]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ci.git/commit
projects / ceph-ci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8dd6248) | patch
auth: check service key is valid before decryption
authorPatrick Donnelly <pdonnell@ibm.com>
Thu, 29 May 2025 15:57:55 +0000 (11:57 -0400)
committerPatrick Donnelly <pdonnell@ibm.com>
Tue, 10 Feb 2026 17:59:44 +0000 (12:59 -0500)
commit3c7b078a28bd3874ced3e1345cc4ccfdeda25a70
treef9d6928f61e0a9738a10ce2420e94e5516fa9af2tree | snapshot
parent8dd62489d444359672725447402b81b60134e973commit | diff
auth: check service key is valid before decryption

CryptoKey::empty is the correct mechanism to check for an invalid key (and this
is codified elsewhere, fixed in this commit). Decryption would fail with an
abort if the key handler was unset. This would happen after rotating the "mon."
key and then restarting one of the mons.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
src/auth/Crypto.h diff | blob | history
src/auth/cephx/CephxProtocol.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.