24 static int init_protocol(struct ceph_auth_client *ac, int proto)
30 		return ceph_auth_none_init(ac);
32 		return ceph_x_init(ac);
39 void ceph_auth_set_global_id(struct ceph_auth_client *ac, u64 global_id)
46 	if (ac->global_id && global_id != ac->global_id)
47 		pr_err("global_id changed from %llu to %llu\n", ac->global_id,
50 	ac->global_id = global_id;
60 	struct ceph_auth_client *ac;
62 	ac = kzalloc(sizeof(*ac), GFP_NOFS);
63 	if (!ac)
66 	mutex_init(&ac->mutex);
67 	ac->negotiating = true;
69 		ac->name = name;
71 		ac->name = CEPH_AUTH_NAME_DEFAULT;
72 	ac->key = key;
73 	ac->preferred_mode = con_modes[0];
74 	ac->fallback_mode = con_modes[1];
77 	     ac->name, ac->preferred_mode, ac->fallback_mode);
78 	return ac;
81 void ceph_auth_destroy(struct ceph_auth_client *ac)
83 	dout("auth_destroy %p\n", ac);
84 	if (ac->ops)
85 		ac->ops->destroy(ac);
86 	kfree(ac);
92 void ceph_auth_reset(struct ceph_auth_client *ac)
94 	mutex_lock(&ac->mutex);
95 	dout("auth_reset %p\n", ac);
96 	if (ac->ops && !ac->negotiating)
97 		ac->ops->reset(ac);
98 	ac->negotiating = true;
99 	mutex_unlock(&ac->mutex);
121 int ceph_auth_build_hello(struct ceph_auth_client *ac, void *buf, size_t len)
128 	mutex_lock(&ac->mutex);
147 	ret = ceph_auth_entity_name_encode(ac->name, &p, end);
151 	ceph_encode_64(&p, ac->global_id);
156 	mutex_unlock(&ac->mutex);
164 static int build_request(struct ceph_auth_client *ac, bool add_header,
177 		ceph_encode_32_safe(&p, end, ac->protocol, e_range);
181 	ret = ac->ops->build_request(ac, p + sizeof(u32), end);
184 		       ceph_auth_proto_name(ac->protocol), ret);
198 int ceph_handle_auth_reply(struct ceph_auth_client *ac,
213 	mutex_lock(&ac->mutex);
234 	if (ac->negotiating) {
241 		if (ac->protocol && ac->protocol != protocol) {
242 			ac->ops->destroy(ac);
243 			ac->protocol = 0;
244 			ac->ops = NULL;
246 		if (ac->protocol != protocol) {
247 			ret = init_protocol(ac, protocol);
255 		ac->negotiating = false;
260 		       ceph_auth_proto_name(ac->protocol), result);
265 	ret = ac->ops->handle_reply(ac, global_id, payload, payload_end,
268 		ret = build_request(ac, true, reply_buf, reply_len);
275 	mutex_unlock(&ac->mutex);
284 int ceph_build_auth(struct ceph_auth_client *ac,
289 	mutex_lock(&ac->mutex);
290 	if (ac->ops->should_authenticate(ac))
291 		ret = build_request(ac, true, msg_buf, msg_len);
292 	mutex_unlock(&ac->mutex);
296 int ceph_auth_is_authenticated(struct ceph_auth_client *ac)
300 	mutex_lock(&ac->mutex);
301 	if (ac->ops)
302 		ret = ac->ops->is_authenticated(ac);
303 	mutex_unlock(&ac->mutex);
308 int __ceph_auth_get_authorizer(struct ceph_auth_client *ac,
315 	mutex_lock(&ac->mutex);
321 		ret = ac->ops->create_authorizer(ac, peer_type, auth);
322 	else if (ac->ops->update_authorizer)
323 		ret = ac->ops->update_authorizer(ac, peer_type, auth);
329 	*proto = ac->protocol;
331 		*pref_mode = ac->preferred_mode;
332 		*fallb_mode = ac->fallback_mode;
336 	mutex_unlock(&ac->mutex);
347 int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac,
354 	mutex_lock(&ac->mutex);
355 	if (ac->ops && ac->ops->add_authorizer_challenge)
356 		ret = ac->ops->add_authorizer_challenge(ac, a, challenge_buf,
358 	mutex_unlock(&ac->mutex);
363 int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
371 	mutex_lock(&ac->mutex);
372 	if (ac->ops && ac->ops->verify_authorizer_reply)
373 		ret = ac->ops->verify_authorizer_reply(ac, a,
376 	mutex_unlock(&ac->mutex);
381 void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac, int peer_type)
383 	mutex_lock(&ac->mutex);
384 	if (ac->ops && ac->ops->invalidate_authorizer)
385 		ac->ops->invalidate_authorizer(ac, peer_type);
386 	mutex_unlock(&ac->mutex);
427 int ceph_auth_get_request(struct ceph_auth_client *ac, void *buf, int buf_len)
429 	int proto = ac->key ? CEPH_AUTH_CEPHX : CEPH_AUTH_NONE;
435 	mutex_lock(&ac->mutex);
436 	if (ac->protocol == CEPH_AUTH_UNKNOWN) {
437 		ret = init_protocol(ac, proto);
444 		WARN_ON(ac->protocol != proto);
445 		ac->ops->reset(ac);
449 	ceph_encode_32_safe(&p, end, ac->protocol, e_range);
450 	ret = encode_con_modes(&p, end, ac->preferred_mode, ac->fallback_mode);
458 	ret = ceph_auth_entity_name_encode(ac->name, &p, end);
462 	ceph_encode_64_safe(&p, end, ac->global_id, e_range);
467 	mutex_unlock(&ac->mutex);
475 int ceph_auth_handle_reply_more(struct ceph_auth_client *ac, void *reply,
480 	mutex_lock(&ac->mutex);
481 	ret = ac->ops->handle_reply(ac, 0, reply, reply + reply_len,
484 		ret = build_request(ac, false, buf, buf_len);
487 	mutex_unlock(&ac->mutex);
491 int ceph_auth_handle_reply_done(struct ceph_auth_client *ac,
498 	mutex_lock(&ac->mutex);
499 	ret = ac->ops->handle_reply(ac, global_id, reply, reply + reply_len,
503 	mutex_unlock(&ac->mutex);
507 bool ceph_auth_handle_bad_method(struct ceph_auth_client *ac,
512 	mutex_lock(&ac->mutex);
513 	WARN_ON(used_proto != ac->protocol);
516 		if (!contains(allowed_protos, proto_cnt, ac->protocol)) {
518 			       ceph_auth_proto_name(ac->protocol));
521 		if (!contains(allowed_modes, mode_cnt, ac->preferred_mode) &&
522 		    (ac->fallback_mode == CEPH_CON_MODE_UNKNOWN ||
523 		     !contains(allowed_modes, mode_cnt, ac->fallback_mode))) {
525 			       ceph_con_mode_name(ac->preferred_mode));
526 			if (ac->fallback_mode == CEPH_CON_MODE_UNKNOWN)
530 				       ceph_con_mode_name(ac->fallback_mode));
537 	       ceph_auth_proto_name(ac->protocol), result);
539 	mutex_unlock(&ac->mutex);
543 	mutex_unlock(&ac->mutex);
547 int ceph_auth_get_authorizer(struct ceph_auth_client *ac,
557 	ret = __ceph_auth_get_authorizer(ac, auth, peer_type, true, &proto,
577 int ceph_auth_handle_svc_reply_more(struct ceph_auth_client *ac,
586 	ret = ceph_auth_add_authorizer_challenge(ac, auth->authorizer,
601 int ceph_auth_handle_svc_reply_done(struct ceph_auth_client *ac,
607 	return ceph_auth_verify_authorizer_reply(ac, auth->authorizer,
613 bool ceph_auth_handle_bad_authorizer(struct ceph_auth_client *ac,
618 	mutex_lock(&ac->mutex);
619 	WARN_ON(used_proto != ac->protocol);
622 		if (!contains(allowed_protos, proto_cnt, ac->protocol)) {
624 			       ceph_auth_proto_name(ac->protocol),
628 		if (!contains(allowed_modes, mode_cnt, ac->preferred_mode) &&
629 		    (ac->fallback_mode == CEPH_CON_MODE_UNKNOWN ||
630 		     !contains(allowed_modes, mode_cnt, ac->fallback_mode))) {
632 			       ceph_con_mode_name(ac->preferred_mode),
634 			if (ac->fallback_mode == CEPH_CON_MODE_UNKNOWN)
638 				       ceph_con_mode_name(ac->fallback_mode),
646 	       ceph_auth_proto_name(ac->protocol),
649 	if (ac->ops->invalidate_authorizer)
650 		ac->ops->invalidate_authorizer(ac, peer_type);
652 	mutex_unlock(&ac->mutex);
656 	mutex_unlock(&ac->mutex);

Indexes created Mon Apr 29 21:28:21 MDT 2024