diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 11:54:28 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-21 11:54:28 +0000 |
commit | e6918187568dbd01842d8d1d2c808ce16a894239 (patch) | |
tree | 64f88b554b444a49f656b6c656111a145cbbaa28 /src/auth/cephx/CephxAuthorizeHandler.cc | |
parent | Initial commit. (diff) | |
download | ceph-e6918187568dbd01842d8d1d2c808ce16a894239.tar.xz ceph-e6918187568dbd01842d8d1d2c808ce16a894239.zip |
Adding upstream version 18.2.2.upstream/18.2.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | src/auth/cephx/CephxAuthorizeHandler.cc | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc new file mode 100644 index 000000000..615b87500 --- /dev/null +++ b/src/auth/cephx/CephxAuthorizeHandler.cc @@ -0,0 +1,50 @@ +#include "CephxProtocol.h" +#include "CephxAuthorizeHandler.h" +#include "common/dout.h" + +#define dout_subsys ceph_subsys_auth + +bool CephxAuthorizeHandler::verify_authorizer( + CephContext *cct, + const KeyStore& keys, + const ceph::bufferlist& authorizer_data, + size_t connection_secret_required_len, + ceph::bufferlist *authorizer_reply, + EntityName *entity_name, + uint64_t *global_id, + AuthCapsInfo *caps_info, + CryptoKey *session_key, + std::string *connection_secret, + std::unique_ptr<AuthAuthorizerChallenge> *challenge) +{ + auto iter = authorizer_data.cbegin(); + + if (!authorizer_data.length()) { + ldout(cct, 1) << "verify authorizer, authorizer_data.length()=0" << dendl; + return false; + } + + CephXServiceTicketInfo auth_ticket_info; + + bool isvalid = cephx_verify_authorizer(cct, keys, iter, + connection_secret_required_len, + auth_ticket_info, + challenge, connection_secret, + authorizer_reply); + + if (isvalid) { + *caps_info = auth_ticket_info.ticket.caps; + *entity_name = auth_ticket_info.ticket.name; + *global_id = auth_ticket_info.ticket.global_id; + *session_key = auth_ticket_info.session_key; + } + + return isvalid; +} + +// Return type of crypto used for this session's data; for cephx, symmetric authentication + +int CephxAuthorizeHandler::authorizer_session_crypto() +{ + return SESSION_SYMMETRIC_AUTHENTICATE; +} |