auth: add API to invalidate all tickets

author Patrick Donnelly <pdonnell@ibm.com>

Fri, 9 May 2025 18:52:52 +0000 (14:52 -0400)

committer Patrick Donnelly <pdonnell@ibm.com>

Mon, 26 Jan 2026 15:26:43 +0000 (10:26 -0500)
author Patrick Donnelly <pdonnell@ibm.com>
Fri, 9 May 2025 18:52:52 +0000 (14:52 -0400)
committer Patrick Donnelly <pdonnell@ibm.com>
Mon, 26 Jan 2026 15:26:43 +0000 (10:26 -0500)
diff --git a/src/auth/AuthClientHandler.h b/src/auth/AuthClientHandler.h

index 60657cece7af0241420bac44dc14772c360ed4c5..a02cf72bee9914908ecea1f42be521eccb6d749a 100644 (file)
--- a/src/auth/AuthClientHandler.h
+++ b/src/auth/AuthClientHandler.h
@@ -63,6 +63,8 @@ public:
  
    virtual bool need_tickets() = 0;
  
+  virtual void invalidate_all_tickets() {} // FIXME = 0
+
    virtual void set_global_id(uint64_t id) = 0;
  
    static AuthClientHandler* create(CephContext* cct, int proto, RotatingKeyRing* rkeys);
diff --git a/src/auth/cephx/CephxClientHandler.cc b/src/auth/cephx/CephxClientHandler.cc

index 968258502abf47453a530c5c6150e496727ce19a..73486bdebc7890c7af38808b1ea9e9ad6368dcc4 100644 (file)
--- a/src/auth/cephx/CephxClientHandler.cc
+++ b/src/auth/cephx/CephxClientHandler.cc
@@ -332,3 +332,8 @@ bool CephxClientHandler::need_tickets()
  
    return _need_tickets();
  }
+
+void CephxClientHandler::invalidate_all_tickets()
+{
+  tickets.invalidate_all_tickets();
+}
diff --git a/src/auth/cephx/CephxClientHandler.h b/src/auth/cephx/CephxClientHandler.h

index 02539fbadae08eb3fb6dfdc62822496432d21c85..c71d403837aa6bab54fe7be7769a37a17f5dee04 100644 (file)
--- a/src/auth/cephx/CephxClientHandler.h
+++ b/src/auth/cephx/CephxClientHandler.h
@@ -67,6 +67,8 @@ public:
  
    bool need_tickets() override;
  
+  void invalidate_all_tickets() override;
+
    void set_global_id(uint64_t id) override {
      global_id = id;
      tickets.global_id = id;
diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc

index 797ff4dadcd366d0febfa43239046c5bf8c6f9b8..683a9a716138bbf0da31d0b0e2a44e8efebf5b25 100644 (file)
--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -292,6 +292,15 @@ void CephXTicketManager::invalidate_ticket(uint32_t service_id)
      iter->second.invalidate_ticket();
  }
  
+void CephXTicketManager::invalidate_all_tickets()
+{
+  ldout(cct, 10) << __func__ << dendl;
+  for ([[maybe_unused]] auto &[service_id, ticket] : tickets_map) {
+    ticket.invalidate_ticket();
+  }
+}
+
+
  /*
   * PRINCIPAL: verify our attempt to authenticate succeeded.  fill out
   * this ServiceTicket with the result.
diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h

index 914ed3aa336b974024ab6198d8c70dc611f8adce..500d93c90cb7bb0880e7d7280bc31b450adb626c 100644 (file)
--- a/src/auth/cephx/CephxProtocol.h
+++ b/src/auth/cephx/CephxProtocol.h
@@ -427,6 +427,7 @@ struct CephXTicketManager {
    void set_have_need_key(uint32_t service_id, uint32_t& have, uint32_t& need);
    void validate_tickets(uint32_t mask, uint32_t& have, uint32_t& need);
    void invalidate_ticket(uint32_t service_id);
+  void invalidate_all_tickets();
  
  private:
    CephContext *cct;
author	Patrick Donnelly <pdonnell@ibm.com>
	Fri, 9 May 2025 18:52:52 +0000 (14:52 -0400)
committer	Patrick Donnelly <pdonnell@ibm.com>
	Mon, 26 Jan 2026 15:26:43 +0000 (10:26 -0500)
src/auth/AuthClientHandler.h		patch \| blob \| history
src/auth/cephx/CephxClientHandler.cc		patch \| blob \| history
src/auth/cephx/CephxClientHandler.h		patch \| blob \| history
src/auth/cephx/CephxProtocol.cc		patch \| blob \| history
src/auth/cephx/CephxProtocol.h		patch \| blob \| history