Commit 03af4c7b authored by Ilya Dryomov's avatar Ilya Dryomov

libceph: set global_id as soon as we get an auth ticket

Commit 61ca49a9 ("libceph: don't set global_id until we get an
auth ticket") delayed the setting of global_id too much.  It is set
only after all tickets are received, but in pre-nautilus clusters an
auth ticket and the service tickets are obtained in separate steps
(for a total of three MAuth replies).  When the service tickets are
requested, global_id is used to build an authorizer; if global_id is
still 0 we never get them and fail to establish the session.

Moving the setting of global_id into protocol implementations.  This
way global_id can be set exactly when an auth ticket is received, not
sooner nor later.

Fixes: 61ca49a9 ("libceph: don't set global_id until we get an auth ticket")
Signed-off-by: default avatarIlya Dryomov <idryomov@gmail.com>
Reviewed-by: default avatarJeff Layton <jlayton@kernel.org>
parent 3c0d0894
...@@ -50,7 +50,7 @@ struct ceph_auth_client_ops { ...@@ -50,7 +50,7 @@ struct ceph_auth_client_ops {
* another request. * another request.
*/ */
int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end); int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
int (*handle_reply)(struct ceph_auth_client *ac, int (*handle_reply)(struct ceph_auth_client *ac, u64 global_id,
void *buf, void *end, u8 *session_key, void *buf, void *end, u8 *session_key,
int *session_key_len, u8 *con_secret, int *session_key_len, u8 *con_secret,
int *con_secret_len); int *con_secret_len);
...@@ -104,6 +104,8 @@ struct ceph_auth_client { ...@@ -104,6 +104,8 @@ struct ceph_auth_client {
struct mutex mutex; struct mutex mutex;
}; };
void ceph_auth_set_global_id(struct ceph_auth_client *ac, u64 global_id);
struct ceph_auth_client *ceph_auth_init(const char *name, struct ceph_auth_client *ceph_auth_init(const char *name,
const struct ceph_crypto_key *key, const struct ceph_crypto_key *key,
const int *con_modes); const int *con_modes);
......
...@@ -36,7 +36,7 @@ static int init_protocol(struct ceph_auth_client *ac, int proto) ...@@ -36,7 +36,7 @@ static int init_protocol(struct ceph_auth_client *ac, int proto)
} }
} }
static void set_global_id(struct ceph_auth_client *ac, u64 global_id) void ceph_auth_set_global_id(struct ceph_auth_client *ac, u64 global_id)
{ {
dout("%s global_id %llu\n", __func__, global_id); dout("%s global_id %llu\n", __func__, global_id);
...@@ -267,7 +267,7 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac, ...@@ -267,7 +267,7 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac,
goto out; goto out;
} }
ret = ac->ops->handle_reply(ac, payload, payload_end, ret = ac->ops->handle_reply(ac, global_id, payload, payload_end,
NULL, NULL, NULL, NULL); NULL, NULL, NULL, NULL);
if (ret == -EAGAIN) { if (ret == -EAGAIN) {
ret = build_request(ac, true, reply_buf, reply_len); ret = build_request(ac, true, reply_buf, reply_len);
...@@ -276,8 +276,6 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac, ...@@ -276,8 +276,6 @@ int ceph_handle_auth_reply(struct ceph_auth_client *ac,
goto out; goto out;
} }
set_global_id(ac, global_id);
out: out:
mutex_unlock(&ac->mutex); mutex_unlock(&ac->mutex);
return ret; return ret;
...@@ -485,7 +483,7 @@ int ceph_auth_handle_reply_more(struct ceph_auth_client *ac, void *reply, ...@@ -485,7 +483,7 @@ int ceph_auth_handle_reply_more(struct ceph_auth_client *ac, void *reply,
int ret; int ret;
mutex_lock(&ac->mutex); mutex_lock(&ac->mutex);
ret = ac->ops->handle_reply(ac, reply, reply + reply_len, ret = ac->ops->handle_reply(ac, 0, reply, reply + reply_len,
NULL, NULL, NULL, NULL); NULL, NULL, NULL, NULL);
if (ret == -EAGAIN) if (ret == -EAGAIN)
ret = build_request(ac, false, buf, buf_len); ret = build_request(ac, false, buf, buf_len);
...@@ -503,11 +501,10 @@ int ceph_auth_handle_reply_done(struct ceph_auth_client *ac, ...@@ -503,11 +501,10 @@ int ceph_auth_handle_reply_done(struct ceph_auth_client *ac,
int ret; int ret;
mutex_lock(&ac->mutex); mutex_lock(&ac->mutex);
ret = ac->ops->handle_reply(ac, reply, reply + reply_len, ret = ac->ops->handle_reply(ac, global_id, reply, reply + reply_len,
session_key, session_key_len, session_key, session_key_len,
con_secret, con_secret_len); con_secret, con_secret_len);
if (!ret) WARN_ON(ret == -EAGAIN || ret > 0);
set_global_id(ac, global_id);
mutex_unlock(&ac->mutex); mutex_unlock(&ac->mutex);
return ret; return ret;
} }
......
...@@ -69,7 +69,7 @@ static int build_request(struct ceph_auth_client *ac, void *buf, void *end) ...@@ -69,7 +69,7 @@ static int build_request(struct ceph_auth_client *ac, void *buf, void *end)
* the generic auth code decode the global_id, and we carry no actual * the generic auth code decode the global_id, and we carry no actual
* authenticate state, so nothing happens here. * authenticate state, so nothing happens here.
*/ */
static int handle_reply(struct ceph_auth_client *ac, static int handle_reply(struct ceph_auth_client *ac, u64 global_id,
void *buf, void *end, u8 *session_key, void *buf, void *end, u8 *session_key,
int *session_key_len, u8 *con_secret, int *session_key_len, u8 *con_secret,
int *con_secret_len) int *con_secret_len)
...@@ -77,6 +77,7 @@ static int handle_reply(struct ceph_auth_client *ac, ...@@ -77,6 +77,7 @@ static int handle_reply(struct ceph_auth_client *ac,
struct ceph_auth_none_info *xi = ac->private; struct ceph_auth_none_info *xi = ac->private;
xi->starting = false; xi->starting = false;
ceph_auth_set_global_id(ac, global_id);
return 0; return 0;
} }
......
...@@ -597,7 +597,7 @@ static int decode_con_secret(void **p, void *end, u8 *con_secret, ...@@ -597,7 +597,7 @@ static int decode_con_secret(void **p, void *end, u8 *con_secret,
return -EINVAL; return -EINVAL;
} }
static int handle_auth_session_key(struct ceph_auth_client *ac, static int handle_auth_session_key(struct ceph_auth_client *ac, u64 global_id,
void **p, void *end, void **p, void *end,
u8 *session_key, int *session_key_len, u8 *session_key, int *session_key_len,
u8 *con_secret, int *con_secret_len) u8 *con_secret, int *con_secret_len)
...@@ -613,6 +613,7 @@ static int handle_auth_session_key(struct ceph_auth_client *ac, ...@@ -613,6 +613,7 @@ static int handle_auth_session_key(struct ceph_auth_client *ac,
if (ret) if (ret)
return ret; return ret;
ceph_auth_set_global_id(ac, global_id);
if (*p == end) { if (*p == end) {
/* pre-nautilus (or didn't request service tickets!) */ /* pre-nautilus (or didn't request service tickets!) */
WARN_ON(session_key || con_secret); WARN_ON(session_key || con_secret);
...@@ -661,7 +662,7 @@ static int handle_auth_session_key(struct ceph_auth_client *ac, ...@@ -661,7 +662,7 @@ static int handle_auth_session_key(struct ceph_auth_client *ac,
return -EINVAL; return -EINVAL;
} }
static int ceph_x_handle_reply(struct ceph_auth_client *ac, static int ceph_x_handle_reply(struct ceph_auth_client *ac, u64 global_id,
void *buf, void *end, void *buf, void *end,
u8 *session_key, int *session_key_len, u8 *session_key, int *session_key_len,
u8 *con_secret, int *con_secret_len) u8 *con_secret, int *con_secret_len)
...@@ -695,9 +696,9 @@ static int ceph_x_handle_reply(struct ceph_auth_client *ac, ...@@ -695,9 +696,9 @@ static int ceph_x_handle_reply(struct ceph_auth_client *ac,
switch (op) { switch (op) {
case CEPHX_GET_AUTH_SESSION_KEY: case CEPHX_GET_AUTH_SESSION_KEY:
/* AUTH ticket + [connection secret] + service tickets */ /* AUTH ticket + [connection secret] + service tickets */
ret = handle_auth_session_key(ac, &p, end, session_key, ret = handle_auth_session_key(ac, global_id, &p, end,
session_key_len, con_secret, session_key, session_key_len,
con_secret_len); con_secret, con_secret_len);
break; break;
case CEPHX_GET_PRINCIPAL_SESSION_KEY: case CEPHX_GET_PRINCIPAL_SESSION_KEY:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment