/*
* Authentication
*/
-#if 0
-static void encode_tgt(AuthTicket& ticket, CryptoKey& key, bufferlist& bl)
-{
- ::encode(ticket, bl);
- ::encode(key, bl);
-}
-
-static void decode_tgt(AuthTicket& ticket, CryptoKey& key, bufferlist& bl)
-{
- bufferlist::iterator iter = bl.begin();
- ::decode(ticket, iter);
- ::decode(key, iter);
-}
-#endif
/*
* PRINCIPAL: request authentication
return true;
}
-#if 0
-/*
- * PRINCIPAL: build request to retrieve a service ticket
- *
- * AuthServiceTicketInfo, D = {principal_addr, timestamp}^principal/auth session key
- */
-bool AuthTicketHandler::get_session_keys(uint32_t keys, entity_addr_t& principal_addr, bufferlist& bl)
-{
- AuthMsg_D msg;
- msg.timestamp = g_clock.now();
- msg.principal_addr = principal_addr;
-
- if (msg.encode_encrypt(session_key, bl) < 0)
- return false;
-
- ::encode(enc_ticket, bl);
-
- return true;
-}
-
-bool verify_get_session_keys_request(CryptoKey& service_secret,
- CryptoKey& session_key, uint32_t& keys, bufferlist::iterator& indata)
-{
- AuthMsg_D msg;
- if (msg.decode_decrypt(session_key, indata) < 0)
- return false;
-
- dout(0) << "decoded now=" << msg.timestamp << " addr=" << msg.principal_addr << dendl;
-
- AuthServiceTicketInfo tgt;
- if (tgt.decode_decrypt(service_secret, indata) < 0)
- return false;
-
- /* FIXME: validate that request makes sense */
-
- return true;
-}
-
-bool build_get_tgt_reply(AuthTicket& principal_ticket, CryptoKey& principal_secret,
- CryptoKey& session_key, CryptoKey& service_secret,
- bufferlist& reply)
-{
- bufferlist info, enc_info;
- ::encode(session_key, info);
- ::encode(principal_ticket.renew_after, info);
- ::encode(principal_ticket.expires, info);
- ::encode(principal_ticket.nonce, info);
- dout(0) << "encoded expires=" << principal_ticket.expires << dendl;
- if (principal_secret.encrypt(info, enc_info) < 0) {
- dout(0) << "error encrypting principal ticket" << dendl;
- return false;
- }
- ::encode(enc_info, reply);
-
- /*
- Build AuthServiceTicketInfo
- */
- bufferlist ticket, tgt;
- encode_tgt(principal_ticket, session_key, ticket);
-
- if (service_secret.encrypt(ticket, tgt) < 0) {
- dout(0) << "error ecryptng result" << dendl;
- return false;
- }
- ::encode(tgt, reply);
-
- dout(0) << "enc_info.length()=" << enc_info.length() << dendl;
- dout(0) << "tgt.length()=" << tgt.length() << dendl;
-
- return true;
-}
-#endif
-
-#if 0
-/*
- * AUTH SERVER: build ticket for service reply
- *
- * a->p : E= {service ticket}^svcsecret
- * F= {principal/service session key, validity}^principal/auth session key
- *
- */
-bool build_ticket_reply(AuthTicketHandler service_ticket,
- CryptoKey session_key,
- CryptoKey auth_session_key,
- CryptoKey& service_secret,
- bufferlist& reply)
-{
- AuthMsg_E e;
-
- e.ticket = service_ticket;
- if (e.encode_encrypt(service_secret, reply) < 0)
- return false;
-
-
- AuthServiceTicket f;
- f.session_key = session_key;
- if (f.encode_encrypt(auth_session_key, reply) < 0)
- return false;
-
- return true;
-}
-
-/*
- * AUTH SERVER: verify a request to retrieve a service ticket, build response
- *
- * AuthServiceTicketInfo, {principal_addr, timestamp}^principal/auth session key
- */
-bool build_get_session_keys_response(ServiceTicket& ticket, CryptoKey& service_secret,
- bufferlist::iterator& indata, bufferlist& out)
-{
- /* FIXME: verify session key */
-
- return true;
-}
-#endif
/*
* PRINCIPAL: build authenticator to access the service.
*
bool verify_reply_authenticator(utime_t then, bufferlist& enc_reply);
bool has_key() { return has_key_flag; }
-#if 0
- void encode(bufferlist& bl) const {
- __u8 v = 1;
- ::encode(v, bl);
- ::encode(session_key, bl);
- ::encode(enc_ticket, bl);
- ::encode(nonce, bl);
- ::encode(renew_after, bl);
- ::encode(expires, bl);
- __u8 f = has_key_flag;
- ::encode(f, bl);
- }
- void decode(bufferlist::iterator& bl) {
- __u8 v;
- ::decode(v, bl);
- ::decode(session_key, bl);
- ::decode(enc_ticket, bl);
- ::decode(nonce, bl);
- ::decode(renew_after, bl);
- ::decode(expires, bl);
- __u8 f;
- ::decode(f, bl);
- has_key_flag = f;
- }
-#endif
};
//WRITE_CLASS_ENCODER(ServiceTicket)
};
WRITE_CLASS_ENCODER(AuthServiceTicketInfo);
-#if 0
-/* D */
-struct AuthMsg_D : public AuthEnc {
- entity_addr_t principal_addr;
- utime_t timestamp;
- uint32_t keys;
-
- void encode(bufferlist& bl) const {
- ::encode(keys, bl);
- ::encode(principal_addr, bl);
- ::encode(timestamp, bl);
- }
- void decode(bufferlist::iterator& bl) {
- ::decode(keys, bl);
- ::decode(principal_addr, bl);
- ::decode(timestamp, bl);
- }
-};
-WRITE_CLASS_ENCODER(AuthMsg_D);
-
-
-/* E */
-struct AuthMsg_E : public AuthEnc {
- ServiceTicket ticket;
-
- void encode(bufferlist& bl) const {
- ::encode(ticket, bl);
- }
- void decode(bufferlist::iterator& bl) {
- ::decode(ticket, bl);
- }
-};
-WRITE_CLASS_ENCODER(AuthMsg_E);
-#endif
-
struct AuthAuthenticate : public AuthEnc {
utime_t now;
string nonce;
projects / ceph.git / commitdiff