From 4e21db6ef96cafc932592a71244bc729d3a6d07c Mon Sep 17 00:00:00 2001 From: Colin Patrick McCabe Date: Wed, 20 Apr 2011 14:26:48 -0700 Subject: [PATCH] auth: const cleanup Signed-off-by: Colin McCabe --- src/auth/Auth.h | 14 +++-- src/auth/Crypto.cc | 34 +++++++----- src/auth/Crypto.h | 15 +++--- src/auth/KeyRing.h | 26 ++++----- src/auth/RotatingKeyRing.cc | 16 +++--- src/auth/RotatingKeyRing.h | 13 ++--- src/auth/cephx/CephxKeyServer.cc | 91 +++++++++++++++++++------------- src/auth/cephx/CephxKeyServer.h | 76 ++++++++++++++++---------- src/auth/cephx/CephxProtocol.h | 6 +-- src/include/utime.h | 8 +++ 10 files changed, 181 insertions(+), 118 deletions(-) diff --git a/src/auth/Auth.h b/src/auth/Auth.h index 9d4cbcc78b842..d5b10e46276fa 100644 --- a/src/auth/Auth.h +++ b/src/auth/Auth.h @@ -196,10 +196,10 @@ struct RotatingSecrets { return max_ver; } - bool need_new_secrets() { + bool need_new_secrets() const { return secrets.size() < KEY_ROTATE_NUM; } - bool need_new_secrets(utime_t now) { + bool need_new_secrets(utime_t now) const { return secrets.size() < KEY_ROTATE_NUM || current().expiration <= now; } @@ -211,6 +211,11 @@ struct RotatingSecrets { p++; return p->second; } + const ExpiringCryptoKey& current() const { + map::const_iterator p = secrets.begin(); + p++; + return p->second; + } ExpiringCryptoKey& next() { return secrets.rbegin()->second; } @@ -227,8 +232,9 @@ WRITE_CLASS_ENCODER(RotatingSecrets); class KeyStore { public: virtual ~KeyStore() {} - virtual bool get_secret(EntityName& name, CryptoKey& secret) = 0; - virtual bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) = 0; + virtual bool get_secret(const EntityName& name, CryptoKey& secret) const = 0; + virtual bool get_service_secret(uint32_t service_id, uint64_t secret_id, + CryptoKey& secret) const = 0; }; static inline bool auth_principal_needs_rotating_keys(EntityName& name) diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc index 4fb3660f6bf67..3dbfd885d7421 100644 --- a/src/auth/Crypto.cc +++ b/src/auth/Crypto.cc @@ -61,27 +61,31 @@ public: ~CryptoNone() {} int create(bufferptr& secret); int validate_secret(bufferptr& secret); - int encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out); - int decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out); + int encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const; + int decrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const; }; -int CryptoNone::create(bufferptr& secret) +int CryptoNone:: +create(bufferptr& secret) { return 0; } -int CryptoNone::validate_secret(bufferptr& secret) +int CryptoNone:: +validate_secret(bufferptr& secret) { return 0; } -int CryptoNone::encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) +int CryptoNone:: +encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const { out = in; return 0; } -int CryptoNone::decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) +int CryptoNone:: +decrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const { out = in; return 0; @@ -210,8 +214,8 @@ public: ~CryptoAES() {} int create(bufferptr& secret); int validate_secret(bufferptr& secret); - int encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out); - int decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out); + int encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const; + int decrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const; }; int CryptoAES::create(bufferptr& secret) @@ -234,7 +238,8 @@ int CryptoAES::validate_secret(bufferptr& secret) return 0; } -int CryptoAES::encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) +int CryptoAES:: +encrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const { if (secret.length() < AES_KEY_LEN) { dout(0) << "key is too short" << dendl; @@ -276,7 +281,8 @@ int CryptoAES::encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) return true; } -int CryptoAES::decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) +int CryptoAES:: +decrypt(const bufferptr& secret, const bufferlist& in, bufferlist& out) const { #ifdef USE_CRYPTOPP const unsigned char *key = (const unsigned char *)secret.c_str(); @@ -364,7 +370,7 @@ int CryptoKey::create(int t) return h->create(secret); } -int CryptoKey::encrypt(const bufferlist& in, bufferlist& out) +int CryptoKey::encrypt(const bufferlist& in, bufferlist& out) const { CryptoHandler *h = ceph_crypto_mgr.get_crypto(type); if (!h) @@ -372,7 +378,7 @@ int CryptoKey::encrypt(const bufferlist& in, bufferlist& out) return h->encrypt(this->secret, in, out); } -int CryptoKey::decrypt(const bufferlist& in, bufferlist& out) +int CryptoKey::decrypt(const bufferlist& in, bufferlist& out) const { CryptoHandler *h = ceph_crypto_mgr.get_crypto(type); if (!h) @@ -380,14 +386,14 @@ int CryptoKey::decrypt(const bufferlist& in, bufferlist& out) return h->decrypt(this->secret, in, out); } -void CryptoKey::print(ostream &out) const +void CryptoKey::print(std::ostream &out) const { string a; encode_base64(a); out << a; } -void CryptoKey::to_str(string& s) +void CryptoKey::to_str(std::string& s) const { int len = secret.length() * 4; char buf[len]; diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h index ba478ad3b65e3..8299c67764095 100644 --- a/src/auth/Crypto.h +++ b/src/auth/Crypto.h @@ -47,10 +47,11 @@ public: int get_type() const { return type; } utime_t get_created() const { return created; } - void print(ostream& out) const; + void print(std::ostream& out) const; int set_secret(int type, bufferptr& s); bufferptr& get_secret() { return secret; } + const bufferptr& get_secret() const { return secret; } void encode_base64(string& s) const { bufferlist bl; @@ -71,10 +72,10 @@ public: // -- int create(int type); - int encrypt(const bufferlist& in, bufferlist& out); - int decrypt(const bufferlist& in, bufferlist& out); + int encrypt(const bufferlist& in, bufferlist& out) const; + int decrypt(const bufferlist& in, bufferlist& out) const; - void to_str(string& s); + void to_str(std::string& s) const; }; WRITE_CLASS_ENCODER(CryptoKey); @@ -96,8 +97,10 @@ public: virtual ~CryptoHandler() {} virtual int create(bufferptr& secret) = 0; virtual int validate_secret(bufferptr& secret) = 0; - virtual int encrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) = 0; - virtual int decrypt(bufferptr& secret, const bufferlist& in, bufferlist& out) = 0; + virtual int encrypt(const bufferptr& secret, const bufferlist& in, + bufferlist& out) const = 0; + virtual int decrypt(const bufferptr& secret, const bufferlist& in, + bufferlist& out) const = 0; }; diff --git a/src/auth/KeyRing.h b/src/auth/KeyRing.h index 1786aa14c586e..2d092de43da2f 100644 --- a/src/auth/KeyRing.h +++ b/src/auth/KeyRing.h @@ -32,21 +32,21 @@ public: void print(ostream& out); // accessors - bool get_auth(EntityName& name, EntityAuth &a) { - if (keys.count(name)) { - a = keys[name]; - return true; - } - return false; + bool get_auth(const EntityName& name, EntityAuth &a) const { + map::const_iterator k = keys.find(name); + if (k == keys.end()) + return false; + a = k->second; + return true; } - bool get_secret(EntityName& name, CryptoKey& secret) { - if (keys.count(name)) { - secret = keys[name].key; - return true; - } - return false; + bool get_secret(const EntityName& name, CryptoKey& secret) const { + map::const_iterator k = keys.find(name); + if (k == keys.end()) + return false; + secret = k->second.key; + return true; } - void get_master(CryptoKey& dest) { + void get_master(CryptoKey& dest) const { get_secret(g_conf.name, dest); } diff --git a/src/auth/RotatingKeyRing.cc b/src/auth/RotatingKeyRing.cc index a96fc5618e48b..2d1a2ff7df04a 100644 --- a/src/auth/RotatingKeyRing.cc +++ b/src/auth/RotatingKeyRing.cc @@ -14,12 +14,12 @@ #define dout_prefix *_dout << "auth: " -bool RotatingKeyRing::need_new_secrets() +bool RotatingKeyRing::need_new_secrets() const { Mutex::Locker l(lock); return secrets.need_new_secrets(); } -bool RotatingKeyRing::need_new_secrets(utime_t now) +bool RotatingKeyRing::need_new_secrets(utime_t now) const { Mutex::Locker l(lock); return secrets.need_new_secrets(now); @@ -32,22 +32,23 @@ void RotatingKeyRing::set_secrets(RotatingSecrets& s) dump_rotating(); } -void RotatingKeyRing::dump_rotating() +void RotatingKeyRing::dump_rotating() const { dout(10) << "dump_rotating:" << dendl; - for (map::iterator iter = secrets.secrets.begin(); + for (map::const_iterator iter = secrets.secrets.begin(); iter != secrets.secrets.end(); ++iter) dout(10) << " id " << iter->first << " " << iter->second << dendl; } -bool RotatingKeyRing::get_secret(EntityName& name, CryptoKey& secret) +bool RotatingKeyRing::get_secret(const EntityName& name, CryptoKey& secret) const { Mutex::Locker l(lock); return keyring->get_secret(name, secret); } -bool RotatingKeyRing::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) +bool RotatingKeyRing::get_service_secret(uint32_t service_id, uint64_t secret_id, + CryptoKey& secret) const { Mutex::Locker l(lock); @@ -57,7 +58,8 @@ bool RotatingKeyRing::get_service_secret(uint32_t service_id, uint64_t secret_id return false; } - map::iterator iter = secrets.secrets.find(secret_id); + map::const_iterator iter = + secrets.secrets.find(secret_id); if (iter == secrets.secrets.end()) { dout(0) << "could not find secret_id=" << secret_id << dendl; dump_rotating(); diff --git a/src/auth/RotatingKeyRing.h b/src/auth/RotatingKeyRing.h index cf191165d16e0..8bcf80f47393b 100644 --- a/src/auth/RotatingKeyRing.h +++ b/src/auth/RotatingKeyRing.h @@ -31,7 +31,7 @@ class RotatingKeyRing : public KeyStore { uint32_t service_id; RotatingSecrets secrets; KeyRing *keyring; - Mutex lock; + mutable Mutex lock; public: RotatingKeyRing(uint32_t s, KeyRing *kr) : @@ -39,12 +39,13 @@ public: keyring(kr), lock("RotatingKeyRing::lock") {} - bool need_new_secrets(); - bool need_new_secrets(utime_t now); + bool need_new_secrets() const; + bool need_new_secrets(utime_t now) const; void set_secrets(RotatingSecrets& s); - void dump_rotating(); - bool get_secret(EntityName& name, CryptoKey& secret); - bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret); + void dump_rotating() const; + bool get_secret(const EntityName& name, CryptoKey& secret) const; + bool get_service_secret(uint32_t service_id, uint64_t secret_id, + CryptoKey& secret) const; }; #endif diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc index d824849a799dc..49c4fd27a3430 100644 --- a/src/auth/cephx/CephxKeyServer.cc +++ b/src/auth/cephx/CephxKeyServer.cc @@ -23,18 +23,21 @@ #undef dout_prefix #define dout_prefix *_dout << "cephx keyserverdata: " -bool KeyServerData::get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id) +bool KeyServerData::get_service_secret(uint32_t service_id, + ExpiringCryptoKey& secret, uint64_t& secret_id) const { - map::iterator iter = rotating_secrets.find(service_id); + map::const_iterator iter = + rotating_secrets.find(service_id); if (iter == rotating_secrets.end()) { dout(10) << "get_service_secret service " << ceph_entity_type_name(service_id) << " not found " << dendl; return false; } - RotatingSecrets& secrets = iter->second; + const RotatingSecrets& secrets = iter->second; // second to oldest, unless it's expired - map::iterator riter = secrets.secrets.begin(); + map::const_iterator riter = + secrets.secrets.begin(); if (secrets.secrets.size() > 1) ++riter; @@ -48,7 +51,8 @@ bool KeyServerData::get_service_secret(uint32_t service_id, ExpiringCryptoKey& s return true; } -bool KeyServerData::get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id) +bool KeyServerData::get_service_secret(uint32_t service_id, + CryptoKey& secret, uint64_t& secret_id) const { ExpiringCryptoKey e; @@ -59,19 +63,23 @@ bool KeyServerData::get_service_secret(uint32_t service_id, CryptoKey& secret, u return true; } -bool KeyServerData::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) +bool KeyServerData::get_service_secret(uint32_t service_id, + uint64_t secret_id, CryptoKey& secret) const { - map::iterator iter = rotating_secrets.find(service_id); + map::const_iterator iter = + rotating_secrets.find(service_id); if (iter == rotating_secrets.end()) return false; - RotatingSecrets& secrets = iter->second; - map::iterator riter = secrets.secrets.find(secret_id); + const RotatingSecrets& secrets = iter->second; + map::const_iterator riter = + secrets.secrets.find(secret_id); if (riter == secrets.secrets.end()) { - dout(10) << "get_service_secret service " << ceph_entity_type_name(service_id) << " secret " << secret_id - << " not found; i have:" << dendl; - for (map::iterator iter = secrets.secrets.begin(); + dout(10) << "get_service_secret service " << ceph_entity_type_name(service_id) + << " secret " << secret_id << " not found; i have:" << dendl; + for (map::const_iterator iter = + secrets.secrets.begin(); iter != secrets.secrets.end(); ++iter) dout(10) << " id " << iter->first << " " << iter->second << dendl; @@ -82,33 +90,34 @@ bool KeyServerData::get_service_secret(uint32_t service_id, uint64_t secret_id, return true; } -bool KeyServerData::get_auth(EntityName& name, EntityAuth& auth) { - map::iterator iter = secrets.find(name); +bool KeyServerData::get_auth(const EntityName& name, EntityAuth& auth) const { + map::const_iterator iter = secrets.find(name); if (iter == secrets.end()) return false; auth = iter->second; return true; } -bool KeyServerData::get_secret(EntityName& name, CryptoKey& secret) { - map::iterator iter = secrets.find(name); +bool KeyServerData::get_secret(const EntityName& name, CryptoKey& secret) const { + map::const_iterator iter = secrets.find(name); if (iter == secrets.end()) return false; secret = iter->second.key; return true; } -bool KeyServerData::get_caps(EntityName& name, string& type, AuthCapsInfo& caps_info) +bool KeyServerData::get_caps(const EntityName& name, const string& type, + AuthCapsInfo& caps_info) const { caps_info.allow_all = false; dout(10) << "get_caps: name=" << name.to_str() << dendl; - map::iterator iter = secrets.find(name); + map::const_iterator iter = secrets.find(name); if (iter == secrets.end()) return false; dout(10) << "get_secret: num of caps=" << iter->second.caps.size() << dendl; - map::iterator capsiter = iter->second.caps.find(type); + map::const_iterator capsiter = iter->second.caps.find(type); if (capsiter != iter->second.caps.end()) { caps_info.caps = capsiter->second; } @@ -198,40 +207,44 @@ int KeyServer::_rotate_secret(uint32_t service_id) return added; } -bool KeyServer::get_secret(EntityName& name, CryptoKey& secret) +bool KeyServer::get_secret(const EntityName& name, CryptoKey& secret) const { Mutex::Locker l(lock); return data.get_secret(name, secret); } -bool KeyServer::get_auth(EntityName& name, EntityAuth& auth) +bool KeyServer::get_auth(const EntityName& name, EntityAuth& auth) const { Mutex::Locker l(lock); return data.get_auth(name, auth); } -bool KeyServer::get_caps(EntityName& name, string& type, AuthCapsInfo& caps_info) +bool KeyServer::get_caps(const EntityName& name, const string& type, + AuthCapsInfo& caps_info) const { Mutex::Locker l(lock); return data.get_caps(name, type, caps_info); } -bool KeyServer::get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id) +bool KeyServer::get_service_secret(uint32_t service_id, + ExpiringCryptoKey& secret, uint64_t& secret_id) const { Mutex::Locker l(lock); return data.get_service_secret(service_id, secret, secret_id); } -bool KeyServer::get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id) +bool KeyServer::get_service_secret(uint32_t service_id, + CryptoKey& secret, uint64_t& secret_id) const { Mutex::Locker l(lock); return data.get_service_secret(service_id, secret, secret_id); } -bool KeyServer::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) +bool KeyServer::get_service_secret(uint32_t service_id, + uint64_t secret_id, CryptoKey& secret) const { Mutex::Locker l(lock); @@ -268,18 +281,18 @@ bool KeyServer::generate_secret(EntityName& name, CryptoKey& secret) return true; } -bool KeyServer::contains(EntityName& name) +bool KeyServer::contains(const EntityName& name) const { Mutex::Locker l(lock); return data.contains(name); } -void KeyServer::list_secrets(stringstream& ss) +void KeyServer::list_secrets(stringstream& ss) const { Mutex::Locker l(lock); - map::iterator mapiter = data.secrets_begin(); + map::const_iterator mapiter = data.secrets_begin(); if (mapiter != data.secrets_end()) { ss << "installed auth entries: " << std::endl; @@ -289,9 +302,12 @@ void KeyServer::list_secrets(stringstream& ss) ss << "\tkey: " << mapiter->second.key << std::endl; - map::iterator capsiter = mapiter->second.caps.begin(); + map::const_iterator capsiter = + mapiter->second.caps.begin(); for (; capsiter != mapiter->second.caps.end(); ++capsiter) { - bufferlist::iterator dataiter = capsiter->second.begin(); + // FIXME: need a const_iterator for bufferlist, but it doesn't exist yet. + bufferlist *bl = const_cast(&capsiter->second); + bufferlist::iterator dataiter = bl->begin(); string caps; ::decode(caps, dataiter); ss << "\tcaps: [" << capsiter->first << "] " << caps << std::endl; @@ -320,17 +336,18 @@ bool KeyServer::updated_rotating(bufferlist& rotating_bl, version_t& rotating_ve return true; } -bool KeyServer::get_rotating_encrypted(EntityName& name, bufferlist& enc_bl) +bool KeyServer::get_rotating_encrypted(const EntityName& name, + bufferlist& enc_bl) const { Mutex::Locker l(lock); - map::iterator mapiter = data.find_name(name); + map::const_iterator mapiter = data.find_name(name); if (mapiter == data.secrets_end()) return false; - CryptoKey& specific_key = mapiter->second.key; + const CryptoKey& specific_key = mapiter->second.key; - map::iterator rotate_iter = + map::const_iterator rotate_iter = data.rotating_secrets.find(name.get_type()); if (rotate_iter == data.rotating_secrets.end()) return false; @@ -342,14 +359,16 @@ bool KeyServer::get_rotating_encrypted(EntityName& name, bufferlist& enc_bl) return true; } -bool KeyServer::_get_service_caps(EntityName& name, uint32_t service_id, AuthCapsInfo& caps_info) +bool KeyServer::_get_service_caps(const EntityName& name, uint32_t service_id, + AuthCapsInfo& caps_info) const { string s = ceph_entity_type_name(service_id); return data.get_caps(name, s, caps_info); } -bool KeyServer::get_service_caps(EntityName& name, uint32_t service_id, AuthCapsInfo& caps_info) +bool KeyServer::get_service_caps(const EntityName& name, uint32_t service_id, + AuthCapsInfo& caps_info) const { Mutex::Locker l(lock); return _get_service_caps(name, service_id, caps_info); diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h index f6e96c25f1675..45aede39441a3 100644 --- a/src/auth/cephx/CephxKeyServer.h +++ b/src/auth/cephx/CephxKeyServer.h @@ -51,7 +51,7 @@ struct KeyServerData { ::decode(rotating_secrets, bl); } - void encode_rotating(bufferlist& bl) { + void encode_rotating(bufferlist& bl) const { __u8 struct_v = 1; ::encode(struct_v, bl); ::encode(rotating_ver, bl); @@ -65,7 +65,7 @@ struct KeyServerData { ::decode(rotating_secrets, iter); } - bool contains(EntityName& name) { + bool contains(const EntityName& name) const { return (secrets.find(name) != secrets.end()); } @@ -80,16 +80,28 @@ struct KeyServerData { secrets.erase(iter); } - bool get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id); - bool get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id); - bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret); - bool get_auth(EntityName& name, EntityAuth& auth); - bool get_secret(EntityName& name, CryptoKey& secret); - bool get_caps(EntityName& name, string& type, AuthCapsInfo& caps); - - map::iterator secrets_begin() { return secrets.begin(); } - map::iterator secrets_end() { return secrets.end(); } - map::iterator find_name(EntityName& name) { return secrets.find(name); } + bool get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, + uint64_t& secret_id) const; + bool get_service_secret(uint32_t service_id, CryptoKey& secret, + uint64_t& secret_id) const; + bool get_service_secret(uint32_t service_id, uint64_t secret_id, + CryptoKey& secret) const; + bool get_auth(const EntityName& name, EntityAuth& auth) const; + bool get_secret(const EntityName& name, CryptoKey& secret) const; + bool get_caps(const EntityName& name, const string& type, AuthCapsInfo& caps) const; + + map::iterator secrets_begin() + { return secrets.begin(); } + map::const_iterator secrets_begin() const + { return secrets.begin(); } + map::iterator secrets_end() + { return secrets.end(); } + map::const_iterator secrets_end() const + { return secrets.end(); } + map::iterator find_name(const EntityName& name) + { return secrets.find(name); } + map::const_iterator find_name(const EntityName& name) const + { return secrets.find(name); } // -- incremental updates -- @@ -166,22 +178,24 @@ WRITE_CLASS_ENCODER(KeyServerData::Incremental); class KeyServer : public KeyStore { KeyServerData data; - Mutex lock; + mutable Mutex lock; int _rotate_secret(uint32_t service_id); bool _check_rotating_secrets(); void _dump_rotating_secrets(); - int _build_session_auth_info(uint32_t service_id, CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info); - bool _get_service_caps(EntityName& name, uint32_t service_id, AuthCapsInfo& caps); + int _build_session_auth_info(uint32_t service_id, + CephXServiceTicketInfo& auth_ticket_info, CephXSessionAuthInfo& info); + bool _get_service_caps(const EntityName& name, uint32_t service_id, + AuthCapsInfo& caps) const; public: KeyServer(); bool generate_secret(CryptoKey& secret); - bool get_secret(EntityName& name, CryptoKey& secret); - bool get_auth(EntityName& name, EntityAuth& auth); - bool get_caps(EntityName& name, string& type, AuthCapsInfo& caps); - bool get_active_rotating_secret(EntityName& name, CryptoKey& secret); + bool get_secret(const EntityName& name, CryptoKey& secret) const; + bool get_auth(const EntityName& name, EntityAuth& auth) const; + bool get_caps(const EntityName& name, const string& type, AuthCapsInfo& caps) const; + bool get_active_rotating_secret(const EntityName& name, CryptoKey& secret) const; int start_server(); void rotate_timeout(double timeout); @@ -190,9 +204,12 @@ public: CryptoKey& service_secret, uint64_t secret_id); /* get current secret for specific service type */ - bool get_service_secret(uint32_t service_id, ExpiringCryptoKey& service_key, uint64_t& secret_id); - bool get_service_secret(uint32_t service_id, CryptoKey& service_key, uint64_t& secret_id); - bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret); + bool get_service_secret(uint32_t service_id, ExpiringCryptoKey& service_key, + uint64_t& secret_id) const; + bool get_service_secret(uint32_t service_id, CryptoKey& service_key, + uint64_t& secret_id) const; + bool get_service_secret(uint32_t service_id, uint64_t secret_id, + CryptoKey& secret) const; bool generate_secret(EntityName& name, CryptoKey& secret); @@ -203,9 +220,9 @@ public: Mutex::Locker l(lock); ::decode(data, bl); } - bool contains(EntityName& name); - void list_secrets(stringstream& ss); - version_t get_ver() { + bool contains(const EntityName& name) const; + void list_secrets(stringstream& ss) const; + version_t get_ver() const { Mutex::Locker l(lock); return data.version; } @@ -233,7 +250,7 @@ public: data.add_rotating_secret(service_id, key); } */ - void clone_to(KeyServerData& dst) { + void clone_to(KeyServerData& dst) const { Mutex::Locker l(lock); dst = data; } @@ -247,10 +264,11 @@ public: bool updated_rotating(bufferlist& rotating_bl, version_t& rotating_ver); - bool get_rotating_encrypted(EntityName& name, bufferlist& enc_bl); + bool get_rotating_encrypted(const EntityName& name, bufferlist& enc_bl) const; - Mutex& get_lock() { return lock; } - bool get_service_caps(EntityName& name, uint32_t service_id, AuthCapsInfo& caps); + Mutex& get_lock() const { return lock; } + bool get_service_caps(const EntityName& name, uint32_t service_id, + AuthCapsInfo& caps) const; }; WRITE_CLASS_ENCODER(KeyServer); diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h index e0a1a098cf269..82eca98d2ace3 100644 --- a/src/auth/cephx/CephxProtocol.h +++ b/src/auth/cephx/CephxProtocol.h @@ -428,7 +428,7 @@ int decode_decrypt_enc_bl(T& t, CryptoKey key, bufferlist& bl_enc) { } template -int encode_encrypt_enc_bl(const T& t, CryptoKey& key, bufferlist& out) { +int encode_encrypt_enc_bl(const T& t, const CryptoKey& key, bufferlist& out) { bufferlist bl; __u8 struct_v = 1; ::encode(struct_v, bl); @@ -443,14 +443,14 @@ int encode_encrypt_enc_bl(const T& t, CryptoKey& key, bufferlist& out) { } template -int decode_decrypt(T& t, CryptoKey key, bufferlist::iterator& iter) { +int decode_decrypt(T& t, const CryptoKey key, bufferlist::iterator& iter) { bufferlist bl_enc; ::decode(bl_enc, iter); return decode_decrypt_enc_bl(t, key, bl_enc); } template -int encode_encrypt(const T& t, CryptoKey& key, bufferlist& out) { +int encode_encrypt(const T& t, const CryptoKey& key, bufferlist& out) { bufferlist bl_enc; int ret = encode_encrypt_enc_bl(t, key, bl_enc); if (ret < 0) diff --git a/src/include/utime.h b/src/include/utime.h index 7a8e0d7f6483c..87606fb8fbf0b 100644 --- a/src/include/utime.h +++ b/src/include/utime.h @@ -163,10 +163,18 @@ inline bool operator>(const utime_t& a, const utime_t& b) { return (a.sec() > b.sec()) || (a.sec() == b.sec() && a.nsec() > b.nsec()); } +inline bool operator<=(const utime_t& a, const utime_t& b) +{ + return !(operator>(a, b)); +} inline bool operator<(const utime_t& a, const utime_t& b) { return (a.sec() < b.sec()) || (a.sec() == b.sec() && a.nsec() < b.nsec()); } +inline bool operator>=(const utime_t& a, const utime_t& b) +{ + return !(operator<(a, b)); +} inline bool operator==(const utime_t& a, const utime_t& b) { -- 2.39.5