]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ci.git/commit
projects / ceph-ci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 21467ea) | patch
auth: CryptoKey, use dynamic usage keys
authorMarcus Watts <mwatts@redhat.com>
Sat, 15 Nov 2025 08:05:59 +0000 (03:05 -0500)
committerPatrick Donnelly <pdonnell@ibm.com>
Mon, 5 Jan 2026 21:23:41 +0000 (16:23 -0500)
commitd72aeaabda28ca881550706bebff9387c75ee7bf
treee769b88b35e1b1faa0503eaf869ac94a677bb9cftree | snapshot
parent21467eab0edac18a47883de55b9bf6f9b02b0719commit | diff
auth: CryptoKey, use dynamic usage keys

Use new extended api to implement non-zero usage constants.

3 std::string connection_secret
4 CephXServiceTicket
5 encode(CephXTicketBlob)
10 CephXServiceTicketInfo
11 CephXAuthorize
13 CephXAuthorizeChallenge
15 CephXAuthorizeReply
16 RotatingSecrets

Generally speaking, these keys are constructed by
"CryptoKey::decode" which does not know the context for how the
key will be used, so usage can't be set here.  In a brief
experiment, these usages for keys were invoked by keys decoded
under these routines:
3 4 5 CephxClientHandler::handle_response
11 13 15 CephXTicketHandler::verify_service_ticket_reply

Signed-off-by: Marcus Watts <mwatts@redhat.com>
src/auth/cephx/CephxClientHandler.cc diff | blob | history
src/auth/cephx/CephxKeyServer.cc diff | blob | history
src/auth/cephx/CephxProtocol.cc diff | blob | history
src/auth/cephx/CephxProtocol.h diff | blob | history
src/auth/cephx/CephxServiceHandler.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.