libceph: store session key in cephx authorizer
Session key is required when calculating message signature. Save the session key in authorizer, this avoid lookup ticket handler for each message Signed-off-by: Yan, Zheng <zyan@redhat.com>
This commit is contained in:
Yan, Zheng
Ilya Dryomov
Родитель
e96a650a81
Коммит
ae385eaf24
|
|
@ -293,6 +293,11 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
|
|||
dout("build_authorizer for %s %p\n",
|
||||
ceph_entity_type_name(th->service), au);
|
||||
|
||||
ceph_crypto_key_destroy(&au->session_key);
|
||||
ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
maxlen = sizeof(*msg_a) + sizeof(msg_b) +
|
||||
ceph_x_encrypt_buflen(ticket_blob_len);
|
||||
dout(" need len %d\n", maxlen);
|
||||
|
|
@ -302,8 +307,10 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
|
|||
}
|
||||
if (!au->buf) {
|
||||
au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
|
||||
if (!au->buf)
|
||||
if (!au->buf) {
|
||||
ceph_crypto_key_destroy(&au->session_key);
|
||||
return -ENOMEM;
|
||||
}
|
||||
}
|
||||
au->service = th->service;
|
||||
au->secret_id = th->secret_id;
|
||||
|
|
@ -329,7 +336,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
|
|||
get_random_bytes(&au->nonce, sizeof(au->nonce));
|
||||
msg_b.struct_v = 1;
|
||||
msg_b.nonce = cpu_to_le64(au->nonce);
|
||||
ret = ceph_x_encrypt(&th->session_key, &msg_b, sizeof(msg_b),
|
||||
ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b),
|
||||
p, end - p);
|
||||
if (ret < 0)
|
||||
goto out_buf;
|
||||
|
|
@ -588,17 +595,13 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
|
|||
struct ceph_authorizer *a, size_t len)
|
||||
{
|
||||
struct ceph_x_authorizer *au = (void *)a;
|
||||
struct ceph_x_ticket_handler *th;
|
||||
int ret = 0;
|
||||
struct ceph_x_authorize_reply reply;
|
||||
void *preply = &reply;
|
||||
void *p = au->reply_buf;
|
||||
void *end = p + sizeof(au->reply_buf);
|
||||
|
||||
th = get_ticket_handler(ac, au->service);
|
||||
if (IS_ERR(th))
|
||||
return PTR_ERR(th);
|
||||
ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply));
|
||||
ret = ceph_x_decrypt(&au->session_key, &p, end, &preply, sizeof(reply));
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
if (ret != sizeof(reply))
|
||||
|
|
@ -618,6 +621,7 @@ static void ceph_x_destroy_authorizer(struct ceph_auth_client *ac,
|
|||
{
|
||||
struct ceph_x_authorizer *au = (void *)a;
|
||||
|
||||
ceph_crypto_key_destroy(&au->session_key);
|
||||
ceph_buffer_put(au->buf);
|
||||
kfree(au);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ struct ceph_x_ticket_handler {
|
|||
|
||||
|
||||
struct ceph_x_authorizer {
|
||||
struct ceph_crypto_key session_key;
|
||||
struct ceph_buffer *buf;
|
||||
unsigned int service;
|
||||
u64 nonce;
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче