diff options
Diffstat (limited to 'src/auth/scheme.txt')
-rw-r--r-- | src/auth/scheme.txt | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/src/auth/scheme.txt b/src/auth/scheme.txt new file mode 100644 index 000000000..0df00addc --- /dev/null +++ b/src/auth/scheme.txt @@ -0,0 +1,87 @@ + +client_name = foo (mon has some corresponding shared secret) +client_addr = ip address, port, pid + + +monitor has: + +client_auth { + client_name; + client capabilities; + client secret; +}; +map<client_name, client_auth> users; + +struct secret { + bufferlist secret; + utime_t created; +}; +map<entity_name, secret> entity_secrets; + +struct service_secret_set { + secret[3]; +}; +map<string, service_secret_set> svc_secrets; + +/* +svcsecret will be a rotating key. we regenerate every time T, and keep +keys for 3*T. client always get the second-newest key. all 3 are +considered valid. clients and services renew/reverify key at least one +every time T. +*/ + + +client_ticket { + client_addr; + map<svc name or type, blob> client_capabilities; +}; + + + +authenticate principle: + +C->M : client_name, client_addr. authenticate me. + ...monitor does lookup in database... +M->C : A= {client/mon session key, validity}^clientsecret + B= {client ticket, validity, client/mon session key}^monsecret + + +authorize principle to do something on monitor: + +C->M : B, {client_addr, timestamp}^client/mon session key. do foo (assign id) +M->C : result. and {timestamp+1}^client/mon session key + + +authorize for service: + +C->M : B, {client_addr, timestamp}^client/mon session key. authorize me! +M->C : E= {svc ticket}^svcsecret + F= {svc session key, validity}^client/mon session key + +svc ticket = (client addr, validity, svc session key) + + +on opening session to service: + +C->O : E + {client_addr, timestamp}^svc session key +O->C : {timestamp+1}^svc session key + + + + + +To authenticate: + + client -> auth: + {client_name, client_addr}^client_secret + auth -> client: + {session key, validity, nonce}^client_secret + {client_ticket, session key}^service_secret ... "enc_ticket" + +where client_ticket is { client_addr, created, expires, none, capabilities }. + +To gain access using our ticket: + + + + |