]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ci.git/commit
projects / ceph-ci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e537e87) | patch
auth: check service key is valid before decryption
authorPatrick Donnelly <pdonnell@ibm.com>
Thu, 29 May 2025 15:57:55 +0000 (11:57 -0400)
committerPatrick Donnelly <pdonnell@ibm.com>
Mon, 5 Jan 2026 21:23:34 +0000 (16:23 -0500)
commit5486edd8c9b9a63dd7f740fc195810e3a9b269c3
tree72949b66e1db3efbac994204284b9b2460055da7tree | snapshot
parente537e8778b793d6cc8e997a3f9d37da8202fc6b9commit | diff
auth: check service key is valid before decryption

CryptoKey::empty is the correct mechanism to check for an invalid key (and this
is codified elsewhere, fixed in this commit). Decryption would fail with an
abort if the key handler was unset. This would happen after rotating the "mon."
key and then restarting one of the mons.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
src/auth/Crypto.h diff | blob | history
src/auth/cephx/CephxProtocol.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.