1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 * Ceph - scalable distributed file system
6 * Copyright (C) 2004-2006 Sage Weil <sage@newdream.net>
8 * This is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License version 2.1, as published by the Free Software
11 * Foundation. See file COPYING.
15 #ifndef CEPH_AUTHMONITOR_H
16 #define CEPH_AUTHMONITOR_H
22 #include "include/ceph_features.h"
23 #include "include/types.h"
24 #include "mon/PaxosService.h"
25 #include "mon/MonitorDBStore.h"
33 #define MIN_GLOBAL_ID 0x1000
35 class AuthMonitor : public PaxosService {
43 uint64_t max_global_id;
47 Incremental() : inc_type(GLOBAL_ID), max_global_id(0), auth_type(0) {}
49 void encode(bufferlist& bl, uint64_t features=-1) const {
50 if ((features & CEPH_FEATURE_MONENC) == 0) {
53 __u32 _type = (__u32)inc_type;
55 if (_type == GLOBAL_ID) {
56 ::encode(max_global_id, bl);
58 ::encode(auth_type, bl);
59 ::encode(auth_data, bl);
63 ENCODE_START(2, 2, bl);
64 __u32 _type = (__u32)inc_type;
66 if (_type == GLOBAL_ID) {
67 ::encode(max_global_id, bl);
69 ::encode(auth_type, bl);
70 ::encode(auth_data, bl);
74 void decode(bufferlist::iterator& bl) {
75 DECODE_START_LEGACY_COMPAT_LEN(2, 2, 2, bl);
78 inc_type = (IncType)_type;
79 assert(inc_type >= GLOBAL_ID && inc_type <= AUTH_DATA);
80 if (_type == GLOBAL_ID) {
81 ::decode(max_global_id, bl);
83 ::decode(auth_type, bl);
84 ::decode(auth_data, bl);
88 void dump(Formatter *f) const {
89 f->dump_int("type", inc_type);
90 f->dump_int("max_global_id", max_global_id);
91 f->dump_int("auth_type", auth_type);
92 f->dump_int("auth_data_len", auth_data.length());
94 static void generate_test_instances(list<Incremental*>& ls) {
95 ls.push_back(new Incremental);
96 ls.push_back(new Incremental);
97 ls.back()->inc_type = GLOBAL_ID;
98 ls.back()->max_global_id = 1234;
99 ls.push_back(new Incremental);
100 ls.back()->inc_type = AUTH_DATA;
101 ls.back()->auth_type = 12;
102 ls.back()->auth_data.append("foo");
106 struct auth_entity_t {
113 vector<Incremental> pending_auth;
114 version_t last_rotating_ver;
115 uint64_t max_global_id;
116 uint64_t last_allocated_id;
118 void upgrade_format() override;
120 void export_keyring(KeyRing& keyring);
121 int import_keyring(KeyRing& keyring);
123 void push_cephx_inc(KeyServerData::Incremental& auth_inc) {
125 inc.inc_type = AUTH_DATA;
126 ::encode(auth_inc, inc.auth_data);
127 inc.auth_type = CEPH_AUTH_CEPHX;
128 pending_auth.push_back(inc);
131 /* validate mon caps ; don't care about caps for other services as
132 * we don't know how to validate them */
133 bool valid_caps(const vector<string>& caps, ostream *out) {
134 for (vector<string>::const_iterator p = caps.begin();
135 p != caps.end(); p += 2) {
136 if (!p->empty() && *p != "mon")
139 if (!tmp.parse(*(p+1), out))
145 void on_active() override;
146 bool should_propose(double& delay) override;
147 void create_initial() override;
148 void update_from_paxos(bool *need_bootstrap) override;
149 void create_pending() override; // prepare a new pending
150 bool prepare_global_id(MonOpRequestRef op);
151 void increase_max_global_id();
152 uint64_t assign_global_id(MonOpRequestRef op, bool should_increase_max);
153 // propose pending update to peers
154 void encode_pending(MonitorDBStore::TransactionRef t) override;
155 void encode_full(MonitorDBStore::TransactionRef t) override;
156 version_t get_trim_to() override;
158 bool preprocess_query(MonOpRequestRef op) override; // true if processed.
159 bool prepare_update(MonOpRequestRef op) override;
161 bool prep_auth(MonOpRequestRef op, bool paxos_writable);
163 bool preprocess_command(MonOpRequestRef op);
164 bool prepare_command(MonOpRequestRef op);
168 bool entity_is_pending(EntityName& entity);
169 int exists_and_matches_entity(
170 const auth_entity_t& entity,
173 int exists_and_matches_entity(
174 const EntityName& name,
175 const EntityAuth& auth,
176 const map<string,bufferlist>& caps,
179 int remove_entity(const EntityName &entity);
181 const EntityName& name,
182 const EntityAuth& auth);
185 AuthMonitor(Monitor *mn, Paxos *p, const string& service_name)
186 : PaxosService(mn, p, service_name),
187 last_rotating_ver(0),
192 void pre_auth(MAuth *m);
194 void tick() override; // check state, take actions
196 int validate_osd_destroy(
199 EntityName& cephx_entity,
200 EntityName& lockbox_entity,
203 const EntityName& cephx_entity,
204 const EntityName& lockbox_entity);
207 const auth_entity_t& cephx_entity,
208 const auth_entity_t& lockbox_entity,
210 int validate_osd_new(
213 const string& cephx_secret,
214 const string& lockbox_secret,
215 auth_entity_t& cephx_entity,
216 auth_entity_t& lockbox_entity,
219 void dump_info(Formatter *f);
221 bool is_valid_cephx_key(const string& k) {
227 ea.key.decode_base64(k);
229 } catch (buffer::error& e) { /* fallthrough */ }
235 WRITE_CLASS_ENCODER_FEATURES(AuthMonitor::Incremental)