net/ceph/auth_x.c
Source file repositories/reference/linux-study-clean/net/ceph/auth_x.c
File Facts
- System
- Linux kernel
- Corpus path
net/ceph/auth_x.c- Extension
.c- Size
- 30311 bytes
- Lines
- 1219
- Domain
- Networking Core
- Bucket
- Sockets, Protocols, Packet Path, And Network Policy
- Inferred role
- Networking Core: implementation source
- Status
- source implementation candidate
Why This File Exists
Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Networking stack implementation surface: socket APIs, protocol dispatch, packet flow, routing, filtering, and network namespaces.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/ceph/ceph_debug.hlinux/err.hlinux/module.hlinux/random.hlinux/slab.hlinux/ceph/decode.hlinux/ceph/auth.hlinux/ceph/ceph_features.hlinux/ceph/libceph.hlinux/ceph/messenger.hcrypto.hauth_x.hauth_x_protocol.h
Detected Declarations
function ceph_x_is_authenticatedfunction ceph_x_should_authenticatefunction __ceph_x_encrypt_offsetfunction ceph_x_encrypt_offsetfunction ceph_x_encrypt_buflenfunction ceph_x_encryptfunction __ceph_x_decryptfunction ceph_x_decryptfunction existingfunction remove_ticket_handlerfunction process_one_ticketfunction ceph_x_proc_ticket_replyfunction partfunction ceph_x_authorizer_cleanupfunction ceph_x_build_authorizerfunction ceph_x_encode_ticketfunction need_keyfunction have_keyfunction ceph_x_validate_ticketsfunction ceph_x_build_requestfunction decode_con_secretfunction handle_auth_session_keyfunction ceph_x_handle_replyfunction ceph_x_destroy_authorizerfunction ceph_x_create_authorizerfunction ceph_x_update_authorizerfunction decrypt_authorizer_challengefunction ceph_x_add_authorizer_challengefunction decrypt_authorizer_replyfunction ceph_x_verify_authorizer_replyfunction ceph_x_resetfunction ceph_x_destroyfunction invalidate_ticketfunction ceph_x_invalidate_authorizerfunction calc_signaturefunction ceph_x_sign_messagefunction ceph_x_check_message_signaturefunction ceph_x_init
Annotated Snippet
if (!au->buf) {
ret = -ENOMEM;
goto out_au;
}
}
au->service = th->service;
WARN_ON(!th->secret_id);
au->secret_id = th->secret_id;
msg_a = au->buf->vec.iov_base;
msg_a->struct_v = 1;
msg_a->global_id = cpu_to_le64(ac->global_id);
msg_a->service_id = cpu_to_le32(th->service);
msg_a->ticket_blob.struct_v = 1;
msg_a->ticket_blob.secret_id = cpu_to_le64(th->secret_id);
msg_a->ticket_blob.blob_len = cpu_to_le32(ticket_blob_len);
if (ticket_blob_len) {
memcpy(msg_a->ticket_blob.blob, th->ticket_blob->vec.iov_base,
th->ticket_blob->vec.iov_len);
}
dout(" th %p secret_id %lld %lld\n", th, th->secret_id,
le64_to_cpu(msg_a->ticket_blob.secret_id));
get_random_bytes(&au->nonce, sizeof(au->nonce));
ret = encrypt_authorizer(au, NULL);
if (ret) {
pr_err("failed to encrypt authorizer: %d", ret);
goto out_au;
}
dout(" built authorizer nonce %llx len %d\n", au->nonce,
(int)au->buf->vec.iov_len);
return 0;
out_au:
ceph_x_authorizer_cleanup(au);
return ret;
}
static int ceph_x_encode_ticket(struct ceph_x_ticket_handler *th,
void **p, void *end)
{
ceph_decode_need(p, end, 1 + sizeof(u64), bad);
ceph_encode_8(p, 1);
ceph_encode_64(p, th->secret_id);
if (th->ticket_blob) {
const char *buf = th->ticket_blob->vec.iov_base;
u32 len = th->ticket_blob->vec.iov_len;
ceph_encode_32_safe(p, end, len, bad);
ceph_encode_copy_safe(p, end, buf, len, bad);
} else {
ceph_encode_32_safe(p, end, 0, bad);
}
return 0;
bad:
return -ERANGE;
}
static bool need_key(struct ceph_x_ticket_handler *th)
{
if (!th->have_key)
return true;
return ktime_get_real_seconds() >= th->renew_after;
}
static bool have_key(struct ceph_x_ticket_handler *th)
{
if (th->have_key && ktime_get_real_seconds() >= th->expires) {
dout("ticket %d (%s) secret_id %llu expired\n", th->service,
ceph_entity_type_name(th->service), th->secret_id);
th->have_key = false;
}
return th->have_key;
}
static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed)
{
int want = ac->want_keys;
struct ceph_x_info *xi = ac->private;
int service;
*pneed = ac->want_keys & ~(xi->have_keys);
for (service = 1; service <= want; service <<= 1) {
struct ceph_x_ticket_handler *th;
Annotation
- Immediate include surface: `linux/ceph/ceph_debug.h`, `linux/err.h`, `linux/module.h`, `linux/random.h`, `linux/slab.h`, `linux/ceph/decode.h`, `linux/ceph/auth.h`, `linux/ceph/ceph_features.h`.
- Detected declarations: `function ceph_x_is_authenticated`, `function ceph_x_should_authenticate`, `function __ceph_x_encrypt_offset`, `function ceph_x_encrypt_offset`, `function ceph_x_encrypt_buflen`, `function ceph_x_encrypt`, `function __ceph_x_decrypt`, `function ceph_x_decrypt`, `function existing`, `function remove_ticket_handler`.
- Atlas domain: Networking Core / Sockets, Protocols, Packet Path, And Network Policy.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.