auth,mon,crimson: pass KeyStore by const reference

AuthAuthorizeHandler::verify_authorizer() neither changes the keystore, nor expects a nullptr. so we should pass the keystore by const reference for better readability Signed-off-by: Kefu Chai <kchai@redhat.com>
2025-01-10 21:20:46 +00:00 · 2019-04-26 16:01:52 +08:00 · 2019-04-26 16:01:52 +08:00 · 7dfca035ac
commit 7dfca035ac
parent 0a8dbddf88
12 changed files with 14 additions and 14 deletions
--- a/src/auth/AuthAuthorizeHandler.h
+++ b/src/auth/AuthAuthorizeHandler.h
@ -31,7 +31,7 @@ struct AuthAuthorizeHandler {
  virtual ~AuthAuthorizeHandler() {}
  virtual bool verify_authorizer(
    CephContext *cct,
-    KeyStore *keys,
+    const KeyStore& keys,
    const ceph::buffer::list& authorizer_data,
    size_t connection_secret_required_len,
    ceph::buffer::list *authorizer_reply,
--- a/src/auth/cephx/CephxAuthorizeHandler.cc
+++ b/src/auth/cephx/CephxAuthorizeHandler.cc
@ -8,7 +8,7 @@

 bool CephxAuthorizeHandler::verify_authorizer(
  CephContext *cct,
-  KeyStore *keys,
+  const KeyStore& keys,
  const bufferlist& authorizer_data,
  size_t connection_secret_required_len,
  bufferlist *authorizer_reply,
--- a/src/auth/cephx/CephxAuthorizeHandler.h
+++ b/src/auth/cephx/CephxAuthorizeHandler.h
@ -22,7 +22,7 @@ class CephContext;
 struct CephxAuthorizeHandler : public AuthAuthorizeHandler {
  bool verify_authorizer(
    CephContext *cct,
-    KeyStore *keys,
+    const KeyStore& keys,
    const bufferlist& authorizer_data,
    size_t connection_secret_required_len,
    bufferlist *authorizer_reply,
--- a/src/auth/cephx/CephxProtocol.cc
+++ b/src/auth/cephx/CephxProtocol.cc
@ -391,7 +391,7 @@ bool cephx_decode_ticket(CephContext *cct, KeyStore *keys, uint32_t service_id,
 *
 * {timestamp + 1}^session_key
 */
-bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
+bool cephx_verify_authorizer(CephContext *cct, const KeyStore& keys,
 			     bufferlist::const_iterator& indata,
 			     size_t connection_secret_required_len,
 			     CephXServiceTicketInfo& ticket_info,
@ -422,13 +422,13 @@ bool cephx_verify_authorizer(CephContext *cct, KeyStore *keys,
  if (ticket.secret_id == (uint64_t)-1) {
    EntityName name;
    name.set_type(service_id);
-    if (!keys->get_secret(name, service_secret)) {
+    if (!keys.get_secret(name, service_secret)) {
      ldout(cct, 0) << "verify_authorizer could not get general service secret for service "
 	      << ceph_entity_type_name(service_id) << " secret_id=" << ticket.secret_id << dendl;
      return false;
    }
  } else {
-    if (!keys->get_service_secret(service_id, ticket.secret_id, service_secret)) {
+    if (!keys.get_service_secret(service_id, ticket.secret_id, service_secret)) {
      ldout(cct, 0) << "verify_authorizer could not get service secret for service "
 	      << ceph_entity_type_name(service_id) << " secret_id=" << ticket.secret_id << dendl;
      if (cct->_conf->auth_debug && ticket.secret_id == 0)
--- a/src/auth/cephx/CephxProtocol.h
+++ b/src/auth/cephx/CephxProtocol.h
@ -424,7 +424,7 @@ bool cephx_decode_ticket(CephContext *cct, KeyStore *keys,
 */
 extern bool cephx_verify_authorizer(
  CephContext *cct,
-  KeyStore *keys,
+  const KeyStore& keys,
  bufferlist::const_iterator& indata,
  size_t connection_secret_required_len,
  CephXServiceTicketInfo& ticket_info,
--- a/src/auth/cephx/CephxServiceHandler.cc
+++ b/src/auth/cephx/CephxServiceHandler.cc
@ -226,7 +226,7 @@ int CephxServiceHandler::handle_request(
      CephXServiceTicketInfo auth_ticket_info;
      // note: no challenge here.
      if (!cephx_verify_authorizer(
-	    cct, key_server, indata, 0, auth_ticket_info, nullptr,
+	    cct, *key_server, indata, 0, auth_ticket_info, nullptr,
 	    nullptr,
 	    &tmp_bl)) {
        ret = -EPERM;
--- a/src/auth/krb/KrbAuthorizeHandler.hpp
+++ b/src/auth/krb/KrbAuthorizeHandler.hpp
@ -21,7 +21,7 @@
 class KrbAuthorizeHandler : public AuthAuthorizeHandler {
  bool verify_authorizer(
    CephContext*,
-    KeyStore*,
+    const KeyStore&,
    const bufferlist&,
    size_t,
    bufferlist *,
--- a/src/auth/none/AuthNoneAuthorizeHandler.cc
+++ b/src/auth/none/AuthNoneAuthorizeHandler.cc
@ -19,7 +19,7 @@

 bool AuthNoneAuthorizeHandler::verify_authorizer(
  CephContext *cct,
-  KeyStore *keys,
+  const KeyStore& keys,
  const bufferlist& authorizer_data,
  size_t connection_secret_required_len,
  bufferlist *authorizer_reply,
--- a/src/auth/none/AuthNoneAuthorizeHandler.h
+++ b/src/auth/none/AuthNoneAuthorizeHandler.h
@ -22,7 +22,7 @@ class CephContext;
 struct AuthNoneAuthorizeHandler : public AuthAuthorizeHandler {
  bool verify_authorizer(
    CephContext *cct,
-    KeyStore *keys,
+    const KeyStore& keys,
    const bufferlist& authorizer_data,
    size_t connection_secret_required_len,
    bufferlist *authorizer_reply,
--- a/src/crimson/mon/MonClient.cc
+++ b/src/crimson/mon/MonClient.cc
@ -580,7 +580,7 @@ int Client::handle_auth_request(ceph::net::ConnectionRef con,
  AuthCapsInfo caps_info;
  bool is_valid = ah->verify_authorizer(
    &cct,
-    &active_con->get_keys(),
+    active_con->get_keys(),
    payload,
    auth_meta->get_connection_secret_length(),
    reply,
--- a/src/mon/MonClient.cc
+++ b/src/mon/MonClient.cc
@ -1453,7 +1453,7 @@ int MonClient::handle_auth_request(
  bool was_challenge = (bool)auth_meta->authorizer_challenge;
  bool isvalid = ah->verify_authorizer(
    cct,
-    rotating_secrets.get(),
+    *rotating_secrets,
    payload,
    auth_meta->get_connection_secret_length(),
    reply,
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@ -6213,7 +6213,7 @@ int Monitor::handle_auth_request(
    bool was_challenge = (bool)auth_meta->authorizer_challenge;
    bool isvalid = ah->verify_authorizer(
      cct,
-      &keyring,
+      keyring,
      payload,
      auth_meta->get_connection_secret_length(),
      reply,