From 2d4556fd59b7956f9196d0810c980094ede326b4 Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Wed, 19 Aug 2009 14:02:49 -0700 Subject: [PATCH] auth: work in progress --- src/Makefile.am | 1 + src/auth/AuthManager.cc | 2 +- src/auth/AuthTypes.h | 79 +++++++++++++++++++++++++++ src/auth/CryptoTools.cc | 116 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 197 insertions(+), 1 deletion(-) create mode 100644 src/auth/AuthTypes.h create mode 100644 src/auth/CryptoTools.cc diff --git a/src/Makefile.am b/src/Makefile.am index f479abaf17b85..b30eabeaa3312 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -269,6 +269,7 @@ libcommon_a_SOURCES = \ libcommon_files = \ auth/ExportControl.cc \ auth/AuthManager.cc \ + auth/CryptoTools.cc \ common/LogClient.cc \ msg/Message.cc \ common/Logger.cc \ diff --git a/src/auth/AuthManager.cc b/src/auth/AuthManager.cc index dec3fc2db0cd8..d1ea335ea0872 100644 --- a/src/auth/AuthManager.cc +++ b/src/auth/AuthManager.cc @@ -3,7 +3,7 @@ /* * Ceph - scalable distributed file system * - * Copyright (C) 2004-2006 Sage Weil + * Copyright (C) 2004-2009 Sage Weil * * This is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public diff --git a/src/auth/AuthTypes.h b/src/auth/AuthTypes.h new file mode 100644 index 0000000000000..b64e655a0766f --- /dev/null +++ b/src/auth/AuthTypes.h @@ -0,0 +1,79 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab +/* + * Ceph - scalable distributed file system + * + * Copyright (C) 2004-2009 Sage Weil + * + * This is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2.1, as published by the Free Software + * Foundation. See file COPYING. + * + */ + +#ifndef __AUTHTYPES_H +#define __AUTHTYPES_H + +#include "config.h" + + +class EntitySecret { +protected: + bufferlist secret; + +public: + void encode(bufferlist& bl) const { + ::encode(secret, bl); + } + void decode(bufferlist::iterator& bl) { + ::decode(secret, bl); + } + + bufferlist& get_secret() { return secret; } +}; +WRITE_CLASS_ENCODER(EntitySecret); + +class ServiceSecret : public EntitySecret { + utime_t created; + +public: + void encode(bufferlist& bl) const { + ::encode(secret, bl); + ::encode(created, bl); + } + void decode(bufferlist::iterator& bl) { + ::decode(secret, bl); + ::decode(created, bl); + } +}; +WRITE_CLASS_ENCODER(ServiceSecret); + +struct EntityName { + uint32_t entity_type; + string name; + + void encode(bufferlist& bl) const { + ::encode(entity_type, bl); + ::encode(name, bl); + } + void decode(bufferlist::iterator& bl) { + ::decode(entity_type, bl); + ::decode(name, bl); + } +}; +WRITE_CLASS_ENCODER(EntityName); + +struct SessionKey { + bufferlist key; + + void encode(bufferlist& bl) const { + ::encode(key, bl); + } + void decode(bufferlist::iterator& bl) { + ::decode(key, bl); + } +}; +WRITE_CLASS_ENCODER(SessionKey); + +#endif diff --git a/src/auth/CryptoTools.cc b/src/auth/CryptoTools.cc new file mode 100644 index 0000000000000..9cff30cd72045 --- /dev/null +++ b/src/auth/CryptoTools.cc @@ -0,0 +1,116 @@ +// vim: ts=8 sw=2 smarttab +/* + * Ceph - scalable distributed file system + * + * Copyright (C) 2004-2009 Sage Weil + * + * This is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2.1, as published by the Free Software + * Foundation. See file COPYING. + * + */ + +#include "AuthTypes.h" +#include "openssl/evp.h" + +#define CRYPTO_STUPID 0x0 +#define CRYPTO_AES 0x1 + + +class CryptoHandler { +public: + virtual bool encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out) = 0; + virtual bool decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out) = 0; +}; + +class CryptoStupid : public CryptoHandler { +public: + CryptoStupid() {} + ~CryptoStupid() {} + bool encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out); + bool decrypt(EntitySecret& secret, bufferlist& in, bufferlist& out); +}; + +bool CryptoStupid::encrypt(EntitySecret& secret, bufferlist& in, bufferlist& out) +{ + bufferlist sec_bl = secret.get_secret(); + const char *sec = sec_bl.c_str(); + int sec_len = sec_bl.length(); + + int in_len = in.length(); + bufferptr outptr(in_len); + out.append(outptr); + const char *inbuf = in.c_str(); + char *outbuf = outptr.c_str(); + + for (int i=0; i