1 #ifndef _FS_CEPH_AUTH_H
2 #define _FS_CEPH_AUTH_H
4 #include <linux/ceph/types.h>
5 #include <linux/ceph/buffer.h>
8 * Abstract interface for communicating with the authenticate module.
9 * There is some handshake that takes place between us and the monitor
10 * to acquire the necessary keys. These are used to generate an
11 * 'authorizer' that we use when connecting to a service (mds, osd).
14 struct ceph_auth_client;
17 struct ceph_authorizer {
18 void (*destroy)(struct ceph_authorizer *);
21 struct ceph_auth_handshake {
22 struct ceph_authorizer *authorizer;
24 size_t authorizer_buf_len;
25 void *authorizer_reply_buf;
26 size_t authorizer_reply_buf_len;
27 int (*sign_message)(struct ceph_auth_handshake *auth,
28 struct ceph_msg *msg);
29 int (*check_message_signature)(struct ceph_auth_handshake *auth,
30 struct ceph_msg *msg);
33 struct ceph_auth_client_ops {
37 * true if we are authenticated and can connect to
40 int (*is_authenticated)(struct ceph_auth_client *ac);
43 * true if we should (re)authenticate, e.g., when our tickets
44 * are getting old and crusty.
46 int (*should_authenticate)(struct ceph_auth_client *ac);
49 * build requests and process replies during monitor
50 * handshake. if handle_reply returns -EAGAIN, we build
53 int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
54 int (*handle_reply)(struct ceph_auth_client *ac, int result,
55 void *buf, void *end);
58 * Create authorizer for connecting to a service, and verify
59 * the response to authenticate the service.
61 int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,
62 struct ceph_auth_handshake *auth);
63 /* ensure that an existing authorizer is up to date */
64 int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type,
65 struct ceph_auth_handshake *auth);
66 int (*add_authorizer_challenge)(struct ceph_auth_client *ac,
67 struct ceph_authorizer *a,
69 int challenge_buf_len);
70 int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
71 struct ceph_authorizer *a);
72 void (*invalidate_authorizer)(struct ceph_auth_client *ac,
75 /* reset when we (re)connect to a monitor */
76 void (*reset)(struct ceph_auth_client *ac);
78 void (*destroy)(struct ceph_auth_client *ac);
80 int (*sign_message)(struct ceph_auth_handshake *auth,
81 struct ceph_msg *msg);
82 int (*check_message_signature)(struct ceph_auth_handshake *auth,
83 struct ceph_msg *msg);
86 struct ceph_auth_client {
87 u32 protocol; /* CEPH_AUTH_* */
88 void *private; /* for use by protocol implementation */
89 const struct ceph_auth_client_ops *ops; /* null iff protocol==0 */
91 bool negotiating; /* true if negotiating protocol */
92 const char *name; /* entity name */
93 u64 global_id; /* our unique id in system */
94 const struct ceph_crypto_key *key; /* our secret key */
95 unsigned want_keys; /* which services we want */
100 extern struct ceph_auth_client *ceph_auth_init(const char *name,
101 const struct ceph_crypto_key *key);
102 extern void ceph_auth_destroy(struct ceph_auth_client *ac);
104 extern void ceph_auth_reset(struct ceph_auth_client *ac);
106 extern int ceph_auth_build_hello(struct ceph_auth_client *ac,
107 void *buf, size_t len);
108 extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,
109 void *buf, size_t len,
110 void *reply_buf, size_t reply_len);
111 int ceph_auth_entity_name_encode(const char *name, void **p, void *end);
113 extern int ceph_build_auth(struct ceph_auth_client *ac,
114 void *msg_buf, size_t msg_len);
116 extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac);
117 extern int ceph_auth_create_authorizer(struct ceph_auth_client *ac,
119 struct ceph_auth_handshake *auth);
120 void ceph_auth_destroy_authorizer(struct ceph_authorizer *a);
121 extern int ceph_auth_update_authorizer(struct ceph_auth_client *ac,
123 struct ceph_auth_handshake *a);
124 int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac,
125 struct ceph_authorizer *a,
127 int challenge_buf_len);
128 extern int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
129 struct ceph_authorizer *a);
130 extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac,
133 static inline int ceph_auth_sign_message(struct ceph_auth_handshake *auth,
134 struct ceph_msg *msg)
136 if (auth->sign_message)
137 return auth->sign_message(auth, msg);
142 int ceph_auth_check_message_signature(struct ceph_auth_handshake *auth,
143 struct ceph_msg *msg)
145 if (auth->check_message_signature)
146 return auth->check_message_signature(auth, msg);