[ceph.git] / ceph / src / mon / AuthMonitor.h

// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
// vim: ts=8 sw=2 smarttab
/*
 * Ceph - scalable distributed file system
 *
 * Copyright (C) 2004-2006 Sage Weil <sage@newdream.net>
 *
 * This is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License version 2.1, as published by the Free Software 
 * Foundation.  See file COPYING.
 * 
 */

#ifndef CEPH_AUTHMONITOR_H
#define CEPH_AUTHMONITOR_H

#include <map>
#include <set>
using namespace std;

#include "include/ceph_features.h"
#include "include/types.h"
#include "mon/PaxosService.h"
#include "mon/MonitorDBStore.h"

class MMonCommand;
struct MAuth;
struct MMonGlobalID;
class KeyRing;
class Monitor;

#define MIN_GLOBAL_ID 0x1000

class AuthMonitor : public PaxosService {
public:
  enum IncType {
    GLOBAL_ID,
    AUTH_DATA,
  };
  struct Incremental {
    IncType inc_type;
    uint64_t max_global_id;
    uint32_t auth_type;
    bufferlist auth_data;

    Incremental() : inc_type(GLOBAL_ID), max_global_id(0), auth_type(0) {}

    void encode(bufferlist& bl, uint64_t features=-1) const {
      if ((features & CEPH_FEATURE_MONENC) == 0) {
	__u8 v = 1;
	::encode(v, bl);
	__u32 _type = (__u32)inc_type;
	::encode(_type, bl);
	if (_type == GLOBAL_ID) {
	  ::encode(max_global_id, bl);
	} else {
	  ::encode(auth_type, bl);
	  ::encode(auth_data, bl);
	}
	return;
      } 
      ENCODE_START(2, 2, bl);
      __u32 _type = (__u32)inc_type;
      ::encode(_type, bl);
      if (_type == GLOBAL_ID) {
	::encode(max_global_id, bl);
      } else {
	::encode(auth_type, bl);
	::encode(auth_data, bl);
      }
      ENCODE_FINISH(bl);
    }
    void decode(bufferlist::iterator& bl) {
      DECODE_START_LEGACY_COMPAT_LEN(2, 2, 2, bl);
      __u32 _type;
      ::decode(_type, bl);
      inc_type = (IncType)_type;
      assert(inc_type >= GLOBAL_ID && inc_type <= AUTH_DATA);
      if (_type == GLOBAL_ID) {
	::decode(max_global_id, bl);
      } else {
	::decode(auth_type, bl);
	::decode(auth_data, bl);
      }
      DECODE_FINISH(bl);
    }
    void dump(Formatter *f) const {
      f->dump_int("type", inc_type);
      f->dump_int("max_global_id", max_global_id);
      f->dump_int("auth_type", auth_type);
      f->dump_int("auth_data_len", auth_data.length());
    }
    static void generate_test_instances(list<Incremental*>& ls) {
      ls.push_back(new Incremental);
      ls.push_back(new Incremental);
      ls.back()->inc_type = GLOBAL_ID;
      ls.back()->max_global_id = 1234;
      ls.push_back(new Incremental);
      ls.back()->inc_type = AUTH_DATA;
      ls.back()->auth_type = 12;
      ls.back()->auth_data.append("foo");
    }
  };

private:
  vector<Incremental> pending_auth;
  version_t last_rotating_ver;
  uint64_t max_global_id;
  uint64_t last_allocated_id;

  void upgrade_format() override;

  void export_keyring(KeyRing& keyring);
  int import_keyring(KeyRing& keyring);

  void push_cephx_inc(KeyServerData::Incremental& auth_inc) {
    Incremental inc;
    inc.inc_type = AUTH_DATA;
    ::encode(auth_inc, inc.auth_data);
    inc.auth_type = CEPH_AUTH_CEPHX;
    pending_auth.push_back(inc);
  }

  /* validate mon caps ; don't care about caps for other services as
   * we don't know how to validate them */
  bool valid_caps(const vector<string>& caps, ostream *out) {
    for (vector<string>::const_iterator p = caps.begin();
         p != caps.end(); p += 2) {
      if (!p->empty() && *p != "mon")
        continue;
      MonCap tmp;
      if (!tmp.parse(*(p+1), out))
        return false;
    }
    return true;
  }

  void on_active() override;
  bool should_propose(double& delay) override;
  void create_initial() override;
  void update_from_paxos(bool *need_bootstrap) override;
  void create_pending() override;  // prepare a new pending
  bool prepare_global_id(MonOpRequestRef op);
  void increase_max_global_id();
  uint64_t assign_global_id(MonOpRequestRef op, bool should_increase_max);
  // propose pending update to peers
  void encode_pending(MonitorDBStore::TransactionRef t) override;
  void encode_full(MonitorDBStore::TransactionRef t) override;
  version_t get_trim_to() override;

  bool preprocess_query(MonOpRequestRef op) override;  // true if processed.
  bool prepare_update(MonOpRequestRef op) override;

  bool prep_auth(MonOpRequestRef op, bool paxos_writable);

  bool preprocess_command(MonOpRequestRef op);
  bool prepare_command(MonOpRequestRef op);

  bool check_rotate();
 public:
  AuthMonitor(Monitor *mn, Paxos *p, const string& service_name)
    : PaxosService(mn, p, service_name),
      last_rotating_ver(0),
      max_global_id(0),
      last_allocated_id(0)
  {}

  void pre_auth(MAuth *m);
  
  void tick() override;  // check state, take actions

  void dump_info(Formatter *f);
};


WRITE_CLASS_ENCODER_FEATURES(AuthMonitor::Incremental)

#endif
Commit	Line	Data
7c673cae FG	1	// -- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t --
	2	// vim: ts=8 sw=2 smarttab
	3	/*
	4	* Ceph - scalable distributed file system
	5	*
	6	* Copyright (C) 2004-2006 Sage Weil <sage@newdream.net>
	7	*
	8	* This is free software; you can redistribute it and/or
	9	* modify it under the terms of the GNU Lesser General Public
	10	* License version 2.1, as published by the Free Software
	11	* Foundation. See file COPYING.
	12	*
	13	*/
	14
	15	#ifndef CEPH_AUTHMONITOR_H
	16	#define CEPH_AUTHMONITOR_H
	17
	18	#include <map>
	19	#include <set>
	20	using namespace std;
	21
	22	#include "include/ceph_features.h"
	23	#include "include/types.h"
	24	#include "mon/PaxosService.h"
	25	#include "mon/MonitorDBStore.h"
	26
	27	class MMonCommand;
	28	struct MAuth;
	29	struct MMonGlobalID;
	30	class KeyRing;
	31	class Monitor;
	32
	33	#define MIN_GLOBAL_ID 0x1000
	34
	35	class AuthMonitor : public PaxosService {
	36	public:
	37	enum IncType {
	38	GLOBAL_ID,
	39	AUTH_DATA,
	40	};
	41	struct Incremental {
	42	IncType inc_type;
	43	uint64_t max_global_id;
	44	uint32_t auth_type;
	45	bufferlist auth_data;
	46
	47	Incremental() : inc_type(GLOBAL_ID), max_global_id(0), auth_type(0) {}
	48
	49	void encode(bufferlist& bl, uint64_t features=-1) const {
	50	if ((features & CEPH_FEATURE_MONENC) == 0) {
	51	__u8 v = 1;
	52	::encode(v, bl);
	53	__u32 _type = (__u32)inc_type;
	54	::encode(_type, bl);
	55	if (_type == GLOBAL_ID) {
	56	::encode(max_global_id, bl);
	57	} else {
	58	::encode(auth_type, bl);
	59	::encode(auth_data, bl);
	60	}
	61	return;
	62	}
	63	ENCODE_START(2, 2, bl);
	64	__u32 _type = (__u32)inc_type;
65	::encode(_type, bl);
66	if (_type == GLOBAL_ID) {
67	::encode(max_global_id, bl);
68	} else {
69	::encode(auth_type, bl);
70	::encode(auth_data, bl);
71	}
72	ENCODE_FINISH(bl);
73	}
74	void decode(bufferlist::iterator& bl) {
75	DECODE_START_LEGACY_COMPAT_LEN(2, 2, 2, bl);
76	__u32 _type;
77	::decode(_type, bl);
78	inc_type = (IncType)_type;
79	assert(inc_type >= GLOBAL_ID && inc_type <= AUTH_DATA);
80	if (_type == GLOBAL_ID) {
81	::decode(max_global_id, bl);
82	} else {
83	::decode(auth_type, bl);
84	::decode(auth_data, bl);
85	}
86	DECODE_FINISH(bl);
87	}
88	void dump(Formatter *f) const {
89	f->dump_int("type", inc_type);
90	f->dump_int("max_global_id", max_global_id);
91	f->dump_int("auth_type", auth_type);
92	f->dump_int("auth_data_len", auth_data.length());
93	}
94	static void generate_test_instances(list<Incremental*>& ls) {
95	ls.push_back(new Incremental);
96	ls.push_back(new Incremental);
97	ls.back()->inc_type = GLOBAL_ID;
98	ls.back()->max_global_id = 1234;
99	ls.push_back(new Incremental);
100	ls.back()->inc_type = AUTH_DATA;
101	ls.back()->auth_type = 12;
102	ls.back()->auth_data.append("foo");
103	}
104	};
105
106	private:
107	vector<Incremental> pending_auth;
108	version_t last_rotating_ver;
109	uint64_t max_global_id;
110	uint64_t last_allocated_id;
111
112	void upgrade_format() override;
113
114	void export_keyring(KeyRing& keyring);
115	int import_keyring(KeyRing& keyring);
116
117	void push_cephx_inc(KeyServerData::Incremental& auth_inc) {
118	Incremental inc;
119	inc.inc_type = AUTH_DATA;
120	::encode(auth_inc, inc.auth_data);
121	inc.auth_type = CEPH_AUTH_CEPHX;
122	pending_auth.push_back(inc);
123	}
124
125	/* validate mon caps ; don't care about caps for other services as
126	* we don't know how to validate them */
127	bool valid_caps(const vector<string>& caps, ostream *out) {
128	for (vector<string>::const_iterator p = caps.begin();
129	p != caps.end(); p += 2) {
130	if (!p->empty() && *p != "mon")
131	continue;
132	MonCap tmp;
133	if (!tmp.parse(*(p+1), out))
134	return false;
135	}
136	return true;
137	}
138
139	void on_active() override;
140	bool should_propose(double& delay) override;
141	void create_initial() override;
142	void update_from_paxos(bool *need_bootstrap) override;
143	void create_pending() override; // prepare a new pending
144	bool prepare_global_id(MonOpRequestRef op);
145	void increase_max_global_id();
146	uint64_t assign_global_id(MonOpRequestRef op, bool should_increase_max);
147	// propose pending update to peers
148	void encode_pending(MonitorDBStore::TransactionRef t) override;
149	void encode_full(MonitorDBStore::TransactionRef t) override;
150	version_t get_trim_to() override;
151
152	bool preprocess_query(MonOpRequestRef op) override; // true if processed.
153	bool prepare_update(MonOpRequestRef op) override;
154
155	bool prep_auth(MonOpRequestRef op, bool paxos_writable);
156
157	bool preprocess_command(MonOpRequestRef op);
158	bool prepare_command(MonOpRequestRef op);
159
160	bool check_rotate();
161	public:
162	AuthMonitor(Monitor mn, Paxos p, const string& service_name)
163	: PaxosService(mn, p, service_name),
164	last_rotating_ver(0),
165	max_global_id(0),
166	last_allocated_id(0)
167	{}
168
169	void pre_auth(MAuth *m);
170
171	void tick() override; // check state, take actions
172
173	void dump_info(Formatter *f);
174	};
175
176
177	WRITE_CLASS_ENCODER_FEATURES(AuthMonitor::Incremental)
178
179	#endif