#include <errno.h>
-#define CEPH_AUTH_UID_DEFAULT (__u64) -1
-
class Cond;
struct EntityName {
struct EntityAuth {
CryptoKey key;
- __u64 auth_uid;
map<string, bufferlist> caps;
- EntityAuth() : key(), auth_uid(CEPH_AUTH_UID_DEFAULT), caps() {}
-
void encode(bufferlist& bl) const {
- __u8 struct_v = 2;
+ __u8 struct_v = 1;
::encode(struct_v, bl);
::encode(key, bl);
- ::encode(auth_uid, bl);
::encode(caps, bl);
}
void decode(bufferlist::iterator& bl) {
__u8 struct_v;
::decode(struct_v, bl);
::decode(key, bl);
- if (struct_v >= 2)
- ::decode(auth_uid, bl);
- else auth_uid = CEPH_AUTH_UID_DEFAULT;
::decode(caps, bl);
}
};
WRITE_CLASS_ENCODER(EntityAuth)
static inline ostream& operator<<(ostream& out, const EntityAuth& a) {
- out << "auth(key=" << a.key;
- if (a.auth_uid != CEPH_AUTH_UID_DEFAULT)
- out << " uid=" << a.auth_uid;
- return out << " with " << a.caps.size() << " caps)";
+ return out << "auth(key=" << a.key << " with " << a.caps.size() << " caps)";
}
struct AuthCapsInfo {
bool allow_all;
- __u64 auth_uid;
bufferlist caps;
- AuthCapsInfo() : allow_all(false), auth_uid(CEPH_AUTH_UID_DEFAULT){}
+ AuthCapsInfo() : allow_all(false) {}
void encode(bufferlist& bl) const {
- __u8 struct_v = 2;
+ __u8 struct_v = 1;
::encode(struct_v, bl);
__u8 a = (__u8)allow_all;
::encode(a, bl);
- ::encode(auth_uid, bl);
::encode(caps, bl);
}
void decode(bufferlist::iterator& bl) {
__u8 a;
::decode(a, bl);
allow_all = (bool)a;
- if (struct_v >= 2)
- ::decode(auth_uid, bl);
- else auth_uid = CEPH_AUTH_UID_DEFAULT;
::decode(caps, bl);
}
};
uint64_t global_id; /* global instance id */
utime_t created, renew_after, expires;
AuthCapsInfo caps;
- __u64 auth_uid;
__u32 flags;
AuthTicket() : global_id(0), flags(0) {}
for (map<EntityName, EntityAuth>::iterator p = keys.begin();
p != keys.end();
++p) {
- out << p->first << "\t" << p->second.auth_uid << std::endl;
+ out << p->first << std::endl;
out << "\tkey: " << p->second.key << std::endl;
for (map<string, bufferlist>::iterator q = p->second.caps.begin();
if (iter == secrets.end())
return false;
- dout(0) << "get_caps: auth_uid=" << iter->second.auth_uid << dendl;
- caps_info.auth_uid = iter->second.auth_uid;
-
dout(0) << "get_secret: num of caps=" << iter->second.caps.size() << dendl;
map<string, bufferlist>::iterator capsiter = iter->second.caps.find(type);
if (capsiter != iter->second.caps.end()) {
caps_info.caps = capsiter->second;
}
+
return true;
}
CephXServiceTicketInfo ticket_info;
ticket_info.session_key = info.session_key;
ticket_info.ticket = info.ticket;
- ticket_info.ticket.auth_uid = info.ticket.auth_uid;
ticket_info.ticket.caps = info.ticket.caps;
dout(10) << "build_service_ticket service " << ceph_entity_type_name(info.service_id)
void usage()
{
- cout << " usage: [--create-keyring] [--gen-key --set-uid=x] [--name=<name>] [--caps=<filename>] [--list] [--print-key] <filename>" << std::endl;
+ cout << " usage: [--create-keyring] [--gen-key] [--name=<name>] [--caps=<filename>] [--list] [--print-key] <filename>" << std::endl;
exit(1);
}
const char *name = "";
const char *caps_fn = NULL;
const char *import_keyring = NULL;
- __u64 auth_uid = 0;
FOR_EACH_ARG(args) {
if (CONF_ARG_EQ("gen-key", 'g')) {
CONF_SAFE_SET_ARG_VAL(&create_keyring, OPT_BOOL);
} else if (CONF_ARG_EQ("import-keyring", '\0')) {
CONF_SAFE_SET_ARG_VAL(&import_keyring, OPT_STR);
- } else if (CONF_ARG_EQ("set-uid", 'u')) {
- CONF_SAFE_SET_ARG_VAL(&auth_uid, OPT_LONGLONG);
} else if (!fn) {
fn = args[i];
} else
if (gen_key) {
EntityAuth eauth;
eauth.key.create(CEPH_CRYPTO_AES);
- if (auth_uid)
- eauth.auth_uid = (__u64)auth_uid;
keyring.add(ename, eauth);
modified = true;
}
}
s->caps.set_allow_all(caps_info.allow_all);
- s->caps.set_auth_uid(caps_info.auth_uid);
if (caps_info.caps.length() > 0) {
bufferlist::iterator iter = caps_info.caps.begin();
projects / ceph.git / commitdiff