From: Sage Weil Date: Wed, 16 Jan 2019 17:21:42 +0000 (-0600) Subject: auth/cephx: pass more specific type into build_session_auth_info X-Git-Tag: v14.1.0~183^2~56 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=c0d270a434bf48c4ea4f01877c9fd5ee65433fae;p=ceph-ci.git auth/cephx: pass more specific type into build_session_auth_info We were passing CephXServiceTicketInfo in, but the only part of it we needed was the embedded AuthTicket. Pass that instead. No functional change. Signed-off-by: Sage Weil --- diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc index e189229d986..ec9fe990382 100644 --- a/src/auth/cephx/CephxKeyServer.cc +++ b/src/auth/cephx/CephxKeyServer.cc @@ -410,12 +410,14 @@ bool KeyServer::get_service_caps(const EntityName& name, uint32_t service_id, } -int KeyServer::_build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, +int KeyServer::_build_session_auth_info(uint32_t service_id, + const AuthTicket& parent_ticket, CephXSessionAuthInfo& info) { info.service_id = service_id; - info.ticket = auth_ticket_info.ticket; - info.ticket.init_timestamps(ceph_clock_now(), cct->_conf->auth_service_ticket_ttl); + info.ticket = parent_ticket; + info.ticket.init_timestamps(ceph_clock_now(), + cct->_conf->auth_service_ticket_ttl); generate_secret(info.session_key); @@ -429,7 +431,8 @@ int KeyServer::_build_session_auth_info(uint32_t service_id, CephXServiceTicketI return 0; } -int KeyServer::build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, +int KeyServer::build_session_auth_info(uint32_t service_id, + const AuthTicket& parent_ticket, CephXSessionAuthInfo& info) { if (!get_service_secret(service_id, info.service_secret, info.secret_id)) { @@ -438,16 +441,19 @@ int KeyServer::build_session_auth_info(uint32_t service_id, CephXServiceTicketIn std::scoped_lock l{lock}; - return _build_session_auth_info(service_id, auth_ticket_info, info); + return _build_session_auth_info(service_id, parent_ticket, info); } -int KeyServer::build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info, - CryptoKey& service_secret, uint64_t secret_id) +int KeyServer::build_session_auth_info(uint32_t service_id, + const AuthTicket& parent_ticket, + CephXSessionAuthInfo& info, + CryptoKey& service_secret, + uint64_t secret_id) { info.service_secret = service_secret; info.secret_id = secret_id; std::scoped_lock l{lock}; - return _build_session_auth_info(service_id, auth_ticket_info, info); + return _build_session_auth_info(service_id, parent_ticket, info); } diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h index a240944fbd0..67162452f1b 100644 --- a/src/auth/cephx/CephxKeyServer.h +++ b/src/auth/cephx/CephxKeyServer.h @@ -199,7 +199,8 @@ class KeyServer : public KeyStore { bool _check_rotating_secrets(); void _dump_rotating_secrets(); int _build_session_auth_info(uint32_t service_id, - CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info); + const AuthTicket& parent_ticket, + CephXSessionAuthInfo& info); bool _get_service_caps(const EntityName& name, uint32_t service_id, AuthCapsInfo& caps) const; public: @@ -213,9 +214,14 @@ public: int start_server(); void rotate_timeout(double timeout); - int build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info); - int build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info, - CryptoKey& service_secret, uint64_t secret_id); + int build_session_auth_info(uint32_t service_id, + const AuthTicket& parent_ticket, + CephXSessionAuthInfo& info); + int build_session_auth_info(uint32_t service_id, + const AuthTicket& parent_ticket, + CephXSessionAuthInfo& info, + CryptoKey& service_secret, + uint64_t secret_id); /* get current secret for specific service type */ bool get_service_secret(uint32_t service_id, CryptoKey& service_key, diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc index 948834649f7..b470cd39130 100644 --- a/src/auth/cephx/CephxServiceHandler.cc +++ b/src/auth/cephx/CephxServiceHandler.cc @@ -190,8 +190,10 @@ int CephxServiceHandler::handle_request( ldout(cct, 10) << " adding key for service " << ceph_entity_type_name(service_id) << dendl; CephXSessionAuthInfo info; - int r = key_server->build_session_auth_info(service_id, - auth_ticket_info, info); + int r = key_server->build_session_auth_info( + service_id, + auth_ticket_info.ticket, // parent ticket (client's auth ticket) + info); // tolerate missing MGR rotating key for the purposes of upgrades. if (r < 0) { ldout(cct, 10) << " missing key for service " diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 0c16a482012..09acf7dc46e 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -5906,8 +5906,8 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer) return false; } - ret = key_server.build_session_auth_info(service_id, auth_ticket_info, info, - secret, (uint64_t)-1); + ret = key_server.build_session_auth_info( + service_id, auth_ticket_info.ticket, info, secret, (uint64_t)-1); if (ret < 0) { dout(0) << __func__ << " failed to build mon session_auth_info " << cpp_strerror(ret) << dendl; @@ -5915,7 +5915,8 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer) } } else if (service_id == CEPH_ENTITY_TYPE_MGR) { // mgr - ret = key_server.build_session_auth_info(service_id, auth_ticket_info, info); + ret = key_server.build_session_auth_info( + service_id, auth_ticket_info.ticket, info); if (ret < 0) { derr << __func__ << " failed to build mgr service session_auth_info " << cpp_strerror(ret) << dendl;