diff options
| author | Yehuda Sadeh <yehuda@inktank.com> | 2012-10-31 16:12:16 -0700 |
|---|---|---|
| committer | Yehuda Sadeh <yehuda@inktank.com> | 2012-10-31 16:12:16 -0700 |
| commit | 29a03f0775c6df740f03976e3f934f8179959459 (patch) | |
| tree | 29d5a3b301430c621da4708f1b4695df43b35e23 | |
| parent | c62f3dd8c11cbe6f3df587fc7aacd9ab215e1615 (diff) | |
| download | ceph-29a03f0775c6df740f03976e3f934f8179959459.tar.gz | |
rgw: parse keystone token expiration
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
| -rw-r--r-- | src/rgw/rgw_swift.cc | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index f64ea18c629..1ec8160c343 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -101,7 +101,7 @@ public: string tenant_name; string tenant_id; string user_name; - string expires; + time_t expiration; map<string, bool> roles; @@ -109,7 +109,10 @@ public: int parse(bufferlist& bl); - bool expired() { return false; } + bool expired() { + uint64_t now = ceph_clock_now(NULL).sec(); + return (now < (uint64_t)expiration); + } }; int KeystoneToken::parse(bufferlist& bl) @@ -162,11 +165,21 @@ int KeystoneToken::parse(bufferlist& bl) return -EINVAL; } + string expires; + if (!token->get_data("expires", &expires)) { dout(0) << "token response is missing expiration field" << dendl; return -EINVAL; } + struct tm t; + if (!parse_iso8601(expires.c_str(), &t)) { + dout(0) << "failed to parse token expiration (" << expires << ")" << dendl; + return -EINVAL; + } + + expiration = timegm(&t); + JSONObj *tenant = token->find_obj("tenant"); if (!tenant) { dout(0) << "token response is missing tenant section" << dendl; @@ -311,7 +324,7 @@ static int rgw_parse_keystone_token_response(const string& token, bufferlist& bl return -EPERM; } - dout(0) << "validated token: " << t.tenant_name << ":" << t.user_name << " expires: " << t.expires << dendl; + dout(0) << "validated token: " << t.tenant_name << ":" << t.user_name << " expires: " << t.expiration << dendl; rgw_set_keystone_token_auth_info(t, info); keystone_token_cache->add(token, t); |