Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph...
[linux-2.6.git] / fs / ceph / auth_x.c
1
2 #include "ceph_debug.h"
3
4 #include <linux/err.h>
5 #include <linux/module.h>
6 #include <linux/random.h>
7
8 #include "auth_x.h"
9 #include "auth_x_protocol.h"
10 #include "crypto.h"
11 #include "auth.h"
12 #include "decode.h"
13
14 struct kmem_cache *ceph_x_ticketbuf_cachep;
15
16 #define TEMP_TICKET_BUF_LEN     256
17
18 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed);
19
20 static int ceph_x_is_authenticated(struct ceph_auth_client *ac)
21 {
22         struct ceph_x_info *xi = ac->private;
23         int need;
24
25         ceph_x_validate_tickets(ac, &need);
26         dout("ceph_x_is_authenticated want=%d need=%d have=%d\n",
27              ac->want_keys, need, xi->have_keys);
28         return (ac->want_keys & xi->have_keys) == ac->want_keys;
29 }
30
31 static int ceph_x_encrypt_buflen(int ilen)
32 {
33         return sizeof(struct ceph_x_encrypt_header) + ilen + 16 +
34                 sizeof(u32);
35 }
36
37 static int ceph_x_encrypt(struct ceph_crypto_key *secret,
38                           void *ibuf, int ilen, void *obuf, size_t olen)
39 {
40         struct ceph_x_encrypt_header head = {
41                 .struct_v = 1,
42                 .magic = cpu_to_le64(CEPHX_ENC_MAGIC)
43         };
44         size_t len = olen - sizeof(u32);
45         int ret;
46
47         ret = ceph_encrypt2(secret, obuf + sizeof(u32), &len,
48                             &head, sizeof(head), ibuf, ilen);
49         if (ret)
50                 return ret;
51         ceph_encode_32(&obuf, len);
52         return len + sizeof(u32);
53 }
54
55 static int ceph_x_decrypt(struct ceph_crypto_key *secret,
56                           void **p, void *end, void *obuf, size_t olen)
57 {
58         struct ceph_x_encrypt_header head;
59         size_t head_len = sizeof(head);
60         int len, ret;
61
62         len = ceph_decode_32(p);
63         if (*p + len > end)
64                 return -EINVAL;
65
66         dout("ceph_x_decrypt len %d\n", len);
67         ret = ceph_decrypt2(secret, &head, &head_len, obuf, &olen,
68                             *p, len);
69         if (ret)
70                 return ret;
71         if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC)
72                 return -EPERM;
73         *p += len;
74         return olen;
75 }
76
77 /*
78  * get existing (or insert new) ticket handler
79  */
80 struct ceph_x_ticket_handler *get_ticket_handler(struct ceph_auth_client *ac,
81                                                  int service)
82 {
83         struct ceph_x_ticket_handler *th;
84         struct ceph_x_info *xi = ac->private;
85         struct rb_node *parent = NULL, **p = &xi->ticket_handlers.rb_node;
86
87         while (*p) {
88                 parent = *p;
89                 th = rb_entry(parent, struct ceph_x_ticket_handler, node);
90                 if (service < th->service)
91                         p = &(*p)->rb_left;
92                 else if (service > th->service)
93                         p = &(*p)->rb_right;
94                 else
95                         return th;
96         }
97
98         /* add it */
99         th = kzalloc(sizeof(*th), GFP_NOFS);
100         if (!th)
101                 return ERR_PTR(-ENOMEM);
102         th->service = service;
103         rb_link_node(&th->node, parent, p);
104         rb_insert_color(&th->node, &xi->ticket_handlers);
105         return th;
106 }
107
108 static void remove_ticket_handler(struct ceph_auth_client *ac,
109                                   struct ceph_x_ticket_handler *th)
110 {
111         struct ceph_x_info *xi = ac->private;
112
113         dout("remove_ticket_handler %p %d\n", th, th->service);
114         rb_erase(&th->node, &xi->ticket_handlers);
115         ceph_crypto_key_destroy(&th->session_key);
116         if (th->ticket_blob)
117                 ceph_buffer_put(th->ticket_blob);
118         kfree(th);
119 }
120
121 static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
122                                     struct ceph_crypto_key *secret,
123                                     void *buf, void *end)
124 {
125         struct ceph_x_info *xi = ac->private;
126         int num;
127         void *p = buf;
128         int ret;
129         char *dbuf;
130         char *ticket_buf;
131         u8 struct_v;
132
133         dbuf = kmem_cache_alloc(ceph_x_ticketbuf_cachep, GFP_NOFS | GFP_ATOMIC);
134         if (!dbuf)
135                 return -ENOMEM;
136
137         ret = -ENOMEM;
138         ticket_buf = kmem_cache_alloc(ceph_x_ticketbuf_cachep,
139                                       GFP_NOFS | GFP_ATOMIC);
140         if (!ticket_buf)
141                 goto out_dbuf;
142
143         ceph_decode_need(&p, end, 1 + sizeof(u32), bad);
144         struct_v = ceph_decode_8(&p);
145         if (struct_v != 1)
146                 goto bad;
147         num = ceph_decode_32(&p);
148         dout("%d tickets\n", num);
149         while (num--) {
150                 int type;
151                 u8 struct_v;
152                 struct ceph_x_ticket_handler *th;
153                 void *dp, *dend;
154                 int dlen;
155                 char is_enc;
156                 struct timespec validity;
157                 struct ceph_crypto_key old_key;
158                 void *tp, *tpend;
159                 struct ceph_timespec new_validity;
160                 struct ceph_crypto_key new_session_key;
161                 struct ceph_buffer *new_ticket_blob;
162                 unsigned long new_expires, new_renew_after;
163                 u64 new_secret_id;
164
165                 ceph_decode_need(&p, end, sizeof(u32) + 1, bad);
166
167                 type = ceph_decode_32(&p);
168                 dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
169
170                 struct_v = ceph_decode_8(&p);
171                 if (struct_v != 1)
172                         goto bad;
173
174                 th = get_ticket_handler(ac, type);
175                 if (IS_ERR(th)) {
176                         ret = PTR_ERR(th);
177                         goto out;
178                 }
179
180                 /* blob for me */
181                 dlen = ceph_x_decrypt(secret, &p, end, dbuf,
182                                       TEMP_TICKET_BUF_LEN);
183                 if (dlen <= 0) {
184                         ret = dlen;
185                         goto out;
186                 }
187                 dout(" decrypted %d bytes\n", dlen);
188                 dend = dbuf + dlen;
189                 dp = dbuf;
190
191                 struct_v = ceph_decode_8(&dp);
192                 if (struct_v != 1)
193                         goto bad;
194
195                 memcpy(&old_key, &th->session_key, sizeof(old_key));
196                 ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
197                 if (ret)
198                         goto out;
199
200                 ceph_decode_copy(&dp, &new_validity, sizeof(new_validity));
201                 ceph_decode_timespec(&validity, &new_validity);
202                 new_expires = get_seconds() + validity.tv_sec;
203                 new_renew_after = new_expires - (validity.tv_sec / 4);
204                 dout(" expires=%lu renew_after=%lu\n", new_expires,
205                      new_renew_after);
206
207                 /* ticket blob for service */
208                 ceph_decode_8_safe(&p, end, is_enc, bad);
209                 tp = ticket_buf;
210                 if (is_enc) {
211                         /* encrypted */
212                         dout(" encrypted ticket\n");
213                         dlen = ceph_x_decrypt(&old_key, &p, end, ticket_buf,
214                                               TEMP_TICKET_BUF_LEN);
215                         if (dlen < 0) {
216                                 ret = dlen;
217                                 goto out;
218                         }
219                         dlen = ceph_decode_32(&tp);
220                 } else {
221                         /* unencrypted */
222                         ceph_decode_32_safe(&p, end, dlen, bad);
223                         ceph_decode_need(&p, end, dlen, bad);
224                         ceph_decode_copy(&p, ticket_buf, dlen);
225                 }
226                 tpend = tp + dlen;
227                 dout(" ticket blob is %d bytes\n", dlen);
228                 ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad);
229                 struct_v = ceph_decode_8(&tp);
230                 new_secret_id = ceph_decode_64(&tp);
231                 ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend);
232                 if (ret)
233                         goto out;
234
235                 /* all is well, update our ticket */
236                 ceph_crypto_key_destroy(&th->session_key);
237                 if (th->ticket_blob)
238                         ceph_buffer_put(th->ticket_blob);
239                 th->session_key = new_session_key;
240                 th->ticket_blob = new_ticket_blob;
241                 th->validity = new_validity;
242                 th->secret_id = new_secret_id;
243                 th->expires = new_expires;
244                 th->renew_after = new_renew_after;
245                 dout(" got ticket service %d (%s) secret_id %lld len %d\n",
246                      type, ceph_entity_type_name(type), th->secret_id,
247                      (int)th->ticket_blob->vec.iov_len);
248                 xi->have_keys |= th->service;
249         }
250
251         ret = 0;
252 out:
253         kmem_cache_free(ceph_x_ticketbuf_cachep, ticket_buf);
254 out_dbuf:
255         kmem_cache_free(ceph_x_ticketbuf_cachep, dbuf);
256         return ret;
257
258 bad:
259         ret = -EINVAL;
260         goto out;
261 }
262
263 static int ceph_x_build_authorizer(struct ceph_auth_client *ac,
264                                    struct ceph_x_ticket_handler *th,
265                                    struct ceph_x_authorizer *au)
266 {
267         int maxlen;
268         struct ceph_x_authorize_a *msg_a;
269         struct ceph_x_authorize_b msg_b;
270         void *p, *end;
271         int ret;
272         int ticket_blob_len =
273                 (th->ticket_blob ? th->ticket_blob->vec.iov_len : 0);
274
275         dout("build_authorizer for %s %p\n",
276              ceph_entity_type_name(th->service), au);
277
278         maxlen = sizeof(*msg_a) + sizeof(msg_b) +
279                 ceph_x_encrypt_buflen(ticket_blob_len);
280         dout("  need len %d\n", maxlen);
281         if (au->buf && au->buf->alloc_len < maxlen) {
282                 ceph_buffer_put(au->buf);
283                 au->buf = NULL;
284         }
285         if (!au->buf) {
286                 au->buf = ceph_buffer_new(maxlen, GFP_NOFS);
287                 if (!au->buf)
288                         return -ENOMEM;
289         }
290         au->service = th->service;
291
292         msg_a = au->buf->vec.iov_base;
293         msg_a->struct_v = 1;
294         msg_a->global_id = cpu_to_le64(ac->global_id);
295         msg_a->service_id = cpu_to_le32(th->service);
296         msg_a->ticket_blob.struct_v = 1;
297         msg_a->ticket_blob.secret_id = cpu_to_le64(th->secret_id);
298         msg_a->ticket_blob.blob_len = cpu_to_le32(ticket_blob_len);
299         if (ticket_blob_len) {
300                 memcpy(msg_a->ticket_blob.blob, th->ticket_blob->vec.iov_base,
301                        th->ticket_blob->vec.iov_len);
302         }
303         dout(" th %p secret_id %lld %lld\n", th, th->secret_id,
304              le64_to_cpu(msg_a->ticket_blob.secret_id));
305
306         p = msg_a + 1;
307         p += ticket_blob_len;
308         end = au->buf->vec.iov_base + au->buf->vec.iov_len;
309
310         get_random_bytes(&au->nonce, sizeof(au->nonce));
311         msg_b.struct_v = 1;
312         msg_b.nonce = cpu_to_le64(au->nonce);
313         ret = ceph_x_encrypt(&th->session_key, &msg_b, sizeof(msg_b),
314                              p, end - p);
315         if (ret < 0)
316                 goto out_buf;
317         p += ret;
318         au->buf->vec.iov_len = p - au->buf->vec.iov_base;
319         dout(" built authorizer nonce %llx len %d\n", au->nonce,
320              (int)au->buf->vec.iov_len);
321         BUG_ON(au->buf->vec.iov_len > maxlen);
322         return 0;
323
324 out_buf:
325         ceph_buffer_put(au->buf);
326         au->buf = NULL;
327         return ret;
328 }
329
330 static int ceph_x_encode_ticket(struct ceph_x_ticket_handler *th,
331                                 void **p, void *end)
332 {
333         ceph_decode_need(p, end, 1 + sizeof(u64), bad);
334         ceph_encode_8(p, 1);
335         ceph_encode_64(p, th->secret_id);
336         if (th->ticket_blob) {
337                 const char *buf = th->ticket_blob->vec.iov_base;
338                 u32 len = th->ticket_blob->vec.iov_len;
339
340                 ceph_encode_32_safe(p, end, len, bad);
341                 ceph_encode_copy_safe(p, end, buf, len, bad);
342         } else {
343                 ceph_encode_32_safe(p, end, 0, bad);
344         }
345
346         return 0;
347 bad:
348         return -ERANGE;
349 }
350
351 static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed)
352 {
353         int want = ac->want_keys;
354         struct ceph_x_info *xi = ac->private;
355         int service;
356
357         *pneed = ac->want_keys & ~(xi->have_keys);
358
359         for (service = 1; service <= want; service <<= 1) {
360                 struct ceph_x_ticket_handler *th;
361
362                 if (!(ac->want_keys & service))
363                         continue;
364
365                 if (*pneed & service)
366                         continue;
367
368                 th = get_ticket_handler(ac, service);
369
370                 if (!th) {
371                         *pneed |= service;
372                         continue;
373                 }
374
375                 if (get_seconds() >= th->renew_after)
376                         *pneed |= service;
377                 if (get_seconds() >= th->expires)
378                         xi->have_keys &= ~service;
379         }
380 }
381
382
383 static int ceph_x_build_request(struct ceph_auth_client *ac,
384                                 void *buf, void *end)
385 {
386         struct ceph_x_info *xi = ac->private;
387         int need;
388         struct ceph_x_request_header *head = buf;
389         int ret;
390         struct ceph_x_ticket_handler *th =
391                 get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
392
393         ceph_x_validate_tickets(ac, &need);
394
395         dout("build_request want %x have %x need %x\n",
396              ac->want_keys, xi->have_keys, need);
397
398         if (need & CEPH_ENTITY_TYPE_AUTH) {
399                 struct ceph_x_authenticate *auth = (void *)(head + 1);
400                 void *p = auth + 1;
401                 struct ceph_x_challenge_blob tmp;
402                 char tmp_enc[40];
403                 u64 *u;
404
405                 if (p > end)
406                         return -ERANGE;
407
408                 dout(" get_auth_session_key\n");
409                 head->op = cpu_to_le16(CEPHX_GET_AUTH_SESSION_KEY);
410
411                 /* encrypt and hash */
412                 get_random_bytes(&auth->client_challenge, sizeof(u64));
413                 tmp.client_challenge = auth->client_challenge;
414                 tmp.server_challenge = cpu_to_le64(xi->server_challenge);
415                 ret = ceph_x_encrypt(&xi->secret, &tmp, sizeof(tmp),
416                                      tmp_enc, sizeof(tmp_enc));
417                 if (ret < 0)
418                         return ret;
419
420                 auth->struct_v = 1;
421                 auth->key = 0;
422                 for (u = (u64 *)tmp_enc; u + 1 <= (u64 *)(tmp_enc + ret); u++)
423                         auth->key ^= *u;
424                 dout(" server_challenge %llx client_challenge %llx key %llx\n",
425                      xi->server_challenge, le64_to_cpu(auth->client_challenge),
426                      le64_to_cpu(auth->key));
427
428                 /* now encode the old ticket if exists */
429                 ret = ceph_x_encode_ticket(th, &p, end);
430                 if (ret < 0)
431                         return ret;
432
433                 return p - buf;
434         }
435
436         if (need) {
437                 void *p = head + 1;
438                 struct ceph_x_service_ticket_request *req;
439
440                 if (p > end)
441                         return -ERANGE;
442                 head->op = cpu_to_le16(CEPHX_GET_PRINCIPAL_SESSION_KEY);
443
444                 BUG_ON(!th);
445                 ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer);
446                 if (ret)
447                         return ret;
448                 ceph_encode_copy(&p, xi->auth_authorizer.buf->vec.iov_base,
449                                  xi->auth_authorizer.buf->vec.iov_len);
450
451                 req = p;
452                 req->keys = cpu_to_le32(need);
453                 p += sizeof(*req);
454                 return p - buf;
455         }
456
457         return 0;
458 }
459
460 static int ceph_x_handle_reply(struct ceph_auth_client *ac, int result,
461                                void *buf, void *end)
462 {
463         struct ceph_x_info *xi = ac->private;
464         struct ceph_x_reply_header *head = buf;
465         struct ceph_x_ticket_handler *th;
466         int len = end - buf;
467         int op;
468         int ret;
469
470         if (result)
471                 return result;  /* XXX hmm? */
472
473         if (xi->starting) {
474                 /* it's a hello */
475                 struct ceph_x_server_challenge *sc = buf;
476
477                 if (len != sizeof(*sc))
478                         return -EINVAL;
479                 xi->server_challenge = le64_to_cpu(sc->server_challenge);
480                 dout("handle_reply got server challenge %llx\n",
481                      xi->server_challenge);
482                 xi->starting = false;
483                 xi->have_keys &= ~CEPH_ENTITY_TYPE_AUTH;
484                 return -EAGAIN;
485         }
486
487         op = le32_to_cpu(head->op);
488         result = le32_to_cpu(head->result);
489         dout("handle_reply op %d result %d\n", op, result);
490         switch (op) {
491         case CEPHX_GET_AUTH_SESSION_KEY:
492                 /* verify auth key */
493                 ret = ceph_x_proc_ticket_reply(ac, &xi->secret,
494                                                buf + sizeof(*head), end);
495                 break;
496
497         case CEPHX_GET_PRINCIPAL_SESSION_KEY:
498                 th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);
499                 BUG_ON(!th);
500                 ret = ceph_x_proc_ticket_reply(ac, &th->session_key,
501                                                buf + sizeof(*head), end);
502                 break;
503
504         default:
505                 return -EINVAL;
506         }
507         if (ret)
508                 return ret;
509         if (ac->want_keys == xi->have_keys)
510                 return 0;
511         return -EAGAIN;
512 }
513
514 static int ceph_x_create_authorizer(
515         struct ceph_auth_client *ac, int peer_type,
516         struct ceph_authorizer **a,
517         void **buf, size_t *len,
518         void **reply_buf, size_t *reply_len)
519 {
520         struct ceph_x_authorizer *au;
521         struct ceph_x_ticket_handler *th;
522         int ret;
523
524         th = get_ticket_handler(ac, peer_type);
525         if (IS_ERR(th))
526                 return PTR_ERR(th);
527
528         au = kzalloc(sizeof(*au), GFP_NOFS);
529         if (!au)
530                 return -ENOMEM;
531
532         ret = ceph_x_build_authorizer(ac, th, au);
533         if (ret) {
534                 kfree(au);
535                 return ret;
536         }
537
538         *a = (struct ceph_authorizer *)au;
539         *buf = au->buf->vec.iov_base;
540         *len = au->buf->vec.iov_len;
541         *reply_buf = au->reply_buf;
542         *reply_len = sizeof(au->reply_buf);
543         return 0;
544 }
545
546 static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac,
547                                           struct ceph_authorizer *a, size_t len)
548 {
549         struct ceph_x_authorizer *au = (void *)a;
550         struct ceph_x_ticket_handler *th;
551         int ret = 0;
552         struct ceph_x_authorize_reply reply;
553         void *p = au->reply_buf;
554         void *end = p + sizeof(au->reply_buf);
555
556         th = get_ticket_handler(ac, au->service);
557         if (!th)
558                 return -EIO;  /* hrm! */
559         ret = ceph_x_decrypt(&th->session_key, &p, end, &reply, sizeof(reply));
560         if (ret < 0)
561                 return ret;
562         if (ret != sizeof(reply))
563                 return -EPERM;
564
565         if (au->nonce + 1 != le64_to_cpu(reply.nonce_plus_one))
566                 ret = -EPERM;
567         else
568                 ret = 0;
569         dout("verify_authorizer_reply nonce %llx got %llx ret %d\n",
570              au->nonce, le64_to_cpu(reply.nonce_plus_one), ret);
571         return ret;
572 }
573
574 static void ceph_x_destroy_authorizer(struct ceph_auth_client *ac,
575                                       struct ceph_authorizer *a)
576 {
577         struct ceph_x_authorizer *au = (void *)a;
578
579         ceph_buffer_put(au->buf);
580         kfree(au);
581 }
582
583
584 static void ceph_x_reset(struct ceph_auth_client *ac)
585 {
586         struct ceph_x_info *xi = ac->private;
587
588         dout("reset\n");
589         xi->starting = true;
590         xi->server_challenge = 0;
591 }
592
593 static void ceph_x_destroy(struct ceph_auth_client *ac)
594 {
595         struct ceph_x_info *xi = ac->private;
596         struct rb_node *p;
597
598         dout("ceph_x_destroy %p\n", ac);
599         ceph_crypto_key_destroy(&xi->secret);
600
601         while ((p = rb_first(&xi->ticket_handlers)) != NULL) {
602                 struct ceph_x_ticket_handler *th =
603                         rb_entry(p, struct ceph_x_ticket_handler, node);
604                 remove_ticket_handler(ac, th);
605         }
606
607         kmem_cache_destroy(ceph_x_ticketbuf_cachep);
608
609         kfree(ac->private);
610         ac->private = NULL;
611 }
612
613 static void ceph_x_invalidate_authorizer(struct ceph_auth_client *ac,
614                                    int peer_type)
615 {
616         struct ceph_x_ticket_handler *th;
617
618         th = get_ticket_handler(ac, peer_type);
619         if (th && !IS_ERR(th))
620                 remove_ticket_handler(ac, th);
621 }
622
623
624 static const struct ceph_auth_client_ops ceph_x_ops = {
625         .is_authenticated = ceph_x_is_authenticated,
626         .build_request = ceph_x_build_request,
627         .handle_reply = ceph_x_handle_reply,
628         .create_authorizer = ceph_x_create_authorizer,
629         .verify_authorizer_reply = ceph_x_verify_authorizer_reply,
630         .destroy_authorizer = ceph_x_destroy_authorizer,
631         .invalidate_authorizer = ceph_x_invalidate_authorizer,
632         .reset =  ceph_x_reset,
633         .destroy = ceph_x_destroy,
634 };
635
636
637 int ceph_x_init(struct ceph_auth_client *ac)
638 {
639         struct ceph_x_info *xi;
640         int ret;
641
642         dout("ceph_x_init %p\n", ac);
643         xi = kzalloc(sizeof(*xi), GFP_NOFS);
644         if (!xi)
645                 return -ENOMEM;
646
647         ret = -ENOMEM;
648         ceph_x_ticketbuf_cachep = kmem_cache_create("ceph_x_ticketbuf",
649                                       TEMP_TICKET_BUF_LEN, 8,
650                                       (SLAB_RECLAIM_ACCOUNT|SLAB_MEM_SPREAD),
651                                       NULL);
652         if (!ceph_x_ticketbuf_cachep)
653                 goto done_nomem;
654         ret = -EINVAL;
655         if (!ac->secret) {
656                 pr_err("no secret set (for auth_x protocol)\n");
657                 goto done_nomem;
658         }
659
660         ret = ceph_crypto_key_unarmor(&xi->secret, ac->secret);
661         if (ret)
662                 goto done_nomem;
663
664         xi->starting = true;
665         xi->ticket_handlers = RB_ROOT;
666
667         ac->protocol = CEPH_AUTH_CEPHX;
668         ac->private = xi;
669         ac->ops = &ceph_x_ops;
670         return 0;
671
672 done_nomem:
673         kfree(xi);
674         if (ceph_x_ticketbuf_cachep)
675                 kmem_cache_destroy(ceph_x_ticketbuf_cachep);
676         return ret;
677 }
678
679