From 7c2bd6af8cf874a356caa04fc02dcac459552acd Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Thu, 22 Oct 2009 12:13:28 -0700 Subject: [PATCH] auth: rename Keys* classes --- src/Makefile.am | 4 +- src/auth/Auth.cc | 3 +- src/auth/Auth.h | 12 +++++- src/auth/AuthServiceHandler.cc | 12 +++--- src/auth/KeyRing.cc | 1 - src/auth/KeyRing.h | 2 +- src/auth/{KeysServer.cc => KeyServer.cc} | 54 ++++++++++++------------ src/auth/{KeysServer.h => KeyServer.h} | 20 ++++----- src/authtool.cc | 1 - src/ceph.cc | 2 +- src/include/AuthLibrary.h | 1 - src/librados.cc | 1 - src/mon/AuthMonitor.cc | 32 +++++++------- src/mon/AuthMonitor.h | 2 +- src/mon/MonClient.cc | 1 - src/mon/Monitor.cc | 12 +++--- src/mon/Monitor.h | 4 +- src/osd/OSD.cc | 2 - src/testkeys.cc | 4 +- 19 files changed, 83 insertions(+), 87 deletions(-) rename src/auth/{KeysServer.cc => KeyServer.cc} (78%) rename src/auth/{KeysServer.h => KeyServer.h} (93%) diff --git a/src/Makefile.am b/src/Makefile.am index 0d19680e0ef3f..97838dfc61d17 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -297,7 +297,7 @@ libcommon_files = \ auth/Crypto.cc \ auth/ExportControl.cc \ auth/KeyRing.cc \ - auth/KeysServer.cc \ + auth/KeyServer.cc \ common/LogClient.cc \ msg/Message.cc \ common/Logger.cc \ @@ -402,7 +402,7 @@ noinst_HEADERS = \ auth/AuthProtocol.h\ auth/AuthServiceHandler.h\ auth/KeyRing.h\ - auth/KeysServer.h\ + auth/KeyServer.h\ auth/Crypto.h\ auth/ExportControl.h\ ceph_ver.h \ diff --git a/src/auth/Auth.cc b/src/auth/Auth.cc index e72d56e168b77..e96ce62b767d6 100644 --- a/src/auth/Auth.cc +++ b/src/auth/Auth.cc @@ -1,6 +1,5 @@ #include "Auth.h" -#include "KeysServer.h" #include "common/Clock.h" #include "config.h" @@ -207,7 +206,7 @@ bool AuthTicketManager::build_authorizer(uint32_t service_id, AuthAuthorizer& au * * {timestamp + 1}^session_key */ -bool verify_authorizer(KeysKeeper& keys, bufferlist::iterator& indata, +bool verify_authorizer(KeyStore& keys, bufferlist::iterator& indata, AuthServiceTicketInfo& ticket_info, bufferlist& reply_bl) { uint32_t service_id; diff --git a/src/auth/Auth.h b/src/auth/Auth.h index 91bed03cd5111..51a7092e5f058 100644 --- a/src/auth/Auth.h +++ b/src/auth/Auth.h @@ -297,7 +297,15 @@ struct RotatingSecrets { }; WRITE_CLASS_ENCODER(RotatingSecrets); -class KeysKeeper { + + +/* + * Key management + */ +#define KEY_ROTATE_TIME 20 +#define KEY_ROTATE_NUM 3 + +class KeyStore { public: virtual bool get_secret(EntityName& name, CryptoKey& secret) = 0; virtual bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) = 0; @@ -358,7 +366,7 @@ int encode_encrypt(const T& t, CryptoKey& key, bufferlist& out) { */ extern bool verify_service_ticket_request(AuthServiceTicketRequest& ticket_req, bufferlist::iterator& indata); -extern bool verify_authorizer(KeysKeeper& keys, bufferlist::iterator& indata, +extern bool verify_authorizer(KeyStore& keys, bufferlist::iterator& indata, AuthServiceTicketInfo& ticket_info, bufferlist& reply_bl); #endif diff --git a/src/auth/AuthServiceHandler.cc b/src/auth/AuthServiceHandler.cc index f9816dfe98b8f..9f2e88531e21b 100644 --- a/src/auth/AuthServiceHandler.cc +++ b/src/auth/AuthServiceHandler.cc @@ -71,7 +71,7 @@ int CephAuthService_X::handle_request(bufferlist::iterator& indata, bufferlist& CryptoKey secret; dout(0) << "entity_name=" << entity_name.to_str() << dendl; - if (!mon->keys_server.get_secret(entity_name, secret)) { + if (!mon->key_server.get_secret(entity_name, secret)) { dout(0) << "couldn't find entity name: " << entity_name.to_str() << dendl; ret = -EPERM; break; @@ -139,7 +139,7 @@ int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, buffe SessionAuthInfo info; CryptoKey principal_secret; - if (mon->keys_server.get_secret(req.name, principal_secret) < 0) { + if (mon->key_server.get_secret(req.name, principal_secret) < 0) { ret = -EPERM; break; } @@ -148,11 +148,11 @@ int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, buffe info.ticket.addr = req.addr; info.ticket.init_timestamps(g_clock.now(), g_conf.auth_mon_ticket_ttl); - mon->keys_server.generate_secret(session_key); + mon->key_server.generate_secret(session_key); info.session_key = session_key; info.service_id = CEPHX_PRINCIPAL_AUTH; - if (!mon->keys_server.get_service_secret(CEPHX_PRINCIPAL_AUTH, info.service_secret, info.secret_id)) { + if (!mon->key_server.get_service_secret(CEPHX_PRINCIPAL_AUTH, info.service_secret, info.secret_id)) { dout(0) << "could not get service secret for auth subsystem" << dendl; ret = -EIO; break; @@ -174,7 +174,7 @@ int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, buffe { bufferlist tmp_bl; AuthServiceTicketInfo auth_ticket_info; - if (!verify_authorizer(mon->keys_server, indata, auth_ticket_info, tmp_bl)) { + if (!verify_authorizer(mon->key_server, indata, auth_ticket_info, tmp_bl)) { ret = -EPERM; } @@ -189,7 +189,7 @@ int CephAuthService_X::handle_cephx_protocol(bufferlist::iterator& indata, buffe for (uint32_t service_id = 1; service_id != (CEPHX_PRINCIPAL_TYPE_MASK + 1); service_id <<= 1) { if (ticket_req.keys & service_id) { SessionAuthInfo info; - int r = mon->keys_server.build_session_auth_info(service_id, auth_ticket_info, info); + int r = mon->key_server.build_session_auth_info(service_id, auth_ticket_info, info); if (r < 0) { ret = r; break; diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc index 6090ea597278c..6b2615bf37235 100644 --- a/src/auth/KeyRing.cc +++ b/src/auth/KeyRing.cc @@ -19,7 +19,6 @@ #include "Crypto.h" #include "auth/KeyRing.h" -#include "auth/KeysServer.h" using namespace std; diff --git a/src/auth/KeyRing.h b/src/auth/KeyRing.h index 38517b671cd80..879bd530a1c8c 100644 --- a/src/auth/KeyRing.h +++ b/src/auth/KeyRing.h @@ -25,7 +25,7 @@ key of that service */ -class KeyRing : public KeysKeeper { +class KeyRing : public KeyStore { CryptoKey master; RotatingSecrets rotating_secrets; Mutex lock; diff --git a/src/auth/KeysServer.cc b/src/auth/KeyServer.cc similarity index 78% rename from src/auth/KeysServer.cc rename to src/auth/KeyServer.cc index e2227e68118ae..fa78310bbdb74 100644 --- a/src/auth/KeysServer.cc +++ b/src/auth/KeyServer.cc @@ -14,7 +14,7 @@ #include "config.h" -#include "KeysServer.h" +#include "KeyServer.h" #include "Crypto.h" #include "common/Timer.h" @@ -34,7 +34,7 @@ void RotatingSecrets::add(ExpiringCryptoKey& key) } } -bool KeysServerData::get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id) +bool KeyServerData::get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id) { map::iterator iter = rotating_secrets.find(service_id); if (iter == rotating_secrets.end()) @@ -52,7 +52,7 @@ bool KeysServerData::get_service_secret(uint32_t service_id, ExpiringCryptoKey& return true; } -bool KeysServerData::get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id) +bool KeyServerData::get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id) { ExpiringCryptoKey e; @@ -64,7 +64,7 @@ bool KeysServerData::get_service_secret(uint32_t service_id, CryptoKey& secret, return true; } -bool KeysServerData::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) +bool KeyServerData::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) { map::iterator iter = rotating_secrets.find(service_id); if (iter == rotating_secrets.end()) @@ -81,7 +81,7 @@ bool KeysServerData::get_service_secret(uint32_t service_id, uint64_t secret_id, return true; } -bool KeysServerData::get_secret(EntityName& name, CryptoKey& secret) +bool KeyServerData::get_secret(EntityName& name, CryptoKey& secret) { map::iterator iter = secrets.find(name); if (iter == secrets.end()) @@ -92,7 +92,7 @@ bool KeysServerData::get_secret(EntityName& name, CryptoKey& secret) return true; } -bool KeysServerData::get_caps(EntityName& name, string& type, bufferlist& caps) +bool KeyServerData::get_caps(EntityName& name, string& type, bufferlist& caps) { dout(0) << "get_caps: name=" << name.to_str() << dendl; map::iterator iter = secrets.find(name); @@ -108,11 +108,11 @@ bool KeysServerData::get_caps(EntityName& name, string& type, bufferlist& caps) return true; } -KeysServer::KeysServer() : lock("KeysServer::lock") +KeyServer::KeyServer() : lock("KeyServer::lock") { } -int KeysServer::start_server(bool init) +int KeyServer::start_server(bool init) { Mutex::Locker l(lock); @@ -122,7 +122,7 @@ int KeysServer::start_server(bool init) return 0; } -void KeysServer::_generate_all_rotating_secrets(bool init) +void KeyServer::_generate_all_rotating_secrets(bool init) { data.rotating_ver++; data.next_rotating_time = g_clock.now(); @@ -159,7 +159,7 @@ void KeysServer::_generate_all_rotating_secrets(bool init) } } -void KeysServer::_rotate_secret(uint32_t service_id, int factor) +void KeyServer::_rotate_secret(uint32_t service_id, int factor) { ExpiringCryptoKey ek; generate_secret(ek.key); @@ -169,52 +169,52 @@ void KeysServer::_rotate_secret(uint32_t service_id, int factor) data.add_rotating_secret(service_id, ek); } -bool KeysServer::_check_rotate() +bool KeyServer::_check_rotate() { if (g_clock.now() > data.next_rotating_time) { - dout(0) << "KeysServer::check_rotate: need to rotate keys" << dendl; + dout(0) << "KeyServer::check_rotate: need to rotate keys" << dendl; _generate_all_rotating_secrets(false); return true; } return false; } -bool KeysServer::get_secret(EntityName& name, CryptoKey& secret) +bool KeyServer::get_secret(EntityName& name, CryptoKey& secret) { Mutex::Locker l(lock); return data.get_secret(name, secret); } -bool KeysServer::get_caps(EntityName& name, string& type, bufferlist& caps) +bool KeyServer::get_caps(EntityName& name, string& type, bufferlist& caps) { Mutex::Locker l(lock); return data.get_caps(name, type, caps); } -bool KeysServer::get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id) +bool KeyServer::get_service_secret(uint32_t service_id, ExpiringCryptoKey& secret, uint64_t& secret_id) { Mutex::Locker l(lock); return data.get_service_secret(service_id, secret, secret_id); } -bool KeysServer::get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id) +bool KeyServer::get_service_secret(uint32_t service_id, CryptoKey& secret, uint64_t& secret_id) { Mutex::Locker l(lock); return data.get_service_secret(service_id, secret, secret_id); } -bool KeysServer::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) +bool KeyServer::get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) { Mutex::Locker l(lock); return data.get_service_secret(service_id, secret_id, secret); } -bool KeysServer::generate_secret(CryptoKey& secret) +bool KeyServer::generate_secret(CryptoKey& secret) { bufferptr bp; CryptoHandler *crypto = ceph_crypto_mgr.get_crypto(CEPH_SECRET_AES); @@ -229,7 +229,7 @@ bool KeysServer::generate_secret(CryptoKey& secret) return true; } -bool KeysServer::generate_secret(EntityName& name, CryptoKey& secret) +bool KeyServer::generate_secret(EntityName& name, CryptoKey& secret) { if (!generate_secret(secret)) return false; @@ -244,14 +244,14 @@ bool KeysServer::generate_secret(EntityName& name, CryptoKey& secret) return true; } -bool KeysServer::contains(EntityName& name) +bool KeyServer::contains(EntityName& name) { Mutex::Locker l(lock); return data.contains(name); } -void KeysServer::list_secrets(stringstream& ss) +void KeyServer::list_secrets(stringstream& ss) { Mutex::Locker l(lock); @@ -278,7 +278,7 @@ void KeysServer::list_secrets(stringstream& ss) } } -bool KeysServer::updated_rotating(bufferlist& rotating_bl, version_t& rotating_ver) +bool KeyServer::updated_rotating(bufferlist& rotating_bl, version_t& rotating_ver) { Mutex::Locker l(lock); @@ -295,7 +295,7 @@ bool KeysServer::updated_rotating(bufferlist& rotating_bl, version_t& rotating_v return true; } -void KeysServer::decode_rotating(bufferlist& rotating_bl) +void KeyServer::decode_rotating(bufferlist& rotating_bl) { Mutex::Locker l(lock); @@ -305,7 +305,7 @@ void KeysServer::decode_rotating(bufferlist& rotating_bl) ::decode(data.rotating_secrets, iter); } -bool KeysServer::get_rotating_encrypted(EntityName& name, bufferlist& enc_bl) +bool KeyServer::get_rotating_encrypted(EntityName& name, bufferlist& enc_bl) { Mutex::Locker l(lock); @@ -326,7 +326,7 @@ bool KeysServer::get_rotating_encrypted(EntityName& name, bufferlist& enc_bl) return true; } -int KeysServer::_build_session_auth_info(uint32_t service_id, AuthServiceTicketInfo& auth_ticket_info, SessionAuthInfo& info) +int KeyServer::_build_session_auth_info(uint32_t service_id, AuthServiceTicketInfo& auth_ticket_info, SessionAuthInfo& info) { info.ticket.name = auth_ticket_info.ticket.name; info.ticket.addr = auth_ticket_info.ticket.addr; @@ -346,7 +346,7 @@ int KeysServer::_build_session_auth_info(uint32_t service_id, AuthServiceTicketI return 0; } -int KeysServer::build_session_auth_info(uint32_t service_id, AuthServiceTicketInfo& auth_ticket_info, SessionAuthInfo& info) +int KeyServer::build_session_auth_info(uint32_t service_id, AuthServiceTicketInfo& auth_ticket_info, SessionAuthInfo& info) { if (get_service_secret(service_id, info.service_secret, info.secret_id) < 0) { return -EPERM; @@ -357,7 +357,7 @@ int KeysServer::build_session_auth_info(uint32_t service_id, AuthServiceTicketIn return _build_session_auth_info(service_id, auth_ticket_info, info); } -int KeysServer::build_session_auth_info(uint32_t service_id, AuthServiceTicketInfo& auth_ticket_info, SessionAuthInfo& info, +int KeyServer::build_session_auth_info(uint32_t service_id, AuthServiceTicketInfo& auth_ticket_info, SessionAuthInfo& info, CryptoKey& service_secret, uint64_t secret_id) { info.service_secret = service_secret; diff --git a/src/auth/KeysServer.h b/src/auth/KeyServer.h similarity index 93% rename from src/auth/KeysServer.h rename to src/auth/KeyServer.h index 5ff002c91e14b..a03ebbb04b508 100644 --- a/src/auth/KeysServer.h +++ b/src/auth/KeyServer.h @@ -21,11 +21,7 @@ #include "common/Timer.h" #include "Auth.h" -#define KEY_ROTATE_TIME 20 -#define KEY_ROTATE_NUM 3 - - -struct KeysServerData { +struct KeyServerData { version_t version; version_t rotating_ver; utime_t next_rotating_time; @@ -36,7 +32,7 @@ struct KeysServerData { /* for each service type */ map rotating_secrets; - KeysServerData() : version(0), rotating_ver(0) {} + KeyServerData() : version(0), rotating_ver(0) {} void encode(bufferlist& bl) const { ::encode(version, bl); @@ -82,10 +78,10 @@ struct KeysServerData { map::iterator secrets_end() { return secrets.end(); } map::iterator find_name(EntityName& name) { return secrets.find(name); } }; -WRITE_CLASS_ENCODER(KeysServerData); +WRITE_CLASS_ENCODER(KeyServerData); -class KeysServer : public KeysKeeper { - KeysServerData data; +class KeyServer : public KeyStore { + KeyServerData data; Mutex lock; @@ -94,7 +90,7 @@ class KeysServer : public KeysKeeper { bool _check_rotate(); int _build_session_auth_info(uint32_t service_id, AuthServiceTicketInfo& auth_ticket_info, SessionAuthInfo& info); public: - KeysServer(); + KeyServer(); bool generate_secret(CryptoKey& secret); @@ -148,7 +144,7 @@ public: Mutex::Locker l(lock); data.add_rotating_secret(service_id, key); } - void clone_to(KeysServerData& dst) { + void clone_to(KeyServerData& dst) { Mutex::Locker l(lock); dst = data; } @@ -160,7 +156,7 @@ public: Mutex& get_lock() { return lock; } }; -WRITE_CLASS_ENCODER(KeysServer); +WRITE_CLASS_ENCODER(KeyServer); diff --git a/src/authtool.cc b/src/authtool.cc index 6bf09367facae..f6c3e68dc0dda 100644 --- a/src/authtool.cc +++ b/src/authtool.cc @@ -19,7 +19,6 @@ using namespace std; #include "common/ConfUtils.h" #include "common/common_init.h" #include "auth/Crypto.h" -#include "auth/KeysServer.h" #include "auth/Auth.h" void usage() diff --git a/src/ceph.cc b/src/ceph.cc index efdf82ac40221..e162d35c21916 100644 --- a/src/ceph.cc +++ b/src/ceph.cc @@ -205,7 +205,7 @@ void handle_notify(MMonObserveNotify *notify) { bufferlist::iterator p = notify->bl.begin(); if (notify->is_latest) { - KeysServerData data; + KeyServerData data; ::decode(data, p); dout(0) << " auth " << dendl; #if 0 diff --git a/src/include/AuthLibrary.h b/src/include/AuthLibrary.h index d5dcc30bf5dbe..8109f945162a9 100644 --- a/src/include/AuthLibrary.h +++ b/src/include/AuthLibrary.h @@ -18,7 +18,6 @@ #include "include/types.h" #include "include/encoding.h" #include "auth/Auth.h" -#include "auth/KeysServer.h" struct AuthLibEntry { bool rotating; diff --git a/src/librados.cc b/src/librados.cc index ef216d0bdeb0f..5c9f773ea922e 100644 --- a/src/librados.cc +++ b/src/librados.cc @@ -65,7 +65,6 @@ class RadosClient : public Dispatcher uint32_t want = peer_id_to_entity_type(dest_type); if (monclient.auth.build_authorizer(want, authorizer) < 0) return false; - return true; } void ms_handle_connect(Connection *con); diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 671ce58c7ea77..4b3c64a76453b 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -55,7 +55,7 @@ ostream& operator<<(ostream& out, AuthMonitor& pm) void AuthMonitor::check_rotate() { AuthLibEntry entry; - if (!mon->keys_server.updated_rotating(entry.rotating_bl, last_rotating_ver)) + if (!mon->key_server.updated_rotating(entry.rotating_bl, last_rotating_ver)) return; dout(0) << "AuthMonitor::tick() updated rotating, now calling propose_pending" << dendl; @@ -89,7 +89,7 @@ void AuthMonitor::on_active() if (!mon->is_leader()) return; - mon->keys_server.start_server(true); + mon->key_server.start_server(true); /* check_rotate(); */ @@ -162,7 +162,7 @@ bool AuthMonitor::update_from_paxos() { dout(0) << "AuthMonitor::update_from_paxos()" << dendl; version_t paxosv = paxos->get_version(); - version_t keys_ver = mon->keys_server.get_ver(); + version_t keys_ver = mon->key_server.get_ver(); if (paxosv == keys_ver) return true; assert(paxosv >= keys_ver); @@ -173,7 +173,7 @@ bool AuthMonitor::update_from_paxos() if (v) { dout(7) << "update_from_paxos startup: loading summary e" << v << dendl; bufferlist::iterator p = latest.begin(); - ::decode(mon->keys_server, p); + ::decode(mon->key_server, p); } } @@ -193,18 +193,18 @@ bool AuthMonitor::update_from_paxos() case AUTH_INC_ADD: if (!entry.rotating) { derr(0) << "got entry name=" << entry.name.to_str() << dendl; - mon->keys_server.add_auth(entry.name, entry.auth); + mon->key_server.add_auth(entry.name, entry.auth); } else { derr(0) << "got AUTH_INC_ADD with entry.rotating" << dendl; } break; case AUTH_INC_DEL: - mon->keys_server.remove_secret(entry.name); + mon->key_server.remove_secret(entry.name); break; case AUTH_INC_SET_ROTATING: { dout(0) << "AuthMonitor::update_from_paxos: decode_rotating" << dendl; - mon->keys_server.decode_rotating(entry.rotating_bl); + mon->key_server.decode_rotating(entry.rotating_bl); } break; case AUTH_INC_NOP: @@ -214,12 +214,12 @@ bool AuthMonitor::update_from_paxos() } } keys_ver++; - mon->keys_server.set_ver(keys_ver); + mon->key_server.set_ver(keys_ver); } bufferlist bl; - Mutex::Locker l(mon->keys_server.get_lock()); - ::encode(mon->keys_server, bl); + Mutex::Locker l(mon->key_server.get_lock()); + ::encode(mon->key_server, bl); paxos->stash_latest(paxosv, bl); return true; @@ -228,7 +228,7 @@ bool AuthMonitor::update_from_paxos() void AuthMonitor::init() { version_t paxosv = paxos->get_version(); - version_t keys_ver = mon->keys_server.get_ver(); + version_t keys_ver = mon->key_server.get_ver(); dout(0) << "AuthMonitor::init() paxosv=" << paxosv << dendl; @@ -242,7 +242,7 @@ void AuthMonitor::init() if (v) { dout(0) << "AuthMonitor::init() startup: loading summary e" << v << dendl; bufferlist::iterator p = latest.begin(); - ::decode(mon->keys_server, p); + ::decode(mon->key_server, p); } } @@ -370,7 +370,7 @@ bool AuthMonitor::preprocess_auth_rotating(MAuthRotating *m) if (!reply) return true; - if (mon->keys_server.get_rotating_encrypted(m->entity_name, reply->response_bl)) { + if (mon->key_server.get_rotating_encrypted(m->entity_name, reply->response_bl)) { reply->status = 0; } else { reply->status = -EPERM; @@ -392,7 +392,7 @@ bool AuthMonitor::preprocess_auth_mon(MAuthMon *m) for (deque::iterator p = m->info.begin(); p != m->info.end(); p++) { - if (!mon->keys_server.contains((*p).name)) + if (!mon->key_server.contains((*p).name)) num_new++; } if (!num_new) { @@ -518,7 +518,7 @@ bool AuthMonitor::prepare_command(MMonCommand *m) string name = m->cmd[2]; AuthLibEntry entry; entry.name.from_str(name); - if (!mon->keys_server.contains(entry.name)) { + if (!mon->key_server.contains(entry.name)) { ss << "couldn't find entry " << name; rs = -ENOENT; goto done; @@ -533,7 +533,7 @@ bool AuthMonitor::prepare_command(MMonCommand *m) paxos->wait_for_commit(new Monitor::C_Command(mon, m, 0, rs, paxos->get_version())); return true; } else if (m->cmd[1] == "list") { - mon->keys_server.list_secrets(ss); + mon->key_server.list_secrets(ss); err = 0; goto done; } else { diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h index 0aaad0908be43..0244cd32e900c 100644 --- a/src/mon/AuthMonitor.h +++ b/src/mon/AuthMonitor.h @@ -26,7 +26,7 @@ using namespace std; #include "include/AuthLibrary.h" -#include "auth/KeysServer.h" +#include "auth/KeyServer.h" class MMonCommand; class MAuth; diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc index a8ece0c793d8e..69a5af8bcf450 100644 --- a/src/mon/MonClient.cc +++ b/src/mon/MonClient.cc @@ -32,7 +32,6 @@ #include "auth/Auth.h" #include "auth/AuthProtocol.h" -#include "auth/KeysServer.h" #include "auth/KeyRing.h" #include "config.h" diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 192730b98b6b3..00096049fca52 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -903,7 +903,7 @@ int Monitor::do_authorize(bufferlist::iterator& indata, bufferlist& result_bl) AuthServiceTicketInfo auth_ticket_info; bufferlist tmp_bl; - ret = verify_authorizer(keys_server, indata, auth_ticket_info, tmp_bl); + ret = verify_authorizer(key_server, indata, auth_ticket_info, tmp_bl); result_bl.claim_append(tmp_bl); } break; @@ -931,7 +931,7 @@ bool Monitor::ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool dout(0) << "ms_get_authorizer service_id=" << service_id << dendl; if (service_id != CEPHX_PRINCIPAL_MON) { - ret = keys_server.build_session_auth_info(service_id, auth_ticket_info, info); + ret = key_server.build_session_auth_info(service_id, auth_ticket_info, info); if (ret < 0) { return false; } @@ -940,16 +940,16 @@ bool Monitor::ms_get_authorizer(int dest_type, AuthAuthorizer& authorizer, bool name.entity_type = CEPHX_PRINCIPAL_MON; CryptoKey secret; - if (!keys_server.get_secret(name, secret)) { + if (!key_server.get_secret(name, secret)) { dout(0) << "couldn't get secret for mon service!" << dendl; stringstream ss; - keys_server.list_secrets(ss); + key_server.list_secrets(ss); dout(0) << ss.str() << dendl; return false; } /* mon to mon authentication uses the private monitor shared key and not the rotating key */ - ret = keys_server.build_session_auth_info(service_id, auth_ticket_info, info, secret, (uint64_t)-1); + ret = key_server.build_session_auth_info(service_id, auth_ticket_info, info, secret, (uint64_t)-1); if (ret < 0) { return false; } @@ -989,7 +989,7 @@ bool Monitor::ms_verify_authorizer(Connection *con, int peer_type, if (!authorizer_data.length()) return true; /* we're not picky */ - int ret = verify_authorizer(keys_server, iter, auth_ticket_info, authorizer_reply); + int ret = verify_authorizer(key_server, iter, auth_ticket_info, authorizer_reply); dout(0) << "Monitor::verify_authorizer returns " << ret << dendl; isvalid = (ret >= 0); diff --git a/src/mon/Monitor.h b/src/mon/Monitor.h index 583af6bc57502..8d363f2fe9edd 100644 --- a/src/mon/Monitor.h +++ b/src/mon/Monitor.h @@ -37,7 +37,7 @@ #include "common/LogClient.h" -#include "auth/KeysServer.h" +#include "auth/KeyServer.h" class MonitorStore; @@ -70,7 +70,7 @@ public: void reset_tick(); friend class C_Mon_Tick; - KeysServer keys_server; + KeyServer key_server; diff --git a/src/osd/OSD.cc b/src/osd/OSD.cc index b0993036f8824..d84dce31419fa 100644 --- a/src/osd/OSD.cc +++ b/src/osd/OSD.cc @@ -80,8 +80,6 @@ #include "common/ClassHandler.h" -#include "auth/KeysServer.h" - #include #include #include diff --git a/src/testkeys.cc b/src/testkeys.cc index 04dde2eb59368..f18482028987e 100644 --- a/src/testkeys.cc +++ b/src/testkeys.cc @@ -1,4 +1,4 @@ -#include "auth/KeysServer.h" +#include "auth/KeyServer.h" #include "config.h" @@ -8,7 +8,7 @@ int main(int argc, char *argv[]) { - KeysServer server; + KeyServer server; dout(0) << "server created" << dendl; -- 2.39.5