diff options
author | Yehuda Sadeh <yehuda@inktank.com> | 2012-11-05 13:48:37 -0800 |
---|---|---|
committer | Yehuda Sadeh <yehuda@inktank.com> | 2012-11-08 13:24:29 -0800 |
commit | 02c2c32dcfabb9b1cf9c0c32f6ce9dbf48f80753 (patch) | |
tree | 5ce8875b688878b7e04dde0cbfda2b52f7041fcd | |
parent | 1f05b1af6ea272ca5a3e7b21d7122e6f74a268bc (diff) | |
download | ceph-02c2c32dcfabb9b1cf9c0c32f6ce9dbf48f80753.tar.gz |
rgw: invalidate revoked tokens
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
-rw-r--r-- | src/rgw/rgw_swift.cc | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index aec6da0cc83..4d9c0f18eaf 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -232,7 +232,7 @@ public: bool find(const string& token_id, KeystoneToken& token); void add(const string& token_id, KeystoneToken& token); - void invalidate(const string& token_id, KeystoneToken& token); + void invalidate(const string& token_id); }; bool RGWKeystoneTokenCache::find(const string& token_id, KeystoneToken& token) @@ -290,6 +290,19 @@ void RGWKeystoneTokenCache::add(const string& token_id, KeystoneToken& token) lock.Unlock(); } +void RGWKeystoneTokenCache::invalidate(const string& token_id) +{ + Mutex::Locker l(lock); + map<string, token_entry>::iterator iter = tokens.find(token_id); + if (iter == tokens.end()) + return; + + dout(20) << "invalidating revoked token id=" << token_id << dendl; + token_entry& e = iter->second; + tokens_lru.erase(e.lru_iter); + tokens.erase(iter); +} + class RGWValidateKeystoneToken : public RGWHTTPClient { bufferlist *bl; public: @@ -369,7 +382,7 @@ static int rgw_check_revoked() if (ret < 0) return ret; - bl.append((char)0); // NULL terminate + bl.append((char)0); // NULL terminate for debug output dout(10) << "request returned " << bl.c_str() << dendl; @@ -445,7 +458,8 @@ static int rgw_check_revoked() continue; } - dout(20) << "revoked token id=" << token->get_data() << dendl; + string token_id = token->get_data(); + keystone_token_cache->invalidate(token_id); } return 0; @@ -569,7 +583,7 @@ static int rgw_swift_validate_keystone_token(RGWRados *store, const string& toke if (ret < 0) return ret; - bl.append((char)0); // NULL terminate + bl.append((char)0); // NULL terminate for debug output dout(20) << "received response: " << bl.c_str() << dendl; |