libceph: require cephx message signature by default

Signed-off-by: Yan, Zheng <zyan@redhat.com>
Reviewed-by: Ilya Dryomov <idryomov@redhat.com>

diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h
index d293f7e388142b125923da81b3213872d59c909d..8b11a79ca1cbf53630d0546b8a6d50446236d3a9 100644 (file)
--- a/include/linux/ceph/libceph.h
+++ b/include/linux/ceph/libceph.h
@@ -29,6 +29,7 @@
 #define CEPH_OPT_NOSHARE          (1<<1) /* don't share client with other sbs */
 #define CEPH_OPT_MYIP             (1<<2) /* specified my ip */
 #define CEPH_OPT_NOCRC            (1<<3) /* no data crc on writes */
+#define CEPH_OPT_NOMSGAUTH       (1<<4) /* not require cephx message signature */
 
 #define CEPH_OPT_DEFAULT   (0)
 

diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
index d361a274aee74df8fb1dbcaa1e63cb126ac67ccf..5d5ab67f516dfa16ee5d86d6c312cf0a201bc3a4 100644 (file)
--- a/net/ceph/ceph_common.c
+++ b/net/ceph/ceph_common.c
@@ -237,6 +237,8 @@ enum {
        Opt_noshare,
        Opt_crc,
        Opt_nocrc,
+       Opt_cephx_require_signatures,
+       Opt_nocephx_require_signatures,
 };
 
 static match_table_t opt_tokens = {
@@ -255,6 +257,8 @@ static match_table_t opt_tokens = {
        {Opt_noshare, "noshare"},
        {Opt_crc, "crc"},
        {Opt_nocrc, "nocrc"},
+       {Opt_cephx_require_signatures, "cephx_require_signatures"},
+       {Opt_nocephx_require_signatures, "nocephx_require_signatures"},
        {-1, NULL}
 };
 
@@ -453,6 +457,12 @@ ceph_parse_options(char *options, const char *dev_name,
                case Opt_nocrc:
                        opt->flags |= CEPH_OPT_NOCRC;
                        break;
+               case Opt_cephx_require_signatures:
+                       opt->flags &= ~CEPH_OPT_NOMSGAUTH;
+                       break;
+               case Opt_nocephx_require_signatures:
+                       opt->flags |= CEPH_OPT_NOMSGAUTH;
+                       break;
 
                default:
                        BUG_ON(token);
@@ -496,6 +506,9 @@ struct ceph_client *ceph_create_client(struct ceph_options *opt, void *private,
        init_waitqueue_head(&client->auth_wq);
        client->auth_err = 0;
 
+       if (!ceph_test_opt(client, NOMSGAUTH))
+               required_features |= CEPH_FEATURE_MSG_AUTH;
+
        client->extra_mon_dispatch = NULL;
        client->supported_features = CEPH_FEATURES_SUPPORTED_DEFAULT |
                supported_features;