Openwrt-EcoNet/kernel-49
1
0
Fork 0
Code Activity
Files
master
kernel-49/include/linux/ceph/auth.h
Greg Kroah-Hartman 0f3faed7d2 Merge 4.9.144 into android-4.9 
Changes in 4.9.144
	Kbuild: suppress packed-not-aligned warning for default setting only
	disable stringop truncation warnings for now
	test_hexdump: use memcpy instead of strncpy
	kobject: Replace strncpy with memcpy
	unifdef: use memcpy instead of strncpy
	kernfs: Replace strncpy with memcpy
	ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
	drm: gma500: fix logic error
	scsi: bfa: convert to strlcpy/strlcat
	staging: rts5208: fix gcc-8 logic error warning
	kdb: use memmove instead of overlapping memcpy
	x86/power/64: Use char arrays for asm function names
	iser: set sector for ambiguous mr status errors
	uprobes: Fix handle_swbp() vs. unregister() + register() race once more
	MIPS: ralink: Fix mt7620 nd_sd pinmux
	mips: fix mips_get_syscall_arg o32 check
	IB/mlx5: Avoid load failure due to unknown link width
	drm/ast: Fix incorrect free on ioregs
	drm: set is_master to 0 upon drm_new_set_master() failure
	scsi: scsi_devinfo: cleanly zero-pad devinfo strings
	ALSA: trident: Suppress gcc string warning
	scsi: csiostor: Avoid content leaks and casts
	kgdboc: Fix restrict error
	kgdboc: Fix warning with module build
	binder: fix proc->files use-after-free
	svm: Add mutex_lock to protect apic_access_page_done on AMD systems
	drm/mediatek: fix OF sibling-node lookup
	Input: xpad - quirk all PDP Xbox One gamepads
	Input: matrix_keypad - check for errors from of_get_named_gpio()
	Input: elan_i2c - add ELAN0620 to the ACPI table
	Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR
	Input: elan_i2c - add support for ELAN0621 touchpad
	btrfs: Always try all copies when reading extent buffers
	Btrfs: fix use-after-free when dumping free space
	ARC: change defconfig defaults to ARCv2
	arc: [devboards] Add support of NFSv3 ACL
	udf: Allow mounting volumes with incorrect identification strings
	reset: make optional functions really optional
	reset: core: fix reset_control_put
	reset: fix optional reset_control_get stubs to return NULL
	reset: add exported __reset_control_get, return NULL if optional
	reset: make device_reset_optional() really optional
	reset: remove remaining WARN_ON() in <linux/reset.h>
	mm: cleancache: fix corruption on missed inode invalidation
	usb: gadget: dummy: fix nonsensical comparisons
	net: qed: use correct strncpy() size
	tipc: use destination length for copy string
	libceph: drop len argument of *verify_authorizer_reply()
	libceph: no need to drop con->mutex for ->get_authorizer()
	libceph: store ceph_auth_handshake pointer in ceph_connection
	libceph: factor out __prepare_write_connect()
	libceph: factor out __ceph_x_decrypt()
	libceph: factor out encrypt_authorizer()
	libceph: add authorizer challenge
	libceph: implement CEPHX_V2 calculation mode
	libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
	libceph: check authorizer reply/challenge length before reading
	bpf/verifier: Add spi variable to check_stack_write()
	bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
	bpf: Prevent memory disambiguation attack
	wil6210: missing length check in wmi_set_ie
	mm/hugetlb.c: don't call region_abort if region_chg fails
	hugetlbfs: fix offset overflow in hugetlbfs mmap
	hugetlbfs: check for pgoff value overflow
	btrfs: validate type when reading a chunk
	btrfs: Verify that every chunk has corresponding block group at mount time
	btrfs: Refactor check_leaf function for later expansion
	btrfs: Check if item pointer overlaps with the item itself
	btrfs: Add sanity check for EXTENT_DATA when reading out leaf
	btrfs: Add checker for EXTENT_CSUM
	btrfs: Move leaf and node validation checker to tree-checker.c
	btrfs: struct-funcs, constify readers
	btrfs: tree-checker: Enhance btrfs_check_node output
	btrfs: tree-checker: Fix false panic for sanity test
	btrfs: tree-checker: Add checker for dir item
	btrfs: tree-checker: use %zu format string for size_t
	btrfs: tree-check: reduce stack consumption in check_dir_item
	btrfs: tree-checker: Verify block_group_item
	btrfs: tree-checker: Detect invalid and empty essential trees
	btrfs: Check that each block group has corresponding chunk at mount time
	btrfs: tree-checker: Check level for leaves and nodes
	btrfs: tree-checker: Fix misleading group system information
	f2fs: fix a panic caused by NULL flush_cmd_control
	f2fs: fix race condition in between free nid allocator/initializer
	f2fs: detect wrong layout
	f2fs: return error during fill_super
	f2fs: check blkaddr more accuratly before issue a bio
	f2fs: sanity check on sit entry
	f2fs: enhance sanity_check_raw_super() to avoid potential overflow
	f2fs: clean up with is_valid_blkaddr()
	f2fs: introduce and spread verify_blkaddr
	f2fs: fix to do sanity check with secs_per_zone
	f2fs: fix to do sanity check with user_block_count
	f2fs: Add sanity_check_inode() function
	f2fs: fix to do sanity check with node footer and iblocks
	f2fs: fix to do sanity check with block address in main area
	f2fs: fix missing up_read
	f2fs: fix to do sanity check with block address in main area v2
	f2fs: free meta pages if sanity check for ckpt is failed
	f2fs: fix to do sanity check with cp_pack_start_sum
	xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
	hugetlbfs: fix bug in pgoff overflow checking
	Linux 4.9.144

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2019-02-11 23:25:32 +03:00

150 lines
4.8 KiB
C
Raw Permalink Blame History

#ifndef _FS_CEPH_AUTH_H
#define _FS_CEPH_AUTH_H
#include <linux/ceph/types.h>
#include <linux/ceph/buffer.h>
/*
* Abstract interface for communicating with the authenticate module.
* There is some handshake that takes place between us and the monitor
* to acquire the necessary keys. These are used to generate an
* 'authorizer' that we use when connecting to a service (mds, osd).
*/
struct ceph_auth_client;
struct ceph_msg;
struct ceph_authorizer {
void (*destroy)(struct ceph_authorizer *);
};
struct ceph_auth_handshake {
struct ceph_authorizer *authorizer;
void *authorizer_buf;
size_t authorizer_buf_len;
void *authorizer_reply_buf;
size_t authorizer_reply_buf_len;
int (*sign_message)(struct ceph_auth_handshake *auth,
struct ceph_msg *msg);
int (*check_message_signature)(struct ceph_auth_handshake *auth,
struct ceph_msg *msg);
};
struct ceph_auth_client_ops {
const char *name;
/*
* true if we are authenticated and can connect to
* services.
*/
int (*is_authenticated)(struct ceph_auth_client *ac);
/*
* true if we should (re)authenticate, e.g., when our tickets
* are getting old and crusty.
*/
int (*should_authenticate)(struct ceph_auth_client *ac);
/*
* build requests and process replies during monitor
* handshake. if handle_reply returns -EAGAIN, we build
* another request.
*/
int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
int (*handle_reply)(struct ceph_auth_client *ac, int result,
void *buf, void *end);
/*
* Create authorizer for connecting to a service, and verify
* the response to authenticate the service.
*/
int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,
struct ceph_auth_handshake *auth);
/* ensure that an existing authorizer is up to date */
int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type,
struct ceph_auth_handshake *auth);
int (*add_authorizer_challenge)(struct ceph_auth_client *ac,
struct ceph_authorizer *a,
void *challenge_buf,
int challenge_buf_len);
int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
struct ceph_authorizer *a);
void (*invalidate_authorizer)(struct ceph_auth_client *ac,
int peer_type);
/* reset when we (re)connect to a monitor */
void (*reset)(struct ceph_auth_client *ac);
void (*destroy)(struct ceph_auth_client *ac);
int (*sign_message)(struct ceph_auth_handshake *auth,
struct ceph_msg *msg);
int (*check_message_signature)(struct ceph_auth_handshake *auth,
struct ceph_msg *msg);
};
struct ceph_auth_client {
u32 protocol; /* CEPH_AUTH_* */
void *private; /* for use by protocol implementation */
const struct ceph_auth_client_ops *ops; /* null iff protocol==0 */
bool negotiating; /* true if negotiating protocol */
const char *name; /* entity name */
u64 global_id; /* our unique id in system */
const struct ceph_crypto_key *key; /* our secret key */
unsigned want_keys; /* which services we want */
struct mutex mutex;
};
extern struct ceph_auth_client *ceph_auth_init(const char *name,
const struct ceph_crypto_key *key);
extern void ceph_auth_destroy(struct ceph_auth_client *ac);
extern void ceph_auth_reset(struct ceph_auth_client *ac);
extern int ceph_auth_build_hello(struct ceph_auth_client *ac,
void *buf, size_t len);
extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,
void *buf, size_t len,
void *reply_buf, size_t reply_len);
int ceph_auth_entity_name_encode(const char *name, void **p, void *end);
extern int ceph_build_auth(struct ceph_auth_client *ac,
void *msg_buf, size_t msg_len);
extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac);
extern int ceph_auth_create_authorizer(struct ceph_auth_client *ac,
int peer_type,
struct ceph_auth_handshake *auth);
void ceph_auth_destroy_authorizer(struct ceph_authorizer *a);
extern int ceph_auth_update_authorizer(struct ceph_auth_client *ac,
int peer_type,
struct ceph_auth_handshake *a);
int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac,
struct ceph_authorizer *a,
void *challenge_buf,
int challenge_buf_len);
extern int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
struct ceph_authorizer *a);
extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac,
int peer_type);
static inline int ceph_auth_sign_message(struct ceph_auth_handshake *auth,
struct ceph_msg *msg)
{
if (auth->sign_message)
return auth->sign_message(auth, msg);
return 0;
}
static inline
int ceph_auth_check_message_signature(struct ceph_auth_handshake *auth,
struct ceph_msg *msg)
{
if (auth->check_message_signature)
return auth->check_message_signature(auth, msg);
return 0;
}
#endif
View Git Blame Copy Permalink