#include "rgw_common.h"
#include "rgw_keystone.h"
+#include "common/ceph_crypto_cms.h"
+#include "common/armor.h"
#define dout_subsys ceph_subsys_rgw
+int open_cms_envelope(CephContext *cct, string& src, string& dst)
+{
+#define BEGIN_CMS "-----BEGIN CMS-----"
+#define END_CMS "-----END CMS-----"
+
+ int start = src.find(BEGIN_CMS);
+ if (start < 0) {
+ ldout(cct, 0) << "failed to find " << BEGIN_CMS << " in response" << dendl;
+ return -EINVAL;
+ }
+ start += sizeof(BEGIN_CMS) - 1;
+
+ int end = src.find(END_CMS);
+ if (end < 0) {
+ ldout(cct, 0) << "failed to find " << END_CMS << " in response" << dendl;
+ return -EINVAL;
+ }
+
+ string s = src.substr(start, end - start);
+
+ int pos = 0;
+
+ do {
+ int next = s.find('\n', pos);
+ if (next < 0) {
+ dst.append(s.substr(pos));
+ break;
+ } else {
+ dst.append(s.substr(pos, next - pos));
+ }
+ pos = next + 1;
+ } while (pos < (int)s.size());
+
+ return 0;
+}
+
+int decode_b64_cms(CephContext *cct, const string& signed_b64, bufferlist& bl)
+{
+ bufferptr signed_ber(signed_b64.size() * 2);
+ char *dest = signed_ber.c_str();
+ const char *src = signed_b64.c_str();
+ size_t len = signed_b64.size();
+ char buf[len + 1];
+ buf[len] = '\0';
+ for (size_t i = 0; i < len; i++, src++) {
+ if (*src != '-')
+ buf[i] = *src;
+ else
+ buf[i] = '/';
+ }
+ int ret = ceph_unarmor(dest, dest + signed_ber.length(), buf, buf + signed_b64.size());
+ if (ret < 0) {
+ ldout(cct, 0) << "ceph_unarmor() failed, ret=" << ret << dendl;
+ return ret;
+ }
+
+ bufferlist signed_ber_bl;
+ signed_ber_bl.append(signed_ber);
+
+ ret = ceph_decode_cms(cct, signed_ber_bl, bl);
+ if (ret < 0) {
+ ldout(cct, 0) << "ceph_decode_cms returned " << ret << dendl;
+ return ret;
+ }
+
+ return 0;
+}
+
+#define PKI_ANS1_PREFIX "MII"
+
+bool is_pki_token(const string& token)
+{
+ return token.compare(0, sizeof(PKI_ANS1_PREFIX) - 1, PKI_ANS1_PREFIX) == 0;
+}
+
+void get_token_id(const string& token, string& token_id)
+{
+ if (!is_pki_token(token)) {
+ token_id = token;
+ return;
+ }
+
+ unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
+
+ MD5 hash;
+ hash.Update((const byte *)token.c_str(), token.size());
+ hash.Final(m);
+
+
+ char calc_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
+ buf_to_hex(m, CEPH_CRYPTO_MD5_DIGESTSIZE, calc_md5);
+ token_id = calc_md5;
+}
+
+bool decode_pki_token(CephContext *cct, const string& token, bufferlist& bl)
+{
+ if (!is_pki_token(token))
+ return false;
+
+ int ret = decode_b64_cms(cct, token, bl);
+ if (ret < 0)
+ return false;
+
+ ldout(cct, 20) << "successfully decoded pki token" << dendl;
+
+ return true;
+}
+
+
KeystoneApiVersion KeystoneService::get_api_version()
{
const int keystone_version = g_ceph_context->_conf->rgw_keystone_api_version;
#include "rgw_common.h"
+int open_cms_envelope(CephContext *cct, string& src, string& dst);
+int decode_b64_cms(CephContext *cct, const string& signed_b64, bufferlist& bl);
+bool is_pki_token(const string& token);
+void get_token_id(const string& token, string& token_id);
+bool decode_pki_token(CephContext *cct, const string& token, bufferlist& bl);
+
enum class KeystoneApiVersion {
VER_2,
VER_3
#include "include/str_list.h"
-#include "common/ceph_crypto_cms.h"
-#include "common/armor.h"
-
#define dout_subsys ceph_subsys_rgw
static list<string> roles_list;
static RGWKeystoneTokenCache *keystone_token_cache = NULL;
-static int open_cms_envelope(CephContext *cct, string& src, string& dst)
-{
-#define BEGIN_CMS "-----BEGIN CMS-----"
-#define END_CMS "-----END CMS-----"
-
- int start = src.find(BEGIN_CMS);
- if (start < 0) {
- ldout(cct, 0) << "failed to find " << BEGIN_CMS << " in response" << dendl;
- return -EINVAL;
- }
- start += sizeof(BEGIN_CMS) - 1;
-
- int end = src.find(END_CMS);
- if (end < 0) {
- ldout(cct, 0) << "failed to find " << END_CMS << " in response" << dendl;
- return -EINVAL;
- }
-
- string s = src.substr(start, end - start);
-
- int pos = 0;
-
- do {
- int next = s.find('\n', pos);
- if (next < 0) {
- dst.append(s.substr(pos));
- break;
- } else {
- dst.append(s.substr(pos, next - pos));
- }
- pos = next + 1;
- } while (pos < (int)s.size());
-
- return 0;
-}
-
-static int decode_b64_cms(CephContext *cct, const string& signed_b64, bufferlist& bl)
-{
- bufferptr signed_ber(signed_b64.size() * 2);
- char *dest = signed_ber.c_str();
- const char *src = signed_b64.c_str();
- size_t len = signed_b64.size();
- char buf[len + 1];
- buf[len] = '\0';
- for (size_t i = 0; i < len; i++, src++) {
- if (*src != '-')
- buf[i] = *src;
- else
- buf[i] = '/';
- }
- int ret = ceph_unarmor(dest, dest + signed_ber.length(), buf, buf + signed_b64.size());
- if (ret < 0) {
- ldout(cct, 0) << "ceph_unarmor() failed, ret=" << ret << dendl;
- return ret;
- }
-
- bufferlist signed_ber_bl;
- signed_ber_bl.append(signed_ber);
-
- ret = ceph_decode_cms(cct, signed_ber_bl, bl);
- if (ret < 0) {
- ldout(cct, 0) << "ceph_decode_cms returned " << ret << dendl;
- return ret;
- }
-
- return 0;
-}
-
int RGWSwift::get_keystone_url(CephContext * const cct,
std::string& url)
{
return 0;
}
-#define PKI_ANS1_PREFIX "MII"
-
-static bool is_pki_token(const string& token)
-{
- return token.compare(0, sizeof(PKI_ANS1_PREFIX) - 1, PKI_ANS1_PREFIX) == 0;
-}
-
-static void get_token_id(const string& token, string& token_id)
-{
- if (!is_pki_token(token)) {
- token_id = token;
- return;
- }
-
- unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
-
- MD5 hash;
- hash.Update((const byte *)token.c_str(), token.size());
- hash.Final(m);
-
-
- char calc_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
- buf_to_hex(m, CEPH_CRYPTO_MD5_DIGESTSIZE, calc_md5);
- token_id = calc_md5;
-}
-
-static bool decode_pki_token(CephContext *cct, const string& token, bufferlist& bl)
-{
- if (!is_pki_token(token))
- return false;
-
- int ret = decode_b64_cms(cct, token, bl);
- if (ret < 0)
- return false;
-
- ldout(cct, 20) << "successfully decoded pki token" << dendl;
-
- return true;
-}
-
int RGWSwift::validate_keystone_token(RGWRados *store, const string& token, struct rgw_swift_auth_info *info,
RGWUserInfo& rgw_user)
{
projects / ceph.git / commitdiff