git.ipfire.org Git - people/ms/linux.git/commit

author	Sage Weil <sage@inktank.com>
	Mon, 25 Mar 2013 17:26:01 +0000 (10:26 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 20 Jun 2013 19:01:32 +0000 (12:01 -0700)
commit	d2c7223497cf8228416c70e3f4238ddd6c5bdf3c
tree	ef28b3569210839a399698f34605da9dd7202632	tree \| snapshot
parent	def71c018b0cc6c1eb7f30aa3268e764f48e9cf0	commit \| diff

libceph: add update_authorizer auth method

commit 0bed9b5c523d577378b6f83eab5835fe30c27208 upstream.

Currently the messenger calls out to a get_authorizer con op, which will
create a new authorizer if it doesn't yet have one.  In the meantime, when
we rotate our service keys, the authorizer doesn't get updated.  Eventually
it will be rejected by the server on a new connection attempt and get
invalidated, and we will then rebuild a new authorizer, but this is not
ideal.

Instead, if we do have an authorizer, call a new update_authorizer op that
will verify that the current authorizer is using the latest secret.  If it
is not, we will build a new one that does.  This avoids the transient
failure.

This fixes one of the sorry sequence of events for bug

http://tracker.ceph.com/issues/4282

Signed-off-by: Sage Weil <sage@inktank.com>
Reviewed-by: Alex Elder <elder@inktank.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs/ceph/mds_client.c		diff \| blob \| blame \| history
include/linux/ceph/auth.h		diff \| blob \| blame \| history
net/ceph/auth_x.c		diff \| blob \| blame \| history
net/ceph/auth_x.h		diff \| blob \| blame \| history
net/ceph/osd_client.c		diff \| blob \| blame \| history