git-server-git.apps.pok.os.sepia.ceph.com Git

]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit

author	Sage Weil <sage@redhat.com>
	Thu, 24 May 2018 18:57:17 +0000 (13:57 -0500)
committer	Sage Weil <sage@redhat.com>
	Thu, 24 May 2018 19:17:43 +0000 (14:17 -0500)
commit	f80b848d3f830eb6dba50123e04385173fa4540b
tree	ff5880ab4a0aa70559e022b0b2a7bdaa0d077a77	tree \| snapshot
parent	3dc80e5f9b6ebf1bc1cecbd95b288005216bdbec	commit \| diff

auth/cephx: add authorizer challenge

Allow the accepting side of a connection to reject an initial authorizer
with a random challenge. The connecting side then has to respond with an
updated authorizer proving they are able to decrypt the service's challenge
and that the new authorizer was produced for this specific connection
instance.

The accepting side requires this challenge and response unconditionally
if the client side advertises they have the feature bit. Servers wishing
to require this improved level of authentication simply have to require
the appropriate feature.

Signed-off-by: Sage Weil <sage@redhat.com>

34 files changed:

src/auth/Auth.h		diff \| blob \| history
src/auth/AuthAuthorizeHandler.h		diff \| blob \| history
src/auth/cephx/CephxAuthorizeHandler.cc		diff \| blob \| history
src/auth/cephx/CephxAuthorizeHandler.h		diff \| blob \| history
src/auth/cephx/CephxProtocol.cc		diff \| blob \| history
src/auth/cephx/CephxProtocol.h		diff \| blob \| history
src/auth/cephx/CephxServiceHandler.cc		diff \| blob \| history
src/auth/none/AuthNoneAuthorizeHandler.cc		diff \| blob \| history
src/auth/none/AuthNoneAuthorizeHandler.h		diff \| blob \| history
src/auth/none/AuthNoneProtocol.h		diff \| blob \| history
src/auth/unknown/AuthUnknownAuthorizeHandler.cc		diff \| blob \| history
src/auth/unknown/AuthUnknownAuthorizeHandler.h		diff \| blob \| history
src/include/msgr.h		diff \| blob \| history
src/mds/MDSDaemon.cc		diff \| blob \| history
src/mds/MDSDaemon.h		diff \| blob \| history
src/mgr/DaemonServer.cc		diff \| blob \| history
src/mgr/DaemonServer.h		diff \| blob \| history
src/mon/Monitor.cc		diff \| blob \| history
src/mon/Monitor.h		diff \| blob \| history
src/msg/Dispatcher.h		diff \| blob \| history
src/msg/Messenger.h		diff \| blob \| history
src/msg/async/AsyncConnection.cc		diff \| blob \| history
src/msg/async/AsyncConnection.h		diff \| blob \| history
src/msg/async/AsyncMessenger.h		diff \| blob \| history
src/msg/simple/Pipe.cc		diff \| blob \| history
src/msg/simple/SimpleMessenger.cc		diff \| blob \| history
src/msg/simple/SimpleMessenger.h		diff \| blob \| history
src/osd/OSD.cc		diff \| blob \| history
src/osd/OSD.h		diff \| blob \| history
src/test/messenger/simple_dispatcher.h		diff \| blob \| history
src/test/messenger/xio_dispatcher.h		diff \| blob \| history
src/test/msgr/perf_msgr_client.cc		diff \| blob \| history
src/test/msgr/perf_msgr_server.cc		diff \| blob \| history
src/test/msgr/test_msgr.cc		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom