]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ci.git/commit
projects / ceph-ci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5949ded) | patch
auth: check service key is valid before decryption
authorPatrick Donnelly <pdonnell@ibm.com>
Thu, 29 May 2025 15:57:55 +0000 (11:57 -0400)
committerPatrick Donnelly <pdonnell@ibm.com>
Mon, 29 Dec 2025 22:30:09 +0000 (17:30 -0500)
commitfa6bbf241b58f5c75c937fa7150bb251c5b24b63
treeb4cbf3ac3d69c98a504ad01c8126c13fe1094873tree | snapshot
parent5949ded972877792296e6c79c30181b46e6c13bccommit | diff
auth: check service key is valid before decryption

CryptoKey::empty is the correct mechanism to check for an invalid key (and this
is codified elsewhere, fixed in this commit). Decryption would fail with an
abort if the key handler was unset. This would happen after rotating the "mon."
key and then restarting one of the mons.

Signed-off-by: Patrick Donnelly <pdonnell@ibm.com>
src/auth/Crypto.h diff | blob | history
src/auth/cephx/CephxProtocol.cc diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.