[ceph.git] / ceph / src / rgw / librgw.cc

// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab
/*
 * Ceph - scalable distributed file system
 *
 * Copyright (C) 2011 New Dream Network
 *
 * This is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License version 2.1, as published by the Free Software
 * Foundation.  See file COPYING.
 *
 */
#include "include/compat.h"
#include <sys/types.h>
#include <string.h>
#include <chrono>

#include "include/types.h"
#include "include/rados/librgw.h"
#include "rgw/rgw_acl_s3.h"
#include "rgw_acl.h"

#include "include/str_list.h"
#include "include/stringify.h"
#include "global/global_init.h"
#include "global/signal_handler.h"
#include "common/config.h"
#include "common/errno.h"
#include "common/Timer.h"
#include "common/Throttle.h"
#include "common/WorkQueue.h"
#include "common/ceph_argparse.h"
#include "common/ceph_context.h"
#include "common/common_init.h"
#include "common/dout.h"

#include "rgw_rados.h"
#include "rgw_resolve.h"
#include "rgw_op.h"
#include "rgw_rest.h"
#include "rgw_frontend.h"
#include "rgw_request.h"
#include "rgw_process.h"
#include "rgw_rest_user.h"
#include "rgw_rest_s3.h"
#include "rgw_os_lib.h"
#include "rgw_auth.h"
#include "rgw_auth_s3.h"
#include "rgw_lib.h"
#include "rgw_lib_frontend.h"

#include <errno.h>
#include <chrono>
#include <thread>
#include <string>
#include <string.h>
#include <mutex>


#define dout_subsys ceph_subsys_rgw

bool global_stop = false;

static void handle_sigterm(int signum)
{
  dout(20) << __func__ << " SIGUSR1 ignored" << dendl;
}

namespace rgw {

  using std::string;

  static std::mutex librgw_mtx;

  RGWLib rgwlib;

  class C_InitTimeout : public Context {
  public:
    C_InitTimeout() {}
    void finish(int r) override {
      derr << "Initialization timeout, failed to initialize" << dendl;
      exit(1);
    }
  };

  void RGWLibProcess::checkpoint()
  {
    m_tp.drain(&req_wq);
  }

#define MIN_EXPIRE_S 120

  void RGWLibProcess::run()
  {
    /* write completion interval */
    RGWLibFS::write_completion_interval_s =
      cct->_conf->rgw_nfs_write_completion_interval_s;

    /* start write timer */
    RGWLibFS::write_timer.resume();

    /* gc loop */
    while (! shutdown) {
      lsubdout(cct, rgw, 5) << "RGWLibProcess GC" << dendl;

      /* dirent invalidate timeout--basically, the upper-bound on
       * inconsistency with the S3 namespace */
      auto expire_s = cct->_conf->rgw_nfs_namespace_expire_secs;

      /* delay between gc cycles */
      auto delay_s = std::max(int64_t(1), std::min(int64_t(MIN_EXPIRE_S), expire_s/2));

      unique_lock uniq(mtx);
    restart:
      int cur_gen = gen;
      for (auto iter = mounted_fs.begin(); iter != mounted_fs.end();
	   ++iter) {
	RGWLibFS* fs = iter->first->ref();
	uniq.unlock();
	fs->gc();
	fs->rele();
	uniq.lock();
	if (cur_gen != gen)
	  goto restart; /* invalidated */
      }
      uniq.unlock();
      std::this_thread::sleep_for(std::chrono::seconds(delay_s));
    }
  }

  void RGWLibProcess::handle_request(RGWRequest* r)
  {
    /*
     * invariant: valid requests are derived from RGWLibRequst
     */
    RGWLibRequest* req = static_cast<RGWLibRequest*>(r);

    // XXX move RGWLibIO and timing setup into process_request

#if 0 /* XXX */
    utime_t tm = ceph_clock_now();
#endif

    RGWLibIO io_ctx;

    int ret = process_request(req, &io_ctx);
    if (ret < 0) {
      /* we don't really care about return code */
      dout(20) << "process_request() returned " << ret << dendl;

    }
    delete req;
  } /* handle_request */

  int RGWLibProcess::process_request(RGWLibRequest* req)
  {
    // XXX move RGWLibIO and timing setup into process_request

#if 0 /* XXX */
    utime_t tm = ceph_clock_now();
#endif

    RGWLibIO io_ctx;

    int ret = process_request(req, &io_ctx);
    if (ret < 0) {
      /* we don't really care about return code */
      dout(20) << "process_request() returned " << ret << dendl;
    }
    return ret;
  } /* process_request */

  static inline void abort_req(struct req_state *s, RGWOp *op, int err_no)
  {
    if (!s)
      return;

    /* XXX the dump_errno and dump_bucket_from_state behaviors in
     * the abort_early (rgw_rest.cc) might be valuable, but aren't
     * safe to call presently as they return HTTP data */

    perfcounter->inc(l_rgw_failed_req);
  } /* abort_req */

  int RGWLibProcess::process_request(RGWLibRequest* req, RGWLibIO* io)
  {
    int ret = 0;
    bool should_log = true; // XXX

    dout(1) << "====== " << __func__
	    << " starting new request req=" << hex << req << dec
	    << " ======" << dendl;

    /*
     * invariant: valid requests are derived from RGWOp--well-formed
     * requests should have assigned RGWRequest::op in their descendant
     * constructor--if not, the compiler can find it, at the cost of
     * a runtime check
     */
    RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
    if (! op) {
      dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
      return -EINVAL;
    }

    io->init(req->cct);

    perfcounter->inc(l_rgw_req);

    RGWEnv& rgw_env = io->get_env();

    /* XXX
     * until major refactoring of req_state and req_info, we need
     * to build their RGWEnv boilerplate from the RGWLibRequest,
     * pre-staging any strings (HTTP_HOST) that provoke a crash when
     * not found
     */

    /* XXX for now, use "";  could be a legit hostname, or, in future,
     * perhaps a tenant (Yehuda) */
    rgw_env.set("HTTP_HOST", "");

    /* XXX and -then- bloat up req_state with string copies from it */
    struct req_state rstate(req->cct, &rgw_env, req->get_user());
    struct req_state *s = &rstate;

    // XXX fix this
    s->cio = io;

    RGWObjectCtx rados_ctx(store, s); // XXX holds std::map

    /* XXX and -then- stash req_state pointers everywhere they are needed */
    ret = req->init(rgw_env, &rados_ctx, io, s);
    if (ret < 0) {
      dout(10) << "failed to initialize request" << dendl;
      abort_req(s, op, ret);
      goto done;
    }

    /* req is-a RGWOp, currently initialized separately */
    ret = req->op_init();
    if (ret < 0) {
      dout(10) << "failed to initialize RGWOp" << dendl;
      abort_req(s, op, ret);
      goto done;
    }

    /* XXX authorize does less here then in the REST path, e.g.,
     * the user's info is cached, but still incomplete */
    req->log(s, "authorizing");
    ret = req->authorize();
    if (ret < 0) {
      dout(10) << "failed to authorize request" << dendl;
      abort_req(s, op, ret);
      goto done;
    }

    /* FIXME: remove this after switching all handlers to the new authentication
     * infrastructure. */
    if (! s->auth.identity) {
      s->auth.identity = rgw::auth::transform_old_authinfo(s);
    }

    req->log(s, "reading op permissions");
    ret = req->read_permissions(op);
    if (ret < 0) {
      abort_req(s, op, ret);
      goto done;
    }

    req->log(s, "init op");
    ret = op->init_processing();
    if (ret < 0) {
      abort_req(s, op, ret);
      goto done;
    }

    req->log(s, "verifying op mask");
    ret = op->verify_op_mask();
    if (ret < 0) {
      abort_req(s, op, ret);
      goto done;
    }

    req->log(s, "verifying op permissions");
    ret = op->verify_permission();
    if (ret < 0) {
      if (s->system_request) {
	dout(2) << "overriding permissions due to system operation" << dendl;
      } else if (s->auth.identity->is_admin_of(s->user->user_id)) {
	dout(2) << "overriding permissions due to admin operation" << dendl;
      } else {
	abort_req(s, op, ret);
	goto done;
      }
    }

    req->log(s, "verifying op params");
    ret = op->verify_params();
    if (ret < 0) {
      abort_req(s, op, ret);
      goto done;
    }

    req->log(s, "executing");
    op->pre_exec();
    op->execute();
    op->complete();

  done:
    try {
      io->complete_request();
    } catch (rgw::io::Exception& e) {
      dout(0) << "ERROR: io->complete_request() returned "
              << e.what() << dendl;
    }
    if (should_log) {
      rgw_log_op(store, nullptr /* !rest */, s,
		 (op ? op->name() : "unknown"), olog);
    }

    int http_ret = s->err.http_ret;

    req->log_format(s, "http status=%d", http_ret);

    dout(1) << "====== " << __func__
	    << " req done req=" << hex << req << dec << " http_status="
	    << http_ret
	    << " ======" << dendl;

    return (ret < 0 ? ret : s->err.ret);
  } /* process_request */

  int RGWLibProcess::start_request(RGWLibContinuedReq* req)
  {

    dout(1) << "====== " << __func__
	    << " starting new continued request req=" << hex << req << dec
	    << " ======" << dendl;

    /*
     * invariant: valid requests are derived from RGWOp--well-formed
     * requests should have assigned RGWRequest::op in their descendant
     * constructor--if not, the compiler can find it, at the cost of
     * a runtime check
     */
    RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
    if (! op) {
      dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
      return -EINVAL;
    }

    struct req_state* s = req->get_state();

    /* req is-a RGWOp, currently initialized separately */
    int ret = req->op_init();
    if (ret < 0) {
      dout(10) << "failed to initialize RGWOp" << dendl;
      abort_req(s, op, ret);
      goto done;
    }

    /* XXX authorize does less here then in the REST path, e.g.,
     * the user's info is cached, but still incomplete */
    req->log(s, "authorizing");
    ret = req->authorize();
    if (ret < 0) {
      dout(10) << "failed to authorize request" << dendl;
      abort_req(s, op, ret);
      goto done;
    }

    /* FIXME: remove this after switching all handlers to the new authentication
     * infrastructure. */
    if (! s->auth.identity) {
      s->auth.identity = rgw::auth::transform_old_authinfo(s);
    }

    req->log(s, "reading op permissions");
    ret = req->read_permissions(op);
    if (ret < 0) {
      abort_req(s, op, ret);
      goto done;
    }

    req->log(s, "init op");
    ret = op->init_processing();
    if (ret < 0) {
      abort_req(s, op, ret);
      goto done;
    }

    req->log(s, "verifying op mask");
    ret = op->verify_op_mask();
    if (ret < 0) {
      abort_req(s, op, ret);
      goto done;
    }

    req->log(s, "verifying op permissions");
    ret = op->verify_permission();
    if (ret < 0) {
      if (s->system_request) {
	dout(2) << "overriding permissions due to system operation" << dendl;
      } else if (s->auth.identity->is_admin_of(s->user->user_id)) {
	dout(2) << "overriding permissions due to admin operation" << dendl;
      } else {
	abort_req(s, op, ret);
	goto done;
      }
    }

    req->log(s, "verifying op params");
    ret = op->verify_params();
    if (ret < 0) {
      abort_req(s, op, ret);
      goto done;
    }

    op->pre_exec();
    req->exec_start();

  done:
    return (ret < 0 ? ret : s->err.ret);
  }

  int RGWLibProcess::finish_request(RGWLibContinuedReq* req)
  {
    RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
    if (! op) {
      dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
      return -EINVAL;
    }

    int ret = req->exec_finish();
    int op_ret = op->get_ret();

    dout(1) << "====== " << __func__
	    << " finishing continued request req=" << hex << req << dec
	    << " op status=" << op_ret
	    << " ======" << dendl;

    return ret;
  }

  int RGWLibFrontend::init()
  {
    pprocess = new RGWLibProcess(g_ceph_context, &env,
				 g_conf->rgw_thread_pool_size, conf);
    return 0;
  }

  int RGWLib::init()
  {
    vector<const char*> args;
    return init(args);
  }

  int RGWLib::init(vector<const char*>& args)
  {
    int r = 0;

    /* alternative default for module */
    vector<const char *> def_args;
    def_args.push_back("--debug-rgw=1/5");
    def_args.push_back("--keyring=$rgw_data/keyring");
    def_args.push_back("--log-file=/var/log/radosgw/$cluster-$name.log");

    cct = global_init(&def_args, args,
		      CEPH_ENTITY_TYPE_CLIENT,
		      CODE_ENVIRONMENT_DAEMON,
		      CINIT_FLAG_UNPRIVILEGED_DAEMON_DEFAULTS);

    Mutex mutex("main");
    SafeTimer init_timer(g_ceph_context, mutex);
    init_timer.init();
    mutex.Lock();
    init_timer.add_event_after(g_conf->rgw_init_timeout, new C_InitTimeout);
    mutex.Unlock();

    common_init_finish(g_ceph_context);

    rgw_tools_init(g_ceph_context);

    rgw_init_resolver();

    store = RGWStoreManager::get_storage(g_ceph_context,
					 g_conf->rgw_enable_gc_threads,
					 g_conf->rgw_enable_lc_threads,
					 g_conf->rgw_enable_quota_threads,
					 g_conf->rgw_run_sync_thread,
					 g_conf->rgw_dynamic_resharding);

    if (!store) {
      mutex.Lock();
      init_timer.cancel_all_events();
      init_timer.shutdown();
      mutex.Unlock();

      derr << "Couldn't init storage provider (RADOS)" << dendl;
      return -EIO;
    }

    r = rgw_perf_start(g_ceph_context);

    rgw_rest_init(g_ceph_context, store, store->get_zonegroup());

    mutex.Lock();
    init_timer.cancel_all_events();
    init_timer.shutdown();
    mutex.Unlock();

    if (r)
      return -EIO;

    const string& ldap_uri = store->ctx()->_conf->rgw_ldap_uri;
    const string& ldap_binddn = store->ctx()->_conf->rgw_ldap_binddn;
    const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
    const string& ldap_searchfilter = store->ctx()->_conf->rgw_ldap_searchfilter;
    const string& ldap_dnattr =
      store->ctx()->_conf->rgw_ldap_dnattr;
    std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());

    ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(),
			      ldap_searchdn, ldap_searchfilter, ldap_dnattr);
    ldh->init();
    ldh->bind();

    rgw_user_init(store);
    rgw_bucket_init(store->meta_mgr);
    rgw_log_usage_init(g_ceph_context, store);

    // XXX ex-RGWRESTMgr_lib, mgr->set_logging(true)

    if (!g_conf->rgw_ops_log_socket_path.empty()) {
      olog = new OpsLogSocket(g_ceph_context, g_conf->rgw_ops_log_data_backlog);
      olog->init(g_conf->rgw_ops_log_socket_path);
    }

    int port = 80;
    RGWProcessEnv env = { store, &rest, olog, port };

    string fe_count{"0"};
    fec = new RGWFrontendConfig("rgwlib");
    fe = new RGWLibFrontend(env, fec);

    init_async_signal_handler();
    register_async_signal_handler(SIGUSR1, handle_sigterm);

    map<string, string> service_map_meta;
    service_map_meta["pid"] = stringify(getpid());
    service_map_meta["frontend_type#" + fe_count] = "rgw-nfs";
    service_map_meta["frontend_config#" + fe_count] = fec->get_config();

    fe->init();
    if (r < 0) {
      derr << "ERROR: failed initializing frontend" << dendl;
      return r;
    }

    fe->run();

    r = store->register_to_service_map("rgw-nfs", service_map_meta);
    if (r < 0) {
      derr << "ERROR: failed to register to service map: " << cpp_strerror(-r) << dendl;
      /* ignore error */
    }

    return 0;
  } /* RGWLib::init() */

  int RGWLib::stop()
  {
    derr << "shutting down" << dendl;

    fe->stop();

    fe->join();

    delete fe;
    delete fec;
    delete ldh;

    unregister_async_signal_handler(SIGUSR1, handle_sigterm);
    shutdown_async_signal_handler();

    rgw_log_usage_finalize();

    delete olog;

    RGWStoreManager::close_storage(store);

    rgw_tools_cleanup();
    rgw_shutdown_resolver();

    rgw_perf_stop(g_ceph_context);

    dout(1) << "final shutdown" << dendl;
    cct.reset();

    return 0;
  } /* RGWLib::stop() */

  int RGWLibIO::set_uid(RGWRados *store, const rgw_user& uid)
  {
    int ret = rgw_get_user_info_by_uid(store, uid, user_info, NULL);
    if (ret < 0) {
      derr << "ERROR: failed reading user info: uid=" << uid << " ret="
	   << ret << dendl;
    }
    return ret;
  }

  int RGWLibRequest::read_permissions(RGWOp* op) {
    /* bucket and object ops */
    int ret =
      rgw_build_bucket_policies(rgwlib.get_store(), get_state());
    if (ret < 0) {
      ldout(get_state()->cct, 10) << "read_permissions (bucket policy) on "
				  << get_state()->bucket << ":"
				  << get_state()->object
				  << " only_bucket=" << only_bucket()
				  << " ret=" << ret << dendl;
      if (ret == -ENODATA)
	ret = -EACCES;
    } else if (! only_bucket()) {
      /* object ops */
      ret = rgw_build_object_policies(rgwlib.get_store(), get_state(),
				      op->prefetch_data());
      if (ret < 0) {
	ldout(get_state()->cct, 10) << "read_permissions (object policy) on"
				    << get_state()->bucket << ":"
				    << get_state()->object
				    << " ret=" << ret << dendl;
	if (ret == -ENODATA)
	  ret = -EACCES;
      }
    }
    return ret;
  } /* RGWLibRequest::read_permissions */

  int RGWHandler_Lib::authorize()
  {
    /* TODO: handle
     *  1. subusers
     *  2. anonymous access
     *  3. system access
     *  4. ?
     *
     *  Much or all of this depends on handling the cached authorization
     *  correctly (e.g., dealing with keystone) at mount time.
     */
    s->perm_mask = RGW_PERM_FULL_CONTROL;

    // populate the owner info
    s->owner.set_id(s->user->user_id);
    s->owner.set_name(s->user->display_name);

    return 0;
  } /* RGWHandler_Lib::authorize */

} /* namespace rgw */

extern "C" {

int librgw_create(librgw_t* rgw, int argc, char **argv)
{
  using namespace rgw;

  int rc = -EINVAL;

  if (! g_ceph_context) {
    std::lock_guard<std::mutex> lg(librgw_mtx);
    if (! g_ceph_context) {
      vector<const char*> args;
      std::vector<std::string> spl_args;
      // last non-0 argument will be split and consumed
      if (argc > 1) {
	const std::string spl_arg{argv[(--argc)]};
	get_str_vec(spl_arg, " \t", spl_args);
      }
      argv_to_vec(argc, const_cast<const char**>(argv), args);
      // append split args, if any
      for (const auto& elt : spl_args) {
	args.push_back(elt.c_str());
      }
      env_to_vec(args);
      rc = rgwlib.init(args);
    }
  }

  *rgw = g_ceph_context->get();

  return rc;
}

void librgw_shutdown(librgw_t rgw)
{
  using namespace rgw;

  CephContext* cct = static_cast<CephContext*>(rgw);
  rgwlib.stop();
  cct->put();
}

} /* extern "C" */
Commit	Line	Data
7c673cae FG	1	// -- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t --
	2	// vim: ts=8 sw=2 smarttab
	3	/*
	4	* Ceph - scalable distributed file system
	5	*
	6	* Copyright (C) 2011 New Dream Network
	7	*
	8	* This is free software; you can redistribute it and/or
	9	* modify it under the terms of the GNU Lesser General Public
	10	* License version 2.1, as published by the Free Software
	11	* Foundation. See file COPYING.
	12	*
	13	*/
31f18b77	14	#include "include/compat.h"
7c673cae FG	15	#include <sys/types.h>
	16	#include <string.h>
	17	#include <chrono>
	18
	19	#include "include/types.h"
	20	#include "include/rados/librgw.h"
	21	#include "rgw/rgw_acl_s3.h"
	22	#include "rgw_acl.h"
	23
	24	#include "include/str_list.h"
224ce89b	25	#include "include/stringify.h"
7c673cae	26	#include "global/global_init.h"
b32b8144	27	#include "global/signal_handler.h"
7c673cae FG	28	#include "common/config.h"
	29	#include "common/errno.h"
	30	#include "common/Timer.h"
	31	#include "common/Throttle.h"
	32	#include "common/WorkQueue.h"
	33	#include "common/ceph_argparse.h"
	34	#include "common/ceph_context.h"
	35	#include "common/common_init.h"
	36	#include "common/dout.h"
	37
	38	#include "rgw_rados.h"
	39	#include "rgw_resolve.h"
	40	#include "rgw_op.h"
	41	#include "rgw_rest.h"
	42	#include "rgw_frontend.h"
	43	#include "rgw_request.h"
	44	#include "rgw_process.h"
	45	#include "rgw_rest_user.h"
	46	#include "rgw_rest_s3.h"
	47	#include "rgw_os_lib.h"
	48	#include "rgw_auth.h"
	49	#include "rgw_auth_s3.h"
	50	#include "rgw_lib.h"
	51	#include "rgw_lib_frontend.h"
	52
	53	#include <errno.h>
	54	#include <chrono>
	55	#include <thread>
	56	#include <string>
	57	#include <string.h>
	58	#include <mutex>
	59
	60
	61	#define dout_subsys ceph_subsys_rgw
	62
	63	bool global_stop = false;
	64
b32b8144 FG	65	static void handle_sigterm(int signum)
	66	{
	67	dout(20) << __func__ << " SIGUSR1 ignored" << dendl;
	68	}
	69
7c673cae FG	70	namespace rgw {
	71
	72	using std::string;
	73
	74	static std::mutex librgw_mtx;
	75
	76	RGWLib rgwlib;
	77
	78	class C_InitTimeout : public Context {
	79	public:
	80	C_InitTimeout() {}
	81	void finish(int r) override {
	82	derr << "Initialization timeout, failed to initialize" << dendl;
	83	exit(1);
	84	}
	85	};
	86
	87	void RGWLibProcess::checkpoint()
	88	{
	89	m_tp.drain(&req_wq);
	90	}
	91
	92	#define MIN_EXPIRE_S 120
	93
	94	void RGWLibProcess::run()
	95	{
	96	/* write completion interval */
	97	RGWLibFS::write_completion_interval_s =
	98	cct->_conf->rgw_nfs_write_completion_interval_s;
	99
	100	/* start write timer */
	101	RGWLibFS::write_timer.resume();
	102
	103	/* gc loop */
	104	while (! shutdown) {
	105	lsubdout(cct, rgw, 5) << "RGWLibProcess GC" << dendl;
	106
	107	/* dirent invalidate timeout--basically, the upper-bound on
	108	* inconsistency with the S3 namespace */
	109	auto expire_s = cct->_conf->rgw_nfs_namespace_expire_secs;
	110
	111	/* delay between gc cycles */
c07f9fc5	112	auto delay_s = std::max(int64_t(1), std::min(int64_t(MIN_EXPIRE_S), expire_s/2));
7c673cae FG	113
	114	unique_lock uniq(mtx);
	115	restart:
	116	int cur_gen = gen;
	117	for (auto iter = mounted_fs.begin(); iter != mounted_fs.end();
	118	++iter) {
	119	RGWLibFS* fs = iter->first->ref();
	120	uniq.unlock();
	121	fs->gc();
	122	fs->rele();
	123	uniq.lock();
	124	if (cur_gen != gen)
	125	goto restart; /* invalidated */
	126	}
	127	uniq.unlock();
	128	std::this_thread::sleep_for(std::chrono::seconds(delay_s));
	129	}
	130	}
	131
	132	void RGWLibProcess::handle_request(RGWRequest* r)
	133	{
	134	/*
	135	* invariant: valid requests are derived from RGWLibRequst
	136	*/
	137	RGWLibRequest* req = static_cast<RGWLibRequest*>(r);
	138
	139	// XXX move RGWLibIO and timing setup into process_request
	140
	141	#if 0 /* XXX */
	142	utime_t tm = ceph_clock_now();
	143	#endif
	144
	145	RGWLibIO io_ctx;
	146
	147	int ret = process_request(req, &io_ctx);
	148	if (ret < 0) {
	149	/* we don't really care about return code */
	150	dout(20) << "process_request() returned " << ret << dendl;
	151
	152	}
	153	delete req;
	154	} /* handle_request */
	155
	156	int RGWLibProcess::process_request(RGWLibRequest* req)
	157	{
	158	// XXX move RGWLibIO and timing setup into process_request
	159
	160	#if 0 /* XXX */
	161	utime_t tm = ceph_clock_now();
	162	#endif
	163
	164	RGWLibIO io_ctx;
	165
	166	int ret = process_request(req, &io_ctx);
	167	if (ret < 0) {
	168	/* we don't really care about return code */
	169	dout(20) << "process_request() returned " << ret << dendl;
	170	}
	171	return ret;
	172	} /* process_request */
	173
	174	static inline void abort_req(struct req_state s, RGWOp op, int err_no)
	175	{
	176	if (!s)
177	return;
178
179	/* XXX the dump_errno and dump_bucket_from_state behaviors in
180	* the abort_early (rgw_rest.cc) might be valuable, but aren't
181	* safe to call presently as they return HTTP data */
182
183	perfcounter->inc(l_rgw_failed_req);
184	} /* abort_req */
185
186	int RGWLibProcess::process_request(RGWLibRequest* req, RGWLibIO* io)
187	{
188	int ret = 0;
189	bool should_log = true; // XXX
190
191	dout(1) << "====== " << __func__
192	<< " starting new request req=" << hex << req << dec
193	<< " ======" << dendl;
194
195	/*
196	* invariant: valid requests are derived from RGWOp--well-formed
197	* requests should have assigned RGWRequest::op in their descendant
198	* constructor--if not, the compiler can find it, at the cost of
199	* a runtime check
200	*/
201	RGWOp op = (req->op) ? req->op : dynamic_cast<RGWOp>(req);
202	if (! op) {
203	dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
204	return -EINVAL;
205	}
206
207	io->init(req->cct);
208
209	perfcounter->inc(l_rgw_req);
210
211	RGWEnv& rgw_env = io->get_env();
212
213	/* XXX
214	* until major refactoring of req_state and req_info, we need
215	* to build their RGWEnv boilerplate from the RGWLibRequest,
216	* pre-staging any strings (HTTP_HOST) that provoke a crash when
217	* not found
218	*/
219
220	/* XXX for now, use ""; could be a legit hostname, or, in future,
221	* perhaps a tenant (Yehuda) */
222	rgw_env.set("HTTP_HOST", "");
223
224	/* XXX and -then- bloat up req_state with string copies from it */
225	struct req_state rstate(req->cct, &rgw_env, req->get_user());
226	struct req_state *s = &rstate;
227
228	// XXX fix this
229	s->cio = io;
230
231	RGWObjectCtx rados_ctx(store, s); // XXX holds std::map
232
233	/* XXX and -then- stash req_state pointers everywhere they are needed */
234	ret = req->init(rgw_env, &rados_ctx, io, s);
235	if (ret < 0) {
236	dout(10) << "failed to initialize request" << dendl;
237	abort_req(s, op, ret);
238	goto done;
239	}
240
241	/* req is-a RGWOp, currently initialized separately */
242	ret = req->op_init();
243	if (ret < 0) {
244	dout(10) << "failed to initialize RGWOp" << dendl;
245	abort_req(s, op, ret);
246	goto done;
247	}
248
249	/* XXX authorize does less here then in the REST path, e.g.,
250	* the user's info is cached, but still incomplete */
251	req->log(s, "authorizing");
252	ret = req->authorize();
253	if (ret < 0) {
254	dout(10) << "failed to authorize request" << dendl;
255	abort_req(s, op, ret);
256	goto done;
257	}
258
259	/* FIXME: remove this after switching all handlers to the new authentication
260	* infrastructure. */
261	if (! s->auth.identity) {
262	s->auth.identity = rgw::auth::transform_old_authinfo(s);
263	}
264
265	req->log(s, "reading op permissions");
266	ret = req->read_permissions(op);
267	if (ret < 0) {
268	abort_req(s, op, ret);
269	goto done;
270	}
271
272	req->log(s, "init op");
273	ret = op->init_processing();
274	if (ret < 0) {
275	abort_req(s, op, ret);
276	goto done;
277	}
278
279	req->log(s, "verifying op mask");
280	ret = op->verify_op_mask();
281	if (ret < 0) {
282	abort_req(s, op, ret);
283	goto done;
284	}
285
286	req->log(s, "verifying op permissions");
287	ret = op->verify_permission();
288	if (ret < 0) {
289	if (s->system_request) {
290	dout(2) << "overriding permissions due to system operation" << dendl;
291	} else if (s->auth.identity->is_admin_of(s->user->user_id)) {
292	dout(2) << "overriding permissions due to admin operation" << dendl;
293	} else {
294	abort_req(s, op, ret);
295	goto done;
296	}
297	}
298
299	req->log(s, "verifying op params");
300	ret = op->verify_params();
301	if (ret < 0) {
302	abort_req(s, op, ret);
303	goto done;
304	}
305
306	req->log(s, "executing");
307	op->pre_exec();
308	op->execute();
309	op->complete();
310
311	done:
312	try {
313	io->complete_request();
314	} catch (rgw::io::Exception& e) {
315	dout(0) << "ERROR: io->complete_request() returned "
316	<< e.what() << dendl;
317	}
318	if (should_log) {
319	rgw_log_op(store, nullptr /* !rest */, s,
320	(op ? op->name() : "unknown"), olog);
321	}
322
323	int http_ret = s->err.http_ret;
324
325	req->log_format(s, "http status=%d", http_ret);
326
327	dout(1) << "====== " << __func__
328	<< " req done req=" << hex << req << dec << " http_status="
329	<< http_ret
330	<< " ======" << dendl;
331
332	return (ret < 0 ? ret : s->err.ret);
333	} /* process_request */
334
335	int RGWLibProcess::start_request(RGWLibContinuedReq* req)
336	{
337
338	dout(1) << "====== " << __func__
339	<< " starting new continued request req=" << hex << req << dec
340	<< " ======" << dendl;
341
342	/*
343	* invariant: valid requests are derived from RGWOp--well-formed
344	* requests should have assigned RGWRequest::op in their descendant
345	* constructor--if not, the compiler can find it, at the cost of
346	* a runtime check
347	*/
348	RGWOp op = (req->op) ? req->op : dynamic_cast<RGWOp>(req);
349	if (! op) {
350	dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
351	return -EINVAL;
352	}
353
354	struct req_state* s = req->get_state();
355
356	/* req is-a RGWOp, currently initialized separately */
357	int ret = req->op_init();
358	if (ret < 0) {
359	dout(10) << "failed to initialize RGWOp" << dendl;
360	abort_req(s, op, ret);
361	goto done;
362	}
363
364	/* XXX authorize does less here then in the REST path, e.g.,
365	* the user's info is cached, but still incomplete */
366	req->log(s, "authorizing");
367	ret = req->authorize();
368	if (ret < 0) {
369	dout(10) << "failed to authorize request" << dendl;
370	abort_req(s, op, ret);
371	goto done;
372	}
373
374	/* FIXME: remove this after switching all handlers to the new authentication
375	* infrastructure. */
376	if (! s->auth.identity) {
377	s->auth.identity = rgw::auth::transform_old_authinfo(s);
378	}
379
380	req->log(s, "reading op permissions");
381	ret = req->read_permissions(op);
382	if (ret < 0) {
383	abort_req(s, op, ret);
384	goto done;
385	}
386
387	req->log(s, "init op");
388	ret = op->init_processing();
389	if (ret < 0) {
390	abort_req(s, op, ret);
391	goto done;
392	}
393
394	req->log(s, "verifying op mask");
395	ret = op->verify_op_mask();
396	if (ret < 0) {
397	abort_req(s, op, ret);
398	goto done;
399	}
400
401	req->log(s, "verifying op permissions");
402	ret = op->verify_permission();
403	if (ret < 0) {
404	if (s->system_request) {
405	dout(2) << "overriding permissions due to system operation" << dendl;
406	} else if (s->auth.identity->is_admin_of(s->user->user_id)) {
407	dout(2) << "overriding permissions due to admin operation" << dendl;
408	} else {
409	abort_req(s, op, ret);
410	goto done;
411	}
412	}
413
414	req->log(s, "verifying op params");
415	ret = op->verify_params();
416	if (ret < 0) {
417	abort_req(s, op, ret);
418	goto done;
419	}
420
421	op->pre_exec();
422	req->exec_start();
423
424	done:
425	return (ret < 0 ? ret : s->err.ret);
426	}
427
428	int RGWLibProcess::finish_request(RGWLibContinuedReq* req)
429	{
430	RGWOp op = (req->op) ? req->op : dynamic_cast<RGWOp>(req);
431	if (! op) {
432	dout(1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
433	return -EINVAL;
434	}
435
436	int ret = req->exec_finish();
437	int op_ret = op->get_ret();
438
439	dout(1) << "====== " << __func__
440	<< " finishing continued request req=" << hex << req << dec
441	<< " op status=" << op_ret
442	<< " ======" << dendl;
443
444	return ret;
445	}
446
447	int RGWLibFrontend::init()
448	{
449	pprocess = new RGWLibProcess(g_ceph_context, &env,
450	g_conf->rgw_thread_pool_size, conf);
451	return 0;
452	}
453
454	int RGWLib::init()
455	{
456	vector<const char*> args;
457	return init(args);
458	}
459
460	int RGWLib::init(vector<const char*>& args)
461	{
462	int r = 0;
463
464	/* alternative default for module */
465	vector<const char *> def_args;
466	def_args.push_back("--debug-rgw=1/5");
467	def_args.push_back("--keyring=$rgw_data/keyring");
468	def_args.push_back("--log-file=/var/log/radosgw/$cluster-$name.log");
469
470	cct = global_init(&def_args, args,
471	CEPH_ENTITY_TYPE_CLIENT,
472	CODE_ENVIRONMENT_DAEMON,
473	CINIT_FLAG_UNPRIVILEGED_DAEMON_DEFAULTS);
474
475	Mutex mutex("main");
476	SafeTimer init_timer(g_ceph_context, mutex);
477	init_timer.init();
478	mutex.Lock();
479	init_timer.add_event_after(g_conf->rgw_init_timeout, new C_InitTimeout);
480	mutex.Unlock();
481
482	common_init_finish(g_ceph_context);
483
484	rgw_tools_init(g_ceph_context);
485
486	rgw_init_resolver();
487
488	store = RGWStoreManager::get_storage(g_ceph_context,
489	g_conf->rgw_enable_gc_threads,
490	g_conf->rgw_enable_lc_threads,
491	g_conf->rgw_enable_quota_threads,
31f18b77 FG	492	g_conf->rgw_run_sync_thread,
31f18b77 FG	493	g_conf->rgw_dynamic_resharding);
7c673cae FG	494
	495	if (!store) {
	496	mutex.Lock();
	497	init_timer.cancel_all_events();
	498	init_timer.shutdown();
	499	mutex.Unlock();
	500
	501	derr << "Couldn't init storage provider (RADOS)" << dendl;
	502	return -EIO;
	503	}
	504
	505	r = rgw_perf_start(g_ceph_context);
	506
	507	rgw_rest_init(g_ceph_context, store, store->get_zonegroup());
	508
	509	mutex.Lock();
	510	init_timer.cancel_all_events();
	511	init_timer.shutdown();
	512	mutex.Unlock();
	513
	514	if (r)
	515	return -EIO;
	516
	517	const string& ldap_uri = store->ctx()->_conf->rgw_ldap_uri;
	518	const string& ldap_binddn = store->ctx()->_conf->rgw_ldap_binddn;
	519	const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
	520	const string& ldap_searchfilter = store->ctx()->_conf->rgw_ldap_searchfilter;
	521	const string& ldap_dnattr =
	522	store->ctx()->_conf->rgw_ldap_dnattr;
	523	std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
	524
	525	ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(),
	526	ldap_searchdn, ldap_searchfilter, ldap_dnattr);
	527	ldh->init();
	528	ldh->bind();
	529
	530	rgw_user_init(store);
	531	rgw_bucket_init(store->meta_mgr);
	532	rgw_log_usage_init(g_ceph_context, store);
	533
	534	// XXX ex-RGWRESTMgr_lib, mgr->set_logging(true)
	535
	536	if (!g_conf->rgw_ops_log_socket_path.empty()) {
	537	olog = new OpsLogSocket(g_ceph_context, g_conf->rgw_ops_log_data_backlog);
	538	olog->init(g_conf->rgw_ops_log_socket_path);
	539	}
	540
	541	int port = 80;
	542	RGWProcessEnv env = { store, &rest, olog, port };
	543
224ce89b	544	string fe_count{"0"};
7c673cae FG	545	fec = new RGWFrontendConfig("rgwlib");
	546	fe = new RGWLibFrontend(env, fec);
	547
b32b8144 FG	548	init_async_signal_handler();
	549	register_async_signal_handler(SIGUSR1, handle_sigterm);
	550
224ce89b WB	551	map<string, string> service_map_meta;
	552	service_map_meta["pid"] = stringify(getpid());
	553	service_map_meta["frontend_type#" + fe_count] = "rgw-nfs";
	554	service_map_meta["frontend_config#" + fe_count] = fec->get_config();
	555
7c673cae FG	556	fe->init();
	557	if (r < 0) {
	558	derr << "ERROR: failed initializing frontend" << dendl;
	559	return r;
	560	}
	561
	562	fe->run();
	563
224ce89b WB	564	r = store->register_to_service_map("rgw-nfs", service_map_meta);
	565	if (r < 0) {
	566	derr << "ERROR: failed to register to service map: " << cpp_strerror(-r) << dendl;
	567	/* ignore error */
	568	}
	569
7c673cae FG	570	return 0;
	571	} /* RGWLib::init() */
	572
	573	int RGWLib::stop()
	574	{
	575	derr << "shutting down" << dendl;
	576
	577	fe->stop();
	578
	579	fe->join();
	580
	581	delete fe;
	582	delete fec;
	583	delete ldh;
	584
b32b8144 FG	585	unregister_async_signal_handler(SIGUSR1, handle_sigterm);
	586	shutdown_async_signal_handler();
	587
7c673cae FG	588	rgw_log_usage_finalize();
	589
	590	delete olog;
	591
	592	RGWStoreManager::close_storage(store);
	593
	594	rgw_tools_cleanup();
	595	rgw_shutdown_resolver();
	596
	597	rgw_perf_stop(g_ceph_context);
	598
	599	dout(1) << "final shutdown" << dendl;
	600	cct.reset();
	601
	602	return 0;
	603	} /* RGWLib::stop() */
	604
	605	int RGWLibIO::set_uid(RGWRados *store, const rgw_user& uid)
	606	{
	607	int ret = rgw_get_user_info_by_uid(store, uid, user_info, NULL);
	608	if (ret < 0) {
	609	derr << "ERROR: failed reading user info: uid=" << uid << " ret="
	610	<< ret << dendl;
	611	}
	612	return ret;
	613	}
	614
	615	int RGWLibRequest::read_permissions(RGWOp* op) {
	616	/* bucket and object ops */
	617	int ret =
	618	rgw_build_bucket_policies(rgwlib.get_store(), get_state());
	619	if (ret < 0) {
	620	ldout(get_state()->cct, 10) << "read_permissions (bucket policy) on "
	621	<< get_state()->bucket << ":"
	622	<< get_state()->object
	623	<< " only_bucket=" << only_bucket()
	624	<< " ret=" << ret << dendl;
	625	if (ret == -ENODATA)
	626	ret = -EACCES;
	627	} else if (! only_bucket()) {
	628	/* object ops */
	629	ret = rgw_build_object_policies(rgwlib.get_store(), get_state(),
	630	op->prefetch_data());
	631	if (ret < 0) {
	632	ldout(get_state()->cct, 10) << "read_permissions (object policy) on"
	633	<< get_state()->bucket << ":"
	634	<< get_state()->object
	635	<< " ret=" << ret << dendl;
	636	if (ret == -ENODATA)
	637	ret = -EACCES;
	638	}
	639	}
	640	return ret;
	641	} /* RGWLibRequest::read_permissions */
	642
	643	int RGWHandler_Lib::authorize()
	644	{
	645	/* TODO: handle
	646	* 1. subusers
	647	* 2. anonymous access
	648	* 3. system access
	649	* 4. ?
	650	*
	651	* Much or all of this depends on handling the cached authorization
652	* correctly (e.g., dealing with keystone) at mount time.
653	*/
654	s->perm_mask = RGW_PERM_FULL_CONTROL;
655
656	// populate the owner info
657	s->owner.set_id(s->user->user_id);
658	s->owner.set_name(s->user->display_name);
659
660	return 0;
661	} /* RGWHandler_Lib::authorize */
662
663	} /* namespace rgw */
664
665	extern "C" {
666
667	int librgw_create(librgw_t* rgw, int argc, char **argv)
668	{
669	using namespace rgw;
670
671	int rc = -EINVAL;
672
673	if (! g_ceph_context) {
674	std::lock_guard<std::mutex> lg(librgw_mtx);
675	if (! g_ceph_context) {
676	vector<const char*> args;
677	std::vector<std::string> spl_args;
678	// last non-0 argument will be split and consumed
679	if (argc > 1) {
680	const std::string spl_arg{argv[(--argc)]};
681	get_str_vec(spl_arg, " \t", spl_args);
682	}
683	argv_to_vec(argc, const_cast<const char**>(argv), args);
684	// append split args, if any
685	for (const auto& elt : spl_args) {
686	args.push_back(elt.c_str());
687	}
688	env_to_vec(args);
689	rc = rgwlib.init(args);
690	}
691	}
692
693	*rgw = g_ceph_context->get();
694
695	return rc;
696	}
697
698	void librgw_shutdown(librgw_t rgw)
699	{
700	using namespace rgw;
701
702	CephContext* cct = static_cast<CephContext*>(rgw);
703	rgwlib.stop();
704	cct->put();
705	}
706
707	} /* extern "C" */