* use gcc intrinsics for byteswap
* use template to wrap them.
* add the modeline for emacs/vim
* update the caller of the mswab/swab accordingly
Signed-off-by: Kefu Chai <kchai@redhat.com>
- If no auth protocol defined, `cephx` is used by default, it's debatable if
ceph should abort here or use `cephx` by default, but if `cephx` is used
in this case it's better to give some warning message.
- ceph has CEPH_AUTH_UNKNOWN auth protocol defined, change to use this
protocol if the auth method is unknown.
Signed-off-by: Dave Chen <wei.d.chen@intel.com>
In preparation to deglobalizing CephContext, remove the CephContext*
parameter to ceph_clock_now() and ceph::real_clock::now() that carries
a configurable offset.
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
the caller needs to check the nullity of the parameter before calling
PK11_FreeSymKey or PK11_FreeSlot, otherwise if CryptoAESKeyHandler::init
failed, we will hit a segfault as follows:
#0 0x00007f76844f5a95 in PK11_FreeSymKey () from /lib64/libnss3.so
#1 0x00007f76586b6e49 in CryptoAESKeyHandler::~CryptoAESKeyHandler() () from /lib64/librados.so.2
#2 0x00007f76586b5eea in CryptoAES::get_key_handler(ceph::buffer::ptr const&, std::string&) () from /lib64/librados.so.2
#3 0x00007f76586b4b9c in CryptoKey::_set_secret(int, ceph::buffer::ptr const&) () from /lib64/librados.so.2
#4 0x00007f76586b4e95 in CryptoKey::decode(ceph::buffer::list::iterator&) () from /lib64/librados.so.2
#5 0x00007f76586b7ee6 in KeyRing::set_modifier(char const*, char const*, EntityName&, std::map<std::string, ceph::buffer::list, std::less<std::string>, std::allocator<std::pair<std::string const, ceph::buffer::list> > >&) () from /lib64/librados.so.2
#6 0x00007f76586b8882 in KeyRing::decode_plaintext(ceph::buffer::list::iterator&) () from /lib64/librados.so.2
#7 0x00007f76586b9803 in KeyRing::decode(ceph::buffer::list::iterator&) () from /lib64/librados.so.2
#8 0x00007f76586b9a1f in KeyRing::load(CephContext*, std::string const&) () from /lib64/librados.so.2
#9 0x00007f76586ba04b in KeyRing::from_ceph_context(CephContext*) () from /lib64/librados.so.2
#10 0x00007f765852d0cd in MonClient::init() () from /lib64/librados.so.2
#11 0x00007f76583c15f5 in librados::RadosClient::connect() () from /lib64/librados.so.2
#12 0x00007f765838cb1c in rados_connect () from /lib64/librados.so.2
...
Signed-off-by: runsisi <runsisi@zte.com.cn>
If we request a bunch of service keys, we may not get
back a MGR key because of an in-progress upgrade. If we
have everything we need except for just the MGR key, do
not bother re-requesting it. Instead just continue and
we'll re-request it later when the secrets rotate.
Signed-off-by: Sage Weil <sage@redhat.com>
During an upgrade, we may have a client requesting an
MGR service key but not have one in the database yet,
either because we *just* upgraded and haven't generated
one yet, or because the leader mon hasn't been upgraded
yet.
Fix this by silently tolerating a missing key as long as
one or more other service keys were present and we have
something to give to the client.
Signed-off-by: Sage Weil <sage@redhat.com>
These methods are called only by AuthMonitor and are accessed
without protection of internal lock, which is not safe.
Signed-off-by: xie xingguo <xie.xingguo@zte.com.cn>
Use explicit keyword for constructors with one argument to
prevent implicit usage as conversion functions.
Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
Fix for:
CID 1296382 (#1 of 1): Resource leak (RESOURCE_LEAK)
leaked_storage: Variable ckh going out of scope leaks the storage
it points to.
Signed-off-by: Danny Al-Gaaf <danny.al-gaaf@bisect.de>
In this case(e.g. user passes wrong key), attempts to call the CryptoKey.ckh will lead to a segfault.
This patch fixes crash issue like following:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffed10e700 (LWP 25051)]
0x00007ffff59896c6 in CryptoKey::encrypt (this=0x7fffed10d4f0, cct=0x555555829c30, in=..., out=..., error=0x7fffed10d440) at auth/cephx/../Crypto.h:110
110 return ckh->encrypt(in, out, error);
(gdb) bt
at auth/cephx/../Crypto.h:110
at auth/cephx/CephxProtocol.h:464
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
test:
see test.sh:test_mon_caps
before modify:
when we first exec ../qa/workunits/cephtool/test.sh -t mon_caps --asok-does-not-need-root , it stuck.
after modify:
exec again, return Permission denied.
Signed-off-by: Xiaowei Chen <chen.xiaowei@h3c.com>
if the auth of osd is deleted when the osd is running, the osd will produce large amounts of log.
Fixes:#13610
Signed-off-by: Qiankun Zheng <zheng.qiankun@h3c.com>
The KeyServer class has a public method get_auth() that returns a boolean
value. This value is being checked here - fix the conditional so it triggers
when get_auth() returns false.
http://tracker.ceph.com/issues/9756 References: #9756
Signed-off-by: Nathan Cutler <ncutler@suse.com>
get_secret can fail to populate the passed CryptoKey, for
example if the entity name is not found in the keyring. In
this case, attempts to use the CryptoKey will lead to
segfaults.
Fixes: #12417
Signed-off-by: John Spray <john.spray@redhat.com>
Allocate the key and slot once per key instead of once per encrypt/
decrypt operation. This improves things by a factor of almost 4x
for my microbenchmark.
Signed-off-by: Sage Weil <sage@redhat.com>
