[thirdparty/kernel/stable-queue.git] / releases / 3.16.3 / libceph-add-process_one_ticket-helper.patch

From 597cda357716a3cf8d994cb11927af917c8d71fa Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <ilya.dryomov@inktank.com>
Date: Mon, 8 Sep 2014 17:25:34 +0400
Subject: libceph: add process_one_ticket() helper

From: Ilya Dryomov <ilya.dryomov@inktank.com>

commit 597cda357716a3cf8d994cb11927af917c8d71fa upstream.

Add a helper for processing individual cephx auth tickets.  Needed for
the next commit, which deals with allocating ticket buffers.  (Most of
the diff here is whitespace - view with git diff -b).

Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/ceph/auth_x.c |  228 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 124 insertions(+), 104 deletions(-)

--- a/net/ceph/auth_x.c
+++ b/net/ceph/auth_x.c
@@ -129,17 +129,131 @@ static void remove_ticket_handler(struct
 	kfree(th);
 }
 
+static int process_one_ticket(struct ceph_auth_client *ac,
+			      struct ceph_crypto_key *secret,
+			      void **p, void *end,
+			      void *dbuf, void *ticket_buf)
+{
+	struct ceph_x_info *xi = ac->private;
+	int type;
+	u8 tkt_struct_v, blob_struct_v;
+	struct ceph_x_ticket_handler *th;
+	void *dp, *dend;
+	int dlen;
+	char is_enc;
+	struct timespec validity;
+	struct ceph_crypto_key old_key;
+	void *tp, *tpend;
+	struct ceph_timespec new_validity;
+	struct ceph_crypto_key new_session_key;
+	struct ceph_buffer *new_ticket_blob;
+	unsigned long new_expires, new_renew_after;
+	u64 new_secret_id;
+	int ret;
+
+	ceph_decode_need(p, end, sizeof(u32) + 1, bad);
+
+	type = ceph_decode_32(p);
+	dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
+
+	tkt_struct_v = ceph_decode_8(p);
+	if (tkt_struct_v != 1)
+		goto bad;
+
+	th = get_ticket_handler(ac, type);
+	if (IS_ERR(th)) {
+		ret = PTR_ERR(th);
+		goto out;
+	}
+
+	/* blob for me */
+	dlen = ceph_x_decrypt(secret, p, end, dbuf,
+			      TEMP_TICKET_BUF_LEN);
+	if (dlen <= 0) {
+		ret = dlen;
+		goto out;
+	}
+	dout(" decrypted %d bytes\n", dlen);
+	dp = dbuf;
+	dend = dp + dlen;
+
+	tkt_struct_v = ceph_decode_8(&dp);
+	if (tkt_struct_v != 1)
+		goto bad;
+
+	memcpy(&old_key, &th->session_key, sizeof(old_key));
+	ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
+	if (ret)
+		goto out;
+
+	ceph_decode_copy(&dp, &new_validity, sizeof(new_validity));
+	ceph_decode_timespec(&validity, &new_validity);
+	new_expires = get_seconds() + validity.tv_sec;
+	new_renew_after = new_expires - (validity.tv_sec / 4);
+	dout(" expires=%lu renew_after=%lu\n", new_expires,
+	     new_renew_after);
+
+	/* ticket blob for service */
+	ceph_decode_8_safe(p, end, is_enc, bad);
+	tp = ticket_buf;
+	if (is_enc) {
+		/* encrypted */
+		dout(" encrypted ticket\n");
+		dlen = ceph_x_decrypt(&old_key, p, end, ticket_buf,
+				      TEMP_TICKET_BUF_LEN);
+		if (dlen < 0) {
+			ret = dlen;
+			goto out;
+		}
+		dlen = ceph_decode_32(&tp);
+	} else {
+		/* unencrypted */
+		ceph_decode_32_safe(p, end, dlen, bad);
+		ceph_decode_need(p, end, dlen, bad);
+		ceph_decode_copy(p, ticket_buf, dlen);
+	}
+	tpend = tp + dlen;
+	dout(" ticket blob is %d bytes\n", dlen);
+	ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad);
+	blob_struct_v = ceph_decode_8(&tp);
+	new_secret_id = ceph_decode_64(&tp);
+	ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend);
+	if (ret)
+		goto out;
+
+	/* all is well, update our ticket */
+	ceph_crypto_key_destroy(&th->session_key);
+	if (th->ticket_blob)
+		ceph_buffer_put(th->ticket_blob);
+	th->session_key = new_session_key;
+	th->ticket_blob = new_ticket_blob;
+	th->validity = new_validity;
+	th->secret_id = new_secret_id;
+	th->expires = new_expires;
+	th->renew_after = new_renew_after;
+	dout(" got ticket service %d (%s) secret_id %lld len %d\n",
+	     type, ceph_entity_type_name(type), th->secret_id,
+	     (int)th->ticket_blob->vec.iov_len);
+	xi->have_keys |= th->service;
+
+out:
+	return ret;
+
+bad:
+	ret = -EINVAL;
+	goto out;
+}
+
 static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
 				    struct ceph_crypto_key *secret,
 				    void *buf, void *end)
 {
-	struct ceph_x_info *xi = ac->private;
-	int num;
 	void *p = buf;
-	int ret;
 	char *dbuf;
 	char *ticket_buf;
 	u8 reply_struct_v;
+	u32 num;
+	int ret;
 
 	dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS);
 	if (!dbuf)
@@ -150,112 +264,18 @@ static int ceph_x_proc_ticket_reply(stru
 	if (!ticket_buf)
 		goto out_dbuf;
 
-	ceph_decode_need(&p, end, 1 + sizeof(u32), bad);
-	reply_struct_v = ceph_decode_8(&p);
+	ceph_decode_8_safe(&p, end, reply_struct_v, bad);
 	if (reply_struct_v != 1)
-		goto bad;
-	num = ceph_decode_32(&p);
-	dout("%d tickets\n", num);
-	while (num--) {
-		int type;
-		u8 tkt_struct_v, blob_struct_v;
-		struct ceph_x_ticket_handler *th;
-		void *dp, *dend;
-		int dlen;
-		char is_enc;
-		struct timespec validity;
-		struct ceph_crypto_key old_key;
-		void *tp, *tpend;
-		struct ceph_timespec new_validity;
-		struct ceph_crypto_key new_session_key;
-		struct ceph_buffer *new_ticket_blob;
-		unsigned long new_expires, new_renew_after;
-		u64 new_secret_id;
-
-		ceph_decode_need(&p, end, sizeof(u32) + 1, bad);
-
-		type = ceph_decode_32(&p);
-		dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
-
-		tkt_struct_v = ceph_decode_8(&p);
-		if (tkt_struct_v != 1)
-			goto bad;
-
-		th = get_ticket_handler(ac, type);
-		if (IS_ERR(th)) {
-			ret = PTR_ERR(th);
-			goto out;
-		}
-
-		/* blob for me */
-		dlen = ceph_x_decrypt(secret, &p, end, dbuf,
-				      TEMP_TICKET_BUF_LEN);
-		if (dlen <= 0) {
-			ret = dlen;
-			goto out;
-		}
-		dout(" decrypted %d bytes\n", dlen);
-		dend = dbuf + dlen;
-		dp = dbuf;
-
-		tkt_struct_v = ceph_decode_8(&dp);
-		if (tkt_struct_v != 1)
-			goto bad;
+		return -EINVAL;
 
-		memcpy(&old_key, &th->session_key, sizeof(old_key));
-		ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
-		if (ret)
-			goto out;
+	ceph_decode_32_safe(&p, end, num, bad);
+	dout("%d tickets\n", num);
 
-		ceph_decode_copy(&dp, &new_validity, sizeof(new_validity));
-		ceph_decode_timespec(&validity, &new_validity);
-		new_expires = get_seconds() + validity.tv_sec;
-		new_renew_after = new_expires - (validity.tv_sec / 4);
-		dout(" expires=%lu renew_after=%lu\n", new_expires,
-		     new_renew_after);
-
-		/* ticket blob for service */
-		ceph_decode_8_safe(&p, end, is_enc, bad);
-		tp = ticket_buf;
-		if (is_enc) {
-			/* encrypted */
-			dout(" encrypted ticket\n");
-			dlen = ceph_x_decrypt(&old_key, &p, end, ticket_buf,
-					      TEMP_TICKET_BUF_LEN);
-			if (dlen < 0) {
-				ret = dlen;
-				goto out;
-			}
-			dlen = ceph_decode_32(&tp);
-		} else {
-			/* unencrypted */
-			ceph_decode_32_safe(&p, end, dlen, bad);
-			ceph_decode_need(&p, end, dlen, bad);
-			ceph_decode_copy(&p, ticket_buf, dlen);
-		}
-		tpend = tp + dlen;
-		dout(" ticket blob is %d bytes\n", dlen);
-		ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad);
-		blob_struct_v = ceph_decode_8(&tp);
-		new_secret_id = ceph_decode_64(&tp);
-		ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend);
+	while (num--) {
+		ret = process_one_ticket(ac, secret, &p, end,
+					 dbuf, ticket_buf);
 		if (ret)
 			goto out;
-
-		/* all is well, update our ticket */
-		ceph_crypto_key_destroy(&th->session_key);
-		if (th->ticket_blob)
-			ceph_buffer_put(th->ticket_blob);
-		th->session_key = new_session_key;
-		th->ticket_blob = new_ticket_blob;
-		th->validity = new_validity;
-		th->secret_id = new_secret_id;
-		th->expires = new_expires;
-		th->renew_after = new_renew_after;
-		dout(" got ticket service %d (%s) secret_id %lld len %d\n",
-		     type, ceph_entity_type_name(type), th->secret_id,
-		     (int)th->ticket_blob->vec.iov_len);
-		xi->have_keys |= th->service;
 	}
 
 	ret = 0;
Commit	Line	Data
9515b5a6 GKH	1	From 597cda357716a3cf8d994cb11927af917c8d71fa Mon Sep 17 00:00:00 2001
	2	From: Ilya Dryomov <ilya.dryomov@inktank.com>
	3	Date: Mon, 8 Sep 2014 17:25:34 +0400
	4	Subject: libceph: add process_one_ticket() helper
	5
	6	From: Ilya Dryomov <ilya.dryomov@inktank.com>
	7
	8	commit 597cda357716a3cf8d994cb11927af917c8d71fa upstream.
	9
	10	Add a helper for processing individual cephx auth tickets. Needed for
	11	the next commit, which deals with allocating ticket buffers. (Most of
	12	the diff here is whitespace - view with git diff -b).
	13
	14	Signed-off-by: Ilya Dryomov <ilya.dryomov@inktank.com>
	15	Reviewed-by: Sage Weil <sage@redhat.com>
	16	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	17
	18	---
	19	net/ceph/auth_x.c \| 228 +++++++++++++++++++++++++++++-------------------------
	20	1 file changed, 124 insertions(+), 104 deletions(-)
	21
	22	--- a/net/ceph/auth_x.c
	23	+++ b/net/ceph/auth_x.c
	24	@@ -129,17 +129,131 @@ static void remove_ticket_handler(struct
	25	kfree(th);
	26	}
	27
	28	+static int process_one_ticket(struct ceph_auth_client *ac,
	29	+ struct ceph_crypto_key *secret,
	30	+ void *p, void end,
	31	+ void dbuf, void ticket_buf)
	32	+{
	33	+ struct ceph_x_info *xi = ac->private;
	34	+ int type;
	35	+ u8 tkt_struct_v, blob_struct_v;
	36	+ struct ceph_x_ticket_handler *th;
	37	+ void dp, dend;
	38	+ int dlen;
	39	+ char is_enc;
	40	+ struct timespec validity;
	41	+ struct ceph_crypto_key old_key;
	42	+ void tp, tpend;
	43	+ struct ceph_timespec new_validity;
	44	+ struct ceph_crypto_key new_session_key;
	45	+ struct ceph_buffer *new_ticket_blob;
	46	+ unsigned long new_expires, new_renew_after;
	47	+ u64 new_secret_id;
	48	+ int ret;
	49	+
	50	+ ceph_decode_need(p, end, sizeof(u32) + 1, bad);
	51	+
	52	+ type = ceph_decode_32(p);
	53	+ dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
	54	+
	55	+ tkt_struct_v = ceph_decode_8(p);
	56	+ if (tkt_struct_v != 1)
	57	+ goto bad;
	58	+
	59	+ th = get_ticket_handler(ac, type);
	60	+ if (IS_ERR(th)) {
	61	+ ret = PTR_ERR(th);
	62	+ goto out;
	63	+ }
	64	+
65	+ /* blob for me */
66	+ dlen = ceph_x_decrypt(secret, p, end, dbuf,
67	+ TEMP_TICKET_BUF_LEN);
68	+ if (dlen <= 0) {
69	+ ret = dlen;
70	+ goto out;
71	+ }
72	+ dout(" decrypted %d bytes\n", dlen);
73	+ dp = dbuf;
74	+ dend = dp + dlen;
75	+
76	+ tkt_struct_v = ceph_decode_8(&dp);
77	+ if (tkt_struct_v != 1)
78	+ goto bad;
79	+
80	+ memcpy(&old_key, &th->session_key, sizeof(old_key));
81	+ ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
82	+ if (ret)
83	+ goto out;
84	+
85	+ ceph_decode_copy(&dp, &new_validity, sizeof(new_validity));
86	+ ceph_decode_timespec(&validity, &new_validity);
87	+ new_expires = get_seconds() + validity.tv_sec;
88	+ new_renew_after = new_expires - (validity.tv_sec / 4);
89	+ dout(" expires=%lu renew_after=%lu\n", new_expires,
90	+ new_renew_after);
91	+
92	+ /* ticket blob for service */
93	+ ceph_decode_8_safe(p, end, is_enc, bad);
94	+ tp = ticket_buf;
95	+ if (is_enc) {
96	+ /* encrypted */
97	+ dout(" encrypted ticket\n");
98	+ dlen = ceph_x_decrypt(&old_key, p, end, ticket_buf,
99	+ TEMP_TICKET_BUF_LEN);
100	+ if (dlen < 0) {
101	+ ret = dlen;
102	+ goto out;
103	+ }
104	+ dlen = ceph_decode_32(&tp);
105	+ } else {
106	+ /* unencrypted */
107	+ ceph_decode_32_safe(p, end, dlen, bad);
108	+ ceph_decode_need(p, end, dlen, bad);
109	+ ceph_decode_copy(p, ticket_buf, dlen);
110	+ }
111	+ tpend = tp + dlen;
112	+ dout(" ticket blob is %d bytes\n", dlen);
113	+ ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad);
114	+ blob_struct_v = ceph_decode_8(&tp);
115	+ new_secret_id = ceph_decode_64(&tp);
116	+ ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend);
117	+ if (ret)
118	+ goto out;
119	+
120	+ /* all is well, update our ticket */
121	+ ceph_crypto_key_destroy(&th->session_key);
122	+ if (th->ticket_blob)
123	+ ceph_buffer_put(th->ticket_blob);
124	+ th->session_key = new_session_key;
125	+ th->ticket_blob = new_ticket_blob;
126	+ th->validity = new_validity;
127	+ th->secret_id = new_secret_id;
128	+ th->expires = new_expires;
129	+ th->renew_after = new_renew_after;
130	+ dout(" got ticket service %d (%s) secret_id %lld len %d\n",
131	+ type, ceph_entity_type_name(type), th->secret_id,
132	+ (int)th->ticket_blob->vec.iov_len);
133	+ xi->have_keys \|= th->service;
134	+
135	+out:
136	+ return ret;
137	+
138	+bad:
139	+ ret = -EINVAL;
140	+ goto out;
141	+}
142	+
143	static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac,
144	struct ceph_crypto_key *secret,
145	void buf, void end)
146	{
147	- struct ceph_x_info *xi = ac->private;
148	- int num;
149	void *p = buf;
150	- int ret;
151	char *dbuf;
152	char *ticket_buf;
153	u8 reply_struct_v;
154	+ u32 num;
155	+ int ret;
156
157	dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS);
158	if (!dbuf)
159	@@ -150,112 +264,18 @@ static int ceph_x_proc_ticket_reply(stru
160	if (!ticket_buf)
161	goto out_dbuf;
162
163	- ceph_decode_need(&p, end, 1 + sizeof(u32), bad);
164	- reply_struct_v = ceph_decode_8(&p);
165	+ ceph_decode_8_safe(&p, end, reply_struct_v, bad);
166	if (reply_struct_v != 1)
167	- goto bad;
168	- num = ceph_decode_32(&p);
169	- dout("%d tickets\n", num);
170	- while (num--) {
171	- int type;
172	- u8 tkt_struct_v, blob_struct_v;
173	- struct ceph_x_ticket_handler *th;
174	- void dp, dend;
175	- int dlen;
176	- char is_enc;
177	- struct timespec validity;
178	- struct ceph_crypto_key old_key;
179	- void tp, tpend;
180	- struct ceph_timespec new_validity;
181	- struct ceph_crypto_key new_session_key;
182	- struct ceph_buffer *new_ticket_blob;
183	- unsigned long new_expires, new_renew_after;
184	- u64 new_secret_id;
185	-
186	- ceph_decode_need(&p, end, sizeof(u32) + 1, bad);
187	-
188	- type = ceph_decode_32(&p);
189	- dout(" ticket type %d %s\n", type, ceph_entity_type_name(type));
190	-
191	- tkt_struct_v = ceph_decode_8(&p);
192	- if (tkt_struct_v != 1)
193	- goto bad;
194	-
195	- th = get_ticket_handler(ac, type);
196	- if (IS_ERR(th)) {
197	- ret = PTR_ERR(th);
198	- goto out;
199	- }
200	-
201	- /* blob for me */
202	- dlen = ceph_x_decrypt(secret, &p, end, dbuf,
203	- TEMP_TICKET_BUF_LEN);
204	- if (dlen <= 0) {
205	- ret = dlen;
206	- goto out;
207	- }
208	- dout(" decrypted %d bytes\n", dlen);
209	- dend = dbuf + dlen;
210	- dp = dbuf;
211	-
212	- tkt_struct_v = ceph_decode_8(&dp);
213	- if (tkt_struct_v != 1)
214	- goto bad;
215	+ return -EINVAL;
216
217	- memcpy(&old_key, &th->session_key, sizeof(old_key));
218	- ret = ceph_crypto_key_decode(&new_session_key, &dp, dend);
219	- if (ret)
220	- goto out;
221	+ ceph_decode_32_safe(&p, end, num, bad);
222	+ dout("%d tickets\n", num);
223
224	- ceph_decode_copy(&dp, &new_validity, sizeof(new_validity));
225	- ceph_decode_timespec(&validity, &new_validity);
226	- new_expires = get_seconds() + validity.tv_sec;
227	- new_renew_after = new_expires - (validity.tv_sec / 4);
228	- dout(" expires=%lu renew_after=%lu\n", new_expires,
229	- new_renew_after);
230	-
231	- /* ticket blob for service */
232	- ceph_decode_8_safe(&p, end, is_enc, bad);
233	- tp = ticket_buf;
234	- if (is_enc) {
235	- /* encrypted */
236	- dout(" encrypted ticket\n");
237	- dlen = ceph_x_decrypt(&old_key, &p, end, ticket_buf,
238	- TEMP_TICKET_BUF_LEN);
239	- if (dlen < 0) {
240	- ret = dlen;
241	- goto out;
242	- }
243	- dlen = ceph_decode_32(&tp);
244	- } else {
245	- /* unencrypted */
246	- ceph_decode_32_safe(&p, end, dlen, bad);
247	- ceph_decode_need(&p, end, dlen, bad);
248	- ceph_decode_copy(&p, ticket_buf, dlen);
249	- }
250	- tpend = tp + dlen;
251	- dout(" ticket blob is %d bytes\n", dlen);
252	- ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad);
253	- blob_struct_v = ceph_decode_8(&tp);
254	- new_secret_id = ceph_decode_64(&tp);
255	- ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend);
256	+ while (num--) {
257	+ ret = process_one_ticket(ac, secret, &p, end,
258	+ dbuf, ticket_buf);
259	if (ret)
260	goto out;
261	-
262	- /* all is well, update our ticket */
263	- ceph_crypto_key_destroy(&th->session_key);
264	- if (th->ticket_blob)
265	- ceph_buffer_put(th->ticket_blob);
266	- th->session_key = new_session_key;
267	- th->ticket_blob = new_ticket_blob;
268	- th->validity = new_validity;
269	- th->secret_id = new_secret_id;
270	- th->expires = new_expires;
271	- th->renew_after = new_renew_after;
272	- dout(" got ticket service %d (%s) secret_id %lld len %d\n",
273	- type, ceph_entity_type_name(type), th->secret_id,
274	- (int)th->ticket_blob->vec.iov_len);
275	- xi->have_keys \|= th->service;
276	}
277
278	ret = 0;