if (sup_list.empty()) {
lderr(cct) << "WARNING: empty auth protocol list" << dendl;
}
- for (list<string>::iterator iter = sup_list.begin(); iter != sup_list.end(); ++iter) {
+ for (auto iter = sup_list.begin(); iter != sup_list.end(); ++iter) {
ldout(cct, 5) << "adding auth protocol: " << *iter << dendl;
if (iter->compare("cephx") == 0) {
auth_supported.push_back(CEPH_AUTH_CEPHX);
int AuthMethodList::pick(const std::set<__u32>& supported)
{
- for (set<__u32>::const_reverse_iterator p = supported.rbegin(); p != supported.rend(); ++p)
+ for (auto p = supported.rbegin(); p != supported.rend(); ++p)
if (is_supported_auth(*p))
return *p;
return CEPH_AUTH_UNKNOWN;
void AuthMethodList::remove_supported_auth(int auth_type)
{
- for (list<__u32>::iterator p = auth_supported.begin(); p != auth_supported.end(); ) {
+ for (auto p = auth_supported.begin(); p != auth_supported.end(); ) {
if (*p == (__u32)auth_type)
auth_supported.erase(p++);
else
#undef dout_prefix
#define dout_prefix *_dout << "AuthRegistry(" << this << ") "
+using std::string;
+
AuthRegistry::AuthRegistry(CephContext *cct)
: cct(cct)
{
#include <unistd.h>
+using std::ostringstream;
+using std::string;
+
+using ceph::bufferlist;
+using ceph::bufferptr;
+using ceph::Formatter;
+
static bool getentropy_works()
{
char buf;
bufferptr tmp;
bl.copy_deep(len, tmp);
if (_set_secret(type, tmp) < 0)
- throw buffer::malformed_input("malformed secret");
+ throw ceph::buffer::malformed_input("malformed secret");
}
int CryptoKey::set_secret(int type, const bufferptr& s, utime_t c)
#undef dout_prefix
#define dout_prefix *_dout << "auth: "
+using std::map;
+using std::ostream;
+using std::ostringstream;
+using std::string;
+
+using ceph::bufferlist;
+using ceph::Formatter;
+
int KeyRing::from_ceph_context(CephContext *cct)
{
const auto& conf = cct->_conf;
add(conf->name, ea);
return 0;
}
- catch (buffer::error& e) {
+ catch (ceph::buffer::error& e) {
lderr(cct) << "failed to decode key '" << conf->key << "'" << dendl;
return -EINVAL;
}
ea.key.decode_base64(k);
add(conf->name, ea);
}
- catch (buffer::error& e) {
+ catch (ceph::buffer::error& e) {
lderr(cct) << "failed to decode key '" << k << "'" << dendl;
return -EINVAL;
}
string l(val);
try {
key.decode_base64(l);
- } catch (const buffer::error& err) {
+ } catch (const ceph::buffer::error& err) {
return -EINVAL;
}
set_key(name, key);
ConfFile cf;
if (cf.parse_bufferlist(&bl, nullptr) != 0) {
- throw buffer::malformed_input("cannot parse buffer");
+ throw ceph::buffer::malformed_input("cannot parse buffer");
}
for (auto& [name, section] : cf) {
if (!ename.from_str(name)) {
ostringstream oss;
oss << "bad entity name in keyring: " << name;
- throw buffer::malformed_input(oss.str().c_str());
+ throw ceph::buffer::malformed_input(oss.str().c_str());
}
for (auto& [k, val] : section) {
ostringstream oss;
oss << "error setting modifier for [" << name << "] type=" << key
<< " val=" << val;
- throw buffer::malformed_input(oss.str().c_str());
+ throw ceph::buffer::malformed_input(oss.str().c_str());
}
}
}
using ceph::decode;
decode(struct_v, bl);
decode(keys, bl);
- } catch (buffer::error& err) {
+ } catch (ceph::buffer::error& err) {
keys.clear();
decode_plaintext(start_pos);
}
auto iter = bl.cbegin();
decode(iter);
}
- catch (const buffer::error& err) {
+ catch (const ceph::buffer::error& err) {
lderr(cct) << "error parsing file " << filename << ": " << err.what() << dendl;
return -EIO;
}
void RotatingKeyRing::dump_rotating() const
{
ldout(cct, 10) << "dump_rotating:" << dendl;
- for (map<uint64_t, ExpiringCryptoKey>::const_iterator iter = secrets.secrets.begin();
+ for (auto iter = secrets.secrets.begin();
iter != secrets.secrets.end();
++iter)
ldout(cct, 10) << " id " << iter->first << " " << iter->second << dendl;
return false;
}
- map<uint64_t, ExpiringCryptoKey>::const_iterator iter =
- secrets.secrets.find(secret_id);
+ auto iter = secrets.secrets.find(secret_id);
if (iter == secrets.secrets.end()) {
ldout(cct, 0) << "could not find secret_id=" << secret_id << dendl;
dump_rotating();
#define dout_subsys ceph_subsys_auth
-
-
bool CephxAuthorizeHandler::verify_authorizer(
CephContext *cct,
const KeyStore& keys,
- const bufferlist& authorizer_data,
+ const ceph::bufferlist& authorizer_data,
size_t connection_secret_required_len,
- bufferlist *authorizer_reply,
+ ceph::bufferlist *authorizer_reply,
EntityName *entity_name,
uint64_t *global_id,
AuthCapsInfo *caps_info,
bool verify_authorizer(
CephContext *cct,
const KeyStore& keys,
- const bufferlist& authorizer_data,
+ const ceph::buffer::list& authorizer_data,
size_t connection_secret_required_len,
- bufferlist *authorizer_reply,
+ ceph::buffer::list *authorizer_reply,
EntityName *entity_name,
uint64_t *global_id,
AuthCapsInfo *caps_info,
#undef dout_prefix
#define dout_prefix *_dout << "cephx client: "
+using std::string;
+
+using ceph::bufferlist;
+
void CephxClientHandler::reset()
{
ldout(cct,10) << __func__ << dendl;
CephXServerChallenge ch;
try {
decode(ch, indata);
- } catch (buffer::error& e) {
+ } catch (ceph::buffer::error& e) {
ldout(cct, 1) << __func__ << " failed to decode CephXServerChallenge: "
<< e.what() << dendl;
return -EPERM;
struct CephXResponseHeader header;
try {
decode(header, indata);
- } catch (buffer::error& e) {
+ } catch (ceph::buffer::error& e) {
ldout(cct, 1) << __func__ << " failed to decode CephXResponseHeader: "
<< e.what() << dendl;
return -EPERM;
ldout(cct, 10) << " want=" << want << " need=" << need << " have=" << have << dendl;
if (!indata.end()) {
bufferlist cbl, extra_tickets;
+ using ceph::decode;
try {
decode(cbl, indata);
decode(extra_tickets, indata);
- } catch (buffer::error& e) {
+ } catch (ceph::buffer::error& e) {
ldout(cct, 1) << __func__ << " failed to decode tickets: "
<< e.what() << dendl;
return -EPERM;
void reset() override;
void prepare_build_request() override;
- int build_request(bufferlist& bl) const override;
- int handle_response(int ret, bufferlist::const_iterator& iter,
+ int build_request(ceph::buffer::list& bl) const override;
+ int handle_response(int ret, ceph::buffer::list::const_iterator& iter,
CryptoKey *session_key,
std::string *connection_secret) override;
- bool build_rotating_request(bufferlist& bl) const override;
+ bool build_rotating_request(ceph::buffer::list& bl) const override;
int get_protocol() const override { return CEPH_AUTH_CEPHX; }
#undef dout_prefix
#define dout_prefix *_dout << "cephx: "
+using std::dec;
+using std::hex;
+using std::vector;
+using ceph::bufferlist;
+using ceph::decode;
+using ceph::encode;
void cephx_calc_client_server_challenge(CephContext *cct, CryptoKey& secret, uint64_t server_challenge,
uint64_t client_challenge, uint64_t *key, std::string &error)
bufferlist& reply)
{
__u8 service_ticket_reply_v = 1;
+ using ceph::encode;
encode(service_ticket_reply_v, reply);
uint32_t num = ticket_info_vec.size();
ldout(cct, 10) << "build_service_ticket_reply encoding " << num
<< " tickets with secret " << principal_secret << dendl;
- for (vector<CephXSessionAuthInfo>::iterator ticket_iter = ticket_info_vec.begin();
+ for (auto ticket_iter = ticket_info_vec.begin();
ticket_iter != ticket_info_vec.end();
++ticket_iter) {
CephXSessionAuthInfo& info = *ticket_iter;
CryptoKey& secret,
bufferlist::const_iterator& indata)
{
+ using ceph::decode;
try {
__u8 service_ticket_v;
decode(service_ticket_v, indata);
have_key_flag = true;
return true;
- } catch (buffer::error& e) {
+ } catch (ceph::buffer::error& e) {
ldout(cct, 1) << __func__ << " decode error: " << e.what() << dendl;
return false;
}
bool CephXTicketManager::have_key(uint32_t service_id)
{
- map<uint32_t, CephXTicketHandler>::iterator iter = tickets_map.find(service_id);
+ auto iter = tickets_map.find(service_id);
if (iter == tickets_map.end())
return false;
return iter->second.have_key();
bool CephXTicketManager::need_key(uint32_t service_id) const
{
- map<uint32_t, CephXTicketHandler>::const_iterator iter = tickets_map.find(service_id);
+ auto iter = tickets_map.find(service_id);
if (iter == tickets_map.end())
return true;
return iter->second.need_key();
void CephXTicketManager::set_have_need_key(uint32_t service_id, uint32_t& have, uint32_t& need)
{
- map<uint32_t, CephXTicketHandler>::iterator iter = tickets_map.find(service_id);
+ auto iter = tickets_map.find(service_id);
if (iter == tickets_map.end()) {
have &= ~service_id;
need |= service_id;
void CephXTicketManager::invalidate_ticket(uint32_t service_id)
{
- map<uint32_t, CephXTicketHandler>::iterator iter = tickets_map.find(service_id);
+ auto iter = tickets_map.find(service_id);
if (iter != tickets_map.end())
iter->second.invalidate_ticket();
}
try {
decode(service_ticket_reply_v, indata);
decode(num, indata);
- } catch (buffer::error& e) {
+ } catch (ceph::buffer::error& e) {
ldout(cct, 10) << __func__ << " failed to decode ticket v or count: "
<< e.what() << dendl;
}
uint32_t type = 0;
try {
decode(type, indata);
- } catch (buffer::error& e) {
+ } catch (ceph::buffer::error& e) {
ldout(cct, 10) << __func__ << " failed to decode ticket type: " << e.what()
<< dendl;
}
*/
CephXAuthorizer *CephXTicketManager::build_authorizer(uint32_t service_id) const
{
- map<uint32_t, CephXTicketHandler>::const_iterator iter = tickets_map.find(service_id);
+ auto iter = tickets_map.find(service_id);
if (iter == tickets_map.end()) {
ldout(cct, 0) << "no TicketHandler for service "
<< ceph_entity_type_name(service_id) << dendl;
decode(global_id, indata);
decode(service_id, indata);
decode(ticket, indata);
- } catch (buffer::end_of_buffer &e) {
+ } catch (ceph::buffer::end_of_buffer &e) {
// Unable to decode!
return false;
}
struct CephXServerChallenge {
uint64_t server_challenge;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 1;
encode(struct_v, bl);
encode(server_challenge, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
struct CephXRequestHeader {
__u16 request_type;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
encode(request_type, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
decode(request_type, bl);
}
uint16_t request_type;
int32_t status;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
encode(request_type, bl);
encode(status, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
decode(request_type, bl);
decode(status, bl);
struct CephXTicketBlob {
uint64_t secret_id;
- bufferlist blob;
+ ceph::buffer::list blob;
CephXTicketBlob() : secret_id(0) {}
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 1;
encode(struct_v, bl);
encode(blob, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
CephXTicketBlob old_ticket;
uint32_t other_keys = 0; // replaces CephXServiceTicketRequest
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 2;
encode(struct_v, bl);
encode(old_ticket, bl);
encode(other_keys, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
struct CephXChallengeBlob {
uint64_t server_challenge, client_challenge;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
encode(server_challenge, bl);
encode(client_challenge, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
decode(server_challenge, bl);
decode(client_challenge, bl);
extern void cephx_build_service_ticket_request(CephContext *cct,
uint32_t keys,
- bufferlist& request);
+ ceph::buffer::list& request);
extern bool cephx_build_service_ticket_reply(CephContext *cct,
CryptoKey& principal_secret,
- vector<CephXSessionAuthInfo> ticket_info,
+ std::vector<CephXSessionAuthInfo> ticket_info,
bool should_encrypt_ticket,
CryptoKey& ticket_enc_key,
- bufferlist& reply);
+ ceph::buffer::list& reply);
struct CephXServiceTicketRequest {
uint32_t keys;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 1;
encode(struct_v, bl);
encode(keys, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
struct CephXAuthorizeReply {
uint64_t nonce_plus_one;
std::string connection_secret;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 1;
if (connection_secret.size()) {
encode(connection_secret, bl);
}
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
CephContext *cct;
public:
uint64_t nonce;
- bufferlist base_bl;
+ ceph::buffer::list base_bl;
explicit CephXAuthorizer(CephContext *cct_)
: AuthAuthorizer(CEPH_AUTH_CEPHX), cct(cct_), nonce(0) {}
bool build_authorizer();
- bool verify_reply(bufferlist::const_iterator& reply,
+ bool verify_reply(ceph::buffer::list::const_iterator& reply,
std::string *connection_secret) override;
- bool add_challenge(CephContext *cct, const bufferlist& challenge) override;
+ bool add_challenge(CephContext *cct, const ceph::buffer::list& challenge) override;
};
// to build our ServiceTicket
bool verify_service_ticket_reply(CryptoKey& principal_secret,
- bufferlist::const_iterator& indata);
+ ceph::buffer::list::const_iterator& indata);
// to access the service
CephXAuthorizer *build_authorizer(uint64_t global_id) const;
};
struct CephXTicketManager {
- typedef map<uint32_t, CephXTicketHandler> tickets_map_t;
+ typedef std::map<uint32_t, CephXTicketHandler> tickets_map_t;
tickets_map_t tickets_map;
uint64_t global_id;
explicit CephXTicketManager(CephContext *cct_) : global_id(0), cct(cct_) {}
bool verify_service_ticket_reply(CryptoKey& principal_secret,
- bufferlist::const_iterator& indata);
+ ceph::buffer::list::const_iterator& indata);
CephXTicketHandler& get_handler(uint32_t type) {
tickets_map_t::iterator i = tickets_map.find(type);
CryptoKey session_key;
utime_t validity;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 1;
encode(struct_v, bl);
encode(session_key, bl);
encode(validity, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
AuthTicket ticket;
CryptoKey session_key;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 1;
encode(struct_v, bl);
encode(ticket, bl);
encode(session_key, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
struct CephXAuthorizeChallenge : public AuthAuthorizerChallenge {
uint64_t server_challenge;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 1;
encode(struct_v, bl);
encode(server_challenge, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
uint64_t nonce;
bool have_challenge = false;
uint64_t server_challenge_plus_one = 0;
- void encode(bufferlist& bl) const {
+ void encode(ceph::buffer::list& bl) const {
using ceph::encode;
__u8 struct_v = 2;
encode(struct_v, bl);
encode(have_challenge, bl);
encode(server_challenge_plus_one, bl);
}
- void decode(bufferlist::const_iterator& bl) {
+ void decode(ceph::buffer::list::const_iterator& bl) {
using ceph::decode;
__u8 struct_v;
decode(struct_v, bl);
extern bool cephx_verify_authorizer(
CephContext *cct,
const KeyStore& keys,
- bufferlist::const_iterator& indata,
+ ceph::buffer::list::const_iterator& indata,
size_t connection_secret_required_len,
CephXServiceTicketInfo& ticket_info,
std::unique_ptr<AuthAuthorizerChallenge> *challenge,
std::string *connection_secret,
- bufferlist *reply_bl);
+ ceph::buffer::list *reply_bl);
template <typename T>
void decode_decrypt_enc_bl(CephContext *cct, T& t, CryptoKey key,
- const bufferlist& bl_enc,
+ const ceph::buffer::list& bl_enc,
std::string &error)
{
uint64_t magic;
- bufferlist bl;
+ ceph::buffer::list bl;
if (key.decrypt(cct, bl_enc, bl, &error) < 0)
return;
auto iter2 = bl.cbegin();
__u8 struct_v;
+ using ceph::decode;
decode(struct_v, iter2);
decode(magic, iter2);
if (magic != AUTH_ENC_MAGIC) {
- ostringstream oss;
+ std::ostringstream oss;
oss << "bad magic in decode_decrypt, " << magic << " != " << AUTH_ENC_MAGIC;
error = oss.str();
return;
template <typename T>
void encode_encrypt_enc_bl(CephContext *cct, const T& t, const CryptoKey& key,
- bufferlist& out, std::string &error)
+ ceph::buffer::list& out, std::string &error)
{
- bufferlist bl;
+ ceph::buffer::list bl;
__u8 struct_v = 1;
+ using ceph::encode;
encode(struct_v, bl);
uint64_t magic = AUTH_ENC_MAGIC;
encode(magic, bl);
template <typename T>
int decode_decrypt(CephContext *cct, T& t, const CryptoKey& key,
- bufferlist::const_iterator& iter, std::string &error)
+ ceph::buffer::list::const_iterator& iter, std::string &error)
{
- bufferlist bl_enc;
+ ceph::buffer::list bl_enc;
+ using ceph::decode;
try {
decode(bl_enc, iter);
decode_decrypt_enc_bl(cct, t, key, bl_enc, error);
}
- catch (buffer::error &e) {
+ catch (ceph::buffer::error &e) {
error = "error decoding block for decryption";
}
if (!error.empty())
template <typename T>
int encode_encrypt(CephContext *cct, const T& t, const CryptoKey& key,
- bufferlist& out, std::string &error)
+ ceph::buffer::list& out, std::string &error)
{
- bufferlist bl_enc;
+ using ceph::encode;
+ ceph::buffer::list bl_enc;
encode_encrypt_enc_bl(cct, t, key, bl_enc, error);
if (!error.empty()){
return CEPHX_CRYPT_ERR;
bool AuthNoneAuthorizeHandler::verify_authorizer(
CephContext *cct,
const KeyStore& keys,
- const bufferlist& authorizer_data,
+ const ceph::buffer::list& authorizer_data,
size_t connection_secret_required_len,
- bufferlist *authorizer_reply,
+ ceph::buffer::list *authorizer_reply,
EntityName *entity_name,
uint64_t *global_id,
AuthCapsInfo *caps_info,
std::string *connection_secret,
std::unique_ptr<AuthAuthorizerChallenge> *challenge)
{
+ using ceph::decode;
auto iter = authorizer_data.cbegin();
try {
decode(struct_v, iter);
decode(*entity_name, iter);
decode(*global_id, iter);
- } catch (const buffer::error &err) {
+ } catch (const ceph::buffer::error &err) {
ldout(cct, 0) << "AuthNoneAuthorizeHandle::verify_authorizer() failed to decode" << dendl;
return false;
}
bool verify_authorizer(
CephContext *cct,
const KeyStore& keys,
- const bufferlist& authorizer_data,
+ const ceph::buffer::list& authorizer_data,
size_t connection_secret_required_len,
- bufferlist *authorizer_reply,
+ ceph::buffer::list *authorizer_reply,
EntityName *entity_name,
uint64_t *global_id,
AuthCapsInfo *caps_info,
void reset() override { }
void prepare_build_request() override {}
- int build_request(bufferlist& bl) const override { return 0; }
- int handle_response(int ret, bufferlist::const_iterator& iter,
+ int build_request(ceph::buffer::list& bl) const override { return 0; }
+ int handle_response(int ret, ceph::buffer::list::const_iterator& iter,
CryptoKey *session_key,
std::string *connection_secret) override { return 0; }
- bool build_rotating_request(bufferlist& bl) const override { return false; }
+ bool build_rotating_request(ceph::buffer::list& bl) const override { return false; }
int get_protocol() const override { return CEPH_AUTH_NONE; }
AuthNoneAuthorizer() : AuthAuthorizer(CEPH_AUTH_NONE) { }
bool build_authorizer(const EntityName &ename, uint64_t global_id) {
__u8 struct_v = 1; // see AUTH_MODE_* in Auth.h
+ using ceph::encode;
encode(struct_v, bl);
encode(ename, bl);
encode(global_id, bl);
return 0;
}
- bool verify_reply(bufferlist::const_iterator& reply,
+ bool verify_reply(ceph::buffer::list::const_iterator& reply,
std::string *connection_secret) override { return true; }
- bool add_challenge(CephContext *cct, const bufferlist& ch) override {
+ bool add_challenge(CephContext *cct, const ceph::buffer::list& ch) override {
return true;
}
};
projects / ceph.git / commitdiff