]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 94b1ca1) | patch
auth/cephx: add authorizer challenge
authorSage Weil <sage@redhat.com>
Thu, 24 May 2018 21:55:26 +0000 (16:55 -0500)
committerSage Weil <sage@redhat.com>
Fri, 25 May 2018 01:38:16 +0000 (20:38 -0500)
commit5ead97120e07054d80623dada90a5cc764c28468
tree7d4d1858e02d13bf5c2c3332def74cd8dfc30804tree | snapshot
parent94b1ca198115c867691babdae7e7ac046689a749commit | diff
auth/cephx: add authorizer challenge

Allow the accepting side of a connection to reject an initial authorizer
with a random challenge.  The connecting side then has to respond with an
updated authorizer proving they are able to decrypt the service's challenge
and that the new authorizer was produced for this specific connection
instance.

The accepting side requires this challenge and response unconditionally
if the client side advertises they have the feature bit.  Servers wishing
to require this improved level of authentication simply have to require
the appropriate feature.

Signed-off-by: Sage Weil <sage@redhat.com>
(cherry picked from commit f80b848d3f830eb6dba50123e04385173fa4540b)

# Conflicts:
# src/auth/Auth.h
# src/auth/cephx/CephxProtocol.cc
# src/auth/cephx/CephxProtocol.h
# src/auth/none/AuthNoneProtocol.h
# src/msg/Dispatcher.h
# src/msg/async/AsyncConnection.cc

- const_iterator
- ::decode vs decode
- AsyncConnection ctor arg noise
- get_random_bytes(), not cct->random()
34 files changed:
src/auth/Auth.h diff | blob | history
src/auth/AuthAuthorizeHandler.h diff | blob | history
src/auth/cephx/CephxAuthorizeHandler.cc diff | blob | history
src/auth/cephx/CephxAuthorizeHandler.h diff | blob | history
src/auth/cephx/CephxProtocol.cc diff | blob | history
src/auth/cephx/CephxProtocol.h diff | blob | history
src/auth/cephx/CephxServiceHandler.cc diff | blob | history
src/auth/none/AuthNoneAuthorizeHandler.cc diff | blob | history
src/auth/none/AuthNoneAuthorizeHandler.h diff | blob | history
src/auth/none/AuthNoneProtocol.h diff | blob | history
src/auth/unknown/AuthUnknownAuthorizeHandler.cc diff | blob | history
src/auth/unknown/AuthUnknownAuthorizeHandler.h diff | blob | history
src/include/msgr.h diff | blob | history
src/mds/MDSDaemon.cc diff | blob | history
src/mds/MDSDaemon.h diff | blob | history
src/mgr/DaemonServer.cc diff | blob | history
src/mgr/DaemonServer.h diff | blob | history
src/mon/Monitor.cc diff | blob | history
src/mon/Monitor.h diff | blob | history
src/msg/Dispatcher.h diff | blob | history
src/msg/Messenger.h diff | blob | history
src/msg/async/AsyncConnection.cc diff | blob | history
src/msg/async/AsyncConnection.h diff | blob | history
src/msg/async/AsyncMessenger.h diff | blob | history
src/msg/simple/Pipe.cc diff | blob | history
src/msg/simple/SimpleMessenger.cc diff | blob | history
src/msg/simple/SimpleMessenger.h diff | blob | history
src/osd/OSD.cc diff | blob | history
src/osd/OSD.h diff | blob | history
src/test/messenger/simple_dispatcher.h diff | blob | history
src/test/messenger/xio_dispatcher.h diff | blob | history
src/test/msgr/perf_msgr_client.cc diff | blob | history
src/test/msgr/perf_msgr_server.cc diff | blob | history
src/test/msgr/test_msgr.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.