Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 597cda35 authored by Ilya Dryomov's avatar Ilya Dryomov
Browse files

libceph: add process_one_ticket() helper



Add a helper for processing individual cephx auth tickets.  Needed for
the next commit, which deals with allocating ticket buffers.  (Most of
the diff here is whitespace - view with git diff -b).

Cc: stable@vger.kernel.org
Signed-off-by: default avatarIlya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: default avatarSage Weil <sage@redhat.com>
parent 73c3d481
Loading
Loading
Loading
Loading
+124 −104
Original line number Diff line number Diff line
@@ -129,34 +129,12 @@ static void remove_ticket_handler(struct ceph_auth_client *ac,
	kfree(th);
}

static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
static int process_one_ticket(struct ceph_auth_client *ac,
			      struct ceph_crypto_key *secret,
				    void *buf, void *end)
			      void **p, void *end,
			      void *dbuf, void *ticket_buf)
{
	struct ceph_x_info *xi = ac->private;
	int num;
	void *p = buf;
	int ret;
	char *dbuf;
	char *ticket_buf;
	u8 reply_struct_v;

	dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS);
	if (!dbuf)
		return -ENOMEM;

	ret = -ENOMEM;
	ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS);
	if (!ticket_buf)
		goto out_dbuf;

	ceph_decode_need(&p, end, 1 + sizeof(u32), bad);
	reply_struct_v = ceph_decode_8(&p);
	if (reply_struct_v != 1)
		goto bad;
	num = ceph_decode_32(&p);
	dout("%d tickets\n", num);
	while (num--) {
	int type;
	u8 tkt_struct_v, blob_struct_v;
	struct ceph_x_ticket_handler *th;
@@ -171,13 +149,14 @@ static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
	struct ceph_buffer *new_ticket_blob;
	unsigned long new_expires, new_renew_after;
	u64 new_secret_id;
	int ret;

		ceph_decode_need(&p, end, sizeof(u32) + 1, bad);
	ceph_decode_need(p, end, sizeof(u32) + 1, bad);

		type = ceph_decode_32(&p);
	type = ceph_decode_32(p);
	dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));

		tkt_struct_v = ceph_decode_8(&p);
	tkt_struct_v = ceph_decode_8(p);
	if (tkt_struct_v != 1)
		goto bad;

@@ -188,15 +167,15 @@ static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
	}

	/* blob for me */
		dlen = ceph_x_decrypt(secret, &p, end, dbuf,
	dlen = ceph_x_decrypt(secret, p, end, dbuf,
			      TEMP_TICKET_BUF_LEN);
	if (dlen <= 0) {
		ret = dlen;
		goto out;
	}
	dout(" decrypted %d bytes\n", dlen);
		dend = dbuf + dlen;
	dp = dbuf;
	dend = dp + dlen;

	tkt_struct_v = ceph_decode_8(&dp);
	if (tkt_struct_v != 1)
@@ -215,12 +194,12 @@ static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
	     new_renew_after);

	/* ticket blob for service */
		ceph_decode_8_safe(&p, end, is_enc, bad);
	ceph_decode_8_safe(p, end, is_enc, bad);
	tp = ticket_buf;
	if (is_enc) {
		/* encrypted */
		dout(" encrypted ticket\n");
			dlen = ceph_x_decrypt(&old_key, &p, end, ticket_buf,
		dlen = ceph_x_decrypt(&old_key, p, end, ticket_buf,
				      TEMP_TICKET_BUF_LEN);
		if (dlen < 0) {
			ret = dlen;
@@ -229,9 +208,9 @@ static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
		dlen = ceph_decode_32(&tp);
	} else {
		/* unencrypted */
			ceph_decode_32_safe(&p, end, dlen, bad);
			ceph_decode_need(&p, end, dlen, bad);
			ceph_decode_copy(&p, ticket_buf, dlen);
		ceph_decode_32_safe(p, end, dlen, bad);
		ceph_decode_need(p, end, dlen, bad);
		ceph_decode_copy(p, ticket_buf, dlen);
	}
	tpend = tp + dlen;
	dout(" ticket blob is %d bytes\n", dlen);
@@ -256,6 +235,47 @@ static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
	     type, ceph_entity_type_name(type), th->secret_id,
	     (int)th->ticket_blob->vec.iov_len);
	xi->have_keys |= th->service;

out:
	return ret;

bad:
	ret = -EINVAL;
	goto out;
}

static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
				    struct ceph_crypto_key *secret,
				    void *buf, void *end)
{
	void *p = buf;
	char *dbuf;
	char *ticket_buf;
	u8 reply_struct_v;
	u32 num;
	int ret;

	dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS);
	if (!dbuf)
		return -ENOMEM;

	ret = -ENOMEM;
	ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS);
	if (!ticket_buf)
		goto out_dbuf;

	ceph_decode_8_safe(&p, end, reply_struct_v, bad);
	if (reply_struct_v != 1)
		return -EINVAL;

	ceph_decode_32_safe(&p, end, num, bad);
	dout("%d tickets\n", num);

	while (num--) {
		ret = process_one_ticket(ac, secret, &p, end,
					 dbuf, ticket_buf);
		if (ret)
			goto out;
	}

	ret = 0;