153 	struct ceph_x_ticket_handler *th;  in get_ticket_handler()  local
159 		th = rb_entry(parent, struct ceph_x_ticket_handler, node);  in get_ticket_handler()
160 		if (service < th->service)  in get_ticket_handler()
162 		else if (service > th->service)  in get_ticket_handler()
165 			return th;  in get_ticket_handler()
169 	th = kzalloc_obj(*th, GFP_NOFS);  in get_ticket_handler()
170 	if (!th)  in get_ticket_handler()
172 	th->service = service;  in get_ticket_handler()
173 	rb_link_node(&th->node, parent, p);  in get_ticket_handler()
174 	rb_insert_color(&th->node, &xi->ticket_handlers);  in get_ticket_handler()
175 	return th;  in get_ticket_handler()
179 				  struct ceph_x_ticket_handler *th)  in remove_ticket_handler()  argument
183 	dout("remove_ticket_handler %p %d\n", th, th->service);  in remove_ticket_handler()
184 	rb_erase(&th->node, &xi->ticket_handlers);  in remove_ticket_handler()
185 	ceph_crypto_key_destroy(&th->session_key);  in remove_ticket_handler()
186 	if (th->ticket_blob)  in remove_ticket_handler()
187 		ceph_buffer_put(th->ticket_blob);  in remove_ticket_handler()
188 	kfree(th);  in remove_ticket_handler()
198 	struct ceph_x_ticket_handler *th;  in process_one_ticket()  local
220 	th = get_ticket_handler(ac, type);  in process_one_ticket()
221 	if (IS_ERR(th)) {  in process_one_ticket()
222 		ret = PTR_ERR(th);  in process_one_ticket()
261 		tp = *p + ceph_x_encrypt_offset(&th->session_key);  in process_one_ticket()
262 		ret = ceph_x_decrypt(&th->session_key,  in process_one_ticket()
288 	ceph_crypto_key_destroy(&th->session_key);  in process_one_ticket()
289 	if (th->ticket_blob)  in process_one_ticket()
290 		ceph_buffer_put(th->ticket_blob);  in process_one_ticket()
291 	th->session_key = new_session_key;  in process_one_ticket()
292 	th->ticket_blob = new_ticket_blob;  in process_one_ticket()
293 	th->secret_id = new_secret_id;  in process_one_ticket()
294 	th->expires = new_expires;  in process_one_ticket()
295 	th->renew_after = new_renew_after;  in process_one_ticket()
296 	th->have_key = true;  in process_one_ticket()
298 	     type, ceph_entity_type_name(type), th->secret_id,  in process_one_ticket()
299 	     (int)th->ticket_blob->vec.iov_len);  in process_one_ticket()
300 	xi->have_keys |= th->service;  in process_one_ticket()
394 				   struct ceph_x_ticket_handler *th,  in ceph_x_build_authorizer()  argument
402 		(th->ticket_blob ? th->ticket_blob->vec.iov_len : 0);  in ceph_x_build_authorizer()
405 	     ceph_entity_type_name(th->service), au);  in ceph_x_build_authorizer()
408 	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);  in ceph_x_build_authorizer()
431 	au->service = th->service;  in ceph_x_build_authorizer()
432 	WARN_ON(!th->secret_id);  in ceph_x_build_authorizer()
433 	au->secret_id = th->secret_id;  in ceph_x_build_authorizer()
438 	msg_a->service_id = cpu_to_le32(th->service);  in ceph_x_build_authorizer()
440 	msg_a->ticket_blob.secret_id = cpu_to_le64(th->secret_id);  in ceph_x_build_authorizer()
443 		memcpy(msg_a->ticket_blob.blob, th->ticket_blob->vec.iov_base,  in ceph_x_build_authorizer()
444 		       th->ticket_blob->vec.iov_len);  in ceph_x_build_authorizer()
446 	dout(" th %p secret_id %lld %lld\n", th, th->secret_id,  in ceph_x_build_authorizer()
465 static int ceph_x_encode_ticket(struct ceph_x_ticket_handler *th,  in ceph_x_encode_ticket()  argument
470 	ceph_encode_64(p, th->secret_id);  in ceph_x_encode_ticket()
471 	if (th->ticket_blob) {  in ceph_x_encode_ticket()
472 		const char *buf = th->ticket_blob->vec.iov_base;  in ceph_x_encode_ticket()
473 		u32 len = th->ticket_blob->vec.iov_len;  in ceph_x_encode_ticket()
486 static bool need_key(struct ceph_x_ticket_handler *th)  in need_key()  argument
488 	if (!th->have_key)  in need_key()
491 	return ktime_get_real_seconds() >= th->renew_after;  in need_key()
494 static bool have_key(struct ceph_x_ticket_handler *th)  in have_key()  argument
496 	if (th->have_key && ktime_get_real_seconds() >= th->expires) {  in have_key()
497 		dout("ticket %d (%s) secret_id %llu expired\n", th->service,  in have_key()
498 		     ceph_entity_type_name(th->service), th->secret_id);  in have_key()
499 		th->have_key = false;  in have_key()
502 	return th->have_key;  in have_key()
514 		struct ceph_x_ticket_handler *th;  in ceph_x_validate_tickets()  local
522 		th = get_ticket_handler(ac, service);  in ceph_x_validate_tickets()
523 		if (IS_ERR(th)) {  in ceph_x_validate_tickets()
528 		if (need_key(th))  in ceph_x_validate_tickets()
530 		if (!have_key(th))  in ceph_x_validate_tickets()
543 	struct ceph_x_ticket_handler *th =  in ceph_x_build_request()  local
546 	if (IS_ERR(th))  in ceph_x_build_request()
547 		return PTR_ERR(th);  in ceph_x_build_request()
599 		ret = ceph_x_encode_ticket(th, &p, end);  in ceph_x_build_request()
612 		ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer);  in ceph_x_build_request()
667 	struct ceph_x_ticket_handler *th;  in handle_auth_session_key()  local
684 	th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);  in handle_auth_session_key()
685 	if (IS_ERR(th))  in handle_auth_session_key()
686 		return PTR_ERR(th);  in handle_auth_session_key()
689 		memcpy(session_key, th->session_key.key, th->session_key.len);  in handle_auth_session_key()
690 		*session_key_len = th->session_key.len;  in handle_auth_session_key()
698 		dp = *p + ceph_x_encrypt_offset(&th->session_key);  in handle_auth_session_key()
699 		ret = ceph_x_decrypt(&th->session_key,  in handle_auth_session_key()
718 		ret = ceph_x_proc_ticket_reply(ac, &th->session_key,  in handle_auth_session_key()
736 	struct ceph_x_ticket_handler *th;  in ceph_x_handle_reply()  local
770 		th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);  in ceph_x_handle_reply()
771 		if (IS_ERR(th))  in ceph_x_handle_reply()
772 			return PTR_ERR(th);  in ceph_x_handle_reply()
775 		ret = ceph_x_proc_ticket_reply(ac, &th->session_key, &p, end);  in ceph_x_handle_reply()
804 	struct ceph_x_ticket_handler *th;  in ceph_x_create_authorizer()  local
807 	th = get_ticket_handler(ac, peer_type);  in ceph_x_create_authorizer()
808 	if (IS_ERR(th))  in ceph_x_create_authorizer()
809 		return PTR_ERR(th);  in ceph_x_create_authorizer()
817 	ret = ceph_x_build_authorizer(ac, th, au);  in ceph_x_create_authorizer()
839 	struct ceph_x_ticket_handler *th;  in ceph_x_update_authorizer()  local
841 	th = get_ticket_handler(ac, peer_type);  in ceph_x_update_authorizer()
842 	if (IS_ERR(th))  in ceph_x_update_authorizer()
843 		return PTR_ERR(th);  in ceph_x_update_authorizer()
846 	if (au->secret_id < th->secret_id) {  in ceph_x_update_authorizer()
848 		     au->service, au->secret_id, th->secret_id);  in ceph_x_update_authorizer()
849 		return ceph_x_build_authorizer(ac, th, au);  in ceph_x_update_authorizer()
990 		struct ceph_x_ticket_handler *th =  in ceph_x_destroy()  local
992 		remove_ticket_handler(ac, th);  in ceph_x_destroy()
1003 	struct ceph_x_ticket_handler *th;  in invalidate_ticket()  local
1005 	th = get_ticket_handler(ac, peer_type);  in invalidate_ticket()
1006 	if (IS_ERR(th))  in invalidate_ticket()
1009 	if (th->have_key) {  in invalidate_ticket()
1011 		     th->service, ceph_entity_type_name(th->service),  in invalidate_ticket()
1012 		     th->secret_id);  in invalidate_ticket()
1013 		th->have_key = false;  in invalidate_ticket()