Linux/include/linux/ceph/auth.h

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _FS_CEPH_AUTH_H 3 #define _FS_CEPH_AUTH_H 4 5 #include <linux/ceph/types.h> 6 #include <linux/ceph/buffer.h> 7 8 /* 9 * Abstract interface for communicating with the authenticate module. 10 * There is some handshake that takes place between us and the monitor 11 * to acquire the necessary keys. These are used to generate an 12 * 'authorizer' that we use when connecting to a service (mds, osd). 13 */ 14 15 struct ceph_auth_client; 16 struct ceph_msg; 17 18 struct ceph_authorizer { 19 void (*destroy)(struct ceph_authorizer *); 20 }; 21 22 struct ceph_auth_handshake { 23 struct ceph_authorizer *authorizer; 24 void *authorizer_buf; 25 size_t authorizer_buf_len; 26 void *authorizer_reply_buf; 27 size_t authorizer_reply_buf_len; 28 int (*sign_message)(struct ceph_auth_handshake *auth, 29 struct ceph_msg *msg); 30 int (*check_message_signature)(struct ceph_auth_handshake *auth, 31 struct ceph_msg *msg); 32 }; 33 34 struct ceph_auth_client_ops { 35 /* 36 * true if we are authenticated and can connect to 37 * services. 38 */ 39 int (*is_authenticated)(struct ceph_auth_client *ac); 40 41 /* 42 * true if we should (re)authenticate, e.g., when our tickets 43 * are getting old and crusty. 44 */ 45 int (*should_authenticate)(struct ceph_auth_client *ac); 46 47 /* 48 * build requests and process replies during monitor 49 * handshake. if handle_reply returns -EAGAIN, we build 50 * another request. 51 */ 52 int (*build_request)(struct ceph_auth_client *ac, void *buf, void *end); 53 int (*handle_reply)(struct ceph_auth_client *ac, u64 global_id, 54 void *buf, void *end, u8 *session_key, 55 int *session_key_len, u8 *con_secret, 56 int *con_secret_len); 57 58 /* 59 * Create authorizer for connecting to a service, and verify 60 * the response to authenticate the service. 61 */ 62 int (*create_authorizer)(struct ceph_auth_client *ac, int peer_type, 63 struct ceph_auth_handshake *auth); 64 /* ensure that an existing authorizer is up to date */ 65 int (*update_authorizer)(struct ceph_auth_client *ac, int peer_type, 66 struct ceph_auth_handshake *auth); 67 int (*add_authorizer_challenge)(struct ceph_auth_client *ac, 68 struct ceph_authorizer *a, 69 void *challenge_buf, 70 int challenge_buf_len); 71 int (*verify_authorizer_reply)(struct ceph_auth_client *ac, 72 struct ceph_authorizer *a, 73 void *reply, int reply_len, 74 u8 *session_key, int *session_key_len, 75 u8 *con_secret, int *con_secret_len); 76 void (*invalidate_authorizer)(struct ceph_auth_client *ac, 77 int peer_type); 78 79 /* reset when we (re)connect to a monitor */ 80 void (*reset)(struct ceph_auth_client *ac); 81 82 void (*destroy)(struct ceph_auth_client *ac); 83 84 int (*sign_message)(struct ceph_auth_handshake *auth, 85 struct ceph_msg *msg); 86 int (*check_message_signature)(struct ceph_auth_handshake *auth, 87 struct ceph_msg *msg); 88 }; 89 90 struct ceph_auth_client { 91 u32 protocol; /* CEPH_AUTH_* */ 92 void *private; /* for use by protocol implementation */ 93 const struct ceph_auth_client_ops *ops; /* null iff protocol==0 */ 94 95 bool negotiating; /* true if negotiating protocol */ 96 const char *name; /* entity name */ 97 u64 global_id; /* our unique id in system */ 98 const struct ceph_crypto_key *key; /* our secret key */ 99 unsigned want_keys; /* which services we want */ 100 101 int preferred_mode; /* CEPH_CON_MODE_* */ 102 int fallback_mode; /* ditto */ 103 104 struct mutex mutex; 105 }; 106 107 void ceph_auth_set_global_id(struct ceph_auth_client *ac, u64 global_id); 108 109 struct ceph_auth_client *ceph_auth_init(const char *name, 110 const struct ceph_crypto_key *key, 111 const int *con_modes); 112 extern void ceph_auth_destroy(struct ceph_auth_client *ac); 113 114 extern void ceph_auth_reset(struct ceph_auth_client *ac); 115 116 extern int ceph_auth_build_hello(struct ceph_auth_client *ac, 117 void *buf, size_t len); 118 extern int ceph_handle_auth_reply(struct ceph_auth_client *ac, 119 void *buf, size_t len, 120 void *reply_buf, size_t reply_len); 121 int ceph_auth_entity_name_encode(const char *name, void **p, void *end); 122 123 extern int ceph_build_auth(struct ceph_auth_client *ac, 124 void *msg_buf, size_t msg_len); 125 extern int ceph_auth_is_authenticated(struct ceph_auth_client *ac); 126 127 int __ceph_auth_get_authorizer(struct ceph_auth_client *ac, 128 struct ceph_auth_handshake *auth, 129 int peer_type, bool force_new, 130 int *proto, int *pref_mode, int *fallb_mode); 131 void ceph_auth_destroy_authorizer(struct ceph_authorizer *a); 132 int ceph_auth_add_authorizer_challenge(struct ceph_auth_client *ac, 133 struct ceph_authorizer *a, 134 void *challenge_buf, 135 int challenge_buf_len); 136 int ceph_auth_verify_authorizer_reply(struct ceph_auth_client *ac, 137 struct ceph_authorizer *a, 138 void *reply, int reply_len, 139 u8 *session_key, int *session_key_len, 140 u8 *con_secret, int *con_secret_len); 141 extern void ceph_auth_invalidate_authorizer(struct ceph_auth_client *ac, 142 int peer_type); 143 144 static inline int ceph_auth_sign_message(struct ceph_auth_handshake *auth, 145 struct ceph_msg *msg) 146 { 147 if (auth->sign_message) 148 return auth->sign_message(auth, msg); 149 return 0; 150 } 151 152 static inline 153 int ceph_auth_check_message_signature(struct ceph_auth_handshake *auth, 154 struct ceph_msg *msg) 155 { 156 if (auth->check_message_signature) 157 return auth->check_message_signature(auth, msg); 158 return 0; 159 } 160 161 int ceph_auth_get_request(struct ceph_auth_client *ac, void *buf, int buf_len); 162 int ceph_auth_handle_reply_more(struct ceph_auth_client *ac, void *reply, 163 int reply_len, void *buf, int buf_len); 164 int ceph_auth_handle_reply_done(struct ceph_auth_client *ac, 165 u64 global_id, void *reply, int reply_len, 166 u8 *session_key, int *session_key_len, 167 u8 *con_secret, int *con_secret_len); 168 bool ceph_auth_handle_bad_method(struct ceph_auth_client *ac, 169 int used_proto, int result, 170 const int *allowed_protos, int proto_cnt, 171 const int *allowed_modes, int mode_cnt); 172 173 int ceph_auth_get_authorizer(struct ceph_auth_client *ac, 174 struct ceph_auth_handshake *auth, 175 int peer_type, void *buf, int *buf_len); 176 int ceph_auth_handle_svc_reply_more(struct ceph_auth_client *ac, 177 struct ceph_auth_handshake *auth, 178 void *reply, int reply_len, 179 void *buf, int *buf_len); 180 int ceph_auth_handle_svc_reply_done(struct ceph_auth_client *ac, 181 struct ceph_auth_handshake *auth, 182 void *reply, int reply_len, 183 u8 *session_key, int *session_key_len, 184 u8 *con_secret, int *con_secret_len); 185 bool ceph_auth_handle_bad_authorizer(struct ceph_auth_client *ac, 186 int peer_type, int used_proto, int result, 187 const int *allowed_protos, int proto_cnt, 188 const int *allowed_modes, int mode_cnt); 189 190 #endif 191

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/include/linux/ceph/auth.h

TOMOYO Linux Cross Reference
Linux/include/linux/ceph/auth.h