diff options
Diffstat (limited to '')
-rw-r--r-- | src/auth/cephx/CephxAuthorizeHandler.cc | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc new file mode 100644 index 00000000..6684e164 --- /dev/null +++ b/src/auth/cephx/CephxAuthorizeHandler.cc @@ -0,0 +1,52 @@ +#include "CephxProtocol.h" +#include "CephxAuthorizeHandler.h" +#include "common/dout.h" + +#define dout_subsys ceph_subsys_auth + + + +bool CephxAuthorizeHandler::verify_authorizer( + CephContext *cct, + KeyStore *keys, + const bufferlist& authorizer_data, + size_t connection_secret_required_len, + bufferlist *authorizer_reply, + EntityName *entity_name, + uint64_t *global_id, + AuthCapsInfo *caps_info, + CryptoKey *session_key, + std::string *connection_secret, + std::unique_ptr<AuthAuthorizerChallenge> *challenge) +{ + auto iter = authorizer_data.cbegin(); + + if (!authorizer_data.length()) { + ldout(cct, 1) << "verify authorizer, authorizer_data.length()=0" << dendl; + return false; + } + + CephXServiceTicketInfo auth_ticket_info; + + bool isvalid = cephx_verify_authorizer(cct, keys, iter, + connection_secret_required_len, + auth_ticket_info, + challenge, connection_secret, + authorizer_reply); + + if (isvalid) { + *caps_info = auth_ticket_info.ticket.caps; + *entity_name = auth_ticket_info.ticket.name; + *global_id = auth_ticket_info.ticket.global_id; + *session_key = auth_ticket_info.session_key; + } + + return isvalid; +} + +// Return type of crypto used for this session's data; for cephx, symmetric authentication + +int CephxAuthorizeHandler::authorizer_session_crypto() +{ + return SESSION_SYMMETRIC_AUTHENTICATE; +} |