auth: use key in keyring getting session key and ticket

diff --git a/src/auth/Auth.cc b/src/auth/Auth.cc
index cf8fa335dc06560d2bc84f7fb7f0d2ee9038abb8..8d0da5612fefda61d8af7a39ce90c3266f67970f 100644 (file)
--- a/src/auth/Auth.cc
+++ b/src/auth/Auth.cc
@@ -32,6 +32,7 @@ void build_service_ticket_request(uint32_t keys,
   ::encode(ticket_req, request);
 }
 
+
 /*
  * AUTH SERVER: authenticate
  *
@@ -57,6 +58,11 @@ bool build_service_ticket_reply(
 
     AuthServiceTicket msg_a;
 
+    bufferptr& s1 = principal_secret.get_secret();
+    if (s1.length()) {
+      hexdump("encoding, using key", s1.c_str(), s1.length());
+    }
+
     msg_a.session_key = info.session_key;
     if (encode_encrypt(msg_a, principal_secret, reply) < 0)
       return false;
@@ -90,7 +96,7 @@ bool AuthTicketHandler::verify_service_ticket_reply(CryptoKey& secret,
   AuthServiceTicket msg_a;
 
   bufferptr& s1 = secret.get_secret();
-  hexdump("decoding, session key", s1.c_str(), s1.length());
+  hexdump("decoding, using key", s1.c_str(), s1.length());
   if (decode_decrypt(msg_a, secret, indata) < 0)
     return false;
   /* FIXME: decode into relevant ticket */

diff --git a/src/auth/AuthClientHandler.cc b/src/auth/AuthClientHandler.cc
index 894db4a71fb1887dc18c32852efb8e894eaf2010..9a3aa2ac28cf30fe709345f7582201e21f146081 100644 (file)
--- a/src/auth/AuthClientHandler.cc
+++ b/src/auth/AuthClientHandler.cc
@@ -17,10 +17,12 @@
 
 #include "AuthProtocol.h"
 #include "AuthClientHandler.h"
+#include "KeyRing.h"
 
 #include "messages/MAuth.h"
 #include "messages/MAuthReply.h"
 
+
 AuthClientProtocolHandler::AuthClientProtocolHandler(AuthClientHandler *client) : 
                         msg(NULL), got_response(false), got_timeout(false),
                         timeout_event(NULL), lock("AuthClientProtocolHandler")
@@ -223,15 +225,11 @@ int AuthClientAuthenticateHandler::generate_cephx_authenticate_request(bufferlis
   header.request_type = CEPHX_GET_PRINCIPAL_SESSION_KEY;
 
   ::encode(header, bl);
-#if 0
-  build_service_ticket_request(client->name, client->addr, want,
-                              ticket_handler.session_key, ticket_handler.ticket, bl);
-#endif
+
   if (!ticket_handler.build_authorizer(bl, ctx))
     return -EINVAL;
 
   build_service_ticket_request(want, bl);
-
   
   return 0;
 }
@@ -250,13 +248,11 @@ int AuthClientAuthenticateHandler::handle_cephx_response(bufferlist::iterator& i
     cephx_response_state = 1;
     dout(0) << "CEPHX_GET_AUTH_SESSION_KEY" << dendl;
 
-#define PRINCIPAL_SECRET "123456789ABCDEF0"
     {
-      bufferptr p(PRINCIPAL_SECRET, sizeof(PRINCIPAL_SECRET) - 1);
-      client->secret.set_secret(CEPH_SECRET_AES, p);
-      // AuthTicketHandler& ticket_handler = tickets.get_handler(CEPHX_PRINCIPAL_AUTH);
-  
-      if (!client->tickets.verify_service_ticket_reply(client->secret, indata)) {
+      CryptoKey secret;
+      g_keyring.get_master(secret);
+
+      if (!client->tickets.verify_service_ticket_reply(secret, indata)) {
         dout(0) << "could not verify service_ticket reply" << dendl;
         return -EPERM;
       }

diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc
index e076c361dc38e01617c8513a3ca57ee0e69f9a94..93a2224e3f7541d7fd9444a1c6e0ad91010f478a 100644 (file)
--- a/src/auth/KeyRing.cc
+++ b/src/auth/KeyRing.cc
@@ -25,23 +25,6 @@ using namespace std;
 
 KeyRing g_keyring;
 
-static void hexdump(string msg, const char *s, int len)
-{
-  int buf_len = len*4;
-  char buf[buf_len];
-  int pos = 0;
-  for (int i=0; i<len && pos<buf_len - 8; i++) {
-    if (i && !(i%8))
-      pos += snprintf(&buf[pos], buf_len-pos, " ");
-    if (i && !(i%16))
-      pos += snprintf(&buf[pos], buf_len-pos, "\n");
-    pos += snprintf(&buf[pos], buf_len-pos, "%.2x ", (int)(unsigned char)s[i]);
-  }
-  dout(0) << msg << ":\n" << buf << dendl;
-}
-
-
-
 bool KeyRing::load_master(const char *filename)
 {
   int fd = open(filename, O_RDONLY);
@@ -103,7 +86,6 @@ void KeyRing::set_rotating(RotatingSecrets& secrets)
   dout(0) << "KeyRing::set_rotating max_ver=" << secrets.max_ver << dendl;
 
   map<uint64_t, ExpiringCryptoKey>::iterator iter = secrets.secrets.begin();
-  version_t max_ver;
 
   for (; iter != secrets.secrets.end(); ++iter) {
     ExpiringCryptoKey& key = iter->second;