}
-int KeyServer::_build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info,
+int KeyServer::_build_session_auth_info(uint32_t service_id,
+ const AuthTicket& parent_ticket,
CephXSessionAuthInfo& info)
{
info.service_id = service_id;
- info.ticket = auth_ticket_info.ticket;
- info.ticket.init_timestamps(ceph_clock_now(), cct->_conf->auth_service_ticket_ttl);
+ info.ticket = parent_ticket;
+ info.ticket.init_timestamps(ceph_clock_now(),
+ cct->_conf->auth_service_ticket_ttl);
generate_secret(info.session_key);
return 0;
}
-int KeyServer::build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info,
+int KeyServer::build_session_auth_info(uint32_t service_id,
+ const AuthTicket& parent_ticket,
CephXSessionAuthInfo& info)
{
if (!get_service_secret(service_id, info.service_secret, info.secret_id)) {
std::scoped_lock l{lock};
- return _build_session_auth_info(service_id, auth_ticket_info, info);
+ return _build_session_auth_info(service_id, parent_ticket, info);
}
-int KeyServer::build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info,
- CryptoKey& service_secret, uint64_t secret_id)
+int KeyServer::build_session_auth_info(uint32_t service_id,
+ const AuthTicket& parent_ticket,
+ CephXSessionAuthInfo& info,
+ CryptoKey& service_secret,
+ uint64_t secret_id)
{
info.service_secret = service_secret;
info.secret_id = secret_id;
std::scoped_lock l{lock};
- return _build_session_auth_info(service_id, auth_ticket_info, info);
+ return _build_session_auth_info(service_id, parent_ticket, info);
}
bool _check_rotating_secrets();
void _dump_rotating_secrets();
int _build_session_auth_info(uint32_t service_id,
- CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info);
+ const AuthTicket& parent_ticket,
+ CephXSessionAuthInfo& info);
bool _get_service_caps(const EntityName& name, uint32_t service_id,
AuthCapsInfo& caps) const;
public:
int start_server();
void rotate_timeout(double timeout);
- int build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info);
- int build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info,
- CryptoKey& service_secret, uint64_t secret_id);
+ int build_session_auth_info(uint32_t service_id,
+ const AuthTicket& parent_ticket,
+ CephXSessionAuthInfo& info);
+ int build_session_auth_info(uint32_t service_id,
+ const AuthTicket& parent_ticket,
+ CephXSessionAuthInfo& info,
+ CryptoKey& service_secret,
+ uint64_t secret_id);
/* get current secret for specific service type */
bool get_service_secret(uint32_t service_id, CryptoKey& service_key,
ldout(cct, 10) << " adding key for service "
<< ceph_entity_type_name(service_id) << dendl;
CephXSessionAuthInfo info;
- int r = key_server->build_session_auth_info(service_id,
- auth_ticket_info, info);
+ int r = key_server->build_session_auth_info(
+ service_id,
+ auth_ticket_info.ticket, // parent ticket (client's auth ticket)
+ info);
// tolerate missing MGR rotating key for the purposes of upgrades.
if (r < 0) {
ldout(cct, 10) << " missing key for service "
return false;
}
- ret = key_server.build_session_auth_info(service_id, auth_ticket_info, info,
- secret, (uint64_t)-1);
+ ret = key_server.build_session_auth_info(
+ service_id, auth_ticket_info.ticket, info, secret, (uint64_t)-1);
if (ret < 0) {
dout(0) << __func__ << " failed to build mon session_auth_info "
<< cpp_strerror(ret) << dendl;
}
} else if (service_id == CEPH_ENTITY_TYPE_MGR) {
// mgr
- ret = key_server.build_session_auth_info(service_id, auth_ticket_info, info);
+ ret = key_server.build_session_auth_info(
+ service_id, auth_ticket_info.ticket, info);
if (ret < 0) {
derr << __func__ << " failed to build mgr service session_auth_info "
<< cpp_strerror(ret) << dendl;
projects / ceph-ci.git / commitdiff