-// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab
/*
* Ceph - scalable distributed file system
*
* This is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
- * License version 2.1, as published by the Free Software
+ * License version 2.1, as published by the Free Software
* Foundation. See file COPYING.
- *
+ *
*/
public:
explicit AuthSessionHandler(CephContext *cct_) : cct(cct_), protocol(CEPH_AUTH_UNKNOWN) {}
- AuthSessionHandler(CephContext *cct_, int protocol_, CryptoKey key_) : cct(cct_),
+ AuthSessionHandler(CephContext *cct_, int protocol_, CryptoKey key_) : cct(cct_),
protocol(protocol_), key(key_) {}
virtual ~AuthSessionHandler() { }
virtual int check_message_signature(Message *message) = 0;
virtual int encrypt_message(Message *message) = 0;
virtual int decrypt_message(Message *message) = 0;
+ virtual int sign_bufferlist(bufferlist &in, bufferlist &out) {
+ return 0;
+ };
int get_protocol() {return protocol;}
CryptoKey get_key() {return key;}
-// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab
/*
* Ceph - scalable distributed file system
*
* This is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
- * License version 2.1, as published by the Free Software
+ * License version 2.1, as published by the Free Software
* Foundation. See file COPYING.
- *
+ *
*/
#include "CephxSessionHandler.h"
#include "common/config.h"
#include "include/ceph_features.h"
#include "msg/Message.h"
-
+
#define dout_subsys ceph_subsys_auth
int CephxSessionHandler::_calc_signature(Message *m, uint64_t *psig)
return 0;
}
+int CephxSessionHandler::sign_bufferlist(bufferlist &in, bufferlist &out)
+{
+ char exp_buf[CryptoKey::get_max_outbuf_size(in.length())];
+
+ try {
+ const CryptoKey::in_slice_t sin{in.length(),
+ reinterpret_cast<const unsigned char *>(in.c_str())};
+ const CryptoKey::out_slice_t sout{
+ sizeof(exp_buf),
+ reinterpret_cast<unsigned char *>(&exp_buf)};
+ key.encrypt(cct, sin, sout);
+ }
+ catch (std::exception &e) {
+ lderr(cct) << __func__ << " failed to encrypt signature block" << dendl;
+ return -1;
+ }
+
+
+ out.append(exp_buf, sizeof(exp_buf));
+
+ return 0;
+}
-// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab
/*
* Ceph - scalable distributed file system
*
* This is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
- * License version 2.1, as published by the Free Software
+ * License version 2.1, as published by the Free Software
* Foundation. See file COPYING.
- *
+ *
*/
: AuthSessionHandler(cct_, CEPH_AUTH_CEPHX, session_key),
features(features) {}
~CephxSessionHandler() override {}
-
+
bool no_security() override {
return false;
}
int sign_message(Message *m) override;
int check_message_signature(Message *m) override ;
+ int sign_bufferlist(bufferlist &in, bufferlist &out) override;
+
// Cephx does not currently encrypt messages, so just return 0 if called. PLR
int encrypt_message(Message *m) override {
projects / ceph.git / commitdiff