]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ci.git/commitdiff
projects / ceph-ci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4f78af7)
auth/AuthAuthorizeHandler: fix args for verify_authorizer()
authorSage Weil <sage@redhat.com>
Fri, 18 Jan 2019 21:54:58 +0000 (15:54 -0600)
committerSage Weil <sage@redhat.com>
Thu, 7 Feb 2019 12:53:03 +0000 (06:53 -0600)
const bufferlists in, pointers for output args.

Signed-off-by: Sage Weil <sage@redhat.com>
13 files changed:
src/auth/AuthAuthorizeHandler.h patch | blob | history
src/auth/cephx/CephxAuthorizeHandler.cc patch | blob | history
src/auth/cephx/CephxAuthorizeHandler.h patch | blob | history
src/auth/cephx/CephxProtocol.cc patch | blob | history
src/auth/cephx/CephxProtocol.h patch | blob | history
src/auth/cephx/CephxServiceHandler.cc patch | blob | history
src/auth/krb/KrbAuthorizeHandler.cpp patch | blob | history
src/auth/krb/KrbAuthorizeHandler.hpp patch | blob | history
src/auth/none/AuthNoneAuthorizeHandler.cc patch | blob | history
src/auth/none/AuthNoneAuthorizeHandler.h patch | blob | history
src/auth/unknown/AuthUnknownAuthorizeHandler.cc patch | blob | history
src/auth/unknown/AuthUnknownAuthorizeHandler.h patch | blob | history
src/msg/Messenger.cc patch | blob | history

diff --git a/src/auth/AuthAuthorizeHandler.h b/src/auth/AuthAuthorizeHandler.h
index df4643c8cb072eb865355ed2eb71845e3c281db9..8c3825881f9033dc9cf4e9f4c8ae8fb54cb9cb4b 100644 (file)
--- a/src/auth/AuthAuthorizeHandler.h
+++ b/src/auth/AuthAuthorizeHandler.h
@@ -33,12 +33,12 @@ struct AuthAuthorizeHandler {
   virtual bool verify_authorizer(
     CephContext *cct,
     KeyStore *keys,
-    bufferlist& authorizer_data,
-    bufferlistauthorizer_reply,
-    EntityNameentity_name,
-    uint64_tglobal_id,
-    AuthCapsInfocaps_info,
-    CryptoKeysession_key,
+    const bufferlist& authorizer_data,
+    bufferlist *authorizer_reply,
+    EntityName *entity_name,
+    uint64_t *global_id,
+    AuthCapsInfo *caps_info,
+    CryptoKey *session_key,
     CryptoKey *connection_secret,
     std::unique_ptr<AuthAuthorizerChallenge> *challenge) = 0;
   virtual int authorizer_session_crypto() = 0;
diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc
index 46fd050abdab18a2c8f6713343ae17895f78cb91..86003dae663c38b8affdc5b1c17e0adcead142b6 100644 (file)
--- a/src/auth/cephx/CephxAuthorizeHandler.cc
+++ b/src/auth/cephx/CephxAuthorizeHandler.cc
@@ -9,12 +9,12 @@
 bool CephxAuthorizeHandler::verify_authorizer(
   CephContext *cct,
   KeyStore *keys,
-  bufferlist& authorizer_data,
-  bufferlistauthorizer_reply,
-  EntityNameentity_name,
-  uint64_tglobal_id,
-  AuthCapsInfocaps_info,
-  CryptoKeysession_key,
+  const bufferlist& authorizer_data,
+  bufferlist *authorizer_reply,
+  EntityName *entity_name,
+  uint64_t *global_id,
+  AuthCapsInfo *caps_info,
+  CryptoKey *session_key,
   CryptoKey *connection_secret,
   std::unique_ptr<AuthAuthorizerChallenge> *challenge)
 {
@@ -32,10 +32,10 @@ bool CephxAuthorizeHandler::verify_authorizer(
                                         authorizer_reply);
 
   if (isvalid) {
-    caps_info = auth_ticket_info.ticket.caps;
-    entity_name = auth_ticket_info.ticket.name;
-    global_id = auth_ticket_info.ticket.global_id;
-    session_key = auth_ticket_info.session_key;
+    *caps_info = auth_ticket_info.ticket.caps;
+    *entity_name = auth_ticket_info.ticket.name;
+    *global_id = auth_ticket_info.ticket.global_id;
+    *session_key = auth_ticket_info.session_key;
   }
 
   return isvalid;
diff --git a/src/auth/cephx/CephxAuthorizeHandler.h b/src/auth/cephx/CephxAuthorizeHandler.h
index 446906849ddc1422ab016610996d2ca17507e683..6784fa2dae9f30acb7c2d766f2114acd3623e9c4 100644 (file)
--- a/src/auth/cephx/CephxAuthorizeHandler.h
+++ b/src/auth/cephx/CephxAuthorizeHandler.h
@@ -23,12 +23,12 @@ struct CephxAuthorizeHandler : public AuthAuthorizeHandler {
   bool verify_authorizer(
     CephContext *cct,
     KeyStore *keys,
-    bufferlist& authorizer_data,
-    bufferlistauthorizer_reply,
-    EntityNameentity_name,
-    uint64_tglobal_id,
-    AuthCapsInfocaps_info,
-    CryptoKeysession_key,
+    const bufferlist& authorizer_data,
+    bufferlist *authorizer_reply,
+    EntityName *entity_name,
+    uint64_t *global_id,
+    AuthCapsInfo *caps_info,
+    CryptoKey *session_key,
     CryptoKey *connection_secret,
     std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
   int authorizer_session_crypto() override;
diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc
index 45df032a8229b9c4edf0027ecaf7a2036f1dd676..d92a6d589b5eaba5079045490deca90f4072e5ce 100644 (file)
--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -396,7 +396,7 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
                             CephXServiceTicketInfo& ticket_info,
                             std::unique_ptr<AuthAuthorizerChallenge> *challenge,
                             CryptoKey *connection_secret,
-                            bufferlistreply_bl)
+                            bufferlist *reply_bl)
 {
   __u8 authorizer_v;
   uint32_t service_id;
@@ -471,7 +471,7 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
       ldout(cct,10) << __func__ << " adding server_challenge " << c->server_challenge
                    << dendl;
 
-      encode_encrypt_enc_bl(cct, *c, ticket_info.session_key, reply_bl, error);
+      encode_encrypt_enc_bl(cct, *c, ticket_info.session_key, *reply_bl, error);
       if (!error.empty()) {
        ldout(cct, 10) << "verify_authorizer: encode_encrypt error: " << error << dendl;
        return false;
@@ -505,13 +505,13 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
     reply.connection_secret = *connection_secret;
   }
 #endif
-  if (encode_encrypt(cct, reply, ticket_info.session_key, reply_bl, error)) {
+  if (encode_encrypt(cct, reply, ticket_info.session_key, *reply_bl, error)) {
     ldout(cct, 10) << "verify_authorizer: encode_encrypt error: " << error << dendl;
     return false;
   }
 
   ldout(cct, 10) << "verify_authorizer ok nonce " << hex << auth_msg.nonce << dec
-          << " reply_bl.length()=" << reply_bl.length() <<  dendl;
+          << " reply_bl.length()=" << reply_bl->length() <<  dendl;
   return true;
 }
 
diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h
index c028244fbcffc67b70c4d8d4bb2ad5597c8ccced..c4485f6e68de631ed7908597b58e0728dd92d39c 100644 (file)
--- a/src/auth/cephx/CephxProtocol.h
+++ b/src/auth/cephx/CephxProtocol.h
@@ -428,7 +428,7 @@ extern bool cephx_verify_authorizer(
   CephXServiceTicketInfo& ticket_info,
   std::unique_ptr<AuthAuthorizerChallenge> *challenge,
   CryptoKey *connection_secret,
-  bufferlistreply_bl);
+  bufferlist *reply_bl);
 
 
 
diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index a89c15323549e7a5181ba5e0db8cfc741723c8b2..64c0b5a0c8e178ecb5f407e2e42fe05f68a1e890 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -215,7 +215,7 @@ int CephxServiceHandler::handle_request(
       if (!cephx_verify_authorizer(
            cct, key_server, indata, auth_ticket_info, nullptr,
            nullptr,
-           tmp_bl)) {
+           &tmp_bl)) {
         ret = -EPERM;
        break;
       }
diff --git a/src/auth/krb/KrbAuthorizeHandler.cpp b/src/auth/krb/KrbAuthorizeHandler.cpp
index 3720266028007e195bd0362e6aea45970b178b0e..ea4fe46b84f94393a4b2b7383864b592ad7737b8 100644 (file)
--- a/src/auth/krb/KrbAuthorizeHandler.cpp
+++ b/src/auth/krb/KrbAuthorizeHandler.cpp
@@ -19,17 +19,17 @@
 
 #define dout_subsys ceph_subsys_auth 
 
-bool KrbAuthorizeHandler::verify_authorizer(CephContext* ceph_ctx, 
-                                            KeyStore* keys, 
-                                            bufferlist& authorizer_data,  
-                                            bufferlist& authorizer_reply, 
-                                            EntityName& entity_name, 
-                                            uint64_t& global_id,  
-                                            AuthCapsInfo& caps_info, 
-                                            CryptoKey& session_key,
-                                           CryptoKey *connection_secret,
-                                            std::unique_ptr<
-                                              AuthAuthorizerChallenge>* challenge)
+bool KrbAuthorizeHandler::verify_authorizer(
+  CephContext* ceph_ctx,
+  KeyStore* keys,
+  const bufferlist& authorizer_data,
+  bufferlist *authorizer_reply,
+  EntityName *entity_name,
+  uint64_t *global_id,
+  AuthCapsInfo *caps_info,
+  CryptoKey *session_key,
+  CryptoKey *connection_secret,
+  std::unique_ptr<AuthAuthorizerChallenge>* challenge)
 {
   auto itr(authorizer_data.cbegin());
 
@@ -38,14 +38,14 @@ bool KrbAuthorizeHandler::verify_authorizer(CephContext* ceph_ctx,
 
     using ceph::decode;
     decode(value, itr);
-    decode(entity_name, itr);
-    decode(global_id, itr);
+    decode(*entity_name, itr);
+    decode(*global_id, itr);
   } catch (const buffer::error& err) {
     ldout(ceph_ctx, 0) 
         << "Error: KrbAuthorizeHandler::verify_authorizer() failed!" << dendl;
     return false;
   }
-  caps_info.allow_all = true; 
+  caps_info->allow_all = true;
   return true;
 }
 
diff --git a/src/auth/krb/KrbAuthorizeHandler.hpp b/src/auth/krb/KrbAuthorizeHandler.hpp
index 03277a2f19cdf3b6d8d3e52ec84b676e15092243..3130896ab2fdb0404465d46445f078549b5d4319 100644 (file)
--- a/src/auth/krb/KrbAuthorizeHandler.hpp
+++ b/src/auth/krb/KrbAuthorizeHandler.hpp
@@ -19,13 +19,18 @@
 #include "auth/AuthAuthorizeHandler.h"
 
 class KrbAuthorizeHandler : public AuthAuthorizeHandler {
-  bool verify_authorizer(CephContext*, KeyStore*, 
-                         bufferlist&, bufferlist&,
-                         EntityName&, uint64_t&, 
-                         AuthCapsInfo&, CryptoKey&,
-                        CryptoKey *connection_secret,
-                         std::unique_ptr<
-                          AuthAuthorizerChallenge>* = nullptr) override;
+  bool verify_authorizer(
+    CephContext*,
+    KeyStore*,
+    const bufferlist&,
+    bufferlist *,
+    EntityName *,
+    uint64_t *,
+    AuthCapsInfo *,
+    CryptoKey *,
+    CryptoKey *connection_secret,
+    std::unique_ptr<
+    AuthAuthorizerChallenge>* = nullptr) override;
 
   int authorizer_session_crypto() override { 
     return SESSION_SYMMETRIC_AUTHENTICATE; 
diff --git a/src/auth/none/AuthNoneAuthorizeHandler.cc b/src/auth/none/AuthNoneAuthorizeHandler.cc
index 4e0974086f80667b76b74c5ba696b1344e375652..e370507e20c3d70b8b2dd6228f621d33b4fd9166 100644 (file)
--- a/src/auth/none/AuthNoneAuthorizeHandler.cc
+++ b/src/auth/none/AuthNoneAuthorizeHandler.cc
@@ -18,10 +18,14 @@
 #define dout_subsys ceph_subsys_auth
 
 bool AuthNoneAuthorizeHandler::verify_authorizer(
-  CephContext *cct, KeyStore *keys,
-  bufferlist& authorizer_data, bufferlist& authorizer_reply,
-  EntityName& entity_name, uint64_t& global_id, AuthCapsInfo& caps_info,
-  CryptoKey& session_key,
+  CephContext *cct,
+  KeyStore *keys,
+  const bufferlist& authorizer_data,
+  bufferlist *authorizer_reply,
+  EntityName *entity_name,
+  uint64_t *global_id,
+  AuthCapsInfo *caps_info,
+  CryptoKey *session_key,
   CryptoKey *connection_secret,
   std::unique_ptr<AuthAuthorizerChallenge> *challenge)
 {
@@ -30,14 +34,14 @@ bool AuthNoneAuthorizeHandler::verify_authorizer(
   try {
     __u8 struct_v = 1;
     decode(struct_v, iter);
-    decode(entity_name, iter);
-    decode(global_id, iter);
+    decode(*entity_name, iter);
+    decode(*global_id, iter);
   } catch (const buffer::error &err) {
     ldout(cct, 0) << "AuthNoneAuthorizeHandle::verify_authorizer() failed to decode" << dendl;
     return false;
   }
 
-  caps_info.allow_all = true;
+  caps_info->allow_all = true;
 
   return true;
 }
diff --git a/src/auth/none/AuthNoneAuthorizeHandler.h b/src/auth/none/AuthNoneAuthorizeHandler.h
index d6853c4884a25cc80ae8f7bbee761261d9bff32c..4cf9c18f66cfa5c346fe4bcc90653a4988304161 100644 (file)
--- a/src/auth/none/AuthNoneAuthorizeHandler.h
+++ b/src/auth/none/AuthNoneAuthorizeHandler.h
@@ -21,10 +21,14 @@ class CephContext;
 
 struct AuthNoneAuthorizeHandler : public AuthAuthorizeHandler {
   bool verify_authorizer(
-    CephContext *cct, KeyStore *keys,
-    bufferlist& authorizer_data, bufferlist& authorizer_reply,
-    EntityName& entity_name, uint64_t& global_id,
-    AuthCapsInfo& caps_info, CryptoKey& session_key,
+    CephContext *cct,
+    KeyStore *keys,
+    const bufferlist& authorizer_data,
+    bufferlist *authorizer_reply,
+    EntityName *entity_name,
+    uint64_t *global_id,
+    AuthCapsInfo *caps_info,
+    CryptoKey *session_key,
     CryptoKey *connection_secret,
     std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
   int authorizer_session_crypto() override;
diff --git a/src/auth/unknown/AuthUnknownAuthorizeHandler.cc b/src/auth/unknown/AuthUnknownAuthorizeHandler.cc
index af7bd2d25b1b2858a88c82f8bacc8028673d786e..632e41dd764e3edceafa8864308a796929c3971f 100644 (file)
--- a/src/auth/unknown/AuthUnknownAuthorizeHandler.cc
+++ b/src/auth/unknown/AuthUnknownAuthorizeHandler.cc
@@ -15,10 +15,14 @@
 #include "AuthUnknownAuthorizeHandler.h"
 
 bool AuthUnknownAuthorizeHandler::verify_authorizer(
-  CephContext *cct, KeyStore *keys,
-  bufferlist& authorizer_data, bufferlist& authorizer_reply,
-  EntityName& entity_name, uint64_t& global_id, AuthCapsInfo& caps_info,
-  CryptoKey& session_key,
+  CephContext *cct,
+  KeyStore *keys,
+  const bufferlist& authorizer_data,
+  bufferlist * authorizer_reply,
+  EntityName *entity_name,
+  uint64_t *global_id,
+  AuthCapsInfo *caps_info,
+  CryptoKey *session_key,
   CryptoKey *connection_secret,
   std::unique_ptr<AuthAuthorizerChallenge> *challenge)
 {
diff --git a/src/auth/unknown/AuthUnknownAuthorizeHandler.h b/src/auth/unknown/AuthUnknownAuthorizeHandler.h
index 6c9d056ac10b6448dbd796406518d5b3a2c4efdb..2590900b0cbe4b19d418973d9b6422ab5adf9f62 100644 (file)
--- a/src/auth/unknown/AuthUnknownAuthorizeHandler.h
+++ b/src/auth/unknown/AuthUnknownAuthorizeHandler.h
@@ -20,12 +20,17 @@
 class CephContext;
 
 struct AuthUnknownAuthorizeHandler : public AuthAuthorizeHandler {
-  bool verify_authorizer(CephContext *cct, KeyStore *keys,
-                        bufferlist& authorizer_data, bufferlist& authorizer_reply,
-                         EntityName& entity_name, uint64_t& global_id,
-                        AuthCapsInfo& caps_info, CryptoKey& session_key,
-                        CryptoKey *connection_secret,
-                        std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
+  bool verify_authorizer(
+    CephContext *cct,
+    KeyStore *keys,
+    const bufferlist& authorizer_data,
+    bufferlist *authorizer_reply,
+    EntityName *entity_name,
+    uint64_t *global_id,
+    AuthCapsInfo *caps_info,
+    CryptoKey *session_key,
+    CryptoKey *connection_secret,
+    std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
   int authorizer_session_crypto() override;
 };
 
diff --git a/src/msg/Messenger.cc b/src/msg/Messenger.cc
index d697402b4d193a5df03f251e2962863c2ecd6426..5d38dfa35dd9bf2448364b042b4d3106e2e20c7f 100644 (file)
--- a/src/msg/Messenger.cc
+++ b/src/msg/Messenger.cc
@@ -166,11 +166,11 @@ bool Messenger::ms_deliver_verify_authorizer(
        cct,
        ks,
        authorizer,
-       authorizer_reply,
-       con->peer_name,
-       con->peer_global_id,
-       con->peer_caps_info,
-       session_key,
+       &authorizer_reply,
+       &con->peer_name,
+       &con->peer_global_id,
+       &con->peer_caps_info,
+       &session_key,
        connection_secret,
        challenge);
       if (isvalid) {
Unnamed repository; edit this file 'description' to name the repository.