From patchwork Fri Jan 15 14:50:44 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Dryomov X-Patchwork-Id: 8041621 Return-Path: X-Original-To: patchwork-ceph-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id AF6B6BEEE5 for ; Fri, 15 Jan 2016 14:51:23 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id CFD7720434 for ; Fri, 15 Jan 2016 14:51:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 0056C203E1 for ; Fri, 15 Jan 2016 14:51:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754063AbcAOOvP (ORCPT ); Fri, 15 Jan 2016 09:51:15 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:33955 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754031AbcAOOvN (ORCPT ); Fri, 15 Jan 2016 09:51:13 -0500 Received: by mail-wm0-f68.google.com with SMTP id b14so3234122wmb.1 for ; Fri, 15 Jan 2016 06:51:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=dFgdcfvPbnQvaQwmum/QOheyOfvWGpaBJnsbNleftmY=; b=ABSBiwdvA/PiFNM8ZsO1jl7zx4QAzzzWzocW0p6+qG1f9m0M7x93ubUyTZeXT1MZQ2 MX+lOA95TUmvkSeKpM3wb0WzNgpONS1pZIU2ni/FgGZfMmRRViFXozbV51miRNTFaRmD ekvFJ+WzimuDXEJyPk/B/scp+Kh287uKfdvTWBTIFrwEqigV006dbqKtgiCT29q6erdW 9XV6dRTBvOomtV8CycIjgsz8rG2DQIj+j7OT+6TPwkO/lng0hVOQFBi2LACRzS8lDFTg l2cghj3xMEEX8oxxmQYbUOREE9zlpgp0PBnfIRgiGq15zPspS/vfu4eHjdty3LT9DBYI 9hHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=dFgdcfvPbnQvaQwmum/QOheyOfvWGpaBJnsbNleftmY=; b=lnNMldvbMjGAr+81do2Smkglo0fWmZzBht87BQO6phLyjeerzFJpMIpDnNwYB8bMlP Rb54XvH+OVVlFgKVwQJ4oT7oGAizpANeKWHNiBuVslrjIeRrH31oryeHrfuIUQGBxT9X hSYbG5WeAVs7m7hYV3s+L7tax7Z55VFh0SSpRjy47zQVyTct9mMFqp4AiuGLG0Hi7c3/ 4HqVVlr4EOFhBE0VKjTEcoIhWam3cLX9jSRu6gGwmHFwh/8QSeWFMes/YSHNFi2Bl75j WSLMC/Hqld5tJo1d831JZH1ZEJVKReAVlkgW2UK6d5fnUqjaXGq7TsErCpkWrO5M+Sce Y+hg== X-Gm-Message-State: ALoCoQnXpUJ+aLhsmHIZSJayJI2gaF9pdT91h5fkIh9BmEeGBf6p/DlisRoZ8+ewaKhwS4GhzfhzMfqPKHElNCAUgSkqlC2IdQ== X-Received: by 10.194.112.130 with SMTP id iq2mr10188557wjb.102.1452869472490; Fri, 15 Jan 2016 06:51:12 -0800 (PST) Received: from dhcp-27-199.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id jm4sm10939876wjb.7.2016.01.15.06.51.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Jan 2016 06:51:11 -0800 (PST) From: Ilya Dryomov To: ceph-devel@vger.kernel.org Cc: Sage Weil Subject: [PATCH 3/4] libceph: invalidate AUTH in addition to a service ticket Date: Fri, 15 Jan 2016 15:50:44 +0100 Message-Id: <1452869445-10228-4-git-send-email-idryomov@gmail.com> X-Mailer: git-send-email 2.4.3 In-Reply-To: <1452869445-10228-1-git-send-email-idryomov@gmail.com> References: <1452869445-10228-1-git-send-email-idryomov@gmail.com> Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP If we fault due to authentication, we invalidate the service ticket we have and request a new one - the idea being that if a service rejected our authorizer, it must have expired, despite mon_client's attempts at periodic renewal. (The other possibility is that our ticket is too new and the service hasn't gotten it yet, in which case invalidating isn't necessary but doesn't hurt.) Invalidating just the service ticket is not enough, though. If we assume a failure on mon_client's part to renew a service ticket, we have to assume the same for the AUTH ticket. If our AUTH ticket is bad, we won't get any service tickets no matter how hard we try, so invalidate AUTH ticket along with the service ticket. Signed-off-by: Ilya Dryomov --- net/ceph/auth_x.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c index ab080bb18254..05e9fc21d460 100644 --- a/net/ceph/auth_x.c +++ b/net/ceph/auth_x.c @@ -684,8 +684,7 @@ static void ceph_x_destroy(struct ceph_auth_client *ac) ac->private = NULL; } -static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac, - int peer_type) +static void invalidate_ticket(struct ceph_auth_client *ac, int peer_type) { struct ceph_x_ticket_handler *th; @@ -694,6 +693,19 @@ static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac, th->have_key = false; } +static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac, + int peer_type) +{ + /* + * We are to invalidate a service ticket in the hopes of + * getting a new, hopefully more valid, one. But, we won't get + * it unless our AUTH ticket is good, so invalidate AUTH ticket + * as well, just in case. + */ + invalidate_ticket(ac, peer_type); + invalidate_ticket(ac, CEPH_ENTITY_TYPE_AUTH); +} + static int calcu_signature(struct ceph_x_authorizer *au, struct ceph_msg *msg, __le64 *sig) {