From ba7aac261b976ff4815299e580503ce7c67e01e0 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Thu, 22 Oct 2009 12:01:58 -0700 Subject: [PATCH] auth: some cleanup --- src/auth/Auth.cc | 6 +++--- src/auth/Auth.h | 32 ++++++++++++++------------------ src/auth/AuthClientHandler.h | 2 +- 3 files changed, 18 insertions(+), 22 deletions(-) diff --git a/src/auth/Auth.cc b/src/auth/Auth.cc index b0fa084c02697..e72d56e168b77 100644 --- a/src/auth/Auth.cc +++ b/src/auth/Auth.cc @@ -127,7 +127,7 @@ bool AuthTicketHandler::verify_service_ticket_reply(CryptoKey& secret, return true; } -bool AuthTicketsManager::has_key(uint32_t service_id) +bool AuthTicketManager::has_key(uint32_t service_id) { map::iterator iter = tickets_map.find(service_id); if (iter == tickets_map.end()) @@ -139,7 +139,7 @@ bool AuthTicketsManager::has_key(uint32_t service_id) * PRINCIPAL: verify our attempt to authenticate succeeded. fill out * this ServiceTicket with the result. */ -bool AuthTicketsManager::verify_service_ticket_reply(CryptoKey& secret, +bool AuthTicketManager::verify_service_ticket_reply(CryptoKey& secret, bufferlist::iterator& indata) { uint32_t num; @@ -192,7 +192,7 @@ bool AuthTicketHandler::build_authorizer(AuthAuthorizer& authorizer) * * ticket, {timestamp}^session_key */ -bool AuthTicketsManager::build_authorizer(uint32_t service_id, AuthAuthorizer& authorizer) +bool AuthTicketManager::build_authorizer(uint32_t service_id, AuthAuthorizer& authorizer) { map::iterator iter = tickets_map.find(service_id); if (iter == tickets_map.end()) diff --git a/src/auth/Auth.h b/src/auth/Auth.h index 1ad2d7314c640..91bed03cd5111 100644 --- a/src/auth/Auth.h +++ b/src/auth/Auth.h @@ -23,8 +23,6 @@ class Cond; -#define AUTH_ENC_MAGIC 0xff009cad8826aa55 - struct EntityAuth { CryptoKey key; map caps; @@ -190,7 +188,6 @@ struct AuthAuthorizer { struct AuthTicketHandler { uint32_t service_id; CryptoKey session_key; -// uint64_t secret_id; AuthBlob ticket; // opaque to us utime_t renew_after, expires; bool has_key_flag; @@ -200,24 +197,18 @@ struct AuthTicketHandler { // to build our ServiceTicket bool verify_service_ticket_reply(CryptoKey& principal_secret, bufferlist::iterator& indata); -#if 0 - // to build a new ServiceTicket, to access different service - bool get_session_keys(uint32_t keys, entity_addr_t& principal_addr, bufferlist& bl); -#endif // to access the service bool build_authorizer(AuthAuthorizer& authorizer); bool has_key() { return has_key_flag; } }; -struct AuthTicketsManager { +struct AuthTicketManager { map tickets_map; bool verify_service_ticket_reply(CryptoKey& principal_secret, bufferlist::iterator& indata); - bool get_session_keys(uint32_t keys, entity_addr_t& principal_addr, bufferlist& bl); - AuthTicketHandler& get_handler(uint32_t type) { AuthTicketHandler& handler = tickets_map[type]; handler.service_id = type; @@ -312,6 +303,18 @@ public: virtual bool get_service_secret(uint32_t service_id, uint64_t secret_id, CryptoKey& secret) = 0; }; +static inline bool auth_principal_needs_rotating_keys(EntityName& name) +{ + return ((name.entity_type == CEPHX_PRINCIPAL_OSD) || + (name.entity_type == CEPHX_PRINCIPAL_MDS)); +} + + +/* + * encode+encrypt macros + */ +#define AUTH_ENC_MAGIC 0xff009cad8826aa55 + template int decode_decrypt(T& t, CryptoKey key, bufferlist::iterator& iter) { uint64_t magic; @@ -348,20 +351,13 @@ int encode_encrypt(const T& t, CryptoKey& key, bufferlist& out) { return 0; } -static inline bool auth_principal_needs_rotating_keys(EntityName& name) -{ - return ((name.entity_type == CEPHX_PRINCIPAL_OSD) || - (name.entity_type == CEPHX_PRINCIPAL_MDS)); -} + /* * Verify authorizer and generate reply authorizer */ extern bool verify_service_ticket_request(AuthServiceTicketRequest& ticket_req, bufferlist::iterator& indata); - -class KeysServer; - extern bool verify_authorizer(KeysKeeper& keys, bufferlist::iterator& indata, AuthServiceTicketInfo& ticket_info, bufferlist& reply_bl); diff --git a/src/auth/AuthClientHandler.h b/src/auth/AuthClientHandler.h index 17255e9f31226..e68e29b14c812 100644 --- a/src/auth/AuthClientHandler.h +++ b/src/auth/AuthClientHandler.h @@ -170,7 +170,7 @@ public: uint32_t have; CryptoKey secret; - AuthTicketsManager tickets; + AuthTicketManager tickets; AuthClientHandler() : lock("AuthClientHandler::lock"), client(NULL), timer(lock), max_proto_handlers(0) { } -- 2.39.5