1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #ifndef CEPH_RGW_USER_H
5 #define CEPH_RGW_USER_H
8 #include <boost/algorithm/string.hpp>
9 #include "include/assert.h"
11 #include "include/types.h"
12 #include "rgw_common.h"
13 #include "rgw_tools.h"
15 #include "rgw_rados.h"
17 #include "rgw_string.h"
19 #include "common/Formatter.h"
20 #include "rgw_formats.h"
22 #define RGW_USER_ANON_ID "anonymous"
24 #define SECRET_KEY_LEN 40
25 #define PUBLIC_ID_LEN 20
26 #define RAND_SUBUSER_LEN 5
28 #define XMLNS_AWS_S3 "http://s3.amazonaws.com/doc/2006-03-01/"
31 * A string wrapper that includes encode/decode functions
32 * for easily accessing a UID in all forms
37 void encode(bufferlist
& bl
) const {
42 void decode(bufferlist::iterator
& bl
) {
48 WRITE_CLASS_ENCODER(RGWUID
)
50 extern int rgw_user_sync_all_stats(RGWRados
*store
, const rgw_user
& user_id
);
52 * Get the anonymous (ie, unauthenticated) user info.
54 extern void rgw_get_anon_user(RGWUserInfo
& info
);
57 * Save the given user information to storage.
58 * Returns: 0 on success, -ERR# on failure.
60 extern int rgw_store_user_info(RGWRados
*store
,
62 RGWUserInfo
*old_info
,
63 RGWObjVersionTracker
*objv_tracker
,
66 map
<string
, bufferlist
> *pattrs
= NULL
);
69 * Given an user_id, finds the user info associated with it.
70 * returns: 0 on success, -ERR# on failure (including nonexistence)
72 extern int rgw_get_user_info_by_uid(RGWRados
*store
,
73 const rgw_user
& user_id
,
75 RGWObjVersionTracker
*objv_tracker
= NULL
,
76 real_time
*pmtime
= NULL
,
77 rgw_cache_entry_info
*cache_info
= NULL
,
78 map
<string
, bufferlist
> *pattrs
= NULL
);
80 * Given an email, finds the user info associated with it.
81 * returns: 0 on success, -ERR# on failure (including nonexistence)
83 extern int rgw_get_user_info_by_email(RGWRados
*store
, string
& email
, RGWUserInfo
& info
,
84 RGWObjVersionTracker
*objv_tracker
= NULL
, real_time
*pmtime
= NULL
);
86 * Given an swift username, finds the user info associated with it.
87 * returns: 0 on success, -ERR# on failure (including nonexistence)
89 extern int rgw_get_user_info_by_swift(RGWRados
*store
,
90 const string
& swift_name
,
91 RGWUserInfo
& info
, /* out */
92 RGWObjVersionTracker
*objv_tracker
= nullptr,
93 real_time
*pmtime
= nullptr);
95 * Given an access key, finds the user info associated with it.
96 * returns: 0 on success, -ERR# on failure (including nonexistence)
98 extern int rgw_get_user_info_by_access_key(RGWRados
* store
,
99 const std::string
& access_key
,
101 RGWObjVersionTracker
* objv_tracker
= nullptr,
102 real_time
* pmtime
= nullptr);
104 * Get all the custom metadata stored for user specified in @user_id
105 * and put it into @attrs.
106 * Returns: 0 on success, -ERR# on failure.
108 extern int rgw_get_user_attrs_by_uid(RGWRados
*store
,
109 const rgw_user
& user_id
,
110 map
<string
, bufferlist
>& attrs
,
111 RGWObjVersionTracker
*objv_tracker
= NULL
);
113 * Given an RGWUserInfo, deletes the user and its bucket ACLs.
115 extern int rgw_delete_user(RGWRados
*store
, RGWUserInfo
& user
, RGWObjVersionTracker
& objv_tracker
);
117 * Store a list of the user's buckets, with associated functinos.
121 * remove the different indexes
123 extern int rgw_remove_key_index(RGWRados
*store
, RGWAccessKey
& access_key
);
124 extern int rgw_remove_uid_index(RGWRados
*store
, rgw_user
& uid
);
125 extern int rgw_remove_email_index(RGWRados
*store
, string
& email
);
126 extern int rgw_remove_swift_name_index(RGWRados
*store
, string
& swift_name
);
129 * An RGWUser class along with supporting classes created
130 * to support the creation of an RESTful administrative API
133 extern void rgw_perm_to_str(uint32_t mask
, char *buf
, int len
);
134 extern uint32_t rgw_str_to_perm(const char *str
);
154 struct RGWUserAdminOpState
{
158 std::string user_email
;
159 std::string display_name
;
167 RGWObjVersionTracker objv
;
169 map
<int, string
> temp_url_keys
;
171 // subuser attributes
176 std::string id
; // access key
177 std::string key
; // secret key
180 // operation attributes
183 bool existing_subuser
;
185 bool subuser_specified
;
192 bool key_type_setbycontext
; // key type set by user or subuser context
195 bool display_name_specified
;
196 bool user_email_specified
;
197 bool max_buckets_specified
;
199 bool op_mask_specified
;
202 bool admin_specified
;
203 bool system_specified
;
205 bool temp_url_key_specified
;
213 bool key_params_checked
;
214 bool subuser_params_checked
;
215 bool user_params_checked
;
217 bool bucket_quota_specified
;
218 bool user_quota_specified
;
220 RGWQuotaInfo bucket_quota
;
221 RGWQuotaInfo user_quota
;
223 void set_access_key(std::string
& access_key
) {
224 if (access_key
.empty())
233 void set_secret_key(std::string
& secret_key
) {
234 if (secret_key
.empty())
238 key_specified
= true;
243 void set_user_id(rgw_user
& id
) {
250 void set_user_email(std::string
& email
) {
254 /* always lowercase email address */
255 boost::algorithm::to_lower(email
);
257 user_email_specified
= true;
260 void set_display_name(std::string
& name
) {
265 display_name_specified
= true;
268 void set_subuser(std::string
& _subuser
) {
269 if (_subuser
.empty())
272 size_t pos
= _subuser
.find(":");
273 if (pos
!= string::npos
) {
275 tmp_id
.from_str(_subuser
.substr(0, pos
));
276 if (tmp_id
.tenant
.empty()) {
277 user_id
.id
= tmp_id
.id
;
281 subuser
= _subuser
.substr(pos
+1);
286 subuser_specified
= true;
289 void set_caps(std::string
& _caps
) {
294 caps_specified
= true;
297 void set_perm(uint32_t perm
) {
299 perm_specified
= true;
302 void set_op_mask(uint32_t mask
) {
304 op_mask_specified
= true;
307 void set_temp_url_key(const string
& key
, int index
) {
308 temp_url_keys
[index
] = key
;
309 temp_url_key_specified
= true;
312 void set_key_type(int32_t type
) {
314 type_specified
= true;
317 void set_suspension(__u8 is_suspended
) {
318 suspended
= is_suspended
;
319 suspension_op
= true;
322 void set_admin(__u8 is_admin
) {
324 admin_specified
= true;
327 void set_system(__u8 is_system
) {
329 system_specified
= true;
332 void set_exclusive(__u8 is_exclusive
) {
333 exclusive
= is_exclusive
;
336 void set_fetch_stats(__u8 is_fetch_stats
) {
337 fetch_stats
= is_fetch_stats
;
340 void set_user_info(RGWUserInfo
& user_info
) {
341 user_id
= user_info
.user_id
;
345 void set_max_buckets(int32_t mb
) {
347 max_buckets_specified
= true;
350 void set_gen_access() {
355 void set_gen_secret() {
360 void set_generate_key() {
368 void clear_generate_key() {
373 void set_purge_keys() {
378 void set_bucket_quota(RGWQuotaInfo
& quota
) {
379 bucket_quota
= quota
;
380 bucket_quota_specified
= true;
383 void set_user_quota(RGWQuotaInfo
& quota
) {
385 user_quota_specified
= true;
388 bool is_populated() { return populated
; }
389 bool is_initialized() { return initialized
; }
390 bool has_existing_user() { return existing_user
; }
391 bool has_existing_key() { return existing_key
; }
392 bool has_existing_subuser() { return existing_subuser
; }
393 bool has_existing_email() { return existing_email
; }
394 bool has_subuser() { return subuser_specified
; }
395 bool has_key_op() { return key_op
; }
396 bool has_caps_op() { return caps_specified
; }
397 bool has_suspension_op() { return suspension_op
; }
398 bool has_subuser_perm() { return perm_specified
; }
399 bool has_op_mask() { return op_mask_specified
; }
400 bool will_gen_access() { return gen_access
; }
401 bool will_gen_secret() { return gen_secret
; }
402 bool will_gen_subuser() { return gen_subuser
; }
403 bool will_purge_keys() { return purge_keys
; }
404 bool will_purge_data() { return purge_data
; }
405 bool will_generate_subuser() { return gen_subuser
; }
406 bool has_bucket_quota() { return bucket_quota_specified
; }
407 bool has_user_quota() { return user_quota_specified
; }
408 void set_populated() { populated
= true; }
409 void clear_populated() { populated
= false; }
410 void set_initialized() { initialized
= true; }
411 void set_existing_user(bool flag
) { existing_user
= flag
; }
412 void set_existing_key(bool flag
) { existing_key
= flag
; }
413 void set_existing_subuser(bool flag
) { existing_subuser
= flag
; }
414 void set_existing_email(bool flag
) { existing_email
= flag
; }
415 void set_purge_data(bool flag
) { purge_data
= flag
; }
416 void set_generate_subuser(bool flag
) { gen_subuser
= flag
; }
417 __u8
get_suspension_status() { return suspended
; }
418 int32_t get_key_type() {return key_type
; }
419 uint32_t get_subuser_perm() { return perm_mask
; }
420 int32_t get_max_buckets() { return max_buckets
; }
421 uint32_t get_op_mask() { return op_mask
; }
422 RGWQuotaInfo
& get_bucket_quota() { return bucket_quota
; }
423 RGWQuotaInfo
& get_user_quota() { return user_quota
; }
425 rgw_user
& get_user_id() { return user_id
; }
426 std::string
get_subuser() { return subuser
; }
427 std::string
get_access_key() { return id
; }
428 std::string
get_secret_key() { return key
; }
429 std::string
get_caps() { return caps
; }
430 std::string
get_user_email() { return user_email
; }
431 std::string
get_display_name() { return display_name
; }
432 map
<int, std::string
>& get_temp_url_keys() { return temp_url_keys
; }
434 RGWUserInfo
& get_user_info() { return info
; }
436 map
<std::string
, RGWAccessKey
> *get_swift_keys() { return &info
.swift_keys
; }
437 map
<std::string
, RGWAccessKey
> *get_access_keys() { return &info
.access_keys
; }
438 map
<std::string
, RGWSubUser
> *get_subusers() { return &info
.subusers
; }
440 RGWUserCaps
*get_caps_obj() { return &info
.caps
; }
442 std::string
build_default_swift_kid() {
443 if (user_id
.empty() || subuser
.empty())
454 std::string
generate_subuser() {
458 std::string generated_subuser
;
459 user_id
.to_str(generated_subuser
);
460 std::string rand_suffix
;
462 int sub_buf_size
= RAND_SUBUSER_LEN
+ 1;
463 char sub_buf
[RAND_SUBUSER_LEN
+ 1];
465 if (gen_rand_alphanumeric_upper(g_ceph_context
, sub_buf
, sub_buf_size
) < 0)
468 rand_suffix
= sub_buf
;
469 if (rand_suffix
.empty())
472 generated_subuser
.append(rand_suffix
);
473 subuser
= generated_subuser
;
475 return generated_subuser
;
478 RGWUserAdminOpState() : user_id(RGW_USER_ANON_ID
)
480 max_buckets
= RGW_DEFAULT_MAX_BUCKETS
;
482 perm_mask
= RGW_PERM_NONE
;
490 existing_user
= false;
491 existing_key
= false;
492 existing_subuser
= false;
493 existing_email
= false;
494 subuser_specified
= false;
495 caps_specified
= false;
500 id_specified
= false;
501 key_specified
= false;
502 type_specified
= false;
503 key_type_setbycontext
= false;
505 display_name_specified
= false;
506 user_email_specified
= false;
507 max_buckets_specified
= false;
508 perm_specified
= false;
509 op_mask_specified
= false;
510 suspension_op
= false;
511 system_specified
= false;
515 key_params_checked
= false;
516 subuser_params_checked
= false;
517 user_params_checked
= false;
518 bucket_quota_specified
= false;
519 temp_url_key_specified
= false;
520 user_quota_specified
= false;
521 found_by_uid
= false;
522 found_by_email
= false;
523 found_by_key
= false;
529 class RGWAccessKeyPool
533 std::map
<std::string
, int, ltstr_nocase
> key_type_map
;
537 map
<std::string
, RGWAccessKey
> *swift_keys
;
538 map
<std::string
, RGWAccessKey
> *access_keys
;
540 // we don't want to allow keys for the anonymous user or a null user
544 int create_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
545 int generate_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
546 int modify_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
548 int check_key_owner(RGWUserAdminOpState
& op_state
);
549 bool check_existing_key(RGWUserAdminOpState
& op_state
);
550 int check_op(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
552 /* API Contract Fulfilment */
553 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
554 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
555 int remove_subuser_keys(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
557 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
558 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
560 explicit RGWAccessKeyPool(RGWUser
* usr
);
563 int init(RGWUserAdminOpState
& op_state
);
565 /* API Contracted Methods */
566 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
567 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
569 friend class RGWUser
;
570 friend class RGWSubUserPool
;
579 bool subusers_allowed
;
581 map
<string
, RGWSubUser
> *subuser_map
;
584 int check_op(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
586 /* API Contract Fulfillment */
587 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
588 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
589 int execute_modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
591 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
592 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
593 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
595 explicit RGWSubUserPool(RGWUser
*user
);
598 bool exists(std::string subuser
);
599 int init(RGWUserAdminOpState
& op_state
);
601 /* API contracted methods */
602 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
603 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
604 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
606 friend class RGWUser
;
616 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
617 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
620 explicit RGWUserCapPool(RGWUser
*user
);
623 int init(RGWUserAdminOpState
& op_state
);
625 /* API contracted methods */
626 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
627 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
629 friend class RGWUser
;
636 RGWUserInfo old_info
;
642 void set_populated() { info_stored
= true; }
643 void clear_populated() { info_stored
= false; }
644 bool is_populated() { return info_stored
; }
646 int check_op(RGWUserAdminOpState
& req
, std::string
*err_msg
);
647 int update(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
649 void clear_members();
652 /* API Contract Fulfillment */
653 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
654 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
655 int execute_modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
661 int init(RGWRados
*storage
, RGWUserAdminOpState
& op_state
);
663 int init_storage(RGWRados
*storage
);
664 int init(RGWUserAdminOpState
& op_state
);
665 int init_members(RGWUserAdminOpState
& op_state
);
667 RGWRados
*get_store() { return store
; }
669 /* API Contracted Members */
671 RGWAccessKeyPool keys
;
672 RGWSubUserPool subusers
;
674 /* API Contracted Methods */
675 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
676 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
678 /* remove an already populated RGWUser */
679 int remove(std::string
*err_msg
= NULL
);
681 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
683 /* retrieve info from an existing user in the RGW system */
684 int info(RGWUserAdminOpState
& op_state
, RGWUserInfo
& fetched_info
, std::string
*err_msg
= NULL
);
686 /* info from an already populated RGWUser */
687 int info (RGWUserInfo
& fetched_info
, std::string
*err_msg
= NULL
);
689 friend class RGWAccessKeyPool
;
690 friend class RGWSubUserPool
;
691 friend class RGWUserCapPool
;
694 /* Wrapers for admin API functionality */
696 class RGWUserAdminOp_User
699 static int info(RGWRados
*store
,
700 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
702 static int create(RGWRados
*store
,
703 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
705 static int modify(RGWRados
*store
,
706 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
708 static int remove(RGWRados
*store
,
709 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
712 class RGWUserAdminOp_Subuser
715 static int create(RGWRados
*store
,
716 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
718 static int modify(RGWRados
*store
,
719 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
721 static int remove(RGWRados
*store
,
722 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
725 class RGWUserAdminOp_Key
728 static int create(RGWRados
*store
,
729 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
731 static int remove(RGWRados
*store
,
732 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
735 class RGWUserAdminOp_Caps
738 static int add(RGWRados
*store
,
739 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
741 static int remove(RGWRados
*store
,
742 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
745 class RGWMetadataManager
;
747 extern void rgw_user_init(RGWRados
*store
);