summaryrefslogtreecommitdiffstats
path: root/net/ceph/auth_x.c
diff options
context:
space:
mode:
authorIlya Dryomov <idryomov@gmail.com>2015-10-28 23:52:06 +0100
committerIlya Dryomov <idryomov@gmail.com>2015-11-02 23:37:46 +0100
commita51983e4dd2d4d63912aab939f657c4cd476e21a (patch)
treecb8d56d2a5e64990d2177c17dec527c41c24a000 /net/ceph/auth_x.c
parentlibceph: stop duplicating client fields in messenger (diff)
downloadlinux-a51983e4dd2d4d63912aab939f657c4cd476e21a.tar.xz
linux-a51983e4dd2d4d63912aab939f657c4cd476e21a.zip
libceph: add nocephx_sign_messages option
Support for message signing was merged into 3.19, along with nocephx_require_signatures option. But, all that option does is allow the kernel client to talk to clusters that don't support MSG_AUTH feature bit. That's pretty useless, given that it's been supported since bobtail. Meanwhile, if one disables message signing on the server side with "cephx sign messages = false", it becomes impossible to use the kernel client since it expects messages to be signed if MSG_AUTH was negotiated. Add nocephx_sign_messages option to support this use case. Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Diffstat (limited to 'net/ceph/auth_x.c')
-rw-r--r--net/ceph/auth_x.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c
index 3a544ca6b5ce..10d87753ed87 100644
--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -8,6 +8,7 @@
#include <linux/ceph/decode.h>
#include <linux/ceph/auth.h>
+#include <linux/ceph/libceph.h>
#include <linux/ceph/messenger.h>
#include "crypto.h"
@@ -698,6 +699,9 @@ static int ceph_x_sign_message(struct ceph_auth_handshake *auth,
{
int ret;
+ if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN))
+ return 0;
+
ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer,
msg, &msg->footer.sig);
if (ret < 0)
@@ -712,6 +716,9 @@ static int ceph_x_check_message_signature(struct ceph_auth_handshake *auth,
__le64 sig_check;
int ret;
+ if (ceph_test_opt(from_msgr(msg->con->msgr), NOMSGSIGN))
+ return 0;
+
ret = calcu_signature((struct ceph_x_authorizer *)auth->authorizer,
msg, &sig_check);
if (ret < 0)