diff options
| author | Sage Weil <sage@inktank.com> | 2013-03-25 10:26:01 -0700 |
|---|---|---|
| committer | Sage Weil <sage@inktank.com> | 2013-05-01 21:17:13 -0700 |
| commit | 0bed9b5c523d577378b6f83eab5835fe30c27208 (patch) | |
| tree | ab35e0fdeedf883e029cedab7a0ecbce71376426 /net/ceph/auth_x.h | |
| parent | 4b8e8b5d78b8322351d44487c1b76f7e9d3412bc (diff) | |
libceph: add update_authorizer auth method
Currently the messenger calls out to a get_authorizer con op, which will
create a new authorizer if it doesn't yet have one. In the meantime, when
we rotate our service keys, the authorizer doesn't get updated. Eventually
it will be rejected by the server on a new connection attempt and get
invalidated, and we will then rebuild a new authorizer, but this is not
ideal.
Instead, if we do have an authorizer, call a new update_authorizer op that
will verify that the current authorizer is using the latest secret. If it
is not, we will build a new one that does. This avoids the transient
failure.
This fixes one of the sorry sequence of events for bug
http://tracker.ceph.com/issues/4282
Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
Diffstat (limited to 'net/ceph/auth_x.h')
| -rw-r--r-- | net/ceph/auth_x.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/ceph/auth_x.h b/net/ceph/auth_x.h index f459e93b774f..c5a058da7ac8 100644 --- a/net/ceph/auth_x.h +++ b/net/ceph/auth_x.h @@ -29,6 +29,7 @@ struct ceph_x_authorizer { struct ceph_buffer *buf; unsigned int service; u64 nonce; + u64 secret_id; char reply_buf[128]; /* big enough for encrypted blob */ }; |