From 0bbc4743298e310ee3ff9032b008dde796d58a94 Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Tue, 8 Sep 2009 12:44:29 -0700 Subject: [PATCH] auth: cleanup --- src/auth/Auth.cc | 129 ----------------------------------------------- src/auth/Auth.h | 60 ---------------------- 2 files changed, 189 deletions(-) diff --git a/src/auth/Auth.cc b/src/auth/Auth.cc index 4dac6fdd4f227..b9e6f6571725c 100644 --- a/src/auth/Auth.cc +++ b/src/auth/Auth.cc @@ -8,20 +8,6 @@ /* * Authentication */ -#if 0 -static void encode_tgt(AuthTicket& ticket, CryptoKey& key, bufferlist& bl) -{ - ::encode(ticket, bl); - ::encode(key, bl); -} - -static void decode_tgt(AuthTicket& ticket, CryptoKey& key, bufferlist& bl) -{ - bufferlist::iterator iter = bl.begin(); - ::decode(ticket, iter); - ::decode(key, iter); -} -#endif /* * PRINCIPAL: request authentication @@ -129,121 +115,6 @@ bool AuthTicketHandler::verify_service_ticket_reply(CryptoKey& secret, return true; } -#if 0 -/* - * PRINCIPAL: build request to retrieve a service ticket - * - * AuthServiceTicketInfo, D = {principal_addr, timestamp}^principal/auth session key - */ -bool AuthTicketHandler::get_session_keys(uint32_t keys, entity_addr_t& principal_addr, bufferlist& bl) -{ - AuthMsg_D msg; - msg.timestamp = g_clock.now(); - msg.principal_addr = principal_addr; - - if (msg.encode_encrypt(session_key, bl) < 0) - return false; - - ::encode(enc_ticket, bl); - - return true; -} - -bool verify_get_session_keys_request(CryptoKey& service_secret, - CryptoKey& session_key, uint32_t& keys, bufferlist::iterator& indata) -{ - AuthMsg_D msg; - if (msg.decode_decrypt(session_key, indata) < 0) - return false; - - dout(0) << "decoded now=" << msg.timestamp << " addr=" << msg.principal_addr << dendl; - - AuthServiceTicketInfo tgt; - if (tgt.decode_decrypt(service_secret, indata) < 0) - return false; - - /* FIXME: validate that request makes sense */ - - return true; -} - -bool build_get_tgt_reply(AuthTicket& principal_ticket, CryptoKey& principal_secret, - CryptoKey& session_key, CryptoKey& service_secret, - bufferlist& reply) -{ - bufferlist info, enc_info; - ::encode(session_key, info); - ::encode(principal_ticket.renew_after, info); - ::encode(principal_ticket.expires, info); - ::encode(principal_ticket.nonce, info); - dout(0) << "encoded expires=" << principal_ticket.expires << dendl; - if (principal_secret.encrypt(info, enc_info) < 0) { - dout(0) << "error encrypting principal ticket" << dendl; - return false; - } - ::encode(enc_info, reply); - - /* - Build AuthServiceTicketInfo - */ - bufferlist ticket, tgt; - encode_tgt(principal_ticket, session_key, ticket); - - if (service_secret.encrypt(ticket, tgt) < 0) { - dout(0) << "error ecryptng result" << dendl; - return false; - } - ::encode(tgt, reply); - - dout(0) << "enc_info.length()=" << enc_info.length() << dendl; - dout(0) << "tgt.length()=" << tgt.length() << dendl; - - return true; -} -#endif - -#if 0 -/* - * AUTH SERVER: build ticket for service reply - * - * a->p : E= {service ticket}^svcsecret - * F= {principal/service session key, validity}^principal/auth session key - * - */ -bool build_ticket_reply(AuthTicketHandler service_ticket, - CryptoKey session_key, - CryptoKey auth_session_key, - CryptoKey& service_secret, - bufferlist& reply) -{ - AuthMsg_E e; - - e.ticket = service_ticket; - if (e.encode_encrypt(service_secret, reply) < 0) - return false; - - - AuthServiceTicket f; - f.session_key = session_key; - if (f.encode_encrypt(auth_session_key, reply) < 0) - return false; - - return true; -} - -/* - * AUTH SERVER: verify a request to retrieve a service ticket, build response - * - * AuthServiceTicketInfo, {principal_addr, timestamp}^principal/auth session key - */ -bool build_get_session_keys_response(ServiceTicket& ticket, CryptoKey& service_secret, - bufferlist::iterator& indata, bufferlist& out) -{ - /* FIXME: verify session key */ - - return true; -} -#endif /* * PRINCIPAL: build authenticator to access the service. * diff --git a/src/auth/Auth.h b/src/auth/Auth.h index 57cbec8872da3..3269d52ebaf50 100644 --- a/src/auth/Auth.h +++ b/src/auth/Auth.h @@ -178,31 +178,6 @@ struct AuthTicketHandler { bool verify_reply_authenticator(utime_t then, bufferlist& enc_reply); bool has_key() { return has_key_flag; } -#if 0 - void encode(bufferlist& bl) const { - __u8 v = 1; - ::encode(v, bl); - ::encode(session_key, bl); - ::encode(enc_ticket, bl); - ::encode(nonce, bl); - ::encode(renew_after, bl); - ::encode(expires, bl); - __u8 f = has_key_flag; - ::encode(f, bl); - } - void decode(bufferlist::iterator& bl) { - __u8 v; - ::decode(v, bl); - ::decode(session_key, bl); - ::decode(enc_ticket, bl); - ::decode(nonce, bl); - ::decode(renew_after, bl); - ::decode(expires, bl); - __u8 f; - ::decode(f, bl); - has_key_flag = f; - } -#endif }; //WRITE_CLASS_ENCODER(ServiceTicket) @@ -260,41 +235,6 @@ struct AuthServiceTicketInfo : public AuthEnc { }; WRITE_CLASS_ENCODER(AuthServiceTicketInfo); -#if 0 -/* D */ -struct AuthMsg_D : public AuthEnc { - entity_addr_t principal_addr; - utime_t timestamp; - uint32_t keys; - - void encode(bufferlist& bl) const { - ::encode(keys, bl); - ::encode(principal_addr, bl); - ::encode(timestamp, bl); - } - void decode(bufferlist::iterator& bl) { - ::decode(keys, bl); - ::decode(principal_addr, bl); - ::decode(timestamp, bl); - } -}; -WRITE_CLASS_ENCODER(AuthMsg_D); - - -/* E */ -struct AuthMsg_E : public AuthEnc { - ServiceTicket ticket; - - void encode(bufferlist& bl) const { - ::encode(ticket, bl); - } - void decode(bufferlist::iterator& bl) { - ::decode(ticket, bl); - } -}; -WRITE_CLASS_ENCODER(AuthMsg_E); -#endif - struct AuthAuthenticate : public AuthEnc { utime_t now; string nonce; -- 2.39.5