ceph: negotiate authentication protocol; implement AUTH_NONE protocol

When we open a monitor session, we send an initial AUTH message listing the auth protocols we support, our entity name, and (possibly) a previously assigned global_id. The monitor chooses a protocol and responds with an initial message. Initially implement AUTH_NONE, a dummy protocol that provides no security, but works within the new framework. It generates 'authorizers' that are used when connecting to (mds, osd) services that simply state our entity name and global_id. This is a wire protocol change. Signed-off-by: Sage Weil <sage@newdream.net>
author: Sage Weil <sage@newdream.net> 2009-11-18 19:19:57 -0500
committer: Sage Weil <sage@newdream.net> 2009-11-18 19:19:57 -0500
commit: 4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc (patch)
tree: a77e9b4563022340361ca673ef2e1beebb538e2f /fs/ceph/auth_none.c
parent: 5f44f142601bf94c448e2d463f0f18fd159da164 (diff)
1 files changed, 120 insertions, 0 deletions
diff --git a/fs/ceph/auth_none.c b/fs/ceph/auth_none.c
new file mode 100644
index 000000000000..631017eb7117
--- /dev/null
+++ b/fs/ceph/auth_none.c
@@ -0,0 +1,120 @@
+#include "ceph_debug.h"
+#include <linux/err.h>
+#include <linux/module.h>
+#include <linux/random.h>
+#include "auth_none.h"
+#include "auth.h"
+#include "decode.h"
+static void reset(struct ceph_auth_client *ac)
+{
+        struct ceph_auth_none_info *xi = ac->private;
+        xi->starting = true;
+        xi->built_authorizer = false;
+}
+static void destroy(struct ceph_auth_client *ac)
+{
+        kfree(ac->private);
+        ac->private = NULL;
+}
+static int is_authenticated(struct ceph_auth_client *ac)
+{
+        struct ceph_auth_none_info *xi = ac->private;
+        return !xi->starting;
+}
+/*
+ * the generic auth code decode the global_id, and we carry no actual
+ * authenticate state, so nothing happens here.
+ */
+static int handle_reply(struct ceph_auth_client *ac, int result,
+                        void *buf, void *end)
+{
+        struct ceph_auth_none_info *xi = ac->private;
+        xi->starting = false;
+        return result;
+}
+/*
+ * build an 'authorizer' with our entity_name and global_id.  we can
+ * reuse a single static copy since it is identical for all services
+ * we connect to.
+ */
+static int ceph_auth_none_create_authorizer(
+        struct ceph_auth_client *ac, int peer_type,
+        struct ceph_authorizer **a,
+        void **buf, size_t *len,
+        void **reply_buf, size_t *reply_len)
+{
+        struct ceph_auth_none_info *ai = ac->private;
+        struct ceph_none_authorizer *au = &ai->au;
+        void *p, *end;
+        int ret;
+        if (!ai->built_authorizer) {
+                p = au->buf;
+                end = p + sizeof(au->buf);
+                ret = ceph_entity_name_encode(ac->name, &p, end - 8);
+                if (ret < 0)
+                        goto bad;
+                ceph_decode_need(&p, end, sizeof(u64), bad2);
+                ceph_encode_64(&p, ac->global_id);
+                au->buf_len = p - (void *)au->buf;
+                ai->built_authorizer = true;
+                dout("built authorizer len %d\n", au->buf_len);
+        }
+        *a = (struct ceph_authorizer *)au;
+        *buf = au->buf;
+        *len = au->buf_len;
+        *reply_buf = au->reply_buf;
+        *reply_len = sizeof(au->reply_buf);
+        return 0;
+bad2:
+        ret = -ERANGE;
+bad:
+        return ret;
+}
+static void ceph_auth_none_destroy_authorizer(struct ceph_auth_client *ac,
+                                      struct ceph_authorizer *a)
+{
+        /* nothing to do */
+}
+static const struct ceph_auth_client_ops ceph_auth_none_ops = {
+        .reset = reset,
+        .destroy = destroy,
+        .is_authenticated = is_authenticated,
+        .handle_reply = handle_reply,
+        .create_authorizer = ceph_auth_none_create_authorizer,
+        .destroy_authorizer = ceph_auth_none_destroy_authorizer,
+};
+int ceph_auth_none_init(struct ceph_auth_client *ac)
+{
+        struct ceph_auth_none_info *xi;
+        dout("ceph_auth_none_init %p\n", ac);
+        xi = kzalloc(sizeof(*xi), GFP_NOFS);
+        if (!xi)
+                return -ENOMEM;
+        xi->starting = true;
+        xi->built_authorizer = false;
+        ac->protocol = CEPH_AUTH_NONE;
+        ac->private = xi;
+        ac->ops = &ceph_auth_none_ops;
+        return 0;
+}
author	Sage Weil <sage@newdream.net>	2009-11-18 19:19:57 -0500
committer	Sage Weil <sage@newdream.net>	2009-11-18 19:19:57 -0500
commit	4e7a5dcd1bbab6560fbc8ada29a840e7a20ed7bc (patch)
tree	a77e9b4563022340361ca673ef2e1beebb538e2f /fs/ceph/auth_none.c
parent	5f44f142601bf94c448e2d463f0f18fd159da164 (diff)

diff --git a/fs/ceph/auth_none.c b/fs/ceph/auth_none.c new file mode 100644 index 000000000000..631017eb7117 --- /dev/null +++ b/fs/ceph/auth_none.c
@@ -0,0 +1,120 @@
	1
	2	#include "ceph_debug.h"
	3
	4	#include <linux/err.h>
	5	#include <linux/module.h>
	6	#include <linux/random.h>
	7
	8	#include "auth_none.h"
	9	#include "auth.h"
	10	#include "decode.h"
	11
	12	static void reset(struct ceph_auth_client *ac)
	13	{
	14	struct ceph_auth_none_info *xi = ac->private;
	15
	16	xi->starting = true;
	17	xi->built_authorizer = false;
	18	}
	19
	20	static void destroy(struct ceph_auth_client *ac)
	21	{
	22	kfree(ac->private);
	23	ac->private = NULL;
	24	}
	25
	26	static int is_authenticated(struct ceph_auth_client *ac)
	27	{
	28	struct ceph_auth_none_info *xi = ac->private;
	29
	30	return !xi->starting;
	31	}
	32
	33	/*
	34	* the generic auth code decode the global_id, and we carry no actual
	35	* authenticate state, so nothing happens here.
	36	*/
	37	static int handle_reply(struct ceph_auth_client *ac, int result,
	38	void buf, void end)
	39	{
	40	struct ceph_auth_none_info *xi = ac->private;
	41
	42	xi->starting = false;
	43	return result;
	44	}
	45
	46	/*
	47	* build an 'authorizer' with our entity_name and global_id. we can
	48	* reuse a single static copy since it is identical for all services
	49	* we connect to.
	50	*/
	51	static int ceph_auth_none_create_authorizer(
	52	struct ceph_auth_client *ac, int peer_type,
	53	struct ceph_authorizer **a,
	54	void *buf, size_t len,
	55	void *reply_buf, size_t reply_len)
	56	{
	57	struct ceph_auth_none_info *ai = ac->private;
	58	struct ceph_none_authorizer *au = &ai->au;
	59	void p, end;
	60	int ret;
	61
	62	if (!ai->built_authorizer) {
	63	p = au->buf;
	64	end = p + sizeof(au->buf);
	65	ret = ceph_entity_name_encode(ac->name, &p, end - 8);
	66	if (ret < 0)
	67	goto bad;
	68	ceph_decode_need(&p, end, sizeof(u64), bad2);
	69	ceph_encode_64(&p, ac->global_id);
	70	au->buf_len = p - (void *)au->buf;
	71	ai->built_authorizer = true;
	72	dout("built authorizer len %d\n", au->buf_len);
	73	}
	74
	75	a = (struct ceph_authorizer )au;
	76	*buf = au->buf;
	77	*len = au->buf_len;
	78	*reply_buf = au->reply_buf;
	79	*reply_len = sizeof(au->reply_buf);
	80	return 0;
	81
	82	bad2:
	83	ret = -ERANGE;
	84	bad:
	85	return ret;
	86	}
	87
	88	static void ceph_auth_none_destroy_authorizer(struct ceph_auth_client *ac,
	89	struct ceph_authorizer *a)
	90	{
	91	/* nothing to do */
	92	}
	93
	94	static const struct ceph_auth_client_ops ceph_auth_none_ops = {
	95	.reset = reset,
	96	.destroy = destroy,
	97	.is_authenticated = is_authenticated,
	98	.handle_reply = handle_reply,
	99	.create_authorizer = ceph_auth_none_create_authorizer,
	100	.destroy_authorizer = ceph_auth_none_destroy_authorizer,
	101	};
	102
	103	int ceph_auth_none_init(struct ceph_auth_client *ac)
	104	{
	105	struct ceph_auth_none_info *xi;
	106
	107	dout("ceph_auth_none_init %p\n", ac);
	108	xi = kzalloc(sizeof(*xi), GFP_NOFS);
	109	if (!xi)
	110	return -ENOMEM;
	111
	112	xi->starting = true;
	113	xi->built_authorizer = false;
	114
	115	ac->protocol = CEPH_AUTH_NONE;
	116	ac->private = xi;
	117	ac->ops = &ceph_auth_none_ops;
	118	return 0;
	119	}
	120