1 #include <linux/ceph/ceph_debug.h> 2 3 #include <linux/module.h> 4 #include <linux/err.h> 5 #include <linux/slab.h> 6 7 #include <linux/ceph/types.h> 8 #include <linux/ceph/decode.h> 9 #include <linux/ceph/libceph.h> 10 #include <linux/ceph/messenger.h> 11 #include "auth_none.h" 12 #include "auth_x.h" 13 14 15 /* 16 * get protocol handler 17 */ 18 static u32 supported_protocols[] = { 19 CEPH_AUTH_NONE, 20 CEPH_AUTH_CEPHX 21 }; 22 23 static int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol) 24 { 25 switch (protocol) { 26 case CEPH_AUTH_NONE: 27 return ceph_auth_none_init(ac); 28 case CEPH_AUTH_CEPHX: 29 return ceph_x_init(ac); 30 default: 31 return -ENOENT; 32 } 33 } 34 35 /* 36 * setup, teardown. 37 */ 38 struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret) 39 { 40 struct ceph_auth_client *ac; 41 int ret; 42 43 dout("auth_init name '%s' secret '%s'\n", name, secret); 44 45 ret = -ENOMEM; 46 ac = kzalloc(sizeof(*ac), GFP_NOFS); 47 if (!ac) 48 goto out; 49 50 ac->negotiating = true; 51 if (name) 52 ac->name = name; 53 else 54 ac->name = CEPH_AUTH_NAME_DEFAULT; 55 dout("auth_init name %s secret %s\n", ac->name, secret); 56 ac->secret = secret; 57 return ac; 58 59 out: 60 return ERR_PTR(ret); 61 } 62 63 void ceph_auth_destroy(struct ceph_auth_client *ac) 64 { 65 dout("auth_destroy %p\n", ac); 66 if (ac->ops) 67 ac->ops->destroy(ac); 68 kfree(ac); 69 } 70 71 /* 72 * Reset occurs when reconnecting to the monitor. 73 */ 74 void ceph_auth_reset(struct ceph_auth_client *ac) 75 { 76 dout("auth_reset %p\n", ac); 77 if (ac->ops && !ac->negotiating) 78 ac->ops->reset(ac); 79 ac->negotiating = true; 80 } 81 82 int ceph_entity_name_encode(const char *name, void **p, void *end) 83 { 84 int len = strlen(name); 85 86 if (*p + 2*sizeof(u32) + len > end) 87 return -ERANGE; 88 ceph_encode_32(p, CEPH_ENTITY_TYPE_CLIENT); 89 ceph_encode_32(p, len); 90 ceph_encode_copy(p, name, len); 91 return 0; 92 } 93 94 /* 95 * Initiate protocol negotiation with monitor. Include entity name 96 * and list supported protocols. 97 */ 98 int ceph_auth_build_hello(struct ceph_auth_client *ac, void *buf, size_t len) 99 { 100 struct ceph_mon_request_header *monhdr = buf; 101 void *p = monhdr + 1, *end = buf + len, *lenp; 102 int i, num; 103 int ret; 104 105 dout("auth_build_hello\n"); 106 monhdr->have_version = 0; 107 monhdr->session_mon = cpu_to_le16(-1); 108 monhdr->session_mon_tid = 0; 109 110 ceph_encode_32(&p, 0); /* no protocol, yet */ 111 112 lenp = p; 113 p += sizeof(u32); 114 115 ceph_decode_need(&p, end, 1 + sizeof(u32), bad); 116 ceph_encode_8(&p, 1); 117 num = ARRAY_SIZE(supported_protocols); 118 ceph_encode_32(&p, num); 119 ceph_decode_need(&p, end, num * sizeof(u32), bad); 120 for (i = 0; i < num; i++) 121 ceph_encode_32(&p, supported_protocols[i]); 122 123 ret = ceph_entity_name_encode(ac->name, &p, end); 124 if (ret < 0) 125 return ret; 126 ceph_decode_need(&p, end, sizeof(u64), bad); 127 ceph_encode_64(&p, ac->global_id); 128 129 ceph_encode_32(&lenp, p - lenp - sizeof(u32)); 130 return p - buf; 131 132 bad: 133 return -ERANGE; 134 } 135 136 static int ceph_build_auth_request(struct ceph_auth_client *ac, 137 void *msg_buf, size_t msg_len) 138 { 139 struct ceph_mon_request_header *monhdr = msg_buf; 140 void *p = monhdr + 1; 141 void *end = msg_buf + msg_len; 142 int ret; 143 144 monhdr->have_version = 0; 145 monhdr->session_mon = cpu_to_le16(-1); 146 monhdr->session_mon_tid = 0; 147 148 ceph_encode_32(&p, ac->protocol); 149 150 ret = ac->ops->build_request(ac, p + sizeof(u32), end); 151 if (ret < 0) { 152 pr_err("error %d building auth method %s request\n", ret, 153 ac->ops->name); 154 return ret; 155 } 156 dout(" built request %d bytes\n", ret); 157 ceph_encode_32(&p, ret); 158 return p + ret - msg_buf; 159 } 160 161 /* 162 * Handle auth message from monitor. 163 */ 164 int ceph_handle_auth_reply(struct ceph_auth_client *ac, 165 void *buf, size_t len, 166 void *reply_buf, size_t reply_len) 167 { 168 void *p = buf; 169 void *end = buf + len; 170 int protocol; 171 s32 result; 172 u64 global_id; 173 void *payload, *payload_end; 174 int payload_len; 175 char *result_msg; 176 int result_msg_len; 177 int ret = -EINVAL; 178 179 dout("handle_auth_reply %p %p\n", p, end); 180 ceph_decode_need(&p, end, sizeof(u32) * 3 + sizeof(u64), bad); 181 protocol = ceph_decode_32(&p); 182 result = ceph_decode_32(&p); 183 global_id = ceph_decode_64(&p); 184 payload_len = ceph_decode_32(&p); 185 payload = p; 186 p += payload_len; 187 ceph_decode_need(&p, end, sizeof(u32), bad); 188 result_msg_len = ceph_decode_32(&p); 189 result_msg = p; 190 p += result_msg_len; 191 if (p != end) 192 goto bad; 193 194 dout(" result %d '%.*s' gid %llu len %d\n", result, result_msg_len, 195 result_msg, global_id, payload_len); 196 197 payload_end = payload + payload_len; 198 199 if (global_id && ac->global_id != global_id) { 200 dout(" set global_id %lld -> %lld\n", ac->global_id, global_id); 201 ac->global_id = global_id; 202 } 203 204 if (ac->negotiating) { 205 /* server does not support our protocols? */ 206 if (!protocol && result < 0) { 207 ret = result; 208 goto out; 209 } 210 /* set up (new) protocol handler? */ 211 if (ac->protocol && ac->protocol != protocol) { 212 ac->ops->destroy(ac); 213 ac->protocol = 0; 214 ac->ops = NULL; 215 } 216 if (ac->protocol != protocol) { 217 ret = ceph_auth_init_protocol(ac, protocol); 218 if (ret) { 219 pr_err("error %d on auth protocol %d init\n", 220 ret, protocol); 221 goto out; 222 } 223 } 224 225 ac->negotiating = false; 226 } 227 228 ret = ac->ops->handle_reply(ac, result, payload, payload_end); 229 if (ret == -EAGAIN) { 230 return ceph_build_auth_request(ac, reply_buf, reply_len); 231 } else if (ret) { 232 pr_err("auth method '%s' error %d\n", ac->ops->name, ret); 233 return ret; 234 } 235 return 0; 236 237 bad: 238 pr_err("failed to decode auth msg\n"); 239 out: 240 return ret; 241 } 242 243 int ceph_build_auth(struct ceph_auth_client *ac, 244 void *msg_buf, size_t msg_len) 245 { 246 if (!ac->protocol) 247 return ceph_auth_build_hello(ac, msg_buf, msg_len); 248 BUG_ON(!ac->ops); 249 if (ac->ops->should_authenticate(ac)) 250 return ceph_build_auth_request(ac, msg_buf, msg_len); 251 return 0; 252 } 253 254 int ceph_auth_is_authenticated(struct ceph_auth_client *ac) 255 { 256 if (!ac->ops) 257 return 0; 258 return ac->ops->is_authenticated(ac); 259 } 260