20 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed);
22 static int ceph_x_is_authenticated(struct ceph_auth_client *ac)  in ceph_x_is_authenticated()  argument
24 	struct ceph_x_info *xi = ac->private;  in ceph_x_is_authenticated()
27 	ceph_x_validate_tickets(ac, &need);  in ceph_x_is_authenticated()
29 	     ac->want_keys, need, xi->have_keys);  in ceph_x_is_authenticated()
30 	return (ac->want_keys & xi->have_keys) == ac->want_keys;  in ceph_x_is_authenticated()
33 static int ceph_x_should_authenticate(struct ceph_auth_client *ac)  in ceph_x_should_authenticate()  argument
35 	struct ceph_x_info *xi = ac->private;  in ceph_x_should_authenticate()
38 	ceph_x_validate_tickets(ac, &need);  in ceph_x_should_authenticate()
40 	     ac->want_keys, need, xi->have_keys);  in ceph_x_should_authenticate()
61 	hdr->struct_v = 1;  in ceph_x_encrypt()
117 get_ticket_handler(struct ceph_auth_client *ac, int service)  in get_ticket_handler()  argument
120 	struct ceph_x_info *xi = ac->private;  in get_ticket_handler()
144 static void remove_ticket_handler(struct ceph_auth_client *ac,  in remove_ticket_handler()  argument
147 	struct ceph_x_info *xi = ac->private;  in remove_ticket_handler()
157 static int process_one_ticket(struct ceph_auth_client *ac,  in process_one_ticket()  argument
161 	struct ceph_x_info *xi = ac->private;  in process_one_ticket()
177 	ceph_decode_need(p, end, sizeof(u32) + 1, bad);  in process_one_ticket()
183 	if (tkt_struct_v != 1)  in process_one_ticket()
186 	th = get_ticket_handler(ac, type);  in process_one_ticket()
201 	if (tkt_struct_v != 1)  in process_one_ticket()
233 	ceph_decode_need(ptp, tpend, 1 + sizeof(u64), bad);  in process_one_ticket()
235 	if (blob_struct_v != 1)  in process_one_ticket()
266 static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,  in ceph_x_proc_ticket_reply()  argument
276 	if (reply_struct_v != 1)  in ceph_x_proc_ticket_reply()
283 		ret = process_one_ticket(ac, secret, &p, end);  in ceph_x_proc_ticket_reply()
309 	p = (void *)(msg_a + 1) + le32_to_cpu(msg_a->ticket_blob.blob_len);  in encrypt_authorizer()
316 		msg_b->have_challenge = 1;  in encrypt_authorizer()
318 		    cpu_to_le64(*server_challenge + 1);  in encrypt_authorizer()
348 static int ceph_x_build_authorizer(struct ceph_auth_client *ac,  in ceph_x_build_authorizer()  argument
385 	msg_a->struct_v = 1;  in ceph_x_build_authorizer()
386 	msg_a->global_id = cpu_to_le64(ac->global_id);  in ceph_x_build_authorizer()
388 	msg_a->ticket_blob.struct_v = 1;  in ceph_x_build_authorizer()
417 	ceph_decode_need(p, end, 1 + sizeof(u64), bad);  in ceph_x_encode_ticket()
418 	ceph_encode_8(p, 1);  in ceph_x_encode_ticket()
453 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed)  in ceph_x_validate_tickets()  argument
455 	int want = ac->want_keys;  in ceph_x_validate_tickets()
456 	struct ceph_x_info *xi = ac->private;  in ceph_x_validate_tickets()
459 	*pneed = ac->want_keys & ~(xi->have_keys);  in ceph_x_validate_tickets()
461 	for (service = 1; service <= want; service <<= 1) {  in ceph_x_validate_tickets()
464 		if (!(ac->want_keys & service))  in ceph_x_validate_tickets()
470 		th = get_ticket_handler(ac, service);  in ceph_x_validate_tickets()
483 static int ceph_x_build_request(struct ceph_auth_client *ac,  in ceph_x_build_request()  argument
486 	struct ceph_x_info *xi = ac->private;  in ceph_x_build_request()
491 		get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);  in ceph_x_build_request()
496 	ceph_x_validate_tickets(ac, &need);  in ceph_x_build_request()
499 	     ac->want_keys, xi->have_keys, need);  in ceph_x_build_request()
502 		struct ceph_x_authenticate *auth = (void *)(head + 1);  in ceph_x_build_request()
503 		void *p = auth + 1;  in ceph_x_build_request()
524 		auth->struct_v = 1;  in ceph_x_build_request()
526 		for (u = (u64 *)enc_buf; u + 1 <= (u64 *)(enc_buf + ret); u++)  in ceph_x_build_request()
541 		void *p = head + 1;  in ceph_x_build_request()
548 		ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer);  in ceph_x_build_request()
563 static int ceph_x_handle_reply(struct ceph_auth_client *ac, int result,  in ceph_x_handle_reply()  argument
566 	struct ceph_x_info *xi = ac->private;  in ceph_x_handle_reply()
596 		ret = ceph_x_proc_ticket_reply(ac, &xi->secret,  in ceph_x_handle_reply()
601 		th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);  in ceph_x_handle_reply()
604 		ret = ceph_x_proc_ticket_reply(ac, &th->session_key,  in ceph_x_handle_reply()
613 	if (ac->want_keys == xi->have_keys)  in ceph_x_handle_reply()
627 	struct ceph_auth_client *ac, int peer_type,  in ceph_x_create_authorizer()  argument
634 	th = get_ticket_handler(ac, peer_type);  in ceph_x_create_authorizer()
644 	ret = ceph_x_build_authorizer(ac, th, au);  in ceph_x_create_authorizer()
655 	auth->sign_message = ac->ops->sign_message;  in ceph_x_create_authorizer()
656 	auth->check_message_signature = ac->ops->check_message_signature;  in ceph_x_create_authorizer()
662 	struct ceph_auth_client *ac, int peer_type,  in ceph_x_update_authorizer()  argument
668 	th = get_ticket_handler(ac, peer_type);  in ceph_x_update_authorizer()
676 		return ceph_x_build_authorizer(ac, th, au);  in ceph_x_update_authorizer()
704 static int ceph_x_add_authorizer_challenge(struct ceph_auth_client *ac,  in ceph_x_add_authorizer_challenge()  argument
729 static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,  in ceph_x_verify_authorizer_reply()  argument
745 	if (au->nonce + 1 != le64_to_cpu(reply->nonce_plus_one))  in ceph_x_verify_authorizer_reply()
754 static void ceph_x_reset(struct ceph_auth_client *ac)  in ceph_x_reset()  argument
756 	struct ceph_x_info *xi = ac->private;  in ceph_x_reset()
763 static void ceph_x_destroy(struct ceph_auth_client *ac)  in ceph_x_destroy()  argument
765 	struct ceph_x_info *xi = ac->private;  in ceph_x_destroy()
768 	dout("ceph_x_destroy %p\n", ac);  in ceph_x_destroy()
774 		remove_ticket_handler(ac, th);  in ceph_x_destroy()
779 	kfree(ac->private);  in ceph_x_destroy()
780 	ac->private = NULL;  in ceph_x_destroy()
783 static void invalidate_ticket(struct ceph_auth_client *ac, int peer_type)  in invalidate_ticket()  argument
787 	th = get_ticket_handler(ac, peer_type);  in invalidate_ticket()
792 static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,  in ceph_x_invalidate_authorizer()  argument
801 	invalidate_ticket(ac, peer_type);  in ceph_x_invalidate_authorizer()
802 	invalidate_ticket(ac, CEPH_ENTITY_TYPE_AUTH);  in ceph_x_invalidate_authorizer()
931 int ceph_x_init(struct ceph_auth_client *ac)  in ceph_x_init()  argument
936 	dout("ceph_x_init %p\n", ac);  in ceph_x_init()
943 	if (!ac->key) {  in ceph_x_init()
948 	ret = ceph_crypto_key_clone(&xi->secret, ac->key);  in ceph_x_init()
957 	ac->protocol = CEPH_AUTH_CEPHX;  in ceph_x_init()
958 	ac->private = xi;  in ceph_x_init()
959 	ac->ops = &ceph_x_ops;  in ceph_x_init()