void RGWRados::call_zap() {
return;
}
+
+int RGWRados::check_mfa(const rgw_user& user, const string& otp_id, const string& pin)
+{
+ string oid = string("user:") + user.to_str();
+ rgw_raw_obj obj(get_zone_params().otp_pool, oid);
+
+ rgw_rados_ref ref;
+ int r = get_system_obj_ref(obj, &ref);
+ if (r < 0) {
+ return r;
+ }
+
+ otp_check_t result;
+
+ librados::ObjectWriteOperation op;
+ rados::cls::otp::OTP::check(ref.io_ctx, obj.get_oid(), otp_id, pin, &result);
+ r = ref.ioctx.operate(ref.oid, &op);
+ if (r < 0) {
+ ldout(cct, 20) << "OTP remove, otp_id=" << id << " result=" << (int)r << dendl;
+ return r;
+ }
+
+ return 0;
+}
+
+int RGWRados::get_mfa(const rgw_user& user, const string& id, rados::cls::otp::otp_info_t *result)
+{
+ rgw_rados_ref ref;
+
+ int r = get_mfa_ref(user, &ref);
+ if (r < 0) {
+ return r;
+ }
+
+ r = rados::cls::otp::OTP::get(ref.ioctx, ref.oid, id, result);
+ if (r < 0) {
+ return r;
+ }
+
+ ldout(cct, 20) << "OTP check, otp_id=" << otp_id << " result=" << (int)result << dendl;
+
+ return (result.result == rados::cls::otp::OTP_CHECK ? 0 : -EACCES);
+}
+
int delete_raw_obj_aio(const rgw_raw_obj& obj, list<librados::AioCompletion *>& handles);
int delete_obj_aio(const rgw_obj& obj, RGWBucketInfo& info, RGWObjState *astate,
list<librados::AioCompletion *>& handles, bool keep_index_consistent);
+
+ int check_mfa(const rgw_user& user, const string& otp_id, const string& pin);
private:
/**
* This is a helper method, it generates a list of bucket index objects with the given
}
string& serial = params[0];
- string& otp = params[1];
+ string& pin = params[1];
auto i = user->mfa_ids.find(serial);
if (i == user->mfa_ids.end()) {
return -EACCES;
}
+ int ret = store->check_mfa(user->user_id, serial, pin);
+ if (ret < 0) {
+ ldout(store->ctx(), 20) << "NOTICE: failed to check MFA, serial=" << serial << dendl;
+ return -EACCES;
+ }
+
+#warning clean me up
#if 0
string& seed = i->second;
projects / ceph.git / commitdiff