Commit a255651d authored by Alex Elder's avatar Alex Elder Committed by Alex Elder

ceph: ensure auth ops are defined before use

In the create_authorizer method for both the mds and osd clients,
the auth_client->ops pointer is blindly dereferenced.  There is no
obvious guarantee that this pointer has been assigned.  And
furthermore, even if the ops pointer is non-null there is definitely
no guarantee that the create_authorizer or destroy_authorizer
methods are defined.

Add checks in both routines to make sure they are defined (non-null)
before use.  Add similar checks in a few other spots in these files
while we're at it.
Signed-off-by: default avatarAlex Elder <elder@inktank.com>
Reviewed-by: default avatarSage Weil <sage@inktank.com>
parent 74f1869f
...@@ -3406,17 +3406,15 @@ static int get_authorizer(struct ceph_connection *con, ...@@ -3406,17 +3406,15 @@ static int get_authorizer(struct ceph_connection *con,
int ret = 0; int ret = 0;
if (force_new && auth->authorizer) { if (force_new && auth->authorizer) {
if (ac->ops && ac->ops->destroy_authorizer)
ac->ops->destroy_authorizer(ac, auth->authorizer); ac->ops->destroy_authorizer(ac, auth->authorizer);
auth->authorizer = NULL; auth->authorizer = NULL;
} }
if (auth->authorizer == NULL) { if (!auth->authorizer && ac->ops && ac->ops->create_authorizer) {
if (ac->ops->create_authorizer) { ret = ac->ops->create_authorizer(ac, CEPH_ENTITY_TYPE_MDS, auth);
ret = ac->ops->create_authorizer(ac,
CEPH_ENTITY_TYPE_MDS, auth);
if (ret) if (ret)
return ret; return ret;
} }
}
*proto = ac->protocol; *proto = ac->protocol;
*buf = auth->authorizer_buf; *buf = auth->authorizer_buf;
......
...@@ -664,10 +664,10 @@ static void put_osd(struct ceph_osd *osd) ...@@ -664,10 +664,10 @@ static void put_osd(struct ceph_osd *osd)
{ {
dout("put_osd %p %d -> %d\n", osd, atomic_read(&osd->o_ref), dout("put_osd %p %d -> %d\n", osd, atomic_read(&osd->o_ref),
atomic_read(&osd->o_ref) - 1); atomic_read(&osd->o_ref) - 1);
if (atomic_dec_and_test(&osd->o_ref)) { if (atomic_dec_and_test(&osd->o_ref) && osd->o_auth.authorizer) {
struct ceph_auth_client *ac = osd->o_osdc->client->monc.auth; struct ceph_auth_client *ac = osd->o_osdc->client->monc.auth;
if (osd->o_auth.authorizer) if (ac->ops && ac->ops->destroy_authorizer)
ac->ops->destroy_authorizer(ac, osd->o_auth.authorizer); ac->ops->destroy_authorizer(ac, osd->o_auth.authorizer);
kfree(osd); kfree(osd);
} }
...@@ -2119,10 +2119,11 @@ static int get_authorizer(struct ceph_connection *con, ...@@ -2119,10 +2119,11 @@ static int get_authorizer(struct ceph_connection *con,
int ret = 0; int ret = 0;
if (force_new && auth->authorizer) { if (force_new && auth->authorizer) {
if (ac->ops && ac->ops->destroy_authorizer)
ac->ops->destroy_authorizer(ac, auth->authorizer); ac->ops->destroy_authorizer(ac, auth->authorizer);
auth->authorizer = NULL; auth->authorizer = NULL;
} }
if (auth->authorizer == NULL) { if (!auth->authorizer && ac->ops && ac->ops->create_authorizer) {
ret = ac->ops->create_authorizer(ac, CEPH_ENTITY_TYPE_OSD, auth); ret = ac->ops->create_authorizer(ac, CEPH_ENTITY_TYPE_OSD, auth);
if (ret) if (ret)
return ret; return ret;
...@@ -2144,6 +2145,10 @@ static int verify_authorizer_reply(struct ceph_connection *con, int len) ...@@ -2144,6 +2145,10 @@ static int verify_authorizer_reply(struct ceph_connection *con, int len)
struct ceph_osd_client *osdc = o->o_osdc; struct ceph_osd_client *osdc = o->o_osdc;
struct ceph_auth_client *ac = osdc->client->monc.auth; struct ceph_auth_client *ac = osdc->client->monc.auth;
/*
* XXX If ac->ops or ac->ops->verify_authorizer_reply is null,
* XXX which do we do: succeed or fail?
*/
return ac->ops->verify_authorizer_reply(ac, o->o_auth.authorizer, len); return ac->ops->verify_authorizer_reply(ac, o->o_auth.authorizer, len);
} }
...@@ -2153,7 +2158,7 @@ static int invalidate_authorizer(struct ceph_connection *con) ...@@ -2153,7 +2158,7 @@ static int invalidate_authorizer(struct ceph_connection *con)
struct ceph_osd_client *osdc = o->o_osdc; struct ceph_osd_client *osdc = o->o_osdc;
struct ceph_auth_client *ac = osdc->client->monc.auth; struct ceph_auth_client *ac = osdc->client->monc.auth;
if (ac->ops->invalidate_authorizer) if (ac->ops && ac->ops->invalidate_authorizer)
ac->ops->invalidate_authorizer(ac, CEPH_ENTITY_TYPE_OSD); ac->ops->invalidate_authorizer(ac, CEPH_ENTITY_TYPE_OSD);
return ceph_monc_validate_auth(&osdc->client->monc); return ceph_monc_validate_auth(&osdc->client->monc);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment