1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #ifndef CEPH_RGW_USER_H
5 #define CEPH_RGW_USER_H
8 #include <boost/algorithm/string.hpp>
9 #include "include/assert.h"
11 #include "include/types.h"
12 #include "rgw_common.h"
13 #include "rgw_tools.h"
15 #include "rgw_rados.h"
17 #include "rgw_string.h"
19 #include "common/Formatter.h"
20 #include "rgw_formats.h"
22 #define RGW_USER_ANON_ID "anonymous"
24 #define SECRET_KEY_LEN 40
25 #define PUBLIC_ID_LEN 20
26 #define RAND_SUBUSER_LEN 5
28 #define XMLNS_AWS_S3 "http://s3.amazonaws.com/doc/2006-03-01/"
31 * A string wrapper that includes encode/decode functions
32 * for easily accessing a UID in all forms
37 void encode(bufferlist& bl) const {
42 void decode(bufferlist::iterator& bl) {
48 WRITE_CLASS_ENCODER(RGWUID)
50 extern int rgw_user_sync_all_stats(RGWRados *store, const rgw_user& user_id);
51 extern int rgw_user_get_all_buckets_stats(RGWRados *store, const rgw_user& user_id, map<string, cls_user_bucket_entry>&buckets_usage_map);
54 * Get the anonymous (ie, unauthenticated) user info.
56 extern void rgw_get_anon_user(RGWUserInfo& info);
59 * Save the given user information to storage.
60 * Returns: 0 on success, -ERR# on failure.
62 extern int rgw_store_user_info(RGWRados *store,
64 RGWUserInfo *old_info,
65 RGWObjVersionTracker *objv_tracker,
68 map<string, bufferlist> *pattrs = NULL);
71 * Given an user_id, finds the user info associated with it.
72 * returns: 0 on success, -ERR# on failure (including nonexistence)
74 extern int rgw_get_user_info_by_uid(RGWRados *store,
75 const rgw_user& user_id,
77 RGWObjVersionTracker *objv_tracker = NULL,
78 real_time *pmtime = NULL,
79 rgw_cache_entry_info *cache_info = NULL,
80 map<string, bufferlist> *pattrs = NULL);
82 * Given an email, finds the user info associated with it.
83 * returns: 0 on success, -ERR# on failure (including nonexistence)
85 extern int rgw_get_user_info_by_email(RGWRados *store, string& email, RGWUserInfo& info,
86 RGWObjVersionTracker *objv_tracker = NULL, real_time *pmtime = NULL);
88 * Given an swift username, finds the user info associated with it.
89 * returns: 0 on success, -ERR# on failure (including nonexistence)
91 extern int rgw_get_user_info_by_swift(RGWRados *store,
92 const string& swift_name,
93 RGWUserInfo& info, /* out */
94 RGWObjVersionTracker *objv_tracker = nullptr,
95 real_time *pmtime = nullptr);
97 * Given an access key, finds the user info associated with it.
98 * returns: 0 on success, -ERR# on failure (including nonexistence)
100 extern int rgw_get_user_info_by_access_key(RGWRados* store,
101 const std::string& access_key,
103 RGWObjVersionTracker* objv_tracker = nullptr,
104 real_time* pmtime = nullptr);
106 * Get all the custom metadata stored for user specified in @user_id
107 * and put it into @attrs.
108 * Returns: 0 on success, -ERR# on failure.
110 extern int rgw_get_user_attrs_by_uid(RGWRados *store,
111 const rgw_user& user_id,
112 map<string, bufferlist>& attrs,
113 RGWObjVersionTracker *objv_tracker = NULL);
115 * Given an RGWUserInfo, deletes the user and its bucket ACLs.
117 extern int rgw_delete_user(RGWRados *store, RGWUserInfo& user, RGWObjVersionTracker& objv_tracker);
120 * remove the different indexes
122 extern int rgw_remove_key_index(RGWRados *store, RGWAccessKey& access_key);
123 extern int rgw_remove_uid_index(RGWRados *store, rgw_user& uid);
124 extern int rgw_remove_email_index(RGWRados *store, string& email);
125 extern int rgw_remove_swift_name_index(RGWRados *store, string& swift_name);
127 extern void rgw_perm_to_str(uint32_t mask, char *buf, int len);
128 extern uint32_t rgw_str_to_perm(const char *str);
130 extern int rgw_validate_tenant_name(const string& t);
151 * An RGWUser class along with supporting classes created
152 * to support the creation of an RESTful administrative API
154 struct RGWUserAdminOpState {
158 std::string user_email;
159 std::string display_name;
168 RGWObjVersionTracker objv;
170 map<int, string> temp_url_keys;
172 // subuser attributes
177 std::string id; // access key
178 std::string key; // secret key
181 // operation attributes
184 bool existing_subuser;
186 bool subuser_specified;
193 bool key_type_setbycontext; // key type set by user or subuser context
196 bool display_name_specified;
197 bool user_email_specified;
198 bool max_buckets_specified;
200 bool op_mask_specified;
203 bool admin_specified = false;
204 bool system_specified;
206 bool temp_url_key_specified;
214 bool key_params_checked;
215 bool subuser_params_checked;
216 bool user_params_checked;
218 bool bucket_quota_specified;
219 bool user_quota_specified;
221 RGWQuotaInfo bucket_quota;
222 RGWQuotaInfo user_quota;
224 void set_access_key(std::string& access_key) {
225 if (access_key.empty())
234 void set_secret_key(std::string& secret_key) {
235 if (secret_key.empty())
239 key_specified = true;
244 void set_user_id(rgw_user& id) {
251 void set_user_email(std::string& email) {
252 /* always lowercase email address */
253 boost::algorithm::to_lower(email);
255 user_email_specified = true;
258 void set_display_name(std::string& name) {
263 display_name_specified = true;
266 void set_subuser(std::string& _subuser) {
267 if (_subuser.empty())
270 size_t pos = _subuser.find(":");
271 if (pos != string::npos) {
273 tmp_id.from_str(_subuser.substr(0, pos));
274 if (tmp_id.tenant.empty()) {
275 user_id.id = tmp_id.id;
279 subuser = _subuser.substr(pos+1);
284 subuser_specified = true;
287 void set_caps(std::string& _caps) {
292 caps_specified = true;
295 void set_perm(uint32_t perm) {
297 perm_specified = true;
300 void set_op_mask(uint32_t mask) {
302 op_mask_specified = true;
305 void set_temp_url_key(const string& key, int index) {
306 temp_url_keys[index] = key;
307 temp_url_key_specified = true;
310 void set_key_type(int32_t type) {
312 type_specified = true;
315 void set_suspension(__u8 is_suspended) {
316 suspended = is_suspended;
317 suspension_op = true;
320 void set_admin(__u8 is_admin) {
322 admin_specified = true;
325 void set_system(__u8 is_system) {
327 system_specified = true;
330 void set_exclusive(__u8 is_exclusive) {
331 exclusive = is_exclusive;
334 void set_fetch_stats(__u8 is_fetch_stats) {
335 fetch_stats = is_fetch_stats;
338 void set_sync_stats(__u8 is_sync_stats) {
339 sync_stats = is_sync_stats;
342 void set_user_info(RGWUserInfo& user_info) {
343 user_id = user_info.user_id;
347 void set_max_buckets(int32_t mb) {
349 max_buckets_specified = true;
352 void set_gen_access() {
357 void set_gen_secret() {
362 void set_generate_key() {
370 void clear_generate_key() {
375 void set_purge_keys() {
380 void set_bucket_quota(RGWQuotaInfo& quota) {
381 bucket_quota = quota;
382 bucket_quota_specified = true;
385 void set_user_quota(RGWQuotaInfo& quota) {
387 user_quota_specified = true;
390 bool is_populated() { return populated; }
391 bool is_initialized() { return initialized; }
392 bool has_existing_user() { return existing_user; }
393 bool has_existing_key() { return existing_key; }
394 bool has_existing_subuser() { return existing_subuser; }
395 bool has_existing_email() { return existing_email; }
396 bool has_subuser() { return subuser_specified; }
397 bool has_key_op() { return key_op; }
398 bool has_caps_op() { return caps_specified; }
399 bool has_suspension_op() { return suspension_op; }
400 bool has_subuser_perm() { return perm_specified; }
401 bool has_op_mask() { return op_mask_specified; }
402 bool will_gen_access() { return gen_access; }
403 bool will_gen_secret() { return gen_secret; }
404 bool will_gen_subuser() { return gen_subuser; }
405 bool will_purge_keys() { return purge_keys; }
406 bool will_purge_data() { return purge_data; }
407 bool will_generate_subuser() { return gen_subuser; }
408 bool has_bucket_quota() { return bucket_quota_specified; }
409 bool has_user_quota() { return user_quota_specified; }
410 void set_populated() { populated = true; }
411 void clear_populated() { populated = false; }
412 void set_initialized() { initialized = true; }
413 void set_existing_user(bool flag) { existing_user = flag; }
414 void set_existing_key(bool flag) { existing_key = flag; }
415 void set_existing_subuser(bool flag) { existing_subuser = flag; }
416 void set_existing_email(bool flag) { existing_email = flag; }
417 void set_purge_data(bool flag) { purge_data = flag; }
418 void set_generate_subuser(bool flag) { gen_subuser = flag; }
419 __u8 get_suspension_status() { return suspended; }
420 int32_t get_key_type() {return key_type; }
421 uint32_t get_subuser_perm() { return perm_mask; }
422 int32_t get_max_buckets() { return max_buckets; }
423 uint32_t get_op_mask() { return op_mask; }
424 RGWQuotaInfo& get_bucket_quota() { return bucket_quota; }
425 RGWQuotaInfo& get_user_quota() { return user_quota; }
427 rgw_user& get_user_id() { return user_id; }
428 std::string get_subuser() { return subuser; }
429 std::string get_access_key() { return id; }
430 std::string get_secret_key() { return key; }
431 std::string get_caps() { return caps; }
432 std::string get_user_email() { return user_email; }
433 std::string get_display_name() { return display_name; }
434 map<int, std::string>& get_temp_url_keys() { return temp_url_keys; }
436 RGWUserInfo& get_user_info() { return info; }
438 map<std::string, RGWAccessKey> *get_swift_keys() { return &info.swift_keys; }
439 map<std::string, RGWAccessKey> *get_access_keys() { return &info.access_keys; }
440 map<std::string, RGWSubUser> *get_subusers() { return &info.subusers; }
442 RGWUserCaps *get_caps_obj() { return &info.caps; }
444 std::string build_default_swift_kid() {
445 if (user_id.empty() || subuser.empty())
456 std::string generate_subuser() {
460 std::string generated_subuser;
461 user_id.to_str(generated_subuser);
462 std::string rand_suffix;
464 int sub_buf_size = RAND_SUBUSER_LEN + 1;
465 char sub_buf[RAND_SUBUSER_LEN + 1];
467 if (gen_rand_alphanumeric_upper(g_ceph_context, sub_buf, sub_buf_size) < 0)
470 rand_suffix = sub_buf;
471 if (rand_suffix.empty())
474 generated_subuser.append(rand_suffix);
475 subuser = generated_subuser;
477 return generated_subuser;
480 RGWUserAdminOpState() : user_id(RGW_USER_ANON_ID)
482 max_buckets = RGW_DEFAULT_MAX_BUCKETS;
484 perm_mask = RGW_PERM_NONE;
492 existing_user = false;
493 existing_key = false;
494 existing_subuser = false;
495 existing_email = false;
496 subuser_specified = false;
497 caps_specified = false;
502 id_specified = false;
503 key_specified = false;
504 type_specified = false;
505 key_type_setbycontext = false;
507 display_name_specified = false;
508 user_email_specified = false;
509 max_buckets_specified = false;
510 perm_specified = false;
511 op_mask_specified = false;
512 suspension_op = false;
513 system_specified = false;
517 key_params_checked = false;
518 subuser_params_checked = false;
519 user_params_checked = false;
520 bucket_quota_specified = false;
521 temp_url_key_specified = false;
522 user_quota_specified = false;
523 found_by_uid = false;
524 found_by_email = false;
525 found_by_key = false;
531 class RGWAccessKeyPool
535 std::map<std::string, int, ltstr_nocase> key_type_map;
539 map<std::string, RGWAccessKey> *swift_keys;
540 map<std::string, RGWAccessKey> *access_keys;
542 // we don't want to allow keys for the anonymous user or a null user
546 int create_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
547 int generate_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
548 int modify_key(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
550 int check_key_owner(RGWUserAdminOpState& op_state);
551 bool check_existing_key(RGWUserAdminOpState& op_state);
552 int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
554 /* API Contract Fulfilment */
555 int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
556 int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
557 int remove_subuser_keys(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
559 int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
560 int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
562 explicit RGWAccessKeyPool(RGWUser* usr);
565 int init(RGWUserAdminOpState& op_state);
567 /* API Contracted Methods */
568 int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
569 int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
571 friend class RGWUser;
572 friend class RGWSubUserPool;
581 bool subusers_allowed;
583 map<string, RGWSubUser> *subuser_map;
586 int check_op(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
588 /* API Contract Fulfillment */
589 int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
590 int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
591 int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
593 int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
594 int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
595 int modify(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
597 explicit RGWSubUserPool(RGWUser *user);
600 bool exists(std::string subuser);
601 int init(RGWUserAdminOpState& op_state);
603 /* API contracted methods */
604 int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
605 int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
606 int modify(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
608 friend class RGWUser;
618 int add(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
619 int remove(RGWUserAdminOpState& op_state, std::string *err_msg, bool defer_save);
622 explicit RGWUserCapPool(RGWUser *user);
625 int init(RGWUserAdminOpState& op_state);
627 /* API contracted methods */
628 int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
629 int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
631 friend class RGWUser;
638 RGWUserInfo old_info;
644 void set_populated() { info_stored = true; }
645 void clear_populated() { info_stored = false; }
646 bool is_populated() { return info_stored; }
648 int check_op(RGWUserAdminOpState& req, std::string *err_msg);
649 int update(RGWUserAdminOpState& op_state, std::string *err_msg);
651 void clear_members();
654 /* API Contract Fulfillment */
655 int execute_add(RGWUserAdminOpState& op_state, std::string *err_msg);
656 int execute_remove(RGWUserAdminOpState& op_state, std::string *err_msg);
657 int execute_modify(RGWUserAdminOpState& op_state, std::string *err_msg);
663 int init(RGWRados *storage, RGWUserAdminOpState& op_state);
665 int init_storage(RGWRados *storage);
666 int init(RGWUserAdminOpState& op_state);
667 int init_members(RGWUserAdminOpState& op_state);
669 RGWRados *get_store() { return store; }
671 /* API Contracted Members */
673 RGWAccessKeyPool keys;
674 RGWSubUserPool subusers;
676 /* API Contracted Methods */
677 int add(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
678 int remove(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
680 /* remove an already populated RGWUser */
681 int remove(std::string *err_msg = NULL);
683 int modify(RGWUserAdminOpState& op_state, std::string *err_msg = NULL);
685 /* retrieve info from an existing user in the RGW system */
686 int info(RGWUserAdminOpState& op_state, RGWUserInfo& fetched_info, std::string *err_msg = NULL);
688 /* info from an already populated RGWUser */
689 int info (RGWUserInfo& fetched_info, std::string *err_msg = NULL);
691 friend class RGWAccessKeyPool;
692 friend class RGWSubUserPool;
693 friend class RGWUserCapPool;
696 /* Wrapers for admin API functionality */
698 class RGWUserAdminOp_User
701 static int info(RGWRados *store,
702 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
704 static int create(RGWRados *store,
705 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
707 static int modify(RGWRados *store,
708 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
710 static int remove(RGWRados *store,
711 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
714 class RGWUserAdminOp_Subuser
717 static int create(RGWRados *store,
718 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
720 static int modify(RGWRados *store,
721 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
723 static int remove(RGWRados *store,
724 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
727 class RGWUserAdminOp_Key
730 static int create(RGWRados *store,
731 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
733 static int remove(RGWRados *store,
734 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
737 class RGWUserAdminOp_Caps
740 static int add(RGWRados *store,
741 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
743 static int remove(RGWRados *store,
744 RGWUserAdminOpState& op_state, RGWFormatterFlusher& flusher);
747 class RGWMetadataManager;
749 extern void rgw_user_init(RGWRados *store);