122 	struct ceph_x_ticket_handler *th;  in get_ticket_handler()  local
128 		th = rb_entry(parent, struct ceph_x_ticket_handler, node);  in get_ticket_handler()
129 		if (service < th->service)  in get_ticket_handler()
131 		else if (service > th->service)  in get_ticket_handler()
134 			return th;  in get_ticket_handler()
138 	th = kzalloc(sizeof(*th), GFP_NOFS);  in get_ticket_handler()
139 	if (!th)  in get_ticket_handler()
141 	th->service = service;  in get_ticket_handler()
142 	rb_link_node(&th->node, parent, p);  in get_ticket_handler()
143 	rb_insert_color(&th->node, &xi->ticket_handlers);  in get_ticket_handler()
144 	return th;  in get_ticket_handler()
148 				  struct ceph_x_ticket_handler *th)  in remove_ticket_handler()  argument
152 	dout("remove_ticket_handler %p %d\n", th, th->service);  in remove_ticket_handler()
153 	rb_erase(&th->node, &xi->ticket_handlers);  in remove_ticket_handler()
154 	ceph_crypto_key_destroy(&th->session_key);  in remove_ticket_handler()
155 	if (th->ticket_blob)  in remove_ticket_handler()
156 		ceph_buffer_put(th->ticket_blob);  in remove_ticket_handler()
157 	kfree(th);  in remove_ticket_handler()
167 	struct ceph_x_ticket_handler *th;  in process_one_ticket()  local
189 	th = get_ticket_handler(ac, type);  in process_one_ticket()
190 	if (IS_ERR(th)) {  in process_one_ticket()
191 		ret = PTR_ERR(th);  in process_one_ticket()
215 	new_renew_after = new_expires - (validity.tv_sec / 4);  in process_one_ticket()
224 		ret = ceph_x_decrypt(&th->session_key, p, end);  in process_one_ticket()
248 	ceph_crypto_key_destroy(&th->session_key);  in process_one_ticket()
249 	if (th->ticket_blob)  in process_one_ticket()
250 		ceph_buffer_put(th->ticket_blob);  in process_one_ticket()
251 	th->session_key = new_session_key;  in process_one_ticket()
252 	th->ticket_blob = new_ticket_blob;  in process_one_ticket()
253 	th->secret_id = new_secret_id;  in process_one_ticket()
254 	th->expires = new_expires;  in process_one_ticket()
255 	th->renew_after = new_renew_after;  in process_one_ticket()
256 	th->have_key = true;  in process_one_ticket()
258 	     type, ceph_entity_type_name(type), th->secret_id,  in process_one_ticket()
259 	     (int)th->ticket_blob->vec.iov_len);  in process_one_ticket()
260 	xi->have_keys |= th->service;  in process_one_ticket()
352 				   struct ceph_x_ticket_handler *th,  in ceph_x_build_authorizer()  argument
360 		(th->ticket_blob ? th->ticket_blob->vec.iov_len : 0);  in ceph_x_build_authorizer()
363 	     ceph_entity_type_name(th->service), au);  in ceph_x_build_authorizer()
366 	ret = ceph_crypto_key_clone(&au->session_key, &th->session_key);  in ceph_x_build_authorizer()
384 	au->service = th->service;  in ceph_x_build_authorizer()
385 	WARN_ON(!th->secret_id);  in ceph_x_build_authorizer()
386 	au->secret_id = th->secret_id;  in ceph_x_build_authorizer()
391 	msg_a->service_id = cpu_to_le32(th->service);  in ceph_x_build_authorizer()
393 	msg_a->ticket_blob.secret_id = cpu_to_le64(th->secret_id);  in ceph_x_build_authorizer()
396 		memcpy(msg_a->ticket_blob.blob, th->ticket_blob->vec.iov_base,  in ceph_x_build_authorizer()
397 		       th->ticket_blob->vec.iov_len);  in ceph_x_build_authorizer()
399 	dout(" th %p secret_id %lld %lld\n", th, th->secret_id,  in ceph_x_build_authorizer()
418 static int ceph_x_encode_ticket(struct ceph_x_ticket_handler *th,  in ceph_x_encode_ticket()  argument
423 	ceph_encode_64(p, th->secret_id);  in ceph_x_encode_ticket()
424 	if (th->ticket_blob) {  in ceph_x_encode_ticket()
425 		const char *buf = th->ticket_blob->vec.iov_base;  in ceph_x_encode_ticket()
426 		u32 len = th->ticket_blob->vec.iov_len;  in ceph_x_encode_ticket()
439 static bool need_key(struct ceph_x_ticket_handler *th)  in need_key()  argument
441 	if (!th->have_key)  in need_key()
444 	return ktime_get_real_seconds() >= th->renew_after;  in need_key()
447 static bool have_key(struct ceph_x_ticket_handler *th)  in have_key()  argument
449 	if (th->have_key && ktime_get_real_seconds() >= th->expires) {  in have_key()
450 		dout("ticket %d (%s) secret_id %llu expired\n", th->service,  in have_key()
451 		     ceph_entity_type_name(th->service), th->secret_id);  in have_key()
452 		th->have_key = false;  in have_key()
455 	return th->have_key;  in have_key()
467 		struct ceph_x_ticket_handler *th;  in ceph_x_validate_tickets()  local
475 		th = get_ticket_handler(ac, service);  in ceph_x_validate_tickets()
476 		if (IS_ERR(th)) {  in ceph_x_validate_tickets()
481 		if (need_key(th))  in ceph_x_validate_tickets()
483 		if (!have_key(th))  in ceph_x_validate_tickets()
496 	struct ceph_x_ticket_handler *th =  in ceph_x_build_request()  local
499 	if (IS_ERR(th))  in ceph_x_build_request()
500 		return PTR_ERR(th);  in ceph_x_build_request()
538 		ret = ceph_x_encode_ticket(th, &p, end);  in ceph_x_build_request()
551 		ret = ceph_x_build_authorizer(ac, th, &xi->auth_authorizer);  in ceph_x_build_request()
606 	struct ceph_x_ticket_handler *th;  in handle_auth_session_key()  local
623 	th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);  in handle_auth_session_key()
624 	if (IS_ERR(th))  in handle_auth_session_key()
625 		return PTR_ERR(th);  in handle_auth_session_key()
628 		memcpy(session_key, th->session_key.key, th->session_key.len);  in handle_auth_session_key()
629 		*session_key_len = th->session_key.len;  in handle_auth_session_key()
637 		ret = ceph_x_decrypt(&th->session_key, p, *p + len);  in handle_auth_session_key()
653 		ret = ceph_x_proc_ticket_reply(ac, &th->session_key,  in handle_auth_session_key()
671 	struct ceph_x_ticket_handler *th;  in ceph_x_handle_reply()  local
705 		th = get_ticket_handler(ac, CEPH_ENTITY_TYPE_AUTH);  in ceph_x_handle_reply()
706 		if (IS_ERR(th))  in ceph_x_handle_reply()
707 			return PTR_ERR(th);  in ceph_x_handle_reply()
710 		ret = ceph_x_proc_ticket_reply(ac, &th->session_key, &p, end);  in ceph_x_handle_reply()
739 	struct ceph_x_ticket_handler *th;  in ceph_x_create_authorizer()  local
742 	th = get_ticket_handler(ac, peer_type);  in ceph_x_create_authorizer()
743 	if (IS_ERR(th))  in ceph_x_create_authorizer()
744 		return PTR_ERR(th);  in ceph_x_create_authorizer()
752 	ret = ceph_x_build_authorizer(ac, th, au);  in ceph_x_create_authorizer()
774 	struct ceph_x_ticket_handler *th;  in ceph_x_update_authorizer()  local
776 	th = get_ticket_handler(ac, peer_type);  in ceph_x_update_authorizer()
777 	if (IS_ERR(th))  in ceph_x_update_authorizer()
778 		return PTR_ERR(th);  in ceph_x_update_authorizer()
781 	if (au->secret_id < th->secret_id) {  in ceph_x_update_authorizer()
783 		     au->service, au->secret_id, th->secret_id);  in ceph_x_update_authorizer()
784 		return ceph_x_build_authorizer(ac, th, au);  in ceph_x_update_authorizer()
922 		struct ceph_x_ticket_handler *th =  in ceph_x_destroy()  local
924 		remove_ticket_handler(ac, th);  in ceph_x_destroy()
935 	struct ceph_x_ticket_handler *th;  in invalidate_ticket()  local
937 	th = get_ticket_handler(ac, peer_type);  in invalidate_ticket()
938 	if (IS_ERR(th))  in invalidate_ticket()
941 	if (th->have_key) {  in invalidate_ticket()
943 		     th->service, ceph_entity_type_name(th->service),  in invalidate_ticket()
944 		     th->secret_id);  in invalidate_ticket()
945 		th->have_key = false;  in invalidate_ticket()
977 		sigblock->len = cpu_to_le32(4*sizeof(u32));  in calc_signature()