linux/include/linux/ceph/auth.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0 */
   2#ifndef _FS_CEPH_AUTH_H
   3#define _FS_CEPH_AUTH_H
   4
   5#include <linux/ceph/types.h>
   6#include <linux/ceph/buffer.h>
   7
   8/*
   9 * Abstract interface for communicating with the authenticate module.
  10 * There is some handshake that takes place between us and the monitor
  11 * to acquire the necessary keys.  These are used to generate an
  12 * 'authorizer' that we use when connecting to a service (mds, osd).
  13 */
  14
  15struct ceph_auth_client;
  16struct ceph_msg;
  17
  18struct ceph_authorizer {
  19        void (*destroy)(struct ceph_authorizer *);
  20};
  21
  22struct ceph_auth_handshake {
  23        struct ceph_authorizer *authorizer;
  24        void *authorizer_buf;
  25        size_t authorizer_buf_len;
  26        void *authorizer_reply_buf;
  27        size_t authorizer_reply_buf_len;
  28        int (*sign_message)(struct ceph_auth_handshake *auth,
  29                            struct ceph_msg *msg);
  30        int (*check_message_signature)(struct ceph_auth_handshake *auth,
  31                                       struct ceph_msg *msg);
  32};
  33
  34struct ceph_auth_client_ops {
  35        /*
  36         * true if we are authenticated and can connect to
  37         * services.
  38         */
  39        int (*is_authenticated)(struct ceph_auth_client *ac);
  40
  41        /*
  42         * true if we should (re)authenticate, e.g., when our tickets
  43         * are getting old and crusty.
  44         */
  45        int (*should_authenticate)(struct ceph_auth_client *ac);
  46
  47        /*
  48         * build requests and process replies during monitor
  49         * handshake.  if handle_reply returns -EAGAIN, we build
  50         * another request.
  51         */
  52        int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
  53        int (*handle_reply)(struct ceph_auth_client *ac, u64 global_id,
  54                            void *buf, void *end, u8 *session_key,
  55                            int *session_key_len, u8 *con_secret,
  56                            int *con_secret_len);
  57
  58        /*
  59         * Create authorizer for connecting to a service, and verify
  60         * the response to authenticate the service.
  61         */
  62        int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,
  63                                 struct ceph_auth_handshake *auth);
  64        /* ensure that an existing authorizer is up to date */
  65        int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type,
  66                                 struct ceph_auth_handshake *auth);
  67        int (*add_authorizer_challenge)(struct ceph_auth_client *ac,
  68                                        struct ceph_authorizer *a,
  69                                        void *challenge_buf,
  70                                        int challenge_buf_len);
  71        int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
  72                                       struct ceph_authorizer *a,
  73                                       void *reply, int reply_len,
  74                                       u8 *session_key, int *session_key_len,
  75                                       u8 *con_secret, int *con_secret_len);
  76        void (*invalidate_authorizer)(struct ceph_auth_client *ac,
  77                                      int peer_type);
  78
  79        /* reset when we (re)connect to a monitor */
  80        void (*reset)(struct ceph_auth_client *ac);
  81
  82        void (*destroy)(struct ceph_auth_client *ac);
  83
  84        int (*sign_message)(struct ceph_auth_handshake *auth,
  85                            struct ceph_msg *msg);
  86        int (*check_message_signature)(struct ceph_auth_handshake *auth,
  87                                       struct ceph_msg *msg);
  88};
  89
  90struct ceph_auth_client {
  91        u32 protocol;           /* CEPH_AUTH_* */
  92        void *private;          /* for use by protocol implementation */
  93        const struct ceph_auth_client_ops *ops;  /* null iff protocol==0 */
  94
  95        bool negotiating;       /* true if negotiating protocol */
  96        const char *name;       /* entity name */
  97        u64 global_id;          /* our unique id in system */
  98        const struct ceph_crypto_key *key;     /* our secret key */
  99        unsigned want_keys;     /* which services we want */
 100
 101        int preferred_mode;     /* CEPH_CON_MODE_* */
 102        int fallback_mode;      /* ditto */
 103
 104        struct mutex mutex;
 105};
 106
 107void ceph_auth_set_global_id(struct ceph_auth_client *ac, u64 global_id);
 108
 109struct ceph_auth_client *ceph_auth_init(const char *name,
 110                                        const struct ceph_crypto_key *key,
 111                                        const int *con_modes);
 112extern void ceph_auth_destroy(struct ceph_auth_client *ac);
 113
 114extern void ceph_auth_reset(struct ceph_auth_client *ac);
 115
 116extern int ceph_auth_build_hello(struct ceph_auth_client *ac,
 117                                 void *buf, size_t len);
 118extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,
 119                                  void *buf, size_t len,
 120                                  void *reply_buf, size_t reply_len);
 121int ceph_auth_entity_name_encode(const char *name, void **p, void *end);
 122
 123extern int ceph_build_auth(struct ceph_auth_client *ac,
 124                    void *msg_buf, size_t msg_len);
 125extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac);
 126
 127int __ceph_auth_get_authorizer(struct ceph_auth_client *ac,
 128                               struct ceph_auth_handshake *auth,
 129                               int peer_type, bool force_new,
 130                               int *proto, int *pref_mode, int *fallb_mode);
 131void ceph_auth_destroy_authorizer(struct ceph_authorizer *a);
 132int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac,
 133                                       struct ceph_authorizer *a,
 134                                       void *challenge_buf,
 135                                       int challenge_buf_len);
 136int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
 137                                      struct ceph_authorizer *a,
 138                                      void *reply, int reply_len,
 139                                      u8 *session_key, int *session_key_len,
 140                                      u8 *con_secret, int *con_secret_len);
 141extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac,
 142                                            int peer_type);
 143
 144static inline int ceph_auth_sign_message(struct ceph_auth_handshake *auth,
 145                                         struct ceph_msg *msg)
 146{
 147        if (auth->sign_message)
 148                return auth->sign_message(auth, msg);
 149        return 0;
 150}
 151
 152static inline
 153int ceph_auth_check_message_signature(struct ceph_auth_handshake *auth,
 154                                      struct ceph_msg *msg)
 155{
 156        if (auth->check_message_signature)
 157                return auth->check_message_signature(auth, msg);
 158        return 0;
 159}
 160
 161int ceph_auth_get_request(struct ceph_auth_client *ac, void *buf, int buf_len);
 162int ceph_auth_handle_reply_more(struct ceph_auth_client *ac, void *reply,
 163                                int reply_len, void *buf, int buf_len);
 164int ceph_auth_handle_reply_done(struct ceph_auth_client *ac,
 165                                u64 global_id, void *reply, int reply_len,
 166                                u8 *session_key, int *session_key_len,
 167                                u8 *con_secret, int *con_secret_len);
 168bool ceph_auth_handle_bad_method(struct ceph_auth_client *ac,
 169                                 int used_proto, int result,
 170                                 const int *allowed_protos, int proto_cnt,
 171                                 const int *allowed_modes, int mode_cnt);
 172
 173int ceph_auth_get_authorizer(struct ceph_auth_client *ac,
 174                             struct ceph_auth_handshake *auth,
 175                             int peer_type, void *buf, int *buf_len);
 176int ceph_auth_handle_svc_reply_more(struct ceph_auth_client *ac,
 177                                    struct ceph_auth_handshake *auth,
 178                                    void *reply, int reply_len,
 179                                    void *buf, int *buf_len);
 180int ceph_auth_handle_svc_reply_done(struct ceph_auth_client *ac,
 181                                    struct ceph_auth_handshake *auth,
 182                                    void *reply, int reply_len,
 183                                    u8 *session_key, int *session_key_len,
 184                                    u8 *con_secret, int *con_secret_len);
 185bool ceph_auth_handle_bad_authorizer(struct ceph_auth_client *ac,
 186                                     int peer_type, int used_proto, int result,
 187                                     const int *allowed_protos, int proto_cnt,
 188                                     const int *allowed_modes, int mode_cnt);
 189
 190#endif
 191
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.