Allow these methods to populate session and connection secrets.
No functional change (yet).
Signed-off-by: Sage Weil <sage@redhat.com>
class CephContext;
class KeyServer;
+class CryptoKey;
struct AuthCapsInfo;
struct AuthServiceHandler {
virtual int start_session(const EntityName& name,
bufferlist *result,
- AuthCapsInfo *caps) = 0;
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) = 0;
virtual int handle_request(bufferlist::const_iterator& indata,
bufferlist *result,
uint64_t *global_id,
- AuthCapsInfo *caps) = 0;
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) = 0;
EntityName& get_entity_name() { return entity_name; }
};
int CephxServiceHandler::start_session(const EntityName& name,
bufferlist *result_bl,
- AuthCapsInfo *caps)
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret)
{
entity_name = name;
bufferlist::const_iterator& indata,
bufferlist *result_bl,
uint64_t *global_id,
- AuthCapsInfo *caps)
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret)
{
int ret = 0;
int start_session(const EntityName& name,
bufferlist *result_bl,
- AuthCapsInfo *caps) override;
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) override;
int handle_request(
bufferlist::const_iterator& indata,
bufferlist *result_bl,
uint64_t *global_id,
- AuthCapsInfo *caps) override;
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) override;
+
void build_cephx_response_header(int request_type, int status, bufferlist& bl);
};
#define dout_prefix *_dout << "krb5/gssapi service: " << entity_name << " : "
-int KrbServiceHandler::handle_request(bufferlist::const_iterator& indata,
- bufferlist *buff_list,
- uint64_t *global_id,
- AuthCapsInfo *caps)
+int KrbServiceHandler::handle_request(
+ bufferlist::const_iterator& indata,
+ bufferlist *buff_list,
+ uint64_t *global_id,
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret)
{
auto result(0);
gss_buffer_desc gss_buffer_in = {0, nullptr};
return result;
}
-int KrbServiceHandler::start_session(const EntityName& name,
- bufferlist *buff_list,
- AuthCapsInfo *caps)
+int KrbServiceHandler::start_session(
+ const EntityName& name,
+ bufferlist *buff_list,
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret)
{
gss_buffer_desc gss_buffer_in = {0, nullptr};
gss_OID gss_object_id = GSS_C_NT_HOSTBASED_SERVICE;
int handle_request(bufferlist::const_iterator& indata,
bufferlist *buff_list,
uint64_t *global_id,
- AuthCapsInfo *caps) override;
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) override;
int start_session(const EntityName& name,
bufferlist *buff_list,
- AuthCapsInfo *caps) override;
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) override;
- private:
- gss_buffer_desc m_gss_buffer_out;
+ private:
+ gss_buffer_desc m_gss_buffer_out;
gss_cred_id_t m_gss_credentials;
gss_ctx_id_t m_gss_sec_ctx;
gss_name_t m_gss_service_name;
int start_session(const EntityName& name,
bufferlist *result_bl,
- AuthCapsInfo *caps) override {
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) override {
entity_name = name;
caps->allow_all = true;
return 1;
int handle_request(bufferlist::const_iterator& indata,
bufferlist *result_bl,
uint64_t *global_id,
- AuthCapsInfo *caps) override {
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) override {
return 0;
}
- void build_cephx_response_header(int request_type, int status, bufferlist& bl) { }
+ void build_cephx_response_header(int request_type, int status,
+ bufferlist& bl) {
+ }
};
#endif
int start_session(const EntityName& name,
bufferlist *result_bl,
- AuthCapsInfo *caps) {
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) {
return 1;
}
int handle_request(bufferlist::iterator& indata,
bufferlist *result_bl,
uint64_t *global_id,
- AuthCapsInfo *caps) {
+ AuthCapsInfo *caps,
+ CryptoKey *session_key,
+ CryptoKey *connection_secret) {
ceph_abort(); // shouldn't get called
return 0;
}
- void build_cephx_response_header(int request_type, int status, bufferlist& bl) { }
+
+ void build_cephx_response_header(int request_type, int status,
+ bufferlist& bl) {
+ }
};
#endif
if (start) {
// new session
ret = s->auth_handler->start_session(entity_name, &response_bl,
- &s->con->peer_caps_info);
+ &s->con->peer_caps_info,
+ nullptr, nullptr);
} else {
// request
ret = s->auth_handler->handle_request(
indata,
&response_bl,
&s->con->peer_global_id,
- &s->con->peer_caps_info);
+ &s->con->peer_caps_info,
+ nullptr, nullptr);
}
if (ret == -EIO) {
wait_for_active(op, new C_RetryMessage(this,op));
projects / ceph.git / commitdiff