libceph: more insight into ticket expiry and invalidation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Make it clear that "need" is a union of "missing" and "have, but up
for renewal" and dout when the ticket goes missing due to expiry or
invalidation by client.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

Ilya Dryomov 5 years ago f79e25b0 a56dd9bf

+25 -14

1 changed file

expand all

net

ceph

auth_x.c

+25 -14

net/ceph/auth_x.c

··· 22 22 static int ceph_x_is_authenticated(struct ceph_auth_client *ac) 23 23 { 24 24 struct ceph_x_info *xi = ac->private; 25 - int need; 25 + int missing; 26 + int need; /* missing + need renewal */ 26 27 27 28 ceph_x_validate_tickets(ac, &need); 28 - dout("ceph_x_is_authenticated want=%d need=%d have=%d\n", 29 - ac->want_keys, need, xi->have_keys); 30 - return (ac->want_keys & xi->have_keys) == ac->want_keys; 29 + missing = ac->want_keys & ~xi->have_keys; 30 + WARN_ON((need & missing) != missing); 31 + dout("%s want 0x%x have 0x%x missing 0x%x -> %d\n", __func__, 32 + ac->want_keys, xi->have_keys, missing, !missing); 33 + return !missing; 31 34 } 32 35 33 36 static int ceph_x_should_authenticate(struct ceph_auth_client *ac) ··· 39 36 int need; 40 37 41 38 ceph_x_validate_tickets(ac, &need); 42 - dout("ceph_x_should_authenticate want=%d need=%d have=%d\n", 43 - ac->want_keys, need, xi->have_keys); 44 - return need != 0; 39 + dout("%s want 0x%x have 0x%x need 0x%x -> %d\n", __func__, 40 + ac->want_keys, xi->have_keys, need, !!need); 41 + return !!need; 45 42 } 46 43 47 44 static int ceph_x_encrypt_offset(void) ··· 382 379 } 383 380 } 384 381 au->service = th->service; 382 + WARN_ON(!th->secret_id); 385 383 au->secret_id = th->secret_id; 386 384 387 385 msg_a = au->buf->vec.iov_base; ··· 446 442 447 443 static bool have_key(struct ceph_x_ticket_handler *th) 448 444 { 449 - if (th->have_key) { 450 - if (ktime_get_real_seconds() >= th->expires) 451 - th->have_key = false; 445 + if (th->have_key && ktime_get_real_seconds() >= th->expires) { 446 + dout("ticket %d (%s) secret_id %llu expired\n", th->service, 447 + ceph_entity_type_name(th->service), th->secret_id); 448 + th->have_key = false; 452 449 } 453 450 454 451 return th->have_key; ··· 499 494 return PTR_ERR(th); 500 495 501 496 ceph_x_validate_tickets(ac, &need); 502 - 503 - dout("build_request want %x have %x need %x\n", 504 - ac->want_keys, xi->have_keys, need); 497 + dout("%s want 0x%x have 0x%x need 0x%x\n", __func__, ac->want_keys, 498 + xi->have_keys, need); 505 499 506 500 if (need & CEPH_ENTITY_TYPE_AUTH) { 507 501 struct ceph_x_authenticate *auth = (void *)(head + 1); ··· 789 785 struct ceph_x_ticket_handler *th; 790 786 791 787 th = get_ticket_handler(ac, peer_type); 792 - if (!IS_ERR(th)) 788 + if (IS_ERR(th)) 789 + return; 790 + 791 + if (th->have_key) { 792 + dout("ticket %d (%s) secret_id %llu invalidated\n", 793 + th->service, ceph_entity_type_name(th->service), 794 + th->secret_id); 793 795 th->have_key = false; 796 + } 794 797 } 795 798 796 799 static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,