include/linux/ceph/auth.h at v4.11 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / linux / ceph / auth.h
at v4.11 4.6 kB view raw
  1#ifndef _FS_CEPH_AUTH_H
  2#define _FS_CEPH_AUTH_H
  3
  4#include <linux/ceph/types.h>
  5#include <linux/ceph/buffer.h>
  6
  7/*
  8 * Abstract interface for communicating with the authenticate module.
  9 * There is some handshake that takes place between us and the monitor
 10 * to acquire the necessary keys.  These are used to generate an
 11 * 'authorizer' that we use when connecting to a service (mds, osd).
 12 */
 13
 14struct ceph_auth_client;
 15struct ceph_msg;
 16
 17struct ceph_authorizer {
 18	void (*destroy)(struct ceph_authorizer *);
 19};
 20
 21struct ceph_auth_handshake {
 22	struct ceph_authorizer *authorizer;
 23	void *authorizer_buf;
 24	size_t authorizer_buf_len;
 25	void *authorizer_reply_buf;
 26	size_t authorizer_reply_buf_len;
 27	int (*sign_message)(struct ceph_auth_handshake *auth,
 28			    struct ceph_msg *msg);
 29	int (*check_message_signature)(struct ceph_auth_handshake *auth,
 30				       struct ceph_msg *msg);
 31};
 32
 33struct ceph_auth_client_ops {
 34	const char *name;
 35
 36	/*
 37	 * true if we are authenticated and can connect to
 38	 * services.
 39	 */
 40	int (*is_authenticated)(struct ceph_auth_client *ac);
 41
 42	/*
 43	 * true if we should (re)authenticate, e.g., when our tickets
 44	 * are getting old and crusty.
 45	 */
 46	int (*should_authenticate)(struct ceph_auth_client *ac);
 47
 48	/*
 49	 * build requests and process replies during monitor
 50	 * handshake.  if handle_reply returns -EAGAIN, we build
 51	 * another request.
 52	 */
 53	int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
 54	int (*handle_reply)(struct ceph_auth_client *ac, int result,
 55			    void *buf, void *end);
 56
 57	/*
 58	 * Create authorizer for connecting to a service, and verify
 59	 * the response to authenticate the service.
 60	 */
 61	int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,
 62				 struct ceph_auth_handshake *auth);
 63	/* ensure that an existing authorizer is up to date */
 64	int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type,
 65				 struct ceph_auth_handshake *auth);
 66	int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
 67				       struct ceph_authorizer *a);
 68	void (*invalidate_authorizer)(struct ceph_auth_client *ac,
 69				      int peer_type);
 70
 71	/* reset when we (re)connect to a monitor */
 72	void (*reset)(struct ceph_auth_client *ac);
 73
 74	void (*destroy)(struct ceph_auth_client *ac);
 75
 76	int (*sign_message)(struct ceph_auth_handshake *auth,
 77			    struct ceph_msg *msg);
 78	int (*check_message_signature)(struct ceph_auth_handshake *auth,
 79				       struct ceph_msg *msg);
 80};
 81
 82struct ceph_auth_client {
 83	u32 protocol;           /* CEPH_AUTH_* */
 84	void *private;          /* for use by protocol implementation */
 85	const struct ceph_auth_client_ops *ops;  /* null iff protocol==0 */
 86
 87	bool negotiating;       /* true if negotiating protocol */
 88	const char *name;       /* entity name */
 89	u64 global_id;          /* our unique id in system */
 90	const struct ceph_crypto_key *key;     /* our secret key */
 91	unsigned want_keys;     /* which services we want */
 92
 93	struct mutex mutex;
 94};
 95
 96extern struct ceph_auth_client *ceph_auth_init(const char *name,
 97					       const struct ceph_crypto_key *key);
 98extern void ceph_auth_destroy(struct ceph_auth_client *ac);
 99
100extern void ceph_auth_reset(struct ceph_auth_client *ac);
101
102extern int ceph_auth_build_hello(struct ceph_auth_client *ac,
103				 void *buf, size_t len);
104extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,
105				  void *buf, size_t len,
106				  void *reply_buf, size_t reply_len);
107int ceph_auth_entity_name_encode(const char *name, void **p, void *end);
108
109extern int ceph_build_auth(struct ceph_auth_client *ac,
110		    void *msg_buf, size_t msg_len);
111
112extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac);
113extern int ceph_auth_create_authorizer(struct ceph_auth_client *ac,
114				       int peer_type,
115				       struct ceph_auth_handshake *auth);
116void ceph_auth_destroy_authorizer(struct ceph_authorizer *a);
117extern int ceph_auth_update_authorizer(struct ceph_auth_client *ac,
118				       int peer_type,
119				       struct ceph_auth_handshake *a);
120extern int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
121					     struct ceph_authorizer *a);
122extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac,
123					    int peer_type);
124
125static inline int ceph_auth_sign_message(struct ceph_auth_handshake *auth,
126					 struct ceph_msg *msg)
127{
128	if (auth->sign_message)
129		return auth->sign_message(auth, msg);
130	return 0;
131}
132
133static inline
134int ceph_auth_check_message_signature(struct ceph_auth_handshake *auth,
135				      struct ceph_msg *msg)
136{
137	if (auth->check_message_signature)
138		return auth->check_message_signature(auth, msg);
139	return 0;
140}
141#endif