From 7dfca035ac84a880a18e3bcdcf11c81d609a5a4c Mon Sep 17 00:00:00 2001 From: Kefu Chai Date: Fri, 26 Apr 2019 16:01:52 +0800 Subject: [PATCH] auth,mon,crimson: pass KeyStore by const reference AuthAuthorizeHandler::verify_authorizer() neither changes the keystore, nor expects a nullptr. so we should pass the keystore by const reference for better readability Signed-off-by: Kefu Chai --- src/auth/AuthAuthorizeHandler.h | 2 +- src/auth/cephx/CephxAuthorizeHandler.cc | 2 +- src/auth/cephx/CephxAuthorizeHandler.h | 2 +- src/auth/cephx/CephxProtocol.cc | 6 +++--- src/auth/cephx/CephxProtocol.h | 2 +- src/auth/cephx/CephxServiceHandler.cc | 2 +- src/auth/krb/KrbAuthorizeHandler.hpp | 2 +- src/auth/none/AuthNoneAuthorizeHandler.cc | 2 +- src/auth/none/AuthNoneAuthorizeHandler.h | 2 +- src/crimson/mon/MonClient.cc | 2 +- src/mon/MonClient.cc | 2 +- src/mon/Monitor.cc | 2 +- 12 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/auth/AuthAuthorizeHandler.h b/src/auth/AuthAuthorizeHandler.h index 4db4e408dca..b6ac1b1b7d2 100644 --- a/src/auth/AuthAuthorizeHandler.h +++ b/src/auth/AuthAuthorizeHandler.h @@ -31,7 +31,7 @@ struct AuthAuthorizeHandler { virtual ~AuthAuthorizeHandler() {} virtual bool verify_authorizer( CephContext *cct, - KeyStore *keys, + const KeyStore& keys, const ceph::buffer::list& authorizer_data, size_t connection_secret_required_len, ceph::buffer::list *authorizer_reply, diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc index 6684e164728..b07de5a1d96 100644 --- a/src/auth/cephx/CephxAuthorizeHandler.cc +++ b/src/auth/cephx/CephxAuthorizeHandler.cc @@ -8,7 +8,7 @@ bool CephxAuthorizeHandler::verify_authorizer( CephContext *cct, - KeyStore *keys, + const KeyStore& keys, const bufferlist& authorizer_data, size_t connection_secret_required_len, bufferlist *authorizer_reply, diff --git a/src/auth/cephx/CephxAuthorizeHandler.h b/src/auth/cephx/CephxAuthorizeHandler.h index 769426c4384..c53af021b89 100644 --- a/src/auth/cephx/CephxAuthorizeHandler.h +++ b/src/auth/cephx/CephxAuthorizeHandler.h @@ -22,7 +22,7 @@ class CephContext; struct CephxAuthorizeHandler : public AuthAuthorizeHandler { bool verify_authorizer( CephContext *cct, - KeyStore *keys, + const KeyStore& keys, const bufferlist& authorizer_data, size_t connection_secret_required_len, bufferlist *authorizer_reply, diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc index 6254d8f3c1e..5b7a2bcb86e 100644 --- a/src/auth/cephx/CephxProtocol.cc +++ b/src/auth/cephx/CephxProtocol.cc @@ -391,7 +391,7 @@ bool cephx_decode_ticket(CephContext *cct, KeyStore *keys, uint32_t service_id, * * {timestamp + 1}^session_key */ -bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys, +bool cephx_verify_authorizer(CephContext *cct, const KeyStore& keys, bufferlist::const_iterator& indata, size_t connection_secret_required_len, CephXServiceTicketInfo& ticket_info, @@ -422,13 +422,13 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys, if (ticket.secret_id == (uint64_t)-1) { EntityName name; name.set_type(service_id); - if (!keys->get_secret(name, service_secret)) { + if (!keys.get_secret(name, service_secret)) { ldout(cct, 0) << "verify_authorizer could not get general service secret for service " << ceph_entity_type_name(service_id) << " secret_id=" << ticket.secret_id << dendl; return false; } } else { - if (!keys->get_service_secret(service_id, ticket.secret_id, service_secret)) { + if (!keys.get_service_secret(service_id, ticket.secret_id, service_secret)) { ldout(cct, 0) << "verify_authorizer could not get service secret for service " << ceph_entity_type_name(service_id) << " secret_id=" << ticket.secret_id << dendl; if (cct->_conf->auth_debug && ticket.secret_id == 0) diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h index 0aedc9d12d9..ebee32239e2 100644 --- a/src/auth/cephx/CephxProtocol.h +++ b/src/auth/cephx/CephxProtocol.h @@ -424,7 +424,7 @@ bool cephx_decode_ticket(CephContext *cct, KeyStore *keys, */ extern bool cephx_verify_authorizer( CephContext *cct, - KeyStore *keys, + const KeyStore& keys, bufferlist::const_iterator& indata, size_t connection_secret_required_len, CephXServiceTicketInfo& ticket_info, diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc index 12bb8348f44..a34f0b4ee30 100644 --- a/src/auth/cephx/CephxServiceHandler.cc +++ b/src/auth/cephx/CephxServiceHandler.cc @@ -226,7 +226,7 @@ int CephxServiceHandler::handle_request( CephXServiceTicketInfo auth_ticket_info; // note: no challenge here. if (!cephx_verify_authorizer( - cct, key_server, indata, 0, auth_ticket_info, nullptr, + cct, *key_server, indata, 0, auth_ticket_info, nullptr, nullptr, &tmp_bl)) { ret = -EPERM; diff --git a/src/auth/krb/KrbAuthorizeHandler.hpp b/src/auth/krb/KrbAuthorizeHandler.hpp index bc8eac6259b..448b682e68d 100644 --- a/src/auth/krb/KrbAuthorizeHandler.hpp +++ b/src/auth/krb/KrbAuthorizeHandler.hpp @@ -21,7 +21,7 @@ class KrbAuthorizeHandler : public AuthAuthorizeHandler { bool verify_authorizer( CephContext*, - KeyStore*, + const KeyStore&, const bufferlist&, size_t, bufferlist *, diff --git a/src/auth/none/AuthNoneAuthorizeHandler.cc b/src/auth/none/AuthNoneAuthorizeHandler.cc index 15bcc06530d..2b81212ce74 100644 --- a/src/auth/none/AuthNoneAuthorizeHandler.cc +++ b/src/auth/none/AuthNoneAuthorizeHandler.cc @@ -19,7 +19,7 @@ bool AuthNoneAuthorizeHandler::verify_authorizer( CephContext *cct, - KeyStore *keys, + const KeyStore& keys, const bufferlist& authorizer_data, size_t connection_secret_required_len, bufferlist *authorizer_reply, diff --git a/src/auth/none/AuthNoneAuthorizeHandler.h b/src/auth/none/AuthNoneAuthorizeHandler.h index 5b33f2fc3c3..d9abc769ef4 100644 --- a/src/auth/none/AuthNoneAuthorizeHandler.h +++ b/src/auth/none/AuthNoneAuthorizeHandler.h @@ -22,7 +22,7 @@ class CephContext; struct AuthNoneAuthorizeHandler : public AuthAuthorizeHandler { bool verify_authorizer( CephContext *cct, - KeyStore *keys, + const KeyStore& keys, const bufferlist& authorizer_data, size_t connection_secret_required_len, bufferlist *authorizer_reply, diff --git a/src/crimson/mon/MonClient.cc b/src/crimson/mon/MonClient.cc index 112d8018c8c..cbc2cf7696c 100644 --- a/src/crimson/mon/MonClient.cc +++ b/src/crimson/mon/MonClient.cc @@ -580,7 +580,7 @@ int Client::handle_auth_request(ceph::net::ConnectionRef con, AuthCapsInfo caps_info; bool is_valid = ah->verify_authorizer( &cct, - &active_con->get_keys(), + active_con->get_keys(), payload, auth_meta->get_connection_secret_length(), reply, diff --git a/src/mon/MonClient.cc b/src/mon/MonClient.cc index d01c436a235..b97336eabfb 100644 --- a/src/mon/MonClient.cc +++ b/src/mon/MonClient.cc @@ -1453,7 +1453,7 @@ int MonClient::handle_auth_request( bool was_challenge = (bool)auth_meta->authorizer_challenge; bool isvalid = ah->verify_authorizer( cct, - rotating_secrets.get(), + *rotating_secrets, payload, auth_meta->get_connection_secret_length(), reply, diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc index 55231f60bf6..aeaa38b4ac0 100644 --- a/src/mon/Monitor.cc +++ b/src/mon/Monitor.cc @@ -6213,7 +6213,7 @@ int Monitor::handle_auth_request( bool was_challenge = (bool)auth_meta->authorizer_challenge; bool isvalid = ah->verify_authorizer( cct, - &keyring, + keyring, payload, auth_meta->get_connection_secret_length(), reply, -- 2.39.5