]>
Commit | Line | Data |
---|---|---|
7c673cae FG |
1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
2 | // vim: ts=8 sw=2 smarttab | |
3 | /* | |
4 | * Ceph - scalable distributed file system | |
5 | * | |
6 | * Copyright (C) 2004-2006 Sage Weil <sage@newdream.net> | |
7 | * | |
8 | * This is free software; you can redistribute it and/or | |
9 | * modify it under the terms of the GNU Lesser General Public | |
10 | * License version 2.1, as published by the Free Software | |
11 | * Foundation. See file COPYING. | |
12 | * | |
13 | */ | |
14 | ||
15 | #ifndef CEPH_AUTHMONITOR_H | |
16 | #define CEPH_AUTHMONITOR_H | |
17 | ||
18 | #include <map> | |
19 | #include <set> | |
20 | using namespace std; | |
21 | ||
22 | #include "include/ceph_features.h" | |
23 | #include "include/types.h" | |
24 | #include "mon/PaxosService.h" | |
25 | #include "mon/MonitorDBStore.h" | |
26 | ||
27 | class MMonCommand; | |
28 | struct MAuth; | |
29 | struct MMonGlobalID; | |
30 | class KeyRing; | |
31 | class Monitor; | |
32 | ||
33 | #define MIN_GLOBAL_ID 0x1000 | |
34 | ||
35 | class AuthMonitor : public PaxosService { | |
36 | public: | |
37 | enum IncType { | |
38 | GLOBAL_ID, | |
39 | AUTH_DATA, | |
40 | }; | |
41 | struct Incremental { | |
42 | IncType inc_type; | |
43 | uint64_t max_global_id; | |
44 | uint32_t auth_type; | |
45 | bufferlist auth_data; | |
46 | ||
47 | Incremental() : inc_type(GLOBAL_ID), max_global_id(0), auth_type(0) {} | |
48 | ||
49 | void encode(bufferlist& bl, uint64_t features=-1) const { | |
50 | if ((features & CEPH_FEATURE_MONENC) == 0) { | |
51 | __u8 v = 1; | |
52 | ::encode(v, bl); | |
53 | __u32 _type = (__u32)inc_type; | |
54 | ::encode(_type, bl); | |
55 | if (_type == GLOBAL_ID) { | |
56 | ::encode(max_global_id, bl); | |
57 | } else { | |
58 | ::encode(auth_type, bl); | |
59 | ::encode(auth_data, bl); | |
60 | } | |
61 | return; | |
62 | } | |
63 | ENCODE_START(2, 2, bl); | |
64 | __u32 _type = (__u32)inc_type; | |
65 | ::encode(_type, bl); | |
66 | if (_type == GLOBAL_ID) { | |
67 | ::encode(max_global_id, bl); | |
68 | } else { | |
69 | ::encode(auth_type, bl); | |
70 | ::encode(auth_data, bl); | |
71 | } | |
72 | ENCODE_FINISH(bl); | |
73 | } | |
74 | void decode(bufferlist::iterator& bl) { | |
75 | DECODE_START_LEGACY_COMPAT_LEN(2, 2, 2, bl); | |
76 | __u32 _type; | |
77 | ::decode(_type, bl); | |
78 | inc_type = (IncType)_type; | |
79 | assert(inc_type >= GLOBAL_ID && inc_type <= AUTH_DATA); | |
80 | if (_type == GLOBAL_ID) { | |
81 | ::decode(max_global_id, bl); | |
82 | } else { | |
83 | ::decode(auth_type, bl); | |
84 | ::decode(auth_data, bl); | |
85 | } | |
86 | DECODE_FINISH(bl); | |
87 | } | |
88 | void dump(Formatter *f) const { | |
89 | f->dump_int("type", inc_type); | |
90 | f->dump_int("max_global_id", max_global_id); | |
91 | f->dump_int("auth_type", auth_type); | |
92 | f->dump_int("auth_data_len", auth_data.length()); | |
93 | } | |
94 | static void generate_test_instances(list<Incremental*>& ls) { | |
95 | ls.push_back(new Incremental); | |
96 | ls.push_back(new Incremental); | |
97 | ls.back()->inc_type = GLOBAL_ID; | |
98 | ls.back()->max_global_id = 1234; | |
99 | ls.push_back(new Incremental); | |
100 | ls.back()->inc_type = AUTH_DATA; | |
101 | ls.back()->auth_type = 12; | |
102 | ls.back()->auth_data.append("foo"); | |
103 | } | |
104 | }; | |
105 | ||
106 | private: | |
107 | vector<Incremental> pending_auth; | |
108 | version_t last_rotating_ver; | |
109 | uint64_t max_global_id; | |
110 | uint64_t last_allocated_id; | |
111 | ||
112 | void upgrade_format() override; | |
113 | ||
114 | void export_keyring(KeyRing& keyring); | |
115 | int import_keyring(KeyRing& keyring); | |
116 | ||
117 | void push_cephx_inc(KeyServerData::Incremental& auth_inc) { | |
118 | Incremental inc; | |
119 | inc.inc_type = AUTH_DATA; | |
120 | ::encode(auth_inc, inc.auth_data); | |
121 | inc.auth_type = CEPH_AUTH_CEPHX; | |
122 | pending_auth.push_back(inc); | |
123 | } | |
124 | ||
125 | /* validate mon caps ; don't care about caps for other services as | |
126 | * we don't know how to validate them */ | |
127 | bool valid_caps(const vector<string>& caps, ostream *out) { | |
128 | for (vector<string>::const_iterator p = caps.begin(); | |
129 | p != caps.end(); p += 2) { | |
130 | if (!p->empty() && *p != "mon") | |
131 | continue; | |
132 | MonCap tmp; | |
133 | if (!tmp.parse(*(p+1), out)) | |
134 | return false; | |
135 | } | |
136 | return true; | |
137 | } | |
138 | ||
139 | void on_active() override; | |
140 | bool should_propose(double& delay) override; | |
141 | void create_initial() override; | |
142 | void update_from_paxos(bool *need_bootstrap) override; | |
143 | void create_pending() override; // prepare a new pending | |
144 | bool prepare_global_id(MonOpRequestRef op); | |
145 | void increase_max_global_id(); | |
146 | uint64_t assign_global_id(MonOpRequestRef op, bool should_increase_max); | |
147 | // propose pending update to peers | |
148 | void encode_pending(MonitorDBStore::TransactionRef t) override; | |
149 | void encode_full(MonitorDBStore::TransactionRef t) override; | |
150 | version_t get_trim_to() override; | |
151 | ||
152 | bool preprocess_query(MonOpRequestRef op) override; // true if processed. | |
153 | bool prepare_update(MonOpRequestRef op) override; | |
154 | ||
155 | bool prep_auth(MonOpRequestRef op, bool paxos_writable); | |
156 | ||
157 | bool preprocess_command(MonOpRequestRef op); | |
158 | bool prepare_command(MonOpRequestRef op); | |
159 | ||
160 | bool check_rotate(); | |
161 | public: | |
162 | AuthMonitor(Monitor *mn, Paxos *p, const string& service_name) | |
163 | : PaxosService(mn, p, service_name), | |
164 | last_rotating_ver(0), | |
165 | max_global_id(0), | |
166 | last_allocated_id(0) | |
167 | {} | |
168 | ||
169 | void pre_auth(MAuth *m); | |
170 | ||
171 | void tick() override; // check state, take actions | |
172 | ||
173 | void dump_info(Formatter *f); | |
174 | }; | |
175 | ||
176 | ||
177 | WRITE_CLASS_ENCODER_FEATURES(AuthMonitor::Incremental) | |
178 | ||
179 | #endif |