xref: /linux-6.15/include/linux/ceph/auth.h (revision aff985fd) 
1 #ifndef _FS_CEPH_AUTH_H
2 #define _FS_CEPH_AUTH_H
3 
4 #include <linux/ceph/types.h>
5 #include <linux/ceph/buffer.h>
6 
7 /*
8  * Abstract interface for communicating with the authenticate module.
9  * There is some handshake that takes place between us and the monitor
10  * to acquire the necessary keys.  These are used to generate an
11  * 'authorizer' that we use when connecting to a service (mds, osd).
12  */
13 
14 struct ceph_auth_client;
15 struct ceph_msg;
16 
17 struct ceph_authorizer {
18 	void (*destroy)(struct ceph_authorizer *);
19 };
20 
21 struct ceph_auth_handshake {
22 	struct ceph_authorizer *authorizer;
23 	void *authorizer_buf;
24 	size_t authorizer_buf_len;
25 	void *authorizer_reply_buf;
26 	size_t authorizer_reply_buf_len;
27 	int (*sign_message)(struct ceph_auth_handshake *auth,
28 			    struct ceph_msg *msg);
29 	int (*check_message_signature)(struct ceph_auth_handshake *auth,
30 				       struct ceph_msg *msg);
31 };
32 
33 struct ceph_auth_client_ops {
34 	const char *name;
35 
36 	/*
37 	 * true if we are authenticated and can connect to
38 	 * services.
39 	 */
40 	int (*is_authenticated)(struct ceph_auth_client *ac);
41 
42 	/*
43 	 * true if we should (re)authenticate, e.g., when our tickets
44 	 * are getting old and crusty.
45 	 */
46 	int (*should_authenticate)(struct ceph_auth_client *ac);
47 
48 	/*
49 	 * build requests and process replies during monitor
50 	 * handshake.  if handle_reply returns -EAGAIN, we build
51 	 * another request.
52 	 */
53 	int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end);
54 	int (*handle_reply)(struct ceph_auth_client *ac, int result,
55 			    void *buf, void *end);
56 
57 	/*
58 	 * Create authorizer for connecting to a service, and verify
59 	 * the response to authenticate the service.
60 	 */
61 	int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type,
62 				 struct ceph_auth_handshake *auth);
63 	/* ensure that an existing authorizer is up to date */
64 	int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type,
65 				 struct ceph_auth_handshake *auth);
66 	int (*verify_authorizer_reply)(struct ceph_auth_client *ac,
67 				       struct ceph_authorizer *a);
68 	void (*invalidate_authorizer)(struct ceph_auth_client *ac,
69 				      int peer_type);
70 
71 	/* reset when we (re)connect to a monitor */
72 	void (*reset)(struct ceph_auth_client *ac);
73 
74 	void (*destroy)(struct ceph_auth_client *ac);
75 
76 	int (*sign_message)(struct ceph_auth_handshake *auth,
77 			    struct ceph_msg *msg);
78 	int (*check_message_signature)(struct ceph_auth_handshake *auth,
79 				       struct ceph_msg *msg);
80 };
81 
82 struct ceph_auth_client {
83 	u32 protocol;           /* CEPH_AUTH_* */
84 	void *private;          /* for use by protocol implementation */
85 	const struct ceph_auth_client_ops *ops;  /* null iff protocol==0 */
86 
87 	bool negotiating;       /* true if negotiating protocol */
88 	const char *name;       /* entity name */
89 	u64 global_id;          /* our unique id in system */
90 	const struct ceph_crypto_key *key;     /* our secret key */
91 	unsigned want_keys;     /* which services we want */
92 
93 	struct mutex mutex;
94 };
95 
96 extern struct ceph_auth_client *ceph_auth_init(const char *name,
97 					       const struct ceph_crypto_key *key);
98 extern void ceph_auth_destroy(struct ceph_auth_client *ac);
99 
100 extern void ceph_auth_reset(struct ceph_auth_client *ac);
101 
102 extern int ceph_auth_build_hello(struct ceph_auth_client *ac,
103 				 void *buf, size_t len);
104 extern int ceph_handle_auth_reply(struct ceph_auth_client *ac,
105 				  void *buf, size_t len,
106 				  void *reply_buf, size_t reply_len);
107 int ceph_auth_entity_name_encode(const char *name, void **p, void *end);
108 
109 extern int ceph_build_auth(struct ceph_auth_client *ac,
110 		    void *msg_buf, size_t msg_len);
111 
112 extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac);
113 extern int ceph_auth_create_authorizer(struct ceph_auth_client *ac,
114 				       int peer_type,
115 				       struct ceph_auth_handshake *auth);
116 void ceph_auth_destroy_authorizer(struct ceph_authorizer *a);
117 extern int ceph_auth_update_authorizer(struct ceph_auth_client *ac,
118 				       int peer_type,
119 				       struct ceph_auth_handshake *a);
120 extern int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac,
121 					     struct ceph_authorizer *a);
122 extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac,
123 					    int peer_type);
124 
125 static inline int ceph_auth_sign_message(struct ceph_auth_handshake *auth,
126 					 struct ceph_msg *msg)
127 {
128 	if (auth->sign_message)
129 		return auth->sign_message(auth, msg);
130 	return 0;
131 }
132 
133 static inline
134 int ceph_auth_check_message_signature(struct ceph_auth_handshake *auth,
135 				      struct ceph_msg *msg)
136 {
137 	if (auth->check_message_signature)
138 		return auth->check_message_signature(auth, msg);
139 	return 0;
140 }
141 #endif
142