libceph: store session key in cephx authorizer
authorYan, Zheng <zyan@redhat.com>
Tue, 4 Nov 2014 08:32:35 +0000 (16:32 +0800)
committerIlya Dryomov <idryomov@redhat.com>
Wed, 17 Dec 2014 17:09:50 +0000 (20:09 +0300)
Session key is required when calculating message signature. Save the session
key in authorizer, this avoid lookup ticket handler for each message

Signed-off-by: Yan, Zheng <zyan@redhat.com>
net/ceph/auth_x.c
net/ceph/auth_x.h

index 7e38b729696a97567e3c0d284631a3229ef413dd..77f3885c16bc7f41813be9d509ec674e40a218b5 100644 (file)
@@ -293,6 +293,11 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
        dout("build_authorizer for %s %p\n",
             ceph_entity_type_name(th->service), au);
 
+       ceph_crypto_key_destroy(&au->session_key);
+       ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);
+       if (ret)
+               return ret;
+
        maxlen = sizeof(*msg_a) + sizeof(msg_b) +
                ceph_x_encrypt_buflen(ticket_blob_len);
        dout("  need len %d\n", maxlen);
@@ -302,8 +307,10 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
        }
        if (!au->buf) {
                au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
-               if (!au->buf)
+               if (!au->buf) {
+                       ceph_crypto_key_destroy(&au->session_key);
                        return -ENOMEM;
+               }
        }
        au->service = th->service;
        au->secret_id = th->secret_id;
@@ -329,7 +336,7 @@ static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
        get_random_bytes(&au->nonce, sizeof(au->nonce));
        msg_b.struct_v = 1;
        msg_b.nonce = cpu_to_le64(au->nonce);
-       ret = ceph_x_encrypt(&th->session_key, &msg_b, sizeof(msg_b),
+       ret = ceph_x_encrypt(&au->session_key, &msg_b, sizeof(msg_b),
                             p, end - p);
        if (ret < 0)
                goto out_buf;
@@ -588,17 +595,13 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
                                          struct ceph_authorizer *a, size_t len)
 {
        struct ceph_x_authorizer *au = (void *)a;
-       struct ceph_x_ticket_handler *th;
        int ret = 0;
        struct ceph_x_authorize_reply reply;
        void *preply = &reply;
        void *p = au->reply_buf;
        void *end = p + sizeof(au->reply_buf);
 
-       th = get_ticket_handler(ac, au->service);
-       if (IS_ERR(th))
-               return PTR_ERR(th);
-       ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply));
+       ret = ceph_x_decrypt(&au->session_key, &p, end, &preply, sizeof(reply));
        if (ret < 0)
                return ret;
        if (ret != sizeof(reply))
@@ -618,6 +621,7 @@ static void ceph_x_destroy_authorizer(struct ceph_auth_client *ac,
 {
        struct ceph_x_authorizer *au = (void *)a;
 
+       ceph_crypto_key_destroy(&au->session_key);
        ceph_buffer_put(au->buf);
        kfree(au);
 }
index 65ee72082d99866d0f98057f15c4f181b21d971c..e8b7c6917d472f69d356252415efcb76a4afd3cf 100644 (file)
@@ -26,6 +26,7 @@ struct ceph_x_ticket_handler {
 
 
 struct ceph_x_authorizer {
+       struct ceph_crypto_key session_key;
        struct ceph_buffer *buf;
        unsigned int service;
        u64 nonce;