tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

libceph: store session key in cephx authorizer

Session key is required when calculating message signature. Save the session
key in authorizer, this avoid lookup ticket handler for each message

Signed-off-by: Yan, Zheng <zyan@redhat.com>

authored by

Yan, Zheng and committed by
Ilya Dryomov ae385eaf e96a650a

+12 -7
+11 -7
net/ceph/auth_x.c
··· 293 293 dout("build_authorizer for %s %p\n", 294 294 ceph_entity_type_name(th->service), au); 295 295 296 + ceph_crypto_key_destroy(&au->session_key); 297 + ret = ceph_crypto_key_clone(&au->session_key, &th->session_key); 298 + if (ret) 299 + return ret; 300 + 296 301 maxlen = sizeof(*msg_a) + sizeof(msg_b) + 297 302 ceph_x_encrypt_buflen(ticket_blob_len); 298 303 dout(" need len %d\n", maxlen); ··· 307 302 } 308 303 if (!au->buf) { 309 304 au->buf = ceph_buffer_new(maxlen, GFP_NOFS); 310 - if (!au->buf) 305 + if (!au->buf) { 306 + ceph_crypto_key_destroy(&au->session_key); 311 307 return -ENOMEM; 308 + } 312 309 } 313 310 au->service = th->service; 314 311 au->secret_id = th->secret_id; ··· 336 329 get_random_bytes(&au->nonce, sizeof(au->nonce)); 337 330 msg_b.struct_v = 1; 338 331 msg_b.nonce = cpu_to_le64(au->nonce); 339 - ret = ceph_x_encrypt(&th->session_key, &msg_b, sizeof(msg_b), 332 + ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b), 340 333 p, end - p); 341 334 if (ret < 0) 342 335 goto out_buf; ··· 595 588 struct ceph_authorizer *a, size_t len) 596 589 { 597 590 struct ceph_x_authorizer *au = (void *)a; 598 - struct ceph_x_ticket_handler *th; 599 591 int ret = 0; 600 592 struct ceph_x_authorize_reply reply; 601 593 void *preply = &reply; 602 594 void *p = au->reply_buf; 603 595 void *end = p + sizeof(au->reply_buf); 604 596 605 - th = get_ticket_handler(ac, au->service); 606 - if (IS_ERR(th)) 607 - return PTR_ERR(th); 608 - ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply)); 597 + ret = ceph_x_decrypt(&au->session_key, &p, end, &preply, sizeof(reply)); 609 598 if (ret < 0) 610 599 return ret; 611 600 if (ret != sizeof(reply)) ··· 621 618 { 622 619 struct ceph_x_authorizer *au = (void *)a; 623 620 621 + ceph_crypto_key_destroy(&au->session_key); 624 622 ceph_buffer_put(au->buf); 625 623 kfree(au); 626 624 }
+1
net/ceph/auth_x.h
··· 26 26 27 27 28 28 struct ceph_x_authorizer { 29 + struct ceph_crypto_key session_key; 29 30 struct ceph_buffer *buf; 30 31 unsigned int service; 31 32 u64 nonce;