auth,mon,crimson: pass KeyStore by const reference

AuthAuthorizeHandler::verify_authorizer() neither changes the keystore,
nor expects a nullptr. so we should pass the keystore by const reference
for better readability

Signed-off-by: Kefu Chai <kchai@redhat.com>

diff --git a/src/auth/AuthAuthorizeHandler.h b/src/auth/AuthAuthorizeHandler.h
index 4db4e408dca1eb67bd2c8c43fa78fd17c19d12e6..b6ac1b1b7d2b82686087ab92ed5aa4bc5aac3e4b 100644 (file)
--- a/src/auth/AuthAuthorizeHandler.h
+++ b/src/auth/AuthAuthorizeHandler.h
@@ -31,7 +31,7 @@ struct AuthAuthorizeHandler {
   virtual ~AuthAuthorizeHandler() {}
   virtual bool verify_authorizer(
     CephContext *cct,
-    KeyStore *keys,
+    const KeyStore& keys,
     const ceph::buffer::list& authorizer_data,
     size_t connection_secret_required_len,
     ceph::buffer::list *authorizer_reply,

diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc
index 6684e164728c88d4eaeab9f53f6cf242db052644..b07de5a1d965b512d59d813f3b425452104f0390 100644 (file)
--- a/src/auth/cephx/CephxAuthorizeHandler.cc
+++ b/src/auth/cephx/CephxAuthorizeHandler.cc
@@ -8,7 +8,7 @@
 
 bool CephxAuthorizeHandler::verify_authorizer(
   CephContext *cct,
-  KeyStore *keys,
+  const KeyStore& keys,
   const bufferlist& authorizer_data,
   size_t connection_secret_required_len,
   bufferlist *authorizer_reply,

diff --git a/src/auth/cephx/CephxAuthorizeHandler.h b/src/auth/cephx/CephxAuthorizeHandler.h
index 769426c43841ea45572d1b08289709e817a4a854..c53af021b89ed202d934a4550aac2df4ab931efe 100644 (file)
--- a/src/auth/cephx/CephxAuthorizeHandler.h
+++ b/src/auth/cephx/CephxAuthorizeHandler.h
@@ -22,7 +22,7 @@ class CephContext;
 struct CephxAuthorizeHandler : public AuthAuthorizeHandler {
   bool verify_authorizer(
     CephContext *cct,
-    KeyStore *keys,
+    const KeyStore& keys,
     const bufferlist& authorizer_data,
     size_t connection_secret_required_len,
     bufferlist *authorizer_reply,

diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc
index 6254d8f3c1e6da096c9362e8e09ce150022ec3e0..5b7a2bcb86ed4303e226c034ec785b95c7c20959 100644 (file)
--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -391,7 +391,7 @@ bool cephx_decode_ticket(CephContext *cct, KeyStore *keys, uint32_t service_id,
  *
  * {timestamp + 1}^session_key
  */
-bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
+bool cephx_verify_authorizer(CephContext *cct, const KeyStore& keys,
                             bufferlist::const_iterator& indata,
                             size_t connection_secret_required_len,
                             CephXServiceTicketInfo& ticket_info,
@@ -422,13 +422,13 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
   if (ticket.secret_id == (uint64_t)-1) {
     EntityName name;
     name.set_type(service_id);
-    if (!keys->get_secret(name, service_secret)) {
+    if (!keys.get_secret(name, service_secret)) {
       ldout(cct, 0) << "verify_authorizer could not get general service secret for service "
              << ceph_entity_type_name(service_id) << " secret_id=" << ticket.secret_id << dendl;
       return false;
     }
   } else {
-    if (!keys->get_service_secret(service_id, ticket.secret_id, service_secret)) {
+    if (!keys.get_service_secret(service_id, ticket.secret_id, service_secret)) {
       ldout(cct, 0) << "verify_authorizer could not get service secret for service "
              << ceph_entity_type_name(service_id) << " secret_id=" << ticket.secret_id << dendl;
       if (cct->_conf->auth_debug && ticket.secret_id == 0)

diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h
index 0aedc9d12d9597bd1bdf970e50b0282c121a4cc8..ebee32239e21f93f572fd134a0dbc937526dd9e7 100644 (file)
--- a/src/auth/cephx/CephxProtocol.h
+++ b/src/auth/cephx/CephxProtocol.h
@@ -424,7 +424,7 @@ bool cephx_decode_ticket(CephContext *cct, KeyStore *keys,
  */
 extern bool cephx_verify_authorizer(
   CephContext *cct,
-  KeyStore *keys,
+  const KeyStore& keys,
   bufferlist::const_iterator& indata,
   size_t connection_secret_required_len,
   CephXServiceTicketInfo& ticket_info,

diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index 12bb8348f44c5637657e1522c80611fbe83a9b10..a34f0b4ee3091922c1bca9762ae4cfd45364000e 100644 (file)
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -226,7 +226,7 @@ int CephxServiceHandler::handle_request(
       CephXServiceTicketInfo auth_ticket_info;
       // note: no challenge here.
       if (!cephx_verify_authorizer(
-           cct, key_server, indata, 0, auth_ticket_info, nullptr,
+           cct, *key_server, indata, 0, auth_ticket_info, nullptr,
            nullptr,
            &tmp_bl)) {
         ret = -EPERM;

diff --git a/src/auth/krb/KrbAuthorizeHandler.hpp b/src/auth/krb/KrbAuthorizeHandler.hpp
index bc8eac6259bfbe10427652d0c15508fd6e308e84..448b682e68d2425e8ab9730f3c3f1419364e45a1 100644 (file)
--- a/src/auth/krb/KrbAuthorizeHandler.hpp
+++ b/src/auth/krb/KrbAuthorizeHandler.hpp
@@ -21,7 +21,7 @@
 class KrbAuthorizeHandler : public AuthAuthorizeHandler {
   bool verify_authorizer(
     CephContext*,
-    KeyStore*,
+    const KeyStore&,
     const bufferlist&,
     size_t,
     bufferlist *,

diff --git a/src/auth/none/AuthNoneAuthorizeHandler.cc b/src/auth/none/AuthNoneAuthorizeHandler.cc
index 15bcc06530d194a9a1421b62c9d787ef8d39747a..2b81212ce74e93895c8b88f004181c9c6dd2f9d0 100644 (file)
--- a/src/auth/none/AuthNoneAuthorizeHandler.cc
+++ b/src/auth/none/AuthNoneAuthorizeHandler.cc
@@ -19,7 +19,7 @@
 
 bool AuthNoneAuthorizeHandler::verify_authorizer(
   CephContext *cct,
-  KeyStore *keys,
+  const KeyStore& keys,
   const bufferlist& authorizer_data,
   size_t connection_secret_required_len,
   bufferlist *authorizer_reply,

diff --git a/src/auth/none/AuthNoneAuthorizeHandler.h b/src/auth/none/AuthNoneAuthorizeHandler.h
index 5b33f2fc3c326adf2bb7099d8b91b05ce018b5a1..d9abc769ef429dd5d3f5b3003f14831db8c39b93 100644 (file)
--- a/src/auth/none/AuthNoneAuthorizeHandler.h
+++ b/src/auth/none/AuthNoneAuthorizeHandler.h
@@ -22,7 +22,7 @@ class CephContext;
 struct AuthNoneAuthorizeHandler : public AuthAuthorizeHandler {
   bool verify_authorizer(
     CephContext *cct,
-    KeyStore *keys,
+    const KeyStore& keys,
     const bufferlist& authorizer_data,
     size_t connection_secret_required_len,
     bufferlist *authorizer_reply,

diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc
index 112d8018c8cf4bc915181134a3410bf4a6014dad..cbc2cf7696c64145ce0110ec4cbbee1bd3b60ea6 100644 (file)
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@@ -580,7 +580,7 @@ int Client::handle_auth_request(ceph::net::ConnectionRef con,
   AuthCapsInfo caps_info;
   bool is_valid = ah->verify_authorizer(
     &cct,
-    &active_con->get_keys(),
+    active_con->get_keys(),
     payload,
     auth_meta->get_connection_secret_length(),
     reply,

diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc
index d01c436a235896b9ee32e0f1edfd37222ad24e02..b97336eabfb9aa3eb994a1749ddb7f9b72f5e991 100644 (file)
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@@ -1453,7 +1453,7 @@ int MonClient::handle_auth_request(
   bool was_challenge = (bool)auth_meta->authorizer_challenge;
   bool isvalid = ah->verify_authorizer(
     cct,
-    rotating_secrets.get(),
+    *rotating_secrets,
     payload,
     auth_meta->get_connection_secret_length(),
     reply,

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 55231f60bf6e30534cf57ad10ac39b071d1c068b..aeaa38b4ac0637f58a21841b65e0e8af7e58567c 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -6213,7 +6213,7 @@ int Monitor::handle_auth_request(
     bool was_challenge = (bool)auth_meta->authorizer_challenge;
     bool isvalid = ah->verify_authorizer(
       cct,
-      &keyring,
+      keyring,
       payload,
       auth_meta->get_connection_secret_length(),
       reply,