph_auth_client_ops ceph_x_ops = { | |||
641 | .build_request = ceph_x_build_request, | 663 | .build_request = ceph_x_build_request, |
642 | .handle_reply = ceph_x_handle_reply, | 664 | .handle_reply = ceph_x_handle_reply, |
643 | .create_authorizer = ceph_x_create_authorizer, | 665 | .create_authorizer = ceph_x_create_authorizer, |
666 | .update_authorizer = ceph_x_update_authorizer, | ||
644 | .verify_authorizer_reply = ceph_x_verify_authorizer_reply, | 667 | .verify_authorizer_reply = ceph_x_verify_authorizer_reply, |
645 | .destroy_authorizer = ceph_x_destroy_authorizer, | 668 | .destroy_authorizer = ceph_x_destroy_authorizer, |
646 | .invalidate_authorizer = ceph_x_invalidate_authorizer, | 669 | .invalidate_authorizer = ceph_x_invalidate_authorizer, |
diff --git a/net/ceph/auth_x.h b/net/ceph/auth_x.h index f459e93b774f..c5a058da7ac8 100644 --- a/net/ceph/auth_x.h +++ b/net/ceph/auth_x.h | |||
@@ -29,6 +29,7 @@ struct ceph_x_authorizer { | |||
29 | struct ceph_buffer *buf; | 29 | struct ceph_buffer *buf; |
30 | unsigned int service; | 30 | unsigned int service; |
31 | u64 nonce; | 31 | u64 nonce; |
32 | u64 secret_id; | ||
32 | char reply_buf[128]; /* big enough for encrypted blob */ | 33 | char reply_buf[128]; /* big enough for encrypted blob */ |
33 | }; | 34 | }; |
34 | 35 | ||
diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c index cb14db8496bd..5ef24e3e1627 100644 --- a/net/ceph/osd_client.c +++ b/net/ceph/osd_client.c | |||
@@ -2220,6 +2220,11 @@ static struct ceph_auth_handshake *get_authorizer(struct ceph_connection *con, | |||
2220 | auth); | 2220 | auth); |
2221 | if (ret) | 2221 | if (ret) |
2222 | return ERR_PTR(ret); | 2222 | return ERR_PTR(ret); |
2223 | } else if (ac->ops && ac->ops->update_authorizer) { | ||
2224 | int ret = ac->ops->update_authorizer(ac, CEPH_ENTITY_TYPE_OSD, | ||
2225 | auth); | ||
2226 | if (ret) | ||
2227 | return ERR_PTR(ret); | ||
2223 | } | 2228 | } |
2224 | *proto = ac->protocol; | 2229 | *proto = ac->protocol; |
2225 | 2230 | ||