From patchwork Tue Nov 11 08:38:29 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Yan, Zheng" X-Patchwork-Id: 5271531 Return-Path: X-Original-To: patchwork-ceph-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 23AF19F2F1 for ; Tue, 11 Nov 2014 08:39:03 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 5B73520158 for ; Tue, 11 Nov 2014 08:39:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 775252010E for ; Tue, 11 Nov 2014 08:39:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753124AbaKKIi4 (ORCPT ); Tue, 11 Nov 2014 03:38:56 -0500 Received: from mx1.redhat.com ([209.132.183.28]:35486 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753063AbaKKIiy (ORCPT ); Tue, 11 Nov 2014 03:38:54 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sAB8crTV001883 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Tue, 11 Nov 2014 03:38:53 -0500 Received: from localhost.localdomain (vpn1-115-24.nay.redhat.com [10.66.115.24]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id sAB8cp1s013204; Tue, 11 Nov 2014 03:38:52 -0500 From: "Yan, Zheng" To: ceph-devel@vger.kernel.org Cc: "Yan, Zheng" Subject: [PATCH] libceph: require cephx message signature by default Date: Tue, 11 Nov 2014 16:38:29 +0800 Message-Id: <1415695109-4698-1-git-send-email-zyan@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Yan, Zheng --- include/linux/ceph/libceph.h | 1 + net/ceph/ceph_common.c | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h index d293f7e..8b11a79 100644 --- a/include/linux/ceph/libceph.h +++ b/include/linux/ceph/libceph.h @@ -29,6 +29,7 @@ #define CEPH_OPT_NOSHARE (1<<1) /* don't share client with other sbs */ #define CEPH_OPT_MYIP (1<<2) /* specified my ip */ #define CEPH_OPT_NOCRC (1<<3) /* no data crc on writes */ +#define CEPH_OPT_NOMSGAUTH (1<<4) /* not require cephx message signature */ #define CEPH_OPT_DEFAULT (0) diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c index d361a274..b22d82c 100644 --- a/net/ceph/ceph_common.c +++ b/net/ceph/ceph_common.c @@ -237,6 +237,8 @@ enum { Opt_noshare, Opt_crc, Opt_nocrc, + Opt_cephx_require_signature, + Opt_cephx_require_no_signature, }; static match_table_t opt_tokens = { @@ -255,6 +257,8 @@ static match_table_t opt_tokens = { {Opt_noshare, "noshare"}, {Opt_crc, "crc"}, {Opt_nocrc, "nocrc"}, + {Opt_cephx_require_signature, "cephx_require_signature"}, + {Opt_cephx_require_no_signature, "cephx_require_no_signature"}, {-1, NULL} }; @@ -453,6 +457,12 @@ ceph_parse_options(char *options, const char *dev_name, case Opt_nocrc: opt->flags |= CEPH_OPT_NOCRC; break; + case Opt_cephx_require_signature: + opt->flags &= ~CEPH_OPT_NOMSGAUTH; + break; + case Opt_cephx_require_no_signature: + opt->flags |= CEPH_OPT_NOMSGAUTH; + break; default: BUG_ON(token); @@ -496,6 +506,9 @@ struct ceph_client *ceph_create_client(struct ceph_options *opt, void *private, init_waitqueue_head(&client->auth_wq); client->auth_err = 0; + if (!ceph_test_opt(client, NOMSGAUTH)) + required_features |= CEPH_FEATURE_MSG_AUTH; + client->extra_mon_dispatch = NULL; client->supported_features = CEPH_FEATURES_SUPPORTED_DEFAULT | supported_features;