Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

libceph: store session key in cephx authorizer

Session key is required when calculating message signature. Save the session
key in authorizer, this avoid lookup ticket handler for each message

Signed-off-by: Yan, Zheng <zyan@redhat.com>
Yan, Zheng 10 years ago
parent
e96a650a81
commit
ae385eaf24
2 changed files with 12 additions and 7 deletions
Split View Show Diff Stats
  1. 11 7
      net/ceph/auth_x.c
  2. 1 0
      net/ceph/auth_x.h

+ 11 - 7
net/ceph/auth_x.c
View File 

@@ -293,6 +293,11 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
 
 	dout("build_authorizer for %s %p\n",
 
 	     ceph_entity_type_name(th->service), au);
 
 
+	ceph_crypto_key_destroy(&au->session_key);
 
+	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);
 
+	if (ret)
 
+		return ret;
 
+
 
 	maxlen = sizeof(*msg_a) + sizeof(msg_b) +
 
 		ceph_x_encrypt_buflen(ticket_blob_len);
 
 	dout("  need len %d\n", maxlen);
 
@@ -302,8 +307,10 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
 
 	}
 
 	if (!au->buf) {
 
 		au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
 
-		if (!au->buf)
 
+		if (!au->buf) {
 
+			ceph_crypto_key_destroy(&au->session_key);
 
 			return -ENOMEM;
 
+		}
 
 	}
 
 	au->service = th->service;
 
 	au->secret_id = th->secret_id;
 
@@ -329,7 +336,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
 
 	get_random_bytes(&au->nonce, sizeof(au->nonce));
 
 	msg_b.struct_v = 1;
 
 	msg_b.nonce = cpu_to_le64(au->nonce);
 
-	ret = ceph_x_encrypt(&th->session_key, &msg_b, sizeof(msg_b),
 
+	ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b),
 
 			     p, end - p);
 
 	if (ret < 0)
 
 		goto out_buf;
 
@@ -588,17 +595,13 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
 
 					  struct ceph_authorizer *a, size_t len)
 
 {
 
 	struct ceph_x_authorizer *au = (void *)a;
 
-	struct ceph_x_ticket_handler *th;
 
 	int ret = 0;
 
 	struct ceph_x_authorize_reply reply;
 
 	void *preply = &reply;
 
 	void *p = au->reply_buf;
 
 	void *end = p + sizeof(au->reply_buf);
 
 
-	th = get_ticket_handler(ac, au->service);
 
-	if (IS_ERR(th))
 
-		return PTR_ERR(th);
 
-	ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply));
 
+	ret = ceph_x_decrypt(&au->session_key, &p, end, &preply, sizeof(reply));
 
 	if (ret < 0)
 
 		return ret;
 
 	if (ret != sizeof(reply))
 
@@ -618,6 +621,7 @@ static void ceph_x_destroy_authorizer(struct ceph_auth_client *ac,
 
 {
 
 	struct ceph_x_authorizer *au = (void *)a;
 
 
+	ceph_crypto_key_destroy(&au->session_key);
 
 	ceph_buffer_put(au->buf);
 
 	kfree(au);
 
 }

+ 1 - 0
net/ceph/auth_x.h
View File 

@@ -26,6 +26,7 @@ struct ceph_x_ticket_handler {
 
 
 
 struct ceph_x_authorizer {
 
+	struct ceph_crypto_key session_key;
 
 	struct ceph_buffer *buf;
 
 	unsigned int service;
 
 	u64 nonce;