summaryrefslogtreecommitdiffstats
path: root/src/auth/cephx/CephxAuthorizeHandler.cc
blob: 6684e164728c88d4eaeab9f53f6cf242db052644 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#include "CephxProtocol.h"
#include "CephxAuthorizeHandler.h"
#include "common/dout.h"

#define dout_subsys ceph_subsys_auth



bool CephxAuthorizeHandler::verify_authorizer(
  CephContext *cct,
  KeyStore *keys,
  const bufferlist& authorizer_data,
  size_t connection_secret_required_len,
  bufferlist *authorizer_reply,
  EntityName *entity_name,
  uint64_t *global_id,
  AuthCapsInfo *caps_info,
  CryptoKey *session_key,
  std::string *connection_secret,
  std::unique_ptr<AuthAuthorizerChallenge> *challenge)
{
  auto iter = authorizer_data.cbegin();

  if (!authorizer_data.length()) {
    ldout(cct, 1) << "verify authorizer, authorizer_data.length()=0" << dendl;
    return false;
  }

  CephXServiceTicketInfo auth_ticket_info;

  bool isvalid = cephx_verify_authorizer(cct, keys, iter,
					 connection_secret_required_len,
					 auth_ticket_info,
					 challenge, connection_secret,
					 authorizer_reply);

  if (isvalid) {
    *caps_info = auth_ticket_info.ticket.caps;
    *entity_name = auth_ticket_info.ticket.name;
    *global_id = auth_ticket_info.ticket.global_id;
    *session_key = auth_ticket_info.session_key;
  }

  return isvalid;
}

// Return type of crypto used for this session's data;  for cephx, symmetric authentication

int CephxAuthorizeHandler::authorizer_session_crypto() 
{
  return SESSION_SYMMETRIC_AUTHENTICATE;
}