summaryrefslogtreecommitdiffstats
path: root/net/ceph/auth.c
diff options
context:
space:
mode:
authorIlya Dryomov <idryomov@gmail.com>2020-10-26 16:47:20 +0100
committerIlya Dryomov <idryomov@gmail.com>2020-12-14 23:21:50 +0100
commit285ea34fc876aa0a2c5e65d310c4a41269e2e5f2 (patch)
treef315fc65d18878d19f92848ae81c347315662ff9 /net/ceph/auth.c
parentlibceph: safer en/decoding of cephx requests and replies (diff)
downloadlinux-285ea34fc876aa0a2c5e65d310c4a41269e2e5f2.tar.xz
linux-285ea34fc876aa0a2c5e65d310c4a41269e2e5f2.zip
libceph, ceph: incorporate nautilus cephx changes
- request service tickets together with auth ticket. Currently we get auth ticket via CEPHX_GET_AUTH_SESSION_KEY op and then request service tickets via CEPHX_GET_PRINCIPAL_SESSION_KEY op in a separate message. Since nautilus, desired service tickets are shared togther with auth ticket in CEPHX_GET_AUTH_SESSION_KEY reply. - propagate session key and connection secret, if any. In preparation for msgr2, update handle_reply() and verify_authorizer_reply() auth ops to propagate session key and connection secret. Since nautilus, if secure mode is negotiated, connection secret is shared either in CEPHX_GET_AUTH_SESSION_KEY reply (for mons) or in a final authorizer reply (for osds and mdses). Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'net/ceph/auth.c')
-rw-r--r--net/ceph/auth.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/net/ceph/auth.c b/net/ceph/auth.c
index fbeee068ea14..40d3d95344d9 100644
--- a/net/ceph/auth.c
+++ b/net/ceph/auth.c
@@ -240,7 +240,8 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac,
ac->negotiating = false;
}
- ret = ac->ops->handle_reply(ac, result, payload, payload_end);
+ ret = ac->ops->handle_reply(ac, result, payload, payload_end,
+ NULL, NULL, NULL, NULL);
if (ret == -EAGAIN) {
ret = ceph_build_auth_request(ac, reply_buf, reply_len);
} else if (ret) {
@@ -332,13 +333,18 @@ int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac,
EXPORT_SYMBOL(ceph_auth_add_authorizer_challenge);
int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
- struct ceph_authorizer *a)
+ struct ceph_authorizer *a,
+ void *reply, int reply_len,
+ u8 *session_key, int *session_key_len,
+ u8 *con_secret, int *con_secret_len)
{
int ret = 0;
mutex_lock(&ac->mutex);
if (ac->ops && ac->ops->verify_authorizer_reply)
- ret = ac->ops->verify_authorizer_reply(ac, a);
+ ret = ac->ops->verify_authorizer_reply(ac, a,
+ reply, reply_len, session_key, session_key_len,
+ con_secret, con_secret_len);
mutex_unlock(&ac->mutex);
return ret;
}