git.apps.os.sepia.ceph.com Git

author	Ilya Dryomov <idryomov@gmail.com>
	Thu, 15 Apr 2021 07:48:13 +0000 (09:48 +0200)
committer	Ilya Dryomov <idryomov@gmail.com>
	Fri, 16 Apr 2021 14:16:24 +0000 (16:16 +0200)
commit	d5328bc0c80868898fdf9a8c60ed6f47eb24f51f
tree	3ef7f06c3ab4015796aa932f237020f6ed81ac51	tree \| snapshot
parent	17f736d91d372c5f932a86643e231fbbe4ad6a60	commit \| diff

auth/cephx: cap ticket validity by expiration of "next" key

If auth_mon_ticket_ttl is increased by several times as done in
commit 522a52e6c258 ("auth/cephx: rotate auth tickets less often"),
active clients eventually get stuck because the monitor sends out an
auth ticket with a bogus validity.  The ticket is secured with the
"current" secret that is scheduled to expire according to the old TTL,
but the validity of the ticket is set to the new TTL.  As a result,
the client simply doesn't attempt to renew, letting the secrets rotate
potentially more than once.  When that happens, the client first hits
auth authorizer errors as it tries to renew service tickets and when
it finally gets to renewing the auth ticket, it hits the insecure
global_id reclaim wall.

Cap TTL by expiration of "next" key -- the "current" key may be
milliseconds away from expiration and still be used, legitimately.
Do it in KeyServerData alongside key rotation code and propagate the
capped TTL to the upper layer.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 370c9b13970d47a55b1b20ef983c6f01236c9565)

Conflicts:
src/auth/cephx/CephxKeyServer.cc [ commit ef3c42cd6481 ("auth:
  EACCES, not EPERM") not in nautilus ]

src/auth/cephx/CephxKeyServer.cc		diff \| blob \| history
src/auth/cephx/CephxKeyServer.h		diff \| blob \| history
src/auth/cephx/CephxServiceHandler.cc		diff \| blob \| history