auth.c 5.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260
  1. #include "ceph_debug.h"
  2. #include <linux/module.h>
  3. #include <linux/slab.h>
  4. #include <linux/err.h>
  5. #include <linux/slab.h>
  6. #include "types.h"
  7. #include "auth_none.h"
  8. #include "auth_x.h"
  9. #include "decode.h"
  10. #include "super.h"
  11. #include "messenger.h"
  12. /*
  13. * get protocol handler
  14. */
  15. static u32 supported_protocols[] = {
  16. CEPH_AUTH_NONE,
  17. CEPH_AUTH_CEPHX
  18. };
  19. int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol)
  20. {
  21. switch (protocol) {
  22. case CEPH_AUTH_NONE:
  23. return ceph_auth_none_init(ac);
  24. case CEPH_AUTH_CEPHX:
  25. return ceph_x_init(ac);
  26. default:
  27. return -ENOENT;
  28. }
  29. }
  30. /*
  31. * setup, teardown.
  32. */
  33. struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret)
  34. {
  35. struct ceph_auth_client *ac;
  36. int ret;
  37. dout("auth_init name '%s' secret '%s'\n", name, secret);
  38. ret = -ENOMEM;
  39. ac = kzalloc(sizeof(*ac), GFP_NOFS);
  40. if (!ac)
  41. goto out;
  42. ac->negotiating = true;
  43. if (name)
  44. ac->name = name;
  45. else
  46. ac->name = CEPH_AUTH_NAME_DEFAULT;
  47. dout("auth_init name %s secret %s\n", ac->name, secret);
  48. ac->secret = secret;
  49. return ac;
  50. out:
  51. return ERR_PTR(ret);
  52. }
  53. void ceph_auth_destroy(struct ceph_auth_client *ac)
  54. {
  55. dout("auth_destroy %p\n", ac);
  56. if (ac->ops)
  57. ac->ops->destroy(ac);
  58. kfree(ac);
  59. }
  60. /*
  61. * Reset occurs when reconnecting to the monitor.
  62. */
  63. void ceph_auth_reset(struct ceph_auth_client *ac)
  64. {
  65. dout("auth_reset %p\n", ac);
  66. if (ac->ops && !ac->negotiating)
  67. ac->ops->reset(ac);
  68. ac->negotiating = true;
  69. }
  70. int ceph_entity_name_encode(const char *name, void **p, void *end)
  71. {
  72. int len = strlen(name);
  73. if (*p + 2*sizeof(u32) + len > end)
  74. return -ERANGE;
  75. ceph_encode_32(p, CEPH_ENTITY_TYPE_CLIENT);
  76. ceph_encode_32(p, len);
  77. ceph_encode_copy(p, name, len);
  78. return 0;
  79. }
  80. /*
  81. * Initiate protocol negotiation with monitor. Include entity name
  82. * and list supported protocols.
  83. */
  84. int ceph_auth_build_hello(struct ceph_auth_client *ac, void *buf, size_t len)
  85. {
  86. struct ceph_mon_request_header *monhdr = buf;
  87. void *p = monhdr + 1, *end = buf + len, *lenp;
  88. int i, num;
  89. int ret;
  90. dout("auth_build_hello\n");
  91. monhdr->have_version = 0;
  92. monhdr->session_mon = cpu_to_le16(-1);
  93. monhdr->session_mon_tid = 0;
  94. ceph_encode_32(&p, 0); /* no protocol, yet */
  95. lenp = p;
  96. p += sizeof(u32);
  97. ceph_decode_need(&p, end, 1 + sizeof(u32), bad);
  98. ceph_encode_8(&p, 1);
  99. num = ARRAY_SIZE(supported_protocols);
  100. ceph_encode_32(&p, num);
  101. ceph_decode_need(&p, end, num * sizeof(u32), bad);
  102. for (i = 0; i < num; i++)
  103. ceph_encode_32(&p, supported_protocols[i]);
  104. ret = ceph_entity_name_encode(ac->name, &p, end);
  105. if (ret < 0)
  106. return ret;
  107. ceph_decode_need(&p, end, sizeof(u64), bad);
  108. ceph_encode_64(&p, ac->global_id);
  109. ceph_encode_32(&lenp, p - lenp - sizeof(u32));
  110. return p - buf;
  111. bad:
  112. return -ERANGE;
  113. }
  114. int ceph_build_auth_request(struct ceph_auth_client *ac,
  115. void *msg_buf, size_t msg_len)
  116. {
  117. struct ceph_mon_request_header *monhdr = msg_buf;
  118. void *p = monhdr + 1;
  119. void *end = msg_buf + msg_len;
  120. int ret;
  121. monhdr->have_version = 0;
  122. monhdr->session_mon = cpu_to_le16(-1);
  123. monhdr->session_mon_tid = 0;
  124. ceph_encode_32(&p, ac->protocol);
  125. ret = ac->ops->build_request(ac, p + sizeof(u32), end);
  126. if (ret < 0) {
  127. pr_err("error %d building auth method %s request\n", ret,
  128. ac->ops->name);
  129. return ret;
  130. }
  131. dout(" built request %d bytes\n", ret);
  132. ceph_encode_32(&p, ret);
  133. return p + ret - msg_buf;
  134. }
  135. /*
  136. * Handle auth message from monitor.
  137. */
  138. int ceph_handle_auth_reply(struct ceph_auth_client *ac,
  139. void *buf, size_t len,
  140. void *reply_buf, size_t reply_len)
  141. {
  142. void *p = buf;
  143. void *end = buf + len;
  144. int protocol;
  145. s32 result;
  146. u64 global_id;
  147. void *payload, *payload_end;
  148. int payload_len;
  149. char *result_msg;
  150. int result_msg_len;
  151. int ret = -EINVAL;
  152. dout("handle_auth_reply %p %p\n", p, end);
  153. ceph_decode_need(&p, end, sizeof(u32) * 3 + sizeof(u64), bad);
  154. protocol = ceph_decode_32(&p);
  155. result = ceph_decode_32(&p);
  156. global_id = ceph_decode_64(&p);
  157. payload_len = ceph_decode_32(&p);
  158. payload = p;
  159. p += payload_len;
  160. ceph_decode_need(&p, end, sizeof(u32), bad);
  161. result_msg_len = ceph_decode_32(&p);
  162. result_msg = p;
  163. p += result_msg_len;
  164. if (p != end)
  165. goto bad;
  166. dout(" result %d '%.*s' gid %llu len %d\n", result, result_msg_len,
  167. result_msg, global_id, payload_len);
  168. payload_end = payload + payload_len;
  169. if (global_id && ac->global_id != global_id) {
  170. dout(" set global_id %lld -> %lld\n", ac->global_id, global_id);
  171. ac->global_id = global_id;
  172. }
  173. if (ac->negotiating) {
  174. /* server does not support our protocols? */
  175. if (!protocol && result < 0) {
  176. ret = result;
  177. goto out;
  178. }
  179. /* set up (new) protocol handler? */
  180. if (ac->protocol && ac->protocol != protocol) {
  181. ac->ops->destroy(ac);
  182. ac->protocol = 0;
  183. ac->ops = NULL;
  184. }
  185. if (ac->protocol != protocol) {
  186. ret = ceph_auth_init_protocol(ac, protocol);
  187. if (ret) {
  188. pr_err("error %d on auth method %s init\n",
  189. ret, ac->ops->name);
  190. goto out;
  191. }
  192. }
  193. ac->negotiating = false;
  194. }
  195. ret = ac->ops->handle_reply(ac, result, payload, payload_end);
  196. if (ret == -EAGAIN) {
  197. return ceph_build_auth_request(ac, reply_buf, reply_len);
  198. } else if (ret) {
  199. pr_err("auth method '%s' error %d\n", ac->ops->name, ret);
  200. return ret;
  201. }
  202. return 0;
  203. bad:
  204. pr_err("failed to decode auth msg\n");
  205. out:
  206. return ret;
  207. }
  208. int ceph_build_auth(struct ceph_auth_client *ac,
  209. void *msg_buf, size_t msg_len)
  210. {
  211. if (!ac->protocol)
  212. return ceph_auth_build_hello(ac, msg_buf, msg_len);
  213. BUG_ON(!ac->ops);
  214. if (!ac->ops->is_authenticated(ac))
  215. return ceph_build_auth_request(ac, msg_buf, msg_len);
  216. return 0;
  217. }
  218. int ceph_auth_is_authenticated(struct ceph_auth_client *ac)
  219. {
  220. if (!ac->ops)
  221. return 0;
  222. return ac->ops->is_authenticated(ac);
  223. }