X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fsrc%2Fosd%2FOSDCap.h;fp=src%2Fceph%2Fsrc%2Fosd%2FOSDCap.h;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=4030d4572c4bcd3d5d8590230da56fe00d946c98;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git diff --git a/src/ceph/src/osd/OSDCap.h b/src/ceph/src/osd/OSDCap.h deleted file mode 100644 index 4030d45..0000000 --- a/src/ceph/src/osd/OSDCap.h +++ /dev/null @@ -1,214 +0,0 @@ -// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- -// vim: ts=8 sw=2 smarttab -/* - * Ceph - scalable distributed file system - * - * Copyright (C) 2004-2006 Sage Weil - * - * This is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License version 2.1, as published by the Free Software - * Foundation. See file COPYING. - * - * OSDCaps: Hold the capabilities associated with a single authenticated - * user key. These are specified by text strings of the form - * "allow r" (which allows reading anything on the OSD) - * "allow rwx auid foo" (which allows full access to listed auids) - * "allow rwx pool foo" (which allows full access to listed pools) - * "allow *" (which allows full access to EVERYTHING) - * - * The full grammar is documented in the parser in OSDCap.cc. - * - * The OSD assumes that anyone with * caps is an admin and has full - * message permissions. This means that only the monitor and the OSDs - * should get * - */ - -#ifndef CEPH_OSDCAP_H -#define CEPH_OSDCAP_H - -#include -using std::ostream; - -#include "include/types.h" -#include "OpRequest.h" - -#include -#include -#include - -static const __u8 OSD_CAP_R = (1 << 1); // read -static const __u8 OSD_CAP_W = (1 << 2); // write -static const __u8 OSD_CAP_CLS_R = (1 << 3); // class read -static const __u8 OSD_CAP_CLS_W = (1 << 4); // class write -static const __u8 OSD_CAP_X = (OSD_CAP_CLS_R | OSD_CAP_CLS_W); // execute -static const __u8 OSD_CAP_ANY = 0xff; // * - -struct osd_rwxa_t { - __u8 val; - - // cppcheck-suppress noExplicitConstructor - osd_rwxa_t(__u8 v = 0) : val(v) {} - osd_rwxa_t& operator=(__u8 v) { - val = v; - return *this; - } - operator __u8() const { - return val; - } -}; - -ostream& operator<<(ostream& out, const osd_rwxa_t& p); - -struct OSDCapSpec { - osd_rwxa_t allow; - std::string class_name; - std::string class_allow; - - OSDCapSpec() : allow(0) {} - explicit OSDCapSpec(osd_rwxa_t v) : allow(v) {} - explicit OSDCapSpec(std::string n) : allow(0), class_name(std::move(n)) {} - OSDCapSpec(std::string n, std::string a) : - allow(0), class_name(std::move(n)), class_allow(std::move(a)) {} - - bool allow_all() const { - return allow == OSD_CAP_ANY; - } -}; - -ostream& operator<<(ostream& out, const OSDCapSpec& s); - -struct OSDCapPoolNamespace { - std::string pool_name; - boost::optional nspace = boost::none; - - OSDCapPoolNamespace() { - } - OSDCapPoolNamespace(const std::string& pool_name, - const boost::optional& nspace = boost::none) - : pool_name(pool_name), nspace(nspace) { - } - - bool is_match(const std::string& pn, const std::string& ns) const; - bool is_match_all() const; -}; - -ostream& operator<<(ostream& out, const OSDCapPoolNamespace& pns); - - -struct OSDCapMatch { - // auid and pool_name/nspace are mutually exclusive - int64_t auid = CEPH_AUTH_UID_DEFAULT; - OSDCapPoolNamespace pool_namespace; - std::string object_prefix; - - OSDCapMatch() {} - OSDCapMatch(const OSDCapPoolNamespace& pns) : pool_namespace(pns) {} - OSDCapMatch(const std::string& pl, const std::string& pre) - : pool_namespace(pl), object_prefix(pre) {} - OSDCapMatch(const std::string& pl, const std::string& ns, - const std::string& pre) - : pool_namespace(pl, ns), object_prefix(pre) {} - OSDCapMatch(uint64_t auid, const std::string& pre) - : auid(auid), object_prefix(pre) {} - - /** - * check if given request parameters match our constraints - * - * @param pool_name pool name - * @param nspace_name namespace name - * @param pool_auid pool's auid - * @param object object name - * @return true if we match, false otherwise - */ - bool is_match(const std::string& pool_name, const std::string& nspace_name, - int64_t pool_auid, const std::string& object) const; - bool is_match_all() const; -}; - -ostream& operator<<(ostream& out, const OSDCapMatch& m); - - -struct OSDCapProfile { - std::string name; - OSDCapPoolNamespace pool_namespace; - - OSDCapProfile() { - } - OSDCapProfile(const std::string& name, - const std::string& pool_name, - const boost::optional& nspace = boost::none) - : name(name), pool_namespace(pool_name, nspace) { - } - - inline bool is_valid() const { - return !name.empty(); - } -}; - -ostream& operator<<(ostream& out, const OSDCapProfile& m); - -struct OSDCapGrant { - OSDCapMatch match; - OSDCapSpec spec; - OSDCapProfile profile; - - // explicit grants that a profile grant expands to; populated as - // needed by expand_profile() and cached here. - std::list profile_grants; - - OSDCapGrant() {} - OSDCapGrant(const OSDCapMatch& m, const OSDCapSpec& s) : match(m), spec(s) {} - OSDCapGrant(const OSDCapProfile& profile) : profile(profile) { - expand_profile(); - } - - bool allow_all() const; - bool is_capable(const string& pool_name, const string& ns, int64_t pool_auid, - const string& object, bool op_may_read, bool op_may_write, - const std::vector& classes, - std::vector* class_allowed) const; - - void expand_profile(); -}; - -ostream& operator<<(ostream& out, const OSDCapGrant& g); - - -struct OSDCap { - std::vector grants; - - OSDCap() {} - explicit OSDCap(std::vector g) : grants(std::move(g)) {} - - bool allow_all() const; - void set_allow_all(); - bool parse(const std::string& str, ostream *err=NULL); - - /** - * check if we are capable of something - * - * This method actually checks a description of a particular operation against - * what the capability has specified. Currently that is just rwx with matches - * against pool, pool auid, and object name prefix. - * - * @param pool_name name of the pool we are accessing - * @param ns name of the namespace we are accessing - * @param pool_auid owner of the pool we are accessing - * @param object name of the object we are accessing - * @param op_may_read whether the operation may need to read - * @param op_may_write whether the operation may need to write - * @param classes (class-name, rd, wr, whitelisted-flag) tuples - * @return true if the operation is allowed, false otherwise - */ - bool is_capable(const string& pool_name, const string& ns, int64_t pool_auid, - const string& object, bool op_may_read, bool op_may_write, - const std::vector& classes) const; -}; - -static inline ostream& operator<<(ostream& out, const OSDCap& cap) -{ - return out << "osdcap" << cap.grants; -} - -#endif