};
struct AuthConnectionMeta {
- uint32_t auth_method = CEPH_AUTH_UNKNOWN;
- CryptoKey session_key;
- CryptoKey connection_secret;
+ uint32_t auth_method = CEPH_AUTH_UNKNOWN; //< CEPH_AUTH_*
+
+ /// client: initial empty, but populated if server said bad method
+ std::vector<uint32_t> allowed_methods;
+
+ int auth_mode = 0; ///< server: AUTH_MODE_*
+
+ CryptoKey session_key; ///< per-ticket key
+ CryptoKey connection_secret; ///< per-connection key
+
std::unique_ptr<AuthAuthorizer> authorizer;
std::unique_ptr<AuthAuthorizerChallenge> authorizer_challenge;
};
--- /dev/null
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+#pragma once
+
+#include <vector>
+
+class EntityName;
+class AuthMethodList;
+class CryptoKey;
+
+class AuthClient {
+public:
+ virtual ~AuthClient() {}
+
+ virtual int get_auth_request(
+ Connection *con,
+ uint32_t *method, bufferlist *out) = 0;
+ virtual int handle_auth_reply_more(
+ Connection *con,
+ const bufferlist& bl,
+ bufferlist *reply) = 0;
+ virtual int handle_auth_done(
+ Connection *con,
+ uint64_t global_id,
+ const bufferlist& bl,
+ CryptoKey *session_key,
+ CryptoKey *connection_key) = 0;
+ virtual int handle_auth_bad_method(
+ Connection *con,
+ uint32_t old_auth_method,
+ int result,
+ const std::vector<uint32_t>& allowed_methods) = 0;
+};
--- /dev/null
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+#include "AuthServer.h"
+#include "common/ceph_context.h"
+
+AuthServer::AuthServer(CephContext *cct)
+ : auth_ah_service_registry(
+ new AuthAuthorizeHandlerRegistry(
+ cct,
+ cct->_conf->auth_supported.empty() ?
+ cct->_conf->auth_service_required :
+ cct->_conf->auth_supported)),
+ auth_ah_cluster_registry(
+ new AuthAuthorizeHandlerRegistry(
+ cct,
+ cct->_conf->auth_supported.empty() ?
+ cct->_conf->auth_cluster_required :
+ cct->_conf->auth_supported))
+{
+}
+
+AuthAuthorizeHandler *AuthServer::get_auth_authorize_handler(
+ int peer_type,
+ int auth_method)
+{
+ switch (peer_type) {
+ case CEPH_ENTITY_TYPE_MDS:
+ case CEPH_ENTITY_TYPE_MON:
+ case CEPH_ENTITY_TYPE_MGR:
+ case CEPH_ENTITY_TYPE_OSD:
+ return auth_ah_cluster_registry->get_handler(auth_method);
+ default:
+ return auth_ah_service_registry->get_handler(auth_method);
+ }
+}
+
+void AuthServer::get_supported_auth_methods(
+ int peer_type,
+ vector<uint32_t> *methods)
+{
+ switch (peer_type) {
+ case CEPH_ENTITY_TYPE_MDS:
+ case CEPH_ENTITY_TYPE_MON:
+ case CEPH_ENTITY_TYPE_MGR:
+ case CEPH_ENTITY_TYPE_OSD:
+ return auth_ah_cluster_registry->get_supported_methods(methods);
+ default:
+ return auth_ah_service_registry->get_supported_methods(methods);
+ }
+}
--- /dev/null
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+#pragma once
+
+#include "AuthAuthorizeHandler.h"
+
+#include <vector>
+
+class CephContext;
+class Connection;
+
+class AuthServer {
+private:
+ std::unique_ptr<AuthAuthorizeHandlerRegistry> auth_ah_service_registry;
+ std::unique_ptr<AuthAuthorizeHandlerRegistry> auth_ah_cluster_registry;
+public:
+ AuthServer(CephContext *cct);
+ virtual ~AuthServer() {}
+
+ AuthAuthorizeHandler *get_auth_authorize_handler(
+ int peer_type,
+ int auth_method);
+
+ virtual void get_supported_auth_methods(
+ int peer_type,
+ std::vector<uint32_t> *methods);
+
+ virtual int handle_auth_request(
+ Connection *con,
+ bool more,
+ uint32_t auth_method,
+ const bufferlist& bl,
+ bufferlist *reply) = 0;
+};
AuthAuthorizeHandler.cc
AuthClientHandler.cc
AuthMethodList.cc
+ AuthServer.cc
AuthSessionHandler.cc
Crypto.cc
KeyRing.cc
projects / ceph-ci.git / commitdiff