From e7697b9e0b5f4940f1b8aecd94529dc98459f20b Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Fri, 25 Sep 2009 15:52:52 -0700 Subject: [PATCH] auth: use key in keyring getting session key and ticket --- src/auth/Auth.cc | 8 +++++++- src/auth/AuthClientHandler.cc | 18 +++++++----------- src/auth/KeyRing.cc | 18 ------------------ 3 files changed, 14 insertions(+), 30 deletions(-) diff --git a/src/auth/Auth.cc b/src/auth/Auth.cc index cf8fa335dc065..8d0da5612fefd 100644 --- a/src/auth/Auth.cc +++ b/src/auth/Auth.cc @@ -32,6 +32,7 @@ void build_service_ticket_request(uint32_t keys, ::encode(ticket_req, request); } + /* * AUTH SERVER: authenticate * @@ -57,6 +58,11 @@ bool build_service_ticket_reply( AuthServiceTicket msg_a; + bufferptr& s1 = principal_secret.get_secret(); + if (s1.length()) { + hexdump("encoding, using key", s1.c_str(), s1.length()); + } + msg_a.session_key = info.session_key; if (encode_encrypt(msg_a, principal_secret, reply) < 0) return false; @@ -90,7 +96,7 @@ bool AuthTicketHandler::verify_service_ticket_reply(CryptoKey& secret, AuthServiceTicket msg_a; bufferptr& s1 = secret.get_secret(); - hexdump("decoding, session key", s1.c_str(), s1.length()); + hexdump("decoding, using key", s1.c_str(), s1.length()); if (decode_decrypt(msg_a, secret, indata) < 0) return false; /* FIXME: decode into relevant ticket */ diff --git a/src/auth/AuthClientHandler.cc b/src/auth/AuthClientHandler.cc index 894db4a71fb18..9a3aa2ac28cf3 100644 --- a/src/auth/AuthClientHandler.cc +++ b/src/auth/AuthClientHandler.cc @@ -17,10 +17,12 @@ #include "AuthProtocol.h" #include "AuthClientHandler.h" +#include "KeyRing.h" #include "messages/MAuth.h" #include "messages/MAuthReply.h" + AuthClientProtocolHandler::AuthClientProtocolHandler(AuthClientHandler *client) : msg(NULL), got_response(false), got_timeout(false), timeout_event(NULL), lock("AuthClientProtocolHandler") @@ -223,15 +225,11 @@ int AuthClientAuthenticateHandler::generate_cephx_authenticate_request(bufferlis header.request_type = CEPHX_GET_PRINCIPAL_SESSION_KEY; ::encode(header, bl); -#if 0 - build_service_ticket_request(client->name, client->addr, want, - ticket_handler.session_key, ticket_handler.ticket, bl); -#endif + if (!ticket_handler.build_authorizer(bl, ctx)) return -EINVAL; build_service_ticket_request(want, bl); - return 0; } @@ -250,13 +248,11 @@ int AuthClientAuthenticateHandler::handle_cephx_response(bufferlist::iterator& i cephx_response_state = 1; dout(0) << "CEPHX_GET_AUTH_SESSION_KEY" << dendl; -#define PRINCIPAL_SECRET "123456789ABCDEF0" { - bufferptr p(PRINCIPAL_SECRET, sizeof(PRINCIPAL_SECRET) - 1); - client->secret.set_secret(CEPH_SECRET_AES, p); - // AuthTicketHandler& ticket_handler = tickets.get_handler(CEPHX_PRINCIPAL_AUTH); - - if (!client->tickets.verify_service_ticket_reply(client->secret, indata)) { + CryptoKey secret; + g_keyring.get_master(secret); + + if (!client->tickets.verify_service_ticket_reply(secret, indata)) { dout(0) << "could not verify service_ticket reply" << dendl; return -EPERM; } diff --git a/src/auth/KeyRing.cc b/src/auth/KeyRing.cc index e076c361dc38e..93a2224e3f754 100644 --- a/src/auth/KeyRing.cc +++ b/src/auth/KeyRing.cc @@ -25,23 +25,6 @@ using namespace std; KeyRing g_keyring; -static void hexdump(string msg, const char *s, int len) -{ - int buf_len = len*4; - char buf[buf_len]; - int pos = 0; - for (int i=0; i