bool AuthTicketHandler::build_authorizer(AuthAuthorizer& authorizer)
{
authorizer.session_key = session_key;
- authorizer.ctx.timestamp = g_clock.now();
+ authorizer.timestamp = g_clock.now();
dout(0) << "build_authorizer: service_id=" << service_id << dendl;
::encode(ticket, authorizer.bl);
AuthAuthorize msg;
- msg.now = authorizer.ctx.timestamp;
+ msg.now = authorizer.timestamp;
if (encode_encrypt(msg, session_key, authorizer.bl) < 0)
return false;
return true;
}
-#if 0
-bool AuthTicketHandler::decode_reply_authorizer(bufferlist::iterator& indata, AuthAuthorizeReply& reply)
-{
- if (decode_decrypt(reply, session_key, indata) < 0)
- return false;
-
- return true;
-}
-
-/*
- * PRINCIPAL: verify reply is authentic
- */
-bool AuthTicketHandler::verify_reply_authorizer(AuthContext& ctx, AuthAuthorizeReply& reply)
-{
- if (ctx.timestamp + 1 == reply.timestamp) {
- return true;
- }
-
- return false;
-}
-#endif
bool AuthAuthorizer::verify_reply(bufferlist::iterator& indata)
{
if (decode_decrypt(reply, session_key, indata) < 0)
return false;
- if (ctx.timestamp + 1 != reply.timestamp) {
+ if (timestamp + 1 != reply.timestamp) {
return false;
}
};
WRITE_CLASS_ENCODER(EntityAuth)
-struct AuthContext {
- int status;
- // int id;
- utime_t timestamp;
- Cond *cond;
-};
-
/*
* The ticket (if properly validated) authorizes the principal use
* services as described by 'caps' during the specified validity
struct AuthAuthorizer {
CryptoKey session_key;
- AuthContext ctx;
+ utime_t timestamp;
bufferlist bl;
#endif
// to access the service
bool build_authorizer(AuthAuthorizer& authorizer);
-#if 0
- bool decode_reply_authorizer(bufferlist::iterator& indata, AuthAuthorizeReply& reply);
- bool verify_reply_authorizer(AuthContext& ctx, AuthAuthorizeReply& reply);
-#endif
bool has_key() { return has_key_flag; }
};
projects / ceph.git / commitdiff