* F= {principal/service session key, validity}^principal/auth session key
*
*/
-bool build_ticket_reply(ServiceTicket service_ticket, CryptoKey auth_session_key, CryptoKey& service_secret,
+bool build_ticket_reply(ServiceTicket service_ticket,
+ CryptoKey session_key,
+ CryptoKey auth_session_key,
+ CryptoKey& service_secret,
bufferlist& reply)
{
- bufferlist ticket, enc_ticket;
+ AuthMsg_E e;
- /* E */
- ::encode(service_ticket, ticket);
- if (service_secret.encrypt(ticket, enc_ticket) < 0) {
+ e.ticket = service_ticket;
+ if (e.encode_encrypt(service_secret, reply) < 0)
return false;
- }
-
- bufferlist principal, principal_enc;
- ::encode(service_ticket.session_key, principal);
-
- if (service_secret.encrypt(principal, principal_enc) < 0) {
- return false;
- }
- ::encode(enc_ticket, reply);
- ::encode(principal_enc, reply);
+ AuthMsg_F f;
+ f.session_key = session_key;
+ f.validity = 0; /* FIXME */
+ if (f.encode_encrypt(auth_session_key, reply) < 0)
+ return false;
return true;
}
extern bool verify_get_session_keys_request(CryptoKey& service_secret,
CryptoKey& session_key, uint32_t& keys, bufferlist::iterator& indata);
-extern bool build_ticket_reply(ServiceTicket service_ticket, CryptoKey auth_session_key, CryptoKey& service_secret,
+extern bool build_ticket_reply(ServiceTicket service_ticket,
+ CryptoKey session_key,
+ CryptoKey auth_session_key,
+ CryptoKey& service_secret,
bufferlist& reply);
/*
* Verify authenticator and generate reply authenticator
/* FIXME */
#define SERVICE_SECRET "0123456789ABCDEF"
#define AUTH_SESSION_KEY "23456789ABCDEF01"
+#define TEST_SESSION_KEY "456789ABCDEF0123"
#define PRINCIPAL_CLIENT_SECRET "123456789ABCDEF0"
#define PRINCIPAL_OSD_SECRET "3456789ABCDEF012"
CryptoKey osd_secret;
CryptoKey auth_session_key;
CryptoKey service_secret;
+ CryptoKey test_session_key;
public:
CephAuthServer() {
bufferptr ptr4(AUTH_SESSION_KEY, sizeof(AUTH_SESSION_KEY) - 1);
auth_session_key.set_secret(CEPH_SECRET_AES, ptr3);
- }
+
+ bufferptr ptr5(TEST_SESSION_KEY, sizeof(TEST_SESSION_KEY) - 1);
+ test_session_key.set_secret(CEPH_SECRET_AES, ptr5);
+ }
/* FIXME: temporary stabs */
int get_client_secret(CryptoKey& secret) {
return 0;
}
- int get_session_key(CryptoKey& key) {
+ int get_auth_session_key(CryptoKey& key) {
key = auth_session_key;
return 0;
}
+
+ int get_test_session_key(CryptoKey& key) {
+ key = test_session_key;
+ return 0;
+ }
};
ticket.expires = g_clock.now();
auth_server.get_client_secret(principal_secret);
- auth_server.get_session_key(session_key);
+ auth_server.get_auth_session_key(session_key);
auth_server.get_service_secret(service_secret);
build_cephx_response_header(request_type, 0, result_bl);
{
EntityName name; /* FIXME should take it from the request */
entity_addr_t addr;
+ CryptoKey auth_session_key;
CryptoKey session_key;
CryptoKey service_secret;
uint32_t keys;
- auth_server.get_session_key(session_key);
+ auth_server.get_auth_session_key(session_key);
auth_server.get_service_secret(service_secret);
+ auth_server.get_test_session_key(session_key);
if (!verify_get_session_keys_request(service_secret,
- session_key, keys, indata)) {
+ auth_session_key, keys, indata)) {
ret = -EPERM;
}
auth_server.get_osd_secret(osd_secret);
build_cephx_response_header(request_type, ret, result_bl);
- build_ticket_reply(service_ticket, session_key, osd_secret, result_bl);
+ build_ticket_reply(service_ticket, session_key, auth_session_key, osd_secret, result_bl);
}
break;
default:
projects / ceph.git / commitdiff