git-server-git.apps.pok.os.sepia.ceph.com Git

author	Marcus Watts <mwatts@redhat.com>
	Sat, 15 Nov 2025 08:05:59 +0000 (03:05 -0500)
committer	Patrick Donnelly <pdonnell@ibm.com>
	Mon, 29 Dec 2025 22:34:48 +0000 (17:34 -0500)
commit	ab7e7b22237d32828d83acf57027f9bd9d81d36a
tree	96e5c66b6b5f83fe466060e470063747b56a9f1e	tree \| snapshot
parent	853a7a09d38eccffb65a83a4a45cbb9037d96135	commit \| diff

auth: CryptoKey, use dynamic usage keys

Use new extended api to implement non-zero usage constants.

3 std::string connection_secret
4 CephXServiceTicket
5 encode(CephXTicketBlob)
10 CephXServiceTicketInfo
11 CephXAuthorize
13 CephXAuthorizeChallenge
15 CephXAuthorizeReply
16 RotatingSecrets

Generally speaking, these keys are constructed by
"CryptoKey::decode" which does not know the context for how the
key will be used, so usage can't be set here. In a brief
experiment, these usages for keys were invoked by keys decoded
under these routines:
3 4 5 CephxClientHandler::handle_response
11 13 15 CephXTicketHandler::verify_service_ticket_reply

Signed-off-by: Marcus Watts <mwatts@redhat.com>

src/auth/cephx/CephxClientHandler.cc		diff \| blob \| history
src/auth/cephx/CephxKeyServer.cc		diff \| blob \| history
src/auth/cephx/CephxProtocol.cc		diff \| blob \| history
src/auth/cephx/CephxProtocol.h		diff \| blob \| history
src/auth/cephx/CephxServiceHandler.cc		diff \| blob \| history