generate_secret(info.session_key);
- string s = ceph_entity_type_name(service_id);
- if (!data.get_caps(cct, info.ticket.name, s, info.ticket.caps)) {
- return -EINVAL;
+ // mon keys are stored externally. and the caps are blank anyway.
+ if (service_id != CEPH_ENTITY_TYPE_MON) {
+ string s = ceph_entity_type_name(service_id);
+ if (!data.get_caps(cct, info.ticket.name, s, info.ticket.caps)) {
+ return -EINVAL;
+ }
}
-
return 0;
}
auth_ticket_info.ticket.global_id = 0;
CryptoKey secret;
- if (!key_server.get_secret(name, secret)) {
- dout(0) << " couldn't get secret for mon service" << dendl;
+ if (!keyring.get_secret(name, secret) &&
+ !key_server.get_secret(name, secret)) {
+ dout(0) << " couldn't get secret for mon service from keyring or keyserver" << dendl;
stringstream ss;
key_server.list_secrets(ss);
dout(0) << ss.str() << dendl;
CephXServiceTicketInfo auth_ticket_info;
if (authorizer_data.length()) {
- int ret = cephx_verify_authorizer(g_ceph_context, &key_server, iter,
+ int ret = cephx_verify_authorizer(g_ceph_context, &keyring, iter,
auth_ticket_info, authorizer_reply);
if (ret >= 0)
isvalid = true;
projects / ceph.git / commitdiff