auth: keep track of used pending_keys

Signed-off-by: Sage Weil <sage@newdream.net>

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index b2e952781f8b9c2320b72edcd27b6e584f68fc2c..ece342155b122698a5d3562c03881a4f537ecd4a 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -148,7 +148,6 @@ KeyServer::KeyServer(CephContext *cct_, KeyRing *extra_secrets)
 int KeyServer::start_server()
 {
   std::scoped_lock l{lock};
-
   _dump_rotating_secrets();
   return 0;
 }
@@ -238,6 +237,24 @@ bool KeyServer::get_service_secret(uint32_t service_id,
   return data.get_service_secret(cct, service_id, secret_id, secret);
 }
 
+void KeyServer::note_used_pending_key(const EntityName& name, const CryptoKey& key)
+{
+  std::scoped_lock l(lock);
+  used_pending_keys[name] = key;
+}
+
+void KeyServer::clear_used_pending_keys()
+{
+  std::scoped_lock l(lock);
+  used_pending_keys.clear();
+}
+
+void KeyServer::get_used_pending_keys(std::map<EntityName,CryptoKey> *used)
+{
+  std::scoped_lock l(lock);
+  used->swap(used_pending_keys);
+}
+
 bool KeyServer::generate_secret(CryptoKey& secret)
 {
   bufferptr bp;

diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 945a7f4dcd8979f64643e6924173c22104c5d687..62b98841411ccf679e82d7b152ab615c6fdffe84 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -193,6 +193,7 @@ WRITE_CLASS_ENCODER(KeyServerData::Incremental)
 class KeyServer : public KeyStore {
   CephContext *cct;
   KeyServerData data;
+  std::map<EntityName, CryptoKey> used_pending_keys;
   mutable ceph::mutex lock;
 
   int _rotate_secret(uint32_t service_id, KeyServerData &pending_data);
@@ -211,6 +212,11 @@ public:
   bool get_auth(const EntityName& name, EntityAuth& auth) const;
   bool get_caps(const EntityName& name, const std::string& type, AuthCapsInfo& caps) const;
   bool get_active_rotating_secret(const EntityName& name, CryptoKey& secret) const;
+
+  void note_used_pending_key(const EntityName& name, const CryptoKey& key);
+  void clear_used_pending_keys();
+  void get_used_pending_keys(std::map<EntityName,CryptoKey> *used);
+  
   int start_server();
   void rotate_timeout(double timeout);
 

diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 2a41631f2a7f698ab65fc79635c0d283a0bf19ac..977a43ad64f293483f52fc80cf0bb3067119c431 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -199,6 +199,7 @@ int CephxServiceHandler::handle_request(
                                           error);
        if (error.empty()) {
          used_key = &eauth.pending_key;
+         key_server->note_used_pending_key(entity_name, eauth.pending_key);
        }
       }
       if (!error.empty()) {