ceph/src/auth/krb/KrbClientHandler.hpp

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab
   3 /*
   4  * Ceph - scalable distributed file system
   5  *
   6  * Copyright (c) 2018 SUSE LLC.
   7  * Author: Daniel Oliveira <doliveira@suse.com>
   8  *
   9  * This is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public
  11  * License version 2.1, as published by the Free Software
  12  * Foundation.  See file COPYING.
  13  *
  14  */
  15
  16 #ifndef KRB_CLIENT_HANDLER_HPP
  17 #define KRB_CLIENT_HANDLER_HPP
  18
  19 #include "auth/AuthClientHandler.h"
  20 #include "auth/RotatingKeyRing.h"
  21 #include "include/common_fwd.h"
  22
  23 #include "KrbProtocol.hpp"
  24
  25 #include <gssapi.h>
  26 #include <gssapi/gssapi_generic.h>
  27 #include <gssapi/gssapi_krb5.h>
  28 #include <gssapi/gssapi_ext.h>
  29
  30
  31 class Keyring;
  32
  33
  34 class KrbClientHandler : public AuthClientHandler {
  35
  36   public:
  37     KrbClientHandler(CephContext* ceph_ctx = nullptr)
  38       : AuthClientHandler(ceph_ctx) {
  39       reset();
  40     }
  41     ~KrbClientHandler() override;
  42
  43     KrbClientHandler* clone() const override {
  44       return new KrbClientHandler(*this);
  45     }
  46
  47     int get_protocol() const override { return CEPH_AUTH_GSS; }
  48     void reset() override {
  49       m_gss_client_name = GSS_C_NO_NAME;
  50       m_gss_service_name = GSS_C_NO_NAME;
  51       m_gss_credentials = GSS_C_NO_CREDENTIAL;
  52       m_gss_sec_ctx = GSS_C_NO_CONTEXT;
  53       m_gss_buffer_out = {0, 0};
  54     }
  55
  56     void prepare_build_request() override { };
  57     int build_request(bufferlist& buff_list) const override;
  58     int handle_response(int ret,
  59                         bufferlist::const_iterator& buff_list,
  60                         CryptoKey *session_key,
  61                         std::string *connection_secret) override;
  62
  63     bool build_rotating_request(bufferlist& buff_list) const override {
  64       return false;
  65     }
  66
  67     AuthAuthorizer* build_authorizer(uint32_t service_id) const override;
  68     bool need_tickets() override { return false; }
  69     void set_global_id(uint64_t guid) override { global_id = guid; }
  70
  71
  72   private:
  73     gss_name_t m_gss_client_name;
  74     gss_name_t m_gss_service_name;
  75     gss_cred_id_t m_gss_credentials;
  76     gss_ctx_id_t m_gss_sec_ctx;
  77     gss_buffer_desc m_gss_buffer_out;
  78
  79   protected:
  80     void validate_tickets() override { }
  81 };
  82
  83 #endif    //-- KRB_CLIENT_HANDLER_HPP
  84