Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth/cephx: misc fixes #9679

Merged
merged 8 commits into from Aug 1, 2016
Merged

auth/cephx: misc fixes #9679

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
003289d
auth/cephx: fix race conditon for some public methods of KeyServer
xiexingguo Jun 7, 2016
d55f43f
auth: return error if we are unable to parse keyring file
xiexingguo Jun 6, 2016
5acb47f
mon/AuthMonitor: fix wrongly error handling logic
xiexingguo Jun 6, 2016
9eab1d9
auth/cephx: process formatter dump more tenderly
xiexingguo Jun 6, 2016
5ed1514
auth/cephx: fix race condition for build_session_auth_info()
xiexingguo Jun 6, 2016
3655b00
auth/cephx: return error if we are unable to decode rotate-key
xiexingguo Jun 7, 2016
b8af5f7
auth/cephx: kill dead code
xiexingguo Jun 7, 2016
39f26f8
mon/AuthMonitor: fix assert of version
xiexingguo Jun 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 0 additions & 5 deletions src/auth/AuthClientHandler.h
View file
Open in desktop
Expand Up @@ -47,11 +47,6 @@ class AuthClientHandler {
want = keys | CEPH_ENTITY_TYPE_AUTH;
validate_tickets();
}
void add_want_keys(__u32 keys) {
RWLock::WLocker l(lock);
want |= keys;
validate_tickets();
}

virtual int get_protocol() const = 0;

Expand Down
1 change: 1 addition & 0 deletions src/auth/KeyRing.cc
View file
Open in desktop
Expand Up @@ -233,6 +233,7 @@ int KeyRing::load(CephContext *cct, const std::string &filename)
}
catch (const buffer::error& err) {
lderr(cct) << "error parsing file " << filename << dendl;
return -EIO;
}

ldout(cct, 2) << "KeyRing::load: loaded key file " << filename << dendl;
Expand Down
2 changes: 1 addition & 1 deletion src/auth/cephx/CephxClientHandler.cc
View file
Open in desktop
Expand Up @@ -167,7 +167,7 @@ int CephxClientHandler::handle_response(int ret, bufferlist::iterator& indata)
if (decode_decrypt(cct, secrets, secret_key, indata, error)) {
ldout(cct, 0) << "could not set rotating key: decode_decrypt failed. error:"
<< error << dendl;
error.clear();
return -EINVAL;
} else {
rotating_secrets->set_secrets(secrets);
}
Expand Down
8 changes: 4 additions & 4 deletions src/auth/cephx/CephxKeyServer.cc
View file
Open in desktop
Expand Up @@ -296,15 +296,14 @@ bool KeyServer::contains(const EntityName& name) const
int KeyServer::encode_secrets(Formatter *f, stringstream *ds) const
{
Mutex::Locker l(lock);

if (f)
f->open_array_section("auth_dump");

map<EntityName, EntityAuth>::const_iterator mapiter = data.secrets_begin();

if (mapiter == data.secrets_end())
return -ENOENT;

if (f)
f->open_array_section("auth_dump");

while (mapiter != data.secrets_end()) {
const EntityName& name = mapiter->first;
if (ds) {
Expand Down Expand Up @@ -458,6 +457,7 @@ int KeyServer::build_session_auth_info(uint32_t service_id, CephXServiceTicketIn
info.service_secret = service_secret;
info.secret_id = secret_id;

Mutex::Locker l(lock);
return _build_session_auth_info(service_id, auth_ticket_info, info);
}

9 changes: 4 additions & 5 deletions src/auth/cephx/CephxKeyServer.h
View file
Open in desktop
Expand Up @@ -241,10 +241,12 @@ class KeyServer : public KeyStore {
}

void clear_secrets() {
Mutex::Locker l(lock);
data.clear_secrets();
}

void apply_data_incremental(KeyServerData::Incremental& inc) {
Mutex::Locker l(lock);
data.apply_incremental(inc);
}
void set_ver(version_t ver) {
Expand All @@ -267,19 +269,16 @@ class KeyServer : public KeyStore {
return (b != data.secrets_end());
}
int get_num_secrets() {
Mutex::Locker l(lock);
return data.secrets.size();
}

/*void add_rotating_secret(uint32_t service_id, ExpiringCryptoKey& key) {
Mutex::Locker l(lock);
data.add_rotating_secret(service_id, key);
}
*/
void clone_to(KeyServerData& dst) const {
Mutex::Locker l(lock);
dst = data;
}
void export_keyring(KeyRing& keyring) {
Mutex::Locker l(lock);
for (map<EntityName, EntityAuth>::iterator p = data.secrets.begin();
p != data.secrets.end();
++p) {
Expand Down
4 changes: 2 additions & 2 deletions src/mon/AuthMonitor.cc
View file
Open in desktop
Expand Up @@ -121,7 +121,7 @@ void AuthMonitor::update_from_paxos(bool *need_bootstrap)
version_t keys_ver = mon->key_server.get_ver();
if (version == keys_ver)
return;
assert(version >= keys_ver);
assert(version > keys_ver);

version_t latest_full = get_version_latest_full();

Expand Down Expand Up @@ -721,7 +721,7 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
::decode(keyring, iter);
} catch (const buffer::error &ex) {
ss << "error decoding keyring" << " " << ex.what();
rs = err;
err = -EINVAL;
goto done;
}
import_keyring(keyring);
Expand Down
6 changes: 0 additions & 6 deletions src/mon/MonClient.h
View file
Open in desktop
Expand Up @@ -382,12 +382,6 @@ class MonClient : public Dispatcher {
auth->set_want_keys(want | CEPH_ENTITY_TYPE_MON);
}

void add_want_keys(uint32_t want) {
want_keys |= want;
if (auth)
auth->add_want_keys(want);
}

// admin commands
private:
uint64_t last_mon_command_tid;
Expand Down