xref: /linux-6.15/include/linux/ceph/auth.h (revision 8fdff1dc) 
1 #ifndef _FS_CEPH_AUTH_H
2 #define _FS_CEPH_AUTH_H
3 
4 #include <linux/ceph/types.h>
5 #include <linux/ceph/buffer.h>
6 
7 /*
8  * Abstract interface for communicating with the authenticate module.
9  * There is some handshake that takes place between us and the monitor
10  * to acquire the necessary keys.  These are used to generate an
11  * 'authorizer' that we use when connecting to a service (mds, osd).
12  */
13 
14 struct ceph_auth_client;
15 struct ceph_authorizer;
16 
17 struct ceph_auth_handshake {
18 	struct ceph_authorizer *authorizer;
19 	void *authorizer_buf;
20 	size_t authorizer_buf_len;
21 	void *authorizer_reply_buf;
22 	size_t authorizer_reply_buf_len;
23 };
24 
25 struct ceph_auth_client_ops {
26 	const char *name;
27 
28 	/*
29 	 * true if we are authenticated and can connect to
30 	 * services.
31 	 */
32 	int (*is_authenticated)(struct ceph_auth_client *ac);
33 
34 	/*
35 	 * true if we should (re)authenticate, e.g., when our tickets
36 	 * are getting old and crusty.
37 	 */
38 	int (*should_authenticate)(struct ceph_auth_client *ac);
39 
40 	/*
41 	 * build requests and process replies during monitor
42 	 * handshake.  if handle_reply returns -EAGAIN, we build
43 	 * another request.
44 	 */
45 	int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
46 	int (*handle_reply)(struct ceph_auth_client *ac, int result,
47 			    void *buf, void *end);
48 
49 	/*
50 	 * Create authorizer for connecting to a service, and verify
51 	 * the response to authenticate the service.
52 	 */
53 	int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,
54 				 struct ceph_auth_handshake *auth);
55 	int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
56 				       struct ceph_authorizer *a, size_t len);
57 	void (*destroy_authorizer)(struct ceph_auth_client *ac,
58 				   struct ceph_authorizer *a);
59 	void (*invalidate_authorizer)(struct ceph_auth_client *ac,
60 				      int peer_type);
61 
62 	/* reset when we (re)connect to a monitor */
63 	void (*reset)(struct ceph_auth_client *ac);
64 
65 	void (*destroy)(struct ceph_auth_client *ac);
66 };
67 
68 struct ceph_auth_client {
69 	u32 protocol;           /* CEPH_AUTH_* */
70 	void *private;          /* for use by protocol implementation */
71 	const struct ceph_auth_client_ops *ops;  /* null iff protocol==0 */
72 
73 	bool negotiating;       /* true if negotiating protocol */
74 	const char *name;       /* entity name */
75 	u64 global_id;          /* our unique id in system */
76 	const struct ceph_crypto_key *key;     /* our secret key */
77 	unsigned want_keys;     /* which services we want */
78 };
79 
80 extern struct ceph_auth_client *ceph_auth_init(const char *name,
81 					       const struct ceph_crypto_key *key);
82 extern void ceph_auth_destroy(struct ceph_auth_client *ac);
83 
84 extern void ceph_auth_reset(struct ceph_auth_client *ac);
85 
86 extern int ceph_auth_build_hello(struct ceph_auth_client *ac,
87 				 void *buf, size_t len);
88 extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,
89 				  void *buf, size_t len,
90 				  void *reply_buf, size_t reply_len);
91 extern int ceph_entity_name_encode(const char *name, void **p, void *end);
92 
93 extern int ceph_build_auth(struct ceph_auth_client *ac,
94 		    void *msg_buf, size_t msg_len);
95 
96 extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac);
97 
98 #endif
99