Commit a41359fa authored by Sage Weil's avatar Sage Weil

ceph: renew auth tickets before they expire

We were only requesting renewal after our tickets expire; do so before
that.  Most of the low-level logic for this was already there; just use
it.
Signed-off-by: default avatarSage Weil <sage@newdream.net>
parent 09c4d6a7
...@@ -246,7 +246,7 @@ int ceph_build_auth(struct ceph_auth_client *ac, ...@@ -246,7 +246,7 @@ int ceph_build_auth(struct ceph_auth_client *ac,
if (!ac->protocol) if (!ac->protocol)
return ceph_auth_build_hello(ac, msg_buf, msg_len); return ceph_auth_build_hello(ac, msg_buf, msg_len);
BUG_ON(!ac->ops); BUG_ON(!ac->ops);
if (!ac->ops->is_authenticated(ac)) if (ac->ops->should_authenticate(ac))
return ceph_build_auth_request(ac, msg_buf, msg_len); return ceph_build_auth_request(ac, msg_buf, msg_len);
return 0; return 0;
} }
......
...@@ -23,6 +23,12 @@ struct ceph_auth_client_ops { ...@@ -23,6 +23,12 @@ struct ceph_auth_client_ops {
*/ */
int (*is_authenticated)(struct ceph_auth_client *ac); int (*is_authenticated)(struct ceph_auth_client *ac);
/*
* true if we should (re)authenticate, e.g., when our tickets
* are getting old and crusty.
*/
int (*should_authenticate)(struct ceph_auth_client *ac);
/* /*
* build requests and process replies during monitor * build requests and process replies during monitor
* handshake. if handle_reply returns -EAGAIN, we build * handshake. if handle_reply returns -EAGAIN, we build
......
...@@ -31,6 +31,13 @@ static int is_authenticated(struct ceph_auth_client *ac) ...@@ -31,6 +31,13 @@ static int is_authenticated(struct ceph_auth_client *ac)
return !xi->starting; return !xi->starting;
} }
static int should_authenticate(struct ceph_auth_client *ac)
{
struct ceph_auth_none_info *xi = ac->private;
return xi->starting;
}
/* /*
* the generic auth code decode the global_id, and we carry no actual * the generic auth code decode the global_id, and we carry no actual
* authenticate state, so nothing happens here. * authenticate state, so nothing happens here.
...@@ -98,6 +105,7 @@ static const struct ceph_auth_client_ops ceph_auth_none_ops = { ...@@ -98,6 +105,7 @@ static const struct ceph_auth_client_ops ceph_auth_none_ops = {
.reset = reset, .reset = reset,
.destroy = destroy, .destroy = destroy,
.is_authenticated = is_authenticated, .is_authenticated = is_authenticated,
.should_authenticate = should_authenticate,
.handle_reply = handle_reply, .handle_reply = handle_reply,
.create_authorizer = ceph_auth_none_create_authorizer, .create_authorizer = ceph_auth_none_create_authorizer,
.destroy_authorizer = ceph_auth_none_destroy_authorizer, .destroy_authorizer = ceph_auth_none_destroy_authorizer,
......
...@@ -27,6 +27,17 @@ static int ceph_x_is_authenticated(struct ceph_auth_client *ac) ...@@ -27,6 +27,17 @@ static int ceph_x_is_authenticated(struct ceph_auth_client *ac)
return (ac->want_keys & xi->have_keys) == ac->want_keys; return (ac->want_keys & xi->have_keys) == ac->want_keys;
} }
static int ceph_x_should_authenticate(struct ceph_auth_client *ac)
{
struct ceph_x_info *xi = ac->private;
int need;
ceph_x_validate_tickets(ac, &need);
dout("ceph_x_should_authenticate want=%d need=%d have=%d\n",
ac->want_keys, need, xi->have_keys);
return need != 0;
}
static int ceph_x_encrypt_buflen(int ilen) static int ceph_x_encrypt_buflen(int ilen)
{ {
return sizeof(struct ceph_x_encrypt_header) + ilen + 16 + return sizeof(struct ceph_x_encrypt_header) + ilen + 16 +
...@@ -620,6 +631,7 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac, ...@@ -620,6 +631,7 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
static const struct ceph_auth_client_ops ceph_x_ops = { static const struct ceph_auth_client_ops ceph_x_ops = {
.name = "x", .name = "x",
.is_authenticated = ceph_x_is_authenticated, .is_authenticated = ceph_x_is_authenticated,
.should_authenticate = ceph_x_should_authenticate,
.build_request = ceph_x_build_request, .build_request = ceph_x_build_request,
.handle_reply = ceph_x_handle_reply, .handle_reply = ceph_x_handle_reply,
.create_authorizer = ceph_x_create_authorizer, .create_authorizer = ceph_x_create_authorizer,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment