Commit | Line | Data |
---|---|---|
4e7a5dcd SW |
1 | #include "ceph_debug.h" |
2 | ||
3 | #include <linux/module.h> | |
5a0e3ad6 | 4 | #include <linux/slab.h> |
4e7a5dcd | 5 | #include <linux/err.h> |
d45d0d97 | 6 | #include <linux/slab.h> |
4e7a5dcd SW |
7 | |
8 | #include "types.h" | |
9 | #include "auth_none.h" | |
ec0994e4 | 10 | #include "auth_x.h" |
4e7a5dcd SW |
11 | #include "decode.h" |
12 | #include "super.h" | |
13 | ||
14 | #include "messenger.h" | |
15 | ||
16 | /* | |
17 | * get protocol handler | |
18 | */ | |
19 | static u32 supported_protocols[] = { | |
ec0994e4 SW |
20 | CEPH_AUTH_NONE, |
21 | CEPH_AUTH_CEPHX | |
4e7a5dcd SW |
22 | }; |
23 | ||
24 | int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol) | |
25 | { | |
26 | switch (protocol) { | |
27 | case CEPH_AUTH_NONE: | |
28 | return ceph_auth_none_init(ac); | |
ec0994e4 SW |
29 | case CEPH_AUTH_CEPHX: |
30 | return ceph_x_init(ac); | |
4e7a5dcd SW |
31 | default: |
32 | return -ENOENT; | |
33 | } | |
34 | } | |
35 | ||
36 | /* | |
37 | * setup, teardown. | |
38 | */ | |
39 | struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret) | |
40 | { | |
41 | struct ceph_auth_client *ac; | |
42 | int ret; | |
43 | ||
44 | dout("auth_init name '%s' secret '%s'\n", name, secret); | |
45 | ||
46 | ret = -ENOMEM; | |
47 | ac = kzalloc(sizeof(*ac), GFP_NOFS); | |
48 | if (!ac) | |
49 | goto out; | |
50 | ||
51 | ac->negotiating = true; | |
52 | if (name) | |
53 | ac->name = name; | |
54 | else | |
55 | ac->name = CEPH_AUTH_NAME_DEFAULT; | |
56 | dout("auth_init name %s secret %s\n", ac->name, secret); | |
57 | ac->secret = secret; | |
58 | return ac; | |
59 | ||
60 | out: | |
61 | return ERR_PTR(ret); | |
62 | } | |
63 | ||
64 | void ceph_auth_destroy(struct ceph_auth_client *ac) | |
65 | { | |
66 | dout("auth_destroy %p\n", ac); | |
67 | if (ac->ops) | |
68 | ac->ops->destroy(ac); | |
69 | kfree(ac); | |
70 | } | |
71 | ||
72 | /* | |
73 | * Reset occurs when reconnecting to the monitor. | |
74 | */ | |
75 | void ceph_auth_reset(struct ceph_auth_client *ac) | |
76 | { | |
77 | dout("auth_reset %p\n", ac); | |
78 | if (ac->ops && !ac->negotiating) | |
79 | ac->ops->reset(ac); | |
80 | ac->negotiating = true; | |
81 | } | |
82 | ||
83 | int ceph_entity_name_encode(const char *name, void **p, void *end) | |
84 | { | |
85 | int len = strlen(name); | |
86 | ||
87 | if (*p + 2*sizeof(u32) + len > end) | |
88 | return -ERANGE; | |
89 | ceph_encode_32(p, CEPH_ENTITY_TYPE_CLIENT); | |
90 | ceph_encode_32(p, len); | |
91 | ceph_encode_copy(p, name, len); | |
92 | return 0; | |
93 | } | |
94 | ||
95 | /* | |
96 | * Initiate protocol negotiation with monitor. Include entity name | |
97 | * and list supported protocols. | |
98 | */ | |
99 | int ceph_auth_build_hello(struct ceph_auth_client *ac, void *buf, size_t len) | |
100 | { | |
101 | struct ceph_mon_request_header *monhdr = buf; | |
102 | void *p = monhdr + 1, *end = buf + len, *lenp; | |
103 | int i, num; | |
104 | int ret; | |
105 | ||
106 | dout("auth_build_hello\n"); | |
107 | monhdr->have_version = 0; | |
108 | monhdr->session_mon = cpu_to_le16(-1); | |
109 | monhdr->session_mon_tid = 0; | |
110 | ||
111 | ceph_encode_32(&p, 0); /* no protocol, yet */ | |
112 | ||
113 | lenp = p; | |
114 | p += sizeof(u32); | |
115 | ||
07c8739c SW |
116 | ceph_decode_need(&p, end, 1 + sizeof(u32), bad); |
117 | ceph_encode_8(&p, 1); | |
4e7a5dcd SW |
118 | num = ARRAY_SIZE(supported_protocols); |
119 | ceph_encode_32(&p, num); | |
07c8739c | 120 | ceph_decode_need(&p, end, num * sizeof(u32), bad); |
4e7a5dcd SW |
121 | for (i = 0; i < num; i++) |
122 | ceph_encode_32(&p, supported_protocols[i]); | |
123 | ||
124 | ret = ceph_entity_name_encode(ac->name, &p, end); | |
125 | if (ret < 0) | |
126 | return ret; | |
127 | ceph_decode_need(&p, end, sizeof(u64), bad); | |
128 | ceph_encode_64(&p, ac->global_id); | |
129 | ||
130 | ceph_encode_32(&lenp, p - lenp - sizeof(u32)); | |
131 | return p - buf; | |
132 | ||
133 | bad: | |
134 | return -ERANGE; | |
135 | } | |
136 | ||
9bd2e6f8 SW |
137 | int ceph_build_auth_request(struct ceph_auth_client *ac, |
138 | void *msg_buf, size_t msg_len) | |
139 | { | |
140 | struct ceph_mon_request_header *monhdr = msg_buf; | |
141 | void *p = monhdr + 1; | |
142 | void *end = msg_buf + msg_len; | |
143 | int ret; | |
144 | ||
145 | monhdr->have_version = 0; | |
146 | monhdr->session_mon = cpu_to_le16(-1); | |
147 | monhdr->session_mon_tid = 0; | |
148 | ||
149 | ceph_encode_32(&p, ac->protocol); | |
150 | ||
151 | ret = ac->ops->build_request(ac, p + sizeof(u32), end); | |
152 | if (ret < 0) { | |
559c1e00 SW |
153 | pr_err("error %d building auth method %s request\n", ret, |
154 | ac->ops->name); | |
9bd2e6f8 SW |
155 | return ret; |
156 | } | |
157 | dout(" built request %d bytes\n", ret); | |
158 | ceph_encode_32(&p, ret); | |
159 | return p + ret - msg_buf; | |
160 | } | |
161 | ||
4e7a5dcd SW |
162 | /* |
163 | * Handle auth message from monitor. | |
164 | */ | |
165 | int ceph_handle_auth_reply(struct ceph_auth_client *ac, | |
166 | void *buf, size_t len, | |
167 | void *reply_buf, size_t reply_len) | |
168 | { | |
169 | void *p = buf; | |
170 | void *end = buf + len; | |
171 | int protocol; | |
172 | s32 result; | |
173 | u64 global_id; | |
174 | void *payload, *payload_end; | |
175 | int payload_len; | |
176 | char *result_msg; | |
177 | int result_msg_len; | |
178 | int ret = -EINVAL; | |
179 | ||
180 | dout("handle_auth_reply %p %p\n", p, end); | |
181 | ceph_decode_need(&p, end, sizeof(u32) * 3 + sizeof(u64), bad); | |
182 | protocol = ceph_decode_32(&p); | |
183 | result = ceph_decode_32(&p); | |
184 | global_id = ceph_decode_64(&p); | |
185 | payload_len = ceph_decode_32(&p); | |
186 | payload = p; | |
187 | p += payload_len; | |
188 | ceph_decode_need(&p, end, sizeof(u32), bad); | |
189 | result_msg_len = ceph_decode_32(&p); | |
190 | result_msg = p; | |
191 | p += result_msg_len; | |
192 | if (p != end) | |
193 | goto bad; | |
194 | ||
195 | dout(" result %d '%.*s' gid %llu len %d\n", result, result_msg_len, | |
196 | result_msg, global_id, payload_len); | |
197 | ||
198 | payload_end = payload + payload_len; | |
199 | ||
200 | if (global_id && ac->global_id != global_id) { | |
201 | dout(" set global_id %lld -> %lld\n", ac->global_id, global_id); | |
202 | ac->global_id = global_id; | |
203 | } | |
204 | ||
205 | if (ac->negotiating) { | |
dc14657c YS |
206 | /* server does not support our protocols? */ |
207 | if (!protocol && result < 0) { | |
208 | ret = result; | |
209 | goto out; | |
210 | } | |
4e7a5dcd SW |
211 | /* set up (new) protocol handler? */ |
212 | if (ac->protocol && ac->protocol != protocol) { | |
213 | ac->ops->destroy(ac); | |
214 | ac->protocol = 0; | |
215 | ac->ops = NULL; | |
216 | } | |
217 | if (ac->protocol != protocol) { | |
218 | ret = ceph_auth_init_protocol(ac, protocol); | |
219 | if (ret) { | |
559c1e00 SW |
220 | pr_err("error %d on auth method %s init\n", |
221 | ret, ac->ops->name); | |
4e7a5dcd SW |
222 | goto out; |
223 | } | |
224 | } | |
9bd2e6f8 SW |
225 | |
226 | ac->negotiating = false; | |
4e7a5dcd SW |
227 | } |
228 | ||
229 | ret = ac->ops->handle_reply(ac, result, payload, payload_end); | |
230 | if (ret == -EAGAIN) { | |
9bd2e6f8 | 231 | return ceph_build_auth_request(ac, reply_buf, reply_len); |
4e7a5dcd | 232 | } else if (ret) { |
559c1e00 | 233 | pr_err("auth method '%s' error %d\n", ac->ops->name, ret); |
4e7a5dcd SW |
234 | return ret; |
235 | } | |
236 | return 0; | |
237 | ||
238 | bad: | |
239 | pr_err("failed to decode auth msg\n"); | |
240 | out: | |
241 | return ret; | |
242 | } | |
243 | ||
9bd2e6f8 SW |
244 | int ceph_build_auth(struct ceph_auth_client *ac, |
245 | void *msg_buf, size_t msg_len) | |
246 | { | |
247 | if (!ac->protocol) | |
248 | return ceph_auth_build_hello(ac, msg_buf, msg_len); | |
249 | BUG_ON(!ac->ops); | |
250 | if (!ac->ops->is_authenticated(ac)) | |
251 | return ceph_build_auth_request(ac, msg_buf, msg_len); | |
252 | return 0; | |
253 | } | |
4e7a5dcd | 254 | |
9bd2e6f8 SW |
255 | int ceph_auth_is_authenticated(struct ceph_auth_client *ac) |
256 | { | |
257 | if (!ac->ops) | |
258 | return 0; | |
259 | return ac->ops->is_authenticated(ac); | |
260 | } |