From d334ef8b527eb383785e9bdecbdc368e75a548c3 Mon Sep 17 00:00:00 2001 From: Sage Weil Date: Thu, 22 Oct 2009 11:42:15 -0700 Subject: [PATCH] auth: clean out old authorizer cruft, unneeded AuthContext Just put timestamp in the Authorizer itself. The other AuthContext fields were unused. --- src/auth/Auth.cc | 27 +++------------------------ src/auth/Auth.h | 13 +------------ 2 files changed, 4 insertions(+), 36 deletions(-) diff --git a/src/auth/Auth.cc b/src/auth/Auth.cc index 75d013ac1f703..b0fa084c02697 100644 --- a/src/auth/Auth.cc +++ b/src/auth/Auth.cc @@ -171,7 +171,7 @@ bool AuthTicketsManager::verify_service_ticket_reply(CryptoKey& secret, bool AuthTicketHandler::build_authorizer(AuthAuthorizer& authorizer) { authorizer.session_key = session_key; - authorizer.ctx.timestamp = g_clock.now(); + authorizer.timestamp = g_clock.now(); dout(0) << "build_authorizer: service_id=" << service_id << dendl; @@ -180,7 +180,7 @@ bool AuthTicketHandler::build_authorizer(AuthAuthorizer& authorizer) ::encode(ticket, authorizer.bl); AuthAuthorize msg; - msg.now = authorizer.ctx.timestamp; + msg.now = authorizer.timestamp; if (encode_encrypt(msg, session_key, authorizer.bl) < 0) return false; @@ -260,27 +260,6 @@ bool verify_authorizer(KeysKeeper& keys, bufferlist::iterator& indata, return true; } -#if 0 -bool AuthTicketHandler::decode_reply_authorizer(bufferlist::iterator& indata, AuthAuthorizeReply& reply) -{ - if (decode_decrypt(reply, session_key, indata) < 0) - return false; - - return true; -} - -/* - * PRINCIPAL: verify reply is authentic - */ -bool AuthTicketHandler::verify_reply_authorizer(AuthContext& ctx, AuthAuthorizeReply& reply) -{ - if (ctx.timestamp + 1 == reply.timestamp) { - return true; - } - - return false; -} -#endif bool AuthAuthorizer::verify_reply(bufferlist::iterator& indata) { @@ -289,7 +268,7 @@ bool AuthAuthorizer::verify_reply(bufferlist::iterator& indata) if (decode_decrypt(reply, session_key, indata) < 0) return false; - if (ctx.timestamp + 1 != reply.timestamp) { + if (timestamp + 1 != reply.timestamp) { return false; } diff --git a/src/auth/Auth.h b/src/auth/Auth.h index 39572a1829438..1ad2d7314c640 100644 --- a/src/auth/Auth.h +++ b/src/auth/Auth.h @@ -40,13 +40,6 @@ struct EntityAuth { }; WRITE_CLASS_ENCODER(EntityAuth) -struct AuthContext { - int status; - // int id; - utime_t timestamp; - Cond *cond; -}; - /* * The ticket (if properly validated) authorizes the principal use * services as described by 'caps' during the specified validity @@ -182,7 +175,7 @@ WRITE_CLASS_ENCODER(AuthAuthorizeReply); struct AuthAuthorizer { CryptoKey session_key; - AuthContext ctx; + utime_t timestamp; bufferlist bl; @@ -213,10 +206,6 @@ struct AuthTicketHandler { #endif // to access the service bool build_authorizer(AuthAuthorizer& authorizer); -#if 0 - bool decode_reply_authorizer(bufferlist::iterator& indata, AuthAuthorizeReply& reply); - bool verify_reply_authorizer(AuthContext& ctx, AuthAuthorizeReply& reply); -#endif bool has_key() { return has_key_flag; } }; -- 2.39.5