summaryrefslogtreecommitdiffstats
path: root/src/auth/cephx/CephxAuthorizeHandler.cc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 11:54:28 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-21 11:54:28 +0000
commite6918187568dbd01842d8d1d2c808ce16a894239 (patch)
tree64f88b554b444a49f656b6c656111a145cbbaa28 /src/auth/cephx/CephxAuthorizeHandler.cc
parentInitial commit. (diff)
downloadceph-e6918187568dbd01842d8d1d2c808ce16a894239.tar.xz
ceph-e6918187568dbd01842d8d1d2c808ce16a894239.zip
Adding upstream version 18.2.2.upstream/18.2.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--src/auth/cephx/CephxAuthorizeHandler.cc50
1 files changed, 50 insertions, 0 deletions
diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc
new file mode 100644
index 000000000..615b87500
--- /dev/null
+++ b/src/auth/cephx/CephxAuthorizeHandler.cc
@@ -0,0 +1,50 @@
+#include "CephxProtocol.h"
+#include "CephxAuthorizeHandler.h"
+#include "common/dout.h"
+
+#define dout_subsys ceph_subsys_auth
+
+bool CephxAuthorizeHandler::verify_authorizer(
+ CephContext *cct,
+ const KeyStore& keys,
+ const ceph::bufferlist& authorizer_data,
+ size_t connection_secret_required_len,
+ ceph::bufferlist *authorizer_reply,
+ EntityName *entity_name,
+ uint64_t *global_id,
+ AuthCapsInfo *caps_info,
+ CryptoKey *session_key,
+ std::string *connection_secret,
+ std::unique_ptr<AuthAuthorizerChallenge> *challenge)
+{
+ auto iter = authorizer_data.cbegin();
+
+ if (!authorizer_data.length()) {
+ ldout(cct, 1) << "verify authorizer, authorizer_data.length()=0" << dendl;
+ return false;
+ }
+
+ CephXServiceTicketInfo auth_ticket_info;
+
+ bool isvalid = cephx_verify_authorizer(cct, keys, iter,
+ connection_secret_required_len,
+ auth_ticket_info,
+ challenge, connection_secret,
+ authorizer_reply);
+
+ if (isvalid) {
+ *caps_info = auth_ticket_info.ticket.caps;
+ *entity_name = auth_ticket_info.ticket.name;
+ *global_id = auth_ticket_info.ticket.global_id;
+ *session_key = auth_ticket_info.session_key;
+ }
+
+ return isvalid;
+}
+
+// Return type of crypto used for this session's data; for cephx, symmetric authentication
+
+int CephxAuthorizeHandler::authorizer_session_crypto()
+{
+ return SESSION_SYMMETRIC_AUTHENTICATE;
+}