ceph: negotiate authentication protocol; implement AUTH_NONE protocol

	mon_client.o \

	osd_client.o osdmap.o crush/crush.o crush/mapper.o crush/hash.o \

	debugfs.o \

	auth.o auth_none.o \

	ceph_fs.o ceph_strings.o ceph_hash.o ceph_frag.o

else

#include "ceph_debug.h"

#include <linux/module.h>

#include <linux/err.h>

#include "types.h"

#include "auth_none.h"

#include "decode.h"

#include "super.h"

#include "messenger.h"

/*

 * get protocol handler

 */

static u32 supported_protocols[] = {

	CEPH_AUTH_NONE

};

int ceph_auth_init_protocol(struct ceph_auth_client *ac, int protocol)

{

	switch (protocol) {

	case CEPH_AUTH_NONE:

		return ceph_auth_none_init(ac);

	default:

		return -ENOENT;

	}

}

/*

 * setup, teardown.

 */

struct ceph_auth_client *ceph_auth_init(const char *name, const char *secret)

{

	struct ceph_auth_client *ac;

	int ret;

	dout("auth_init name '%s' secret '%s'\n", name, secret);

	ret = -ENOMEM;

	ac = kzalloc(sizeof(*ac), GFP_NOFS);

	if (!ac)

		goto out;

	ac->negotiating = true;

	if (name)

		ac->name = name;

	else

		ac->name = CEPH_AUTH_NAME_DEFAULT;

	dout("auth_init name %s secret %s\n", ac->name, secret);

	ac->secret = secret;

	return ac;

out:

	return ERR_PTR(ret);

}

void ceph_auth_destroy(struct ceph_auth_client *ac)

{

	dout("auth_destroy %p\n", ac);

	if (ac->ops)

		ac->ops->destroy(ac);

	kfree(ac);

}

/*

 * Reset occurs when reconnecting to the monitor.

 */

void ceph_auth_reset(struct ceph_auth_client *ac)

{

	dout("auth_reset %p\n", ac);

	if (ac->ops && !ac->negotiating)

		ac->ops->reset(ac);

	ac->negotiating = true;

}

int ceph_entity_name_encode(const char *name, void **p, void *end)

{

	int len = strlen(name);

	if (*p + 2*sizeof(u32) + len > end)

		return -ERANGE;

	ceph_encode_32(p, CEPH_ENTITY_TYPE_CLIENT);

	ceph_encode_32(p, len);

	ceph_encode_copy(p, name, len);

	return 0;

}

/*

 * Initiate protocol negotiation with monitor.  Include entity name

 * and list supported protocols.

 */

int ceph_auth_build_hello(struct ceph_auth_client *ac, void *buf, size_t len)

{

	struct ceph_mon_request_header *monhdr = buf;

	void *p = monhdr + 1, *end = buf + len, *lenp;

	int i, num;

	int ret;

	dout("auth_build_hello\n");

	monhdr->have_version = 0;

	monhdr->session_mon = cpu_to_le16(-1);

	monhdr->session_mon_tid = 0;

	ceph_encode_32(&p, 0);  /* no protocol, yet */

	lenp = p;

	p += sizeof(u32);

	num = ARRAY_SIZE(supported_protocols);

	ceph_encode_32(&p, num);

	for (i = 0; i < num; i++)

		ceph_encode_32(&p, supported_protocols[i]);

	ret = ceph_entity_name_encode(ac->name, &p, end);

	if (ret < 0)

		return ret;

	ceph_decode_need(&p, end, sizeof(u64), bad);

	ceph_encode_64(&p, ac->global_id);

	ceph_encode_32(&lenp, p - lenp - sizeof(u32));

	return p - buf;

bad:

	return -ERANGE;

}

/*

 * Handle auth message from monitor.

 */

int ceph_handle_auth_reply(struct ceph_auth_client *ac,

			   void *buf, size_t len,

			   void *reply_buf, size_t reply_len)

{

	void *p = buf;

	void *end = buf + len;

	int protocol;

	s32 result;

	u64 global_id;

	void *payload, *payload_end;

	int payload_len;

	char *result_msg;

	int result_msg_len;

	int ret = -EINVAL;

	dout("handle_auth_reply %p %p\n", p, end);

	ceph_decode_need(&p, end, sizeof(u32) * 3 + sizeof(u64), bad);

	protocol = ceph_decode_32(&p);

	result = ceph_decode_32(&p);

	global_id = ceph_decode_64(&p);

	payload_len = ceph_decode_32(&p);

	payload = p;

	p += payload_len;

	ceph_decode_need(&p, end, sizeof(u32), bad);

	result_msg_len = ceph_decode_32(&p);

	result_msg = p;

	p += result_msg_len;

	if (p != end)

		goto bad;

	dout(" result %d '%.*s' gid %llu len %d\n", result, result_msg_len,

	     result_msg, global_id, payload_len);

	payload_end = payload + payload_len;

	if (global_id && ac->global_id != global_id) {

		dout(" set global_id %lld -> %lld\n", ac->global_id, global_id);

		ac->global_id = global_id;

	}

	if (ac->negotiating) {

		/* set up (new) protocol handler? */

		if (ac->protocol && ac->protocol != protocol) {

			ac->ops->destroy(ac);

			ac->protocol = 0;

			ac->ops = NULL;

		}

		if (ac->protocol != protocol) {

			ret = ceph_auth_init_protocol(ac, protocol);

			if (ret) {

				pr_err("error %d on auth protocol %d init\n",

				       ret, protocol);

				goto out;

			}

		}

	}

	ret = ac->ops->handle_reply(ac, result, payload, payload_end);

	if (ret == -EAGAIN) {

		struct ceph_mon_request_header *monhdr = reply_buf;

		void *p = reply_buf + 1;

		void *end = reply_buf + reply_len;

		monhdr->have_version = 0;

		monhdr->session_mon = cpu_to_le16(-1);

		monhdr->session_mon_tid = 0;

		ceph_encode_32(&p, ac->protocol);

		ret = ac->ops->build_request(ac, p + sizeof(u32), end);

		if (ret < 0) {

			pr_err("error %d building request\n", ret);

			goto out;

		}

		dout(" built request %d bytes\n", ret);

		ceph_encode_32(&p, ret);

		return p + ret - reply_buf;

	} else if (ret) {

		pr_err("authentication error %d\n", ret);

		return ret;

	}

	return 0;

bad:

	pr_err("failed to decode auth msg\n");

out:

	return ret;

}

#ifndef _FS_CEPH_AUTH_H

#define _FS_CEPH_AUTH_H

#include "types.h"

#include "buffer.h"

/*

 * Abstract interface for communicating with the authenticate module.

 * There is some handshake that takes place between us and the monitor

 * to acquire the necessary keys.  These are used to generate an

 * 'authorizer' that we use when connecting to a service (mds, osd).

 */

struct ceph_auth_client;

struct ceph_authorizer;

struct ceph_auth_client_ops {

	/*

	 * true if we are authenticated and can connect to

	 * services.

	 */

	int (*is_authenticated)(struct ceph_auth_client *ac);

	/*

	 * build requests and process replies during monitor

	 * handshake.  if handle_reply returns -EAGAIN, we build

	 * another request.

	 */

	int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);

	int (*handle_reply)(struct ceph_auth_client *ac, int result,

			    void *buf, void *end);

	/*

	 * Create authorizer for connecting to a service, and verify

	 * the response to authenticate the service.

	 */

	int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,

				 struct ceph_authorizer **a,

				 void **buf, size_t *len,

				 void **reply_buf, size_t *reply_len);

	int (*verify_authorizer_reply)(struct ceph_auth_client *ac,

				       struct ceph_authorizer *a, size_t len);

	void (*destroy_authorizer)(struct ceph_auth_client *ac,

				   struct ceph_authorizer *a);

	/* reset when we (re)connect to a monitor */

	void (*reset)(struct ceph_auth_client *ac);

	void (*destroy)(struct ceph_auth_client *ac);

};

struct ceph_auth_client {

	u32 protocol;           /* CEPH_AUTH_* */

	void *private;          /* for use by protocol implementation */

	const struct ceph_auth_client_ops *ops;  /* null iff protocol==0 */

	bool negotiating;       /* true if negotiating protocol */

	const char *name;       /* entity name */

	u64 global_id;          /* our unique id in system */

	const char *secret;     /* our secret key */

	unsigned want_keys;     /* which services we want */

};

extern struct ceph_auth_client *ceph_auth_init(const char *name,

					       const char *secret);

extern void ceph_auth_destroy(struct ceph_auth_client *ac);

extern void ceph_auth_reset(struct ceph_auth_client *ac);

extern int ceph_auth_build_hello(struct ceph_auth_client *ac,

				 void *buf, size_t len);

extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,

				  void *buf, size_t len,

				  void *reply_buf, size_t reply_len);

extern int ceph_entity_name_encode(const char *name, void **p, void *end);

#endif

#include "ceph_debug.h"

#include <linux/err.h>

#include <linux/module.h>

#include <linux/random.h>

#include "auth_none.h"

#include "auth.h"

#include "decode.h"

static void reset(struct ceph_auth_client *ac)

{

	struct ceph_auth_none_info *xi = ac->private;

	xi->starting = true;

	xi->built_authorizer = false;

}

static void destroy(struct ceph_auth_client *ac)

{

	kfree(ac->private);

	ac->private = NULL;

}

static int is_authenticated(struct ceph_auth_client *ac)

{

	struct ceph_auth_none_info *xi = ac->private;

	return !xi->starting;

}

/*

 * the generic auth code decode the global_id, and we carry no actual

 * authenticate state, so nothing happens here.

 */

static int handle_reply(struct ceph_auth_client *ac, int result,

			void *buf, void *end)

{

	struct ceph_auth_none_info *xi = ac->private;

	xi->starting = false;

	return result;

}

/*

 * build an 'authorizer' with our entity_name and global_id.  we can

 * reuse a single static copy since it is identical for all services

 * we connect to.

 */

static int ceph_auth_none_create_authorizer(

	struct ceph_auth_client *ac, int peer_type,

	struct ceph_authorizer **a,

	void **buf, size_t *len,

	void **reply_buf, size_t *reply_len)

{

	struct ceph_auth_none_info *ai = ac->private;

	struct ceph_none_authorizer *au = &ai->au;

	void *p, *end;

	int ret;

	if (!ai->built_authorizer) {

		p = au->buf;

		end = p + sizeof(au->buf);

		ret = ceph_entity_name_encode(ac->name, &p, end - 8);

		if (ret < 0)

			goto bad;

		ceph_decode_need(&p, end, sizeof(u64), bad2);

		ceph_encode_64(&p, ac->global_id);

		au->buf_len = p - (void *)au->buf;

		ai->built_authorizer = true;

		dout("built authorizer len %d\n", au->buf_len);

	}

	*a = (struct ceph_authorizer *)au;

	*buf = au->buf;

	*len = au->buf_len;

	*reply_buf = au->reply_buf;

	*reply_len = sizeof(au->reply_buf);

	return 0;

bad2:

	ret = -ERANGE;

bad:

	return ret;

}

static void ceph_auth_none_destroy_authorizer(struct ceph_auth_client *ac,

				      struct ceph_authorizer *a)

{

	/* nothing to do */

}

static const struct ceph_auth_client_ops ceph_auth_none_ops = {

	.reset = reset,

	.destroy = destroy,

	.is_authenticated = is_authenticated,

	.handle_reply = handle_reply,

	.create_authorizer = ceph_auth_none_create_authorizer,

	.destroy_authorizer = ceph_auth_none_destroy_authorizer,

};

int ceph_auth_none_init(struct ceph_auth_client *ac)

{

	struct ceph_auth_none_info *xi;

	dout("ceph_auth_none_init %p\n", ac);

	xi = kzalloc(sizeof(*xi), GFP_NOFS);

	if (!xi)

		return -ENOMEM;

	xi->starting = true;

	xi->built_authorizer = false;

	ac->protocol = CEPH_AUTH_NONE;

	ac->private = xi;

	ac->ops = &ceph_auth_none_ops;

	return 0;

}

#ifndef _FS_CEPH_AUTH_NONE_H

#define _FS_CEPH_AUTH_NONE_H

#include "auth.h"

/*

 * null security mode.

 *

 * we use a single static authorizer that simply encodes our entity name

 * and global id.

 */

struct ceph_none_authorizer {

	char buf[128];

	int buf_len;

	char reply_buf[0];

};

struct ceph_auth_none_info {

	bool starting;

	bool built_authorizer;

	struct ceph_none_authorizer au;   /* we only need one; it's static */

};

extern int ceph_auth_none_init(struct ceph_auth_client *ac);

#endif