auth/AuthAuthorizeHandler: fix args for verify_authorizer()

const bufferlists in, pointers for output args. Signed-off-by: Sage Weil <sage@redhat.com>
author: Sage Weil <sage@redhat.com> 2019-01-18 22:54:58 +0100
committer: Sage Weil <sage@redhat.com> 2019-02-07 13:53:03 +0100
commit: 0267fb04ffff9097833c59514f8d0102e7f3670b (patch)
tree: 5692bed676a597e2a93293cd1b7d394bc42d70f3 /src/auth
parent: auth: constify bufferlist arg to AuthAuthorizer::add_challenge() (diff)
download: ceph-0267fb04ffff9097833c59514f8d0102e7f3670b.tar.xz
ceph-0267fb04ffff9097833c59514f8d0102e7f3670b.zip
12 files changed, 92 insertions, 70 deletions
diff --git a/src/auth/AuthAuthorizeHandler.h b/src/auth/AuthAuthorizeHandler.h
index df4643c8cb0..8c3825881f9 100644
--- a/src/auth/AuthAuthorizeHandler.h
+++ b/src/auth/AuthAuthorizeHandler.h
@@ -33,12 +33,12 @@ struct AuthAuthorizeHandler {
   virtual bool verify_authorizer(
     CephContext *cct,
     KeyStore *keys,
-    bufferlist& authorizer_data,
-    bufferlist& authorizer_reply,
-    EntityName& entity_name,
-    uint64_t& global_id,
-    AuthCapsInfo& caps_info,
-    CryptoKey& session_key,
+    const bufferlist& authorizer_data,
+    bufferlist *authorizer_reply,
+    EntityName *entity_name,
+    uint64_t *global_id,
+    AuthCapsInfo *caps_info,
+    CryptoKey *session_key,
     CryptoKey *connection_secret,
     std::unique_ptr<AuthAuthorizerChallenge> *challenge) = 0;
   virtual int authorizer_session_crypto() = 0;
diff --git a/src/auth/cephx/CephxAuthorizeHandler.cc b/src/auth/cephx/CephxAuthorizeHandler.cc
index 46fd050abda..86003dae663 100644
--- a/src/auth/cephx/CephxAuthorizeHandler.cc
+++ b/src/auth/cephx/CephxAuthorizeHandler.cc
@@ -9,12 +9,12 @@
 bool CephxAuthorizeHandler::verify_authorizer(
   CephContext *cct,
   KeyStore *keys,
-  bufferlist& authorizer_data,
-  bufferlist& authorizer_reply,
-  EntityName& entity_name,
-  uint64_t& global_id,
-  AuthCapsInfo& caps_info,
-  CryptoKey& session_key,
+  const bufferlist& authorizer_data,
+  bufferlist *authorizer_reply,
+  EntityName *entity_name,
+  uint64_t *global_id,
+  AuthCapsInfo *caps_info,
+  CryptoKey *session_key,
   CryptoKey *connection_secret,
   std::unique_ptr<AuthAuthorizerChallenge> *challenge)
 {
@@ -32,10 +32,10 @@ bool CephxAuthorizeHandler::verify_authorizer(
 					 authorizer_reply);
 
   if (isvalid) {
-    caps_info = auth_ticket_info.ticket.caps;
-    entity_name = auth_ticket_info.ticket.name;
-    global_id = auth_ticket_info.ticket.global_id;
-    session_key = auth_ticket_info.session_key;
+    *caps_info = auth_ticket_info.ticket.caps;
+    *entity_name = auth_ticket_info.ticket.name;
+    *global_id = auth_ticket_info.ticket.global_id;
+    *session_key = auth_ticket_info.session_key;
   }
 
   return isvalid;
diff --git a/src/auth/cephx/CephxAuthorizeHandler.h b/src/auth/cephx/CephxAuthorizeHandler.h
index 446906849dd..6784fa2dae9 100644
--- a/src/auth/cephx/CephxAuthorizeHandler.h
+++ b/src/auth/cephx/CephxAuthorizeHandler.h
@@ -23,12 +23,12 @@ struct CephxAuthorizeHandler : public AuthAuthorizeHandler {
   bool verify_authorizer(
     CephContext *cct,
     KeyStore *keys,
-    bufferlist& authorizer_data,
-    bufferlist& authorizer_reply,
-    EntityName& entity_name,
-    uint64_t& global_id,
-    AuthCapsInfo& caps_info,
-    CryptoKey& session_key,
+    const bufferlist& authorizer_data,
+    bufferlist *authorizer_reply,
+    EntityName *entity_name,
+    uint64_t *global_id,
+    AuthCapsInfo *caps_info,
+    CryptoKey *session_key,
     CryptoKey *connection_secret,
     std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
   int authorizer_session_crypto() override;
diff --git a/src/auth/cephx/CephxProtocol.cc b/src/auth/cephx/CephxProtocol.cc
index 45df032a822..d92a6d589b5 100644
--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@@ -396,7 +396,7 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
 			     CephXServiceTicketInfo& ticket_info,
 			     std::unique_ptr<AuthAuthorizerChallenge> *challenge,
 			     CryptoKey *connection_secret,
-			     bufferlist& reply_bl)
+			     bufferlist *reply_bl)
 {
   __u8 authorizer_v;
   uint32_t service_id;
@@ -471,7 +471,7 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
       ldout(cct,10) << __func__ << " adding server_challenge " << c->server_challenge
 		    << dendl;
 
-      encode_encrypt_enc_bl(cct, *c, ticket_info.session_key, reply_bl, error);
+      encode_encrypt_enc_bl(cct, *c, ticket_info.session_key, *reply_bl, error);
       if (!error.empty()) {
 	ldout(cct, 10) << "verify_authorizer: encode_encrypt error: " << error << dendl;
 	return false;
@@ -505,13 +505,13 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
     reply.connection_secret = *connection_secret;
   }
 #endif
-  if (encode_encrypt(cct, reply, ticket_info.session_key, reply_bl, error)) {
+  if (encode_encrypt(cct, reply, ticket_info.session_key, *reply_bl, error)) {
     ldout(cct, 10) << "verify_authorizer: encode_encrypt error: " << error << dendl;
     return false;
   }
 
   ldout(cct, 10) << "verify_authorizer ok nonce " << hex << auth_msg.nonce << dec
-	   << " reply_bl.length()=" << reply_bl.length() <<  dendl;
+	   << " reply_bl.length()=" << reply_bl->length() <<  dendl;
   return true;
 }
 
diff --git a/src/auth/cephx/CephxProtocol.h b/src/auth/cephx/CephxProtocol.h
index c028244fbcf..c4485f6e68d 100644
--- a/src/auth/cephx/CephxProtocol.h
+++ b/src/auth/cephx/CephxProtocol.h
@@ -428,7 +428,7 @@ extern bool cephx_verify_authorizer(
   CephXServiceTicketInfo& ticket_info,
   std::unique_ptr<AuthAuthorizerChallenge> *challenge,
   CryptoKey *connection_secret,
-  bufferlist& reply_bl);
+  bufferlist *reply_bl);
 
 
 
diff --git a/src/auth/cephx/CephxServiceHandler.cc b/src/auth/cephx/CephxServiceHandler.cc
index a89c1532354..64c0b5a0c8e 100644
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@@ -215,7 +215,7 @@ int CephxServiceHandler::handle_request(
       if (!cephx_verify_authorizer(
 	    cct, key_server, indata, auth_ticket_info, nullptr,
 	    nullptr,
-	    tmp_bl)) {
+	    &tmp_bl)) {
         ret = -EPERM;
 	break;
       }
diff --git a/src/auth/krb/KrbAuthorizeHandler.cpp b/src/auth/krb/KrbAuthorizeHandler.cpp
index 37202660280..ea4fe46b84f 100644
--- a/src/auth/krb/KrbAuthorizeHandler.cpp
+++ b/src/auth/krb/KrbAuthorizeHandler.cpp
@@ -19,17 +19,17 @@
 
 #define dout_subsys ceph_subsys_auth 
 
-bool KrbAuthorizeHandler::verify_authorizer(CephContext* ceph_ctx, 
-                                            KeyStore* keys, 
-                                            bufferlist& authorizer_data,  
-                                            bufferlist& authorizer_reply, 
-                                            EntityName& entity_name, 
-                                            uint64_t& global_id,  
-                                            AuthCapsInfo& caps_info, 
-                                            CryptoKey& session_key,
-					    CryptoKey *connection_secret,
-                                            std::unique_ptr<
-                                              AuthAuthorizerChallenge>* challenge)
+bool KrbAuthorizeHandler::verify_authorizer(
+  CephContext* ceph_ctx,
+  KeyStore* keys,
+  const bufferlist& authorizer_data,
+  bufferlist *authorizer_reply,
+  EntityName *entity_name,
+  uint64_t *global_id,
+  AuthCapsInfo *caps_info,
+  CryptoKey *session_key,
+  CryptoKey *connection_secret,
+  std::unique_ptr<AuthAuthorizerChallenge>* challenge)
 {
   auto itr(authorizer_data.cbegin());
 
@@ -38,14 +38,14 @@ bool KrbAuthorizeHandler::verify_authorizer(CephContext* ceph_ctx,
 
     using ceph::decode;
     decode(value, itr);
-    decode(entity_name, itr);
-    decode(global_id, itr);
+    decode(*entity_name, itr);
+    decode(*global_id, itr);
   } catch (const buffer::error& err) {
     ldout(ceph_ctx, 0) 
         << "Error: KrbAuthorizeHandler::verify_authorizer() failed!" << dendl;
     return false;
   }
-  caps_info.allow_all = true; 
+  caps_info->allow_all = true;
   return true;
 }
 
diff --git a/src/auth/krb/KrbAuthorizeHandler.hpp b/src/auth/krb/KrbAuthorizeHandler.hpp
index 03277a2f19c..3130896ab2f 100644
--- a/src/auth/krb/KrbAuthorizeHandler.hpp
+++ b/src/auth/krb/KrbAuthorizeHandler.hpp
@@ -19,13 +19,18 @@
 #include "auth/AuthAuthorizeHandler.h"
 
 class KrbAuthorizeHandler : public AuthAuthorizeHandler {
-  bool verify_authorizer(CephContext*, KeyStore*, 
-                         bufferlist&, bufferlist&,
-                         EntityName&, uint64_t&, 
-                         AuthCapsInfo&, CryptoKey&,
-			 CryptoKey *connection_secret,
-                         std::unique_ptr<
-                          AuthAuthorizerChallenge>* = nullptr) override;
+  bool verify_authorizer(
+    CephContext*,
+    KeyStore*,
+    const bufferlist&,
+    bufferlist *,
+    EntityName *,
+    uint64_t *,
+    AuthCapsInfo *,
+    CryptoKey *,
+    CryptoKey *connection_secret,
+    std::unique_ptr<
+    AuthAuthorizerChallenge>* = nullptr) override;
 
   int authorizer_session_crypto() override { 
     return SESSION_SYMMETRIC_AUTHENTICATE; 
diff --git a/src/auth/none/AuthNoneAuthorizeHandler.cc b/src/auth/none/AuthNoneAuthorizeHandler.cc
index 4e0974086f8..e370507e20c 100644
--- a/src/auth/none/AuthNoneAuthorizeHandler.cc
+++ b/src/auth/none/AuthNoneAuthorizeHandler.cc
@@ -18,10 +18,14 @@
 #define dout_subsys ceph_subsys_auth
 
 bool AuthNoneAuthorizeHandler::verify_authorizer(
-  CephContext *cct, KeyStore *keys,
-  bufferlist& authorizer_data, bufferlist& authorizer_reply,
-  EntityName& entity_name, uint64_t& global_id, AuthCapsInfo& caps_info,
-  CryptoKey& session_key,
+  CephContext *cct,
+  KeyStore *keys,
+  const bufferlist& authorizer_data,
+  bufferlist *authorizer_reply,
+  EntityName *entity_name,
+  uint64_t *global_id,
+  AuthCapsInfo *caps_info,
+  CryptoKey *session_key,
   CryptoKey *connection_secret,
   std::unique_ptr<AuthAuthorizerChallenge> *challenge)
 {
@@ -30,14 +34,14 @@ bool AuthNoneAuthorizeHandler::verify_authorizer(
   try {
     __u8 struct_v = 1;
     decode(struct_v, iter);
-    decode(entity_name, iter);
-    decode(global_id, iter);
+    decode(*entity_name, iter);
+    decode(*global_id, iter);
   } catch (const buffer::error &err) {
     ldout(cct, 0) << "AuthNoneAuthorizeHandle::verify_authorizer() failed to decode" << dendl;
     return false;
   }
 
-  caps_info.allow_all = true;
+  caps_info->allow_all = true;
 
   return true;
 }
diff --git a/src/auth/none/AuthNoneAuthorizeHandler.h b/src/auth/none/AuthNoneAuthorizeHandler.h
index d6853c4884a..4cf9c18f66c 100644
--- a/src/auth/none/AuthNoneAuthorizeHandler.h
+++ b/src/auth/none/AuthNoneAuthorizeHandler.h
@@ -21,10 +21,14 @@ class CephContext;
 
 struct AuthNoneAuthorizeHandler : public AuthAuthorizeHandler {
   bool verify_authorizer(
-    CephContext *cct, KeyStore *keys,
-    bufferlist& authorizer_data, bufferlist& authorizer_reply,
-    EntityName& entity_name, uint64_t& global_id,
-    AuthCapsInfo& caps_info, CryptoKey& session_key,
+    CephContext *cct,
+    KeyStore *keys,
+    const bufferlist& authorizer_data,
+    bufferlist *authorizer_reply,
+    EntityName *entity_name,
+    uint64_t *global_id,
+    AuthCapsInfo *caps_info,
+    CryptoKey *session_key,
     CryptoKey *connection_secret,
     std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
   int authorizer_session_crypto() override;
diff --git a/src/auth/unknown/AuthUnknownAuthorizeHandler.cc b/src/auth/unknown/AuthUnknownAuthorizeHandler.cc
index af7bd2d25b1..632e41dd764 100644
--- a/src/auth/unknown/AuthUnknownAuthorizeHandler.cc
+++ b/src/auth/unknown/AuthUnknownAuthorizeHandler.cc
@@ -15,10 +15,14 @@
 #include "AuthUnknownAuthorizeHandler.h"
 
 bool AuthUnknownAuthorizeHandler::verify_authorizer(
-  CephContext *cct, KeyStore *keys,
-  bufferlist& authorizer_data, bufferlist& authorizer_reply,
-  EntityName& entity_name, uint64_t& global_id, AuthCapsInfo& caps_info,
-  CryptoKey& session_key,
+  CephContext *cct,
+  KeyStore *keys,
+  const bufferlist& authorizer_data,
+  bufferlist * authorizer_reply,
+  EntityName *entity_name,
+  uint64_t *global_id,
+  AuthCapsInfo *caps_info,
+  CryptoKey *session_key,
   CryptoKey *connection_secret,
   std::unique_ptr<AuthAuthorizerChallenge> *challenge)
 {
diff --git a/src/auth/unknown/AuthUnknownAuthorizeHandler.h b/src/auth/unknown/AuthUnknownAuthorizeHandler.h
index 6c9d056ac10..2590900b0cb 100644
--- a/src/auth/unknown/AuthUnknownAuthorizeHandler.h
+++ b/src/auth/unknown/AuthUnknownAuthorizeHandler.h
@@ -20,12 +20,17 @@
 class CephContext;
 
 struct AuthUnknownAuthorizeHandler : public AuthAuthorizeHandler {
-  bool verify_authorizer(CephContext *cct, KeyStore *keys,
-			 bufferlist& authorizer_data, bufferlist& authorizer_reply,
-                         EntityName& entity_name, uint64_t& global_id,
-			 AuthCapsInfo& caps_info, CryptoKey& session_key,
-			 CryptoKey *connection_secret,
-			 std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
+  bool verify_authorizer(
+    CephContext *cct,
+    KeyStore *keys,
+    const bufferlist& authorizer_data,
+    bufferlist *authorizer_reply,
+    EntityName *entity_name,
+    uint64_t *global_id,
+    AuthCapsInfo *caps_info,
+    CryptoKey *session_key,
+    CryptoKey *connection_secret,
+    std::unique_ptr<AuthAuthorizerChallenge> *challenge) override;
   int authorizer_session_crypto() override;
 };
author	Sage Weil <sage@redhat.com>	2019-01-18 22:54:58 +0100
committer	Sage Weil <sage@redhat.com>	2019-02-07 13:53:03 +0100
commit	0267fb04ffff9097833c59514f8d0102e7f3670b (patch)
tree	5692bed676a597e2a93293cd1b7d394bc42d70f3 /src/auth
parent	auth: constify bufferlist arg to AuthAuthorizer::add_challenge() (diff)
download	ceph-0267fb04ffff9097833c59514f8d0102e7f3670b.tar.xz ceph-0267fb04ffff9097833c59514f8d0102e7f3670b.zip