1
2#ifndef _FS_CEPH_AUTH_H
3#define _FS_CEPH_AUTH_H
4
5#include <linux/ceph/types.h>
6#include <linux/ceph/buffer.h>
7
8
9
10
11
12
13
14
15struct ceph_auth_client;
16struct ceph_msg;
17
18struct ceph_authorizer {
19 void (*destroy)(struct ceph_authorizer *);
20};
21
22struct ceph_auth_handshake {
23 struct ceph_authorizer *authorizer;
24 void *authorizer_buf;
25 size_t authorizer_buf_len;
26 void *authorizer_reply_buf;
27 size_t authorizer_reply_buf_len;
28 int (*sign_message)(struct ceph_auth_handshake *auth,
29 struct ceph_msg *msg);
30 int (*check_message_signature)(struct ceph_auth_handshake *auth,
31 struct ceph_msg *msg);
32};
33
34struct ceph_auth_client_ops {
35
36
37
38
39 int (*is_authenticated)(struct ceph_auth_client *ac);
40
41
42
43
44
45 int (*should_authenticate)(struct ceph_auth_client *ac);
46
47
48
49
50
51
52 int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
53 int (*handle_reply)(struct ceph_auth_client *ac, int result,
54 void *buf, void *end, u8 *session_key,
55 int *session_key_len, u8 *con_secret,
56 int *con_secret_len);
57
58
59
60
61
62 int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,
63 struct ceph_auth_handshake *auth);
64
65 int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type,
66 struct ceph_auth_handshake *auth);
67 int (*add_authorizer_challenge)(struct ceph_auth_client *ac,
68 struct ceph_authorizer *a,
69 void *challenge_buf,
70 int challenge_buf_len);
71 int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
72 struct ceph_authorizer *a,
73 void *reply, int reply_len,
74 u8 *session_key, int *session_key_len,
75 u8 *con_secret, int *con_secret_len);
76 void (*invalidate_authorizer)(struct ceph_auth_client *ac,
77 int peer_type);
78
79
80 void (*reset)(struct ceph_auth_client *ac);
81
82 void (*destroy)(struct ceph_auth_client *ac);
83
84 int (*sign_message)(struct ceph_auth_handshake *auth,
85 struct ceph_msg *msg);
86 int (*check_message_signature)(struct ceph_auth_handshake *auth,
87 struct ceph_msg *msg);
88};
89
90struct ceph_auth_client {
91 u32 protocol;
92 void *private;
93 const struct ceph_auth_client_ops *ops;
94
95 bool negotiating;
96 const char *name;
97 u64 global_id;
98 const struct ceph_crypto_key *key;
99 unsigned want_keys;
100
101 int preferred_mode;
102 int fallback_mode;
103
104 struct mutex mutex;
105};
106
107struct ceph_auth_client *ceph_auth_init(const char *name,
108 const struct ceph_crypto_key *key,
109 const int *con_modes);
110extern void ceph_auth_destroy(struct ceph_auth_client *ac);
111
112extern void ceph_auth_reset(struct ceph_auth_client *ac);
113
114extern int ceph_auth_build_hello(struct ceph_auth_client *ac,
115 void *buf, size_t len);
116extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,
117 void *buf, size_t len,
118 void *reply_buf, size_t reply_len);
119int ceph_auth_entity_name_encode(const char *name, void **p, void *end);
120
121extern int ceph_build_auth(struct ceph_auth_client *ac,
122 void *msg_buf, size_t msg_len);
123extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac);
124
125int __ceph_auth_get_authorizer(struct ceph_auth_client *ac,
126 struct ceph_auth_handshake *auth,
127 int peer_type, bool force_new,
128 int *proto, int *pref_mode, int *fallb_mode);
129void ceph_auth_destroy_authorizer(struct ceph_authorizer *a);
130int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac,
131 struct ceph_authorizer *a,
132 void *challenge_buf,
133 int challenge_buf_len);
134int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
135 struct ceph_authorizer *a,
136 void *reply, int reply_len,
137 u8 *session_key, int *session_key_len,
138 u8 *con_secret, int *con_secret_len);
139extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac,
140 int peer_type);
141
142static inline int ceph_auth_sign_message(struct ceph_auth_handshake *auth,
143 struct ceph_msg *msg)
144{
145 if (auth->sign_message)
146 return auth->sign_message(auth, msg);
147 return 0;
148}
149
150static inline
151int ceph_auth_check_message_signature(struct ceph_auth_handshake *auth,
152 struct ceph_msg *msg)
153{
154 if (auth->check_message_signature)
155 return auth->check_message_signature(auth, msg);
156 return 0;
157}
158
159int ceph_auth_get_request(struct ceph_auth_client *ac, void *buf, int buf_len);
160int ceph_auth_handle_reply_more(struct ceph_auth_client *ac, void *reply,
161 int reply_len, void *buf, int buf_len);
162int ceph_auth_handle_reply_done(struct ceph_auth_client *ac,
163 u64 global_id, void *reply, int reply_len,
164 u8 *session_key, int *session_key_len,
165 u8 *con_secret, int *con_secret_len);
166bool ceph_auth_handle_bad_method(struct ceph_auth_client *ac,
167 int used_proto, int result,
168 const int *allowed_protos, int proto_cnt,
169 const int *allowed_modes, int mode_cnt);
170
171int ceph_auth_get_authorizer(struct ceph_auth_client *ac,
172 struct ceph_auth_handshake *auth,
173 int peer_type, void *buf, int *buf_len);
174int ceph_auth_handle_svc_reply_more(struct ceph_auth_client *ac,
175 struct ceph_auth_handshake *auth,
176 void *reply, int reply_len,
177 void *buf, int *buf_len);
178int ceph_auth_handle_svc_reply_done(struct ceph_auth_client *ac,
179 struct ceph_auth_handshake *auth,
180 void *reply, int reply_len,
181 u8 *session_key, int *session_key_len,
182 u8 *con_secret, int *con_secret_len);
183bool ceph_auth_handle_bad_authorizer(struct ceph_auth_client *ac,
184 int peer_type, int used_proto, int result,
185 const int *allowed_protos, int proto_cnt,
186 const int *allowed_modes, int mode_cnt);
187
188#endif
189