fs/ceph/auth.c

   1 #include "ceph_debug.h"
   2
   3 #include <linux/module.h>
   4 #include <linux/err.h>
   5
   6 #include "types.h"
   7 #include "auth_none.h"
   8 #include "auth_x.h"
   9 #include "decode.h"
  10 #include "super.h"
  11
  12 #include "messenger.h"
  13
  14 /*
  15  * get protocol handler
  16  */
  17 static u32 supported_protocols[] = {
  18         CEPH_AUTH_NONE,
  19         CEPH_AUTH_CEPHX
  20 };
  21
  22 int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol)
  23 {
  24         switch (protocol) {
  25         case CEPH_AUTH_NONE:
  26                 return ceph_auth_none_init(ac);
  27         case CEPH_AUTH_CEPHX:
  28                 return ceph_x_init(ac);
  29         default:
  30                 return -ENOENT;
  31         }
  32 }
  33
  34 /*
  35  * setup, teardown.
  36  */
  37 struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret)
  38 {
  39         struct ceph_auth_client *ac;
  40         int ret;
  41
  42         dout("auth_init name '%s' secret '%s'\n", name, secret);
  43
  44         ret = -ENOMEM;
  45         ac = kzalloc(sizeof(*ac), GFP_NOFS);
  46         if (!ac)
  47                 goto out;
  48
  49         ac->negotiating = true;
  50         if (name)
  51                 ac->name = name;
  52         else
  53                 ac->name = CEPH_AUTH_NAME_DEFAULT;
  54         dout("auth_init name %s secret %s\n", ac->name, secret);
  55         ac->secret = secret;
  56         return ac;
  57
  58 out:
  59         return ERR_PTR(ret);
  60 }
  61
  62 void ceph_auth_destroy(struct ceph_auth_client *ac)
  63 {
  64         dout("auth_destroy %p\n", ac);
  65         if (ac->ops)
  66                 ac->ops->destroy(ac);
  67         kfree(ac);
  68 }
  69
  70 /*
  71  * Reset occurs when reconnecting to the monitor.
  72  */
  73 void ceph_auth_reset(struct ceph_auth_client *ac)
  74 {
  75         dout("auth_reset %p\n", ac);
  76         if (ac->ops && !ac->negotiating)
  77                 ac->ops->reset(ac);
  78         ac->negotiating = true;
  79 }
  80
  81 int ceph_entity_name_encode(const char *name, void **p, void *end)
  82 {
  83         int len = strlen(name);
  84
  85         if (*p + 2*sizeof(u32) + len > end)
  86                 return -ERANGE;
  87         ceph_encode_32(p, CEPH_ENTITY_TYPE_CLIENT);
  88         ceph_encode_32(p, len);
  89         ceph_encode_copy(p, name, len);
  90         return 0;
  91 }
  92
  93 /*
  94  * Initiate protocol negotiation with monitor.  Include entity name
  95  * and list supported protocols.
  96  */
  97 int ceph_auth_build_hello(struct ceph_auth_client *ac, void *buf, size_t len)
  98 {
  99         struct ceph_mon_request_header *monhdr = buf;
 100         void *p = monhdr + 1, *end = buf + len, *lenp;
 101         int i, num;
 102         int ret;
 103
 104         dout("auth_build_hello\n");
 105         monhdr->have_version = 0;
 106         monhdr->session_mon = cpu_to_le16(-1);
 107         monhdr->session_mon_tid = 0;
 108
 109         ceph_encode_32(&p, 0);  /* no protocol, yet */
 110
 111         lenp = p;
 112         p += sizeof(u32);
 113
 114         ceph_decode_need(&p, end, 1 + sizeof(u32), bad);
 115         ceph_encode_8(&p, 1);
 116         num = ARRAY_SIZE(supported_protocols);
 117         ceph_encode_32(&p, num);
 118         ceph_decode_need(&p, end, num * sizeof(u32), bad);
 119         for (i = 0; i < num; i++)
 120                 ceph_encode_32(&p, supported_protocols[i]);
 121
 122         ret = ceph_entity_name_encode(ac->name, &p, end);
 123         if (ret < 0)
 124                 return ret;
 125         ceph_decode_need(&p, end, sizeof(u64), bad);
 126         ceph_encode_64(&p, ac->global_id);
 127
 128         ceph_encode_32(&lenp, p - lenp - sizeof(u32));
 129         return p - buf;
 130
 131 bad:
 132         return -ERANGE;
 133 }
 134
 135 int ceph_build_auth_request(struct ceph_auth_client *ac,
 136                            void *msg_buf, size_t msg_len)
 137 {
 138         struct ceph_mon_request_header *monhdr = msg_buf;
 139         void *p = monhdr + 1;
 140         void *end = msg_buf + msg_len;
 141         int ret;
 142
 143         monhdr->have_version = 0;
 144         monhdr->session_mon = cpu_to_le16(-1);
 145         monhdr->session_mon_tid = 0;
 146
 147         ceph_encode_32(&p, ac->protocol);
 148
 149         ret = ac->ops->build_request(ac, p + sizeof(u32), end);
 150         if (ret < 0) {
 151                 pr_err("error %d building request\n", ret);
 152                 return ret;
 153         }
 154         dout(" built request %d bytes\n", ret);
 155         ceph_encode_32(&p, ret);
 156         return p + ret - msg_buf;
 157 }
 158
 159 /*
 160  * Handle auth message from monitor.
 161  */
 162 int ceph_handle_auth_reply(struct ceph_auth_client *ac,
 163                            void *buf, size_t len,
 164                            void *reply_buf, size_t reply_len)
 165 {
 166         void *p = buf;
 167         void *end = buf + len;
 168         int protocol;
 169         s32 result;
 170         u64 global_id;
 171         void *payload, *payload_end;
 172         int payload_len;
 173         char *result_msg;
 174         int result_msg_len;
 175         int ret = -EINVAL;
 176
 177         dout("handle_auth_reply %p %p\n", p, end);
 178         ceph_decode_need(&p, end, sizeof(u32) * 3 + sizeof(u64), bad);
 179         protocol = ceph_decode_32(&p);
 180         result = ceph_decode_32(&p);
 181         global_id = ceph_decode_64(&p);
 182         payload_len = ceph_decode_32(&p);
 183         payload = p;
 184         p += payload_len;
 185         ceph_decode_need(&p, end, sizeof(u32), bad);
 186         result_msg_len = ceph_decode_32(&p);
 187         result_msg = p;
 188         p += result_msg_len;
 189         if (p != end)
 190                 goto bad;
 191
 192         dout(" result %d '%.*s' gid %llu len %d\n", result, result_msg_len,
 193              result_msg, global_id, payload_len);
 194
 195         payload_end = payload + payload_len;
 196
 197         if (global_id && ac->global_id != global_id) {
 198                 dout(" set global_id %lld -> %lld\n", ac->global_id, global_id);
 199                 ac->global_id = global_id;
 200         }
 201
 202         if (ac->negotiating) {
 203                 /* server does not support our protocols? */
 204                 if (!protocol && result < 0) {
 205                         ret = result;
 206                         goto out;
 207                 }
 208                 /* set up (new) protocol handler? */
 209                 if (ac->protocol && ac->protocol != protocol) {
 210                         ac->ops->destroy(ac);
 211                         ac->protocol = 0;
 212                         ac->ops = NULL;
 213                 }
 214                 if (ac->protocol != protocol) {
 215                         ret = ceph_auth_init_protocol(ac, protocol);
 216                         if (ret) {
 217                                 pr_err("error %d on auth protocol %d init\n",
 218                                        ret, protocol);
 219                                 goto out;
 220                         }
 221                 }
 222
 223                 ac->negotiating = false;
 224         }
 225
 226         ret = ac->ops->handle_reply(ac, result, payload, payload_end);
 227         if (ret == -EAGAIN) {
 228                 return ceph_build_auth_request(ac, reply_buf, reply_len);
 229         } else if (ret) {
 230                 pr_err("authentication error %d\n", ret);
 231                 return ret;
 232         }
 233         return 0;
 234
 235 bad:
 236         pr_err("failed to decode auth msg\n");
 237 out:
 238         return ret;
 239 }
 240
 241 int ceph_build_auth(struct ceph_auth_client *ac,
 242                     void *msg_buf, size_t msg_len)
 243 {
 244         if (!ac->protocol)
 245                 return ceph_auth_build_hello(ac, msg_buf, msg_len);
 246         BUG_ON(!ac->ops);
 247         if (!ac->ops->is_authenticated(ac))
 248                 return ceph_build_auth_request(ac, msg_buf, msg_len);
 249         return 0;
 250 }
 251
 252 int ceph_auth_is_authenticated(struct ceph_auth_client *ac)
 253 {
 254         if (!ac->ops)
 255                 return 0;
 256         return ac->ops->is_authenticated(ac);
 257 }