From: Sage Weil <sage@newdream.net>
Date: Fri, 22 Oct 2021 17:06:17 +0000 (-0500)
Subject: auth: keep track of used pending_keys
X-Git-Tag: v18.0.0~39^2~22
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=cb8c7f6ef8c605fbb84d04d2be50b0f8c9c98a51;p=ceph.git

auth: keep track of used pending_keys

Signed-off-by: Sage Weil <sage@newdream.net>
---

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index b2e952781f8b..ece342155b12 100644
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -148,7 +148,6 @@ KeyServer::KeyServer(CephContext *cct_, KeyRing *extra_secrets)
 int KeyServer::start_server()
 {
   std::scoped_lock l{lock};
-
   _dump_rotating_secrets();
   return 0;
 }
@@ -238,6 +237,24 @@ bool KeyServer::get_service_secret(uint32_t service_id,
   return data.get_service_secret(cct, service_id, secret_id, secret);
 }
 
+void KeyServer::note_used_pending_key(const EntityName& name, const CryptoKey& key)
+{
+  std::scoped_lock l(lock);
+  used_pending_keys[name] = key;
+}
+
+void KeyServer::clear_used_pending_keys()
+{
+  std::scoped_lock l(lock);
+  used_pending_keys.clear();
+}
+
+void KeyServer::get_used_pending_keys(std::map<EntityName,CryptoKey> *used)
+{
+  std::scoped_lock l(lock);
+  used->swap(used_pending_keys);
+}
+
 bool KeyServer::generate_secret(CryptoKey& secret)
 {
   bufferptr bp;
diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 945a7f4dcd89..62b98841411c 100644
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -193,6 +193,7 @@ WRITE_CLASS_ENCODER(KeyServerData::Incremental)
 class KeyServer : public KeyStore {
   CephContext *cct;
   KeyServerData data;
+  std::map<EntityName, CryptoKey> used_pending_keys;
   mutable ceph::mutex lock;
 
   int _rotate_secret(uint32_t service_id, KeyServerData &pending_data);
@@ -211,6 +212,11 @@ public:
   bool get_auth(const EntityName& name, EntityAuth& auth) const;
   bool get_caps(const EntityName& name, const std::string& type, AuthCapsInfo& caps) const;
   bool get_active_rotating_secret(const EntityName& name, CryptoKey& secret) const;
+
+  void note_used_pending_key(const EntityName& name, const CryptoKey& key);
+  void clear_used_pending_keys();
+  void get_used_pending_keys(std::map<EntityName,CryptoKey> *used);
+  
   int start_server();
   void rotate_timeout(double timeout);
 
diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 2a41631f2a7f..977a43ad64f2 100644
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -199,6 +199,7 @@ int CephxServiceHandler::handle_request(
 					   error);
 	if (error.empty()) {
 	  used_key = &eauth.pending_key;
+	  key_server->note_used_pending_key(entity_name, eauth.pending_key);
 	}
       }
       if (!error.empty()) {