From e6918187568dbd01842d8d1d2c808ce16a894239 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 21 Apr 2024 13:54:28 +0200 Subject: Adding upstream version 18.2.2. Signed-off-by: Daniel Baumann --- src/auth/cephx/CephxAuthorizeHandler.cc | 50 +++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 src/auth/cephx/CephxAuthorizeHandler.cc (limited to 'src/auth/cephx/CephxAuthorizeHandler.cc') diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc new file mode 100644 index 000000000..615b87500 --- /dev/null +++ b/src/auth/cephx/CephxAuthorizeHandler.cc @@ -0,0 +1,50 @@ +#include "CephxProtocol.h" +#include "CephxAuthorizeHandler.h" +#include "common/dout.h" + +#define dout_subsys ceph_subsys_auth + +bool CephxAuthorizeHandler::verify_authorizer( + CephContext *cct, + const KeyStore& keys, + const ceph::bufferlist& authorizer_data, + size_t connection_secret_required_len, + ceph::bufferlist *authorizer_reply, + EntityName *entity_name, + uint64_t *global_id, + AuthCapsInfo *caps_info, + CryptoKey *session_key, + std::string *connection_secret, + std::unique_ptr *challenge) +{ + auto iter = authorizer_data.cbegin(); + + if (!authorizer_data.length()) { + ldout(cct, 1) << "verify authorizer, authorizer_data.length()=0" << dendl; + return false; + } + + CephXServiceTicketInfo auth_ticket_info; + + bool isvalid = cephx_verify_authorizer(cct, keys, iter, + connection_secret_required_len, + auth_ticket_info, + challenge, connection_secret, + authorizer_reply); + + if (isvalid) { + *caps_info = auth_ticket_info.ticket.caps; + *entity_name = auth_ticket_info.ticket.name; + *global_id = auth_ticket_info.ticket.global_id; + *session_key = auth_ticket_info.session_key; + } + + return isvalid; +} + +// Return type of crypto used for this session's data; for cephx, symmetric authentication + +int CephxAuthorizeHandler::authorizer_session_crypto() +{ + return SESSION_SYMMETRIC_AUTHENTICATE; +} -- cgit v1.2.3