X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=ceph%2Fsrc%2Fmon%2FAuthMonitor.h;h=18b847d6456f8f368bd1066542ead4c336207ca3;hb=31f18b776d001752a193a7cec8bb49033c1a904c;hp=edeb12a3e1bbb52dc709bc2bffee8bf837953dc6;hpb=40152f1e46a80b3405e5558a442ee632198dfd24;p=ceph.git

diff --git a/ceph/src/mon/AuthMonitor.h b/ceph/src/mon/AuthMonitor.h
index edeb12a3e..18b847d64 100644
--- a/ceph/src/mon/AuthMonitor.h
+++ b/ceph/src/mon/AuthMonitor.h
@@ -103,6 +103,12 @@ public:
     }
   };
 
+  struct auth_entity_t {
+    EntityName name;
+    EntityAuth auth;
+  };
+
+
 private:
   vector<Incremental> pending_auth;
   version_t last_rotating_ver;
@@ -158,6 +164,23 @@ private:
   bool prepare_command(MonOpRequestRef op);
 
   bool check_rotate();
+
+  bool entity_is_pending(EntityName& entity);
+  int exists_and_matches_entity(
+      const auth_entity_t& entity,
+      bool has_secret,
+      stringstream& ss);
+  int exists_and_matches_entity(
+      const EntityName& name,
+      const EntityAuth& auth,
+      const map<string,bufferlist>& caps,
+      bool has_secret,
+      stringstream& ss);
+  int remove_entity(const EntityName &entity);
+  int add_entity(
+      const EntityName& name,
+      const EntityAuth& auth);
+
  public:
   AuthMonitor(Monitor *mn, Paxos *p, const string& service_name)
     : PaxosService(mn, p, service_name),
@@ -167,10 +190,45 @@ private:
   {}
 
   void pre_auth(MAuth *m);
-  
+
   void tick() override;  // check state, take actions
 
+  int validate_osd_destroy(
+      int32_t id,
+      const uuid_d& uuid,
+      EntityName& cephx_entity,
+      EntityName& lockbox_entity,
+      stringstream& ss);
+  int do_osd_destroy(
+      const EntityName& cephx_entity,
+      const EntityName& lockbox_entity);
+
+  int do_osd_new(
+      const auth_entity_t& cephx_entity,
+      const auth_entity_t& lockbox_entity,
+      bool has_lockbox);
+  int validate_osd_new(
+      int32_t id,
+      const uuid_d& uuid,
+      const string& cephx_secret,
+      const string& lockbox_secret,
+      auth_entity_t& cephx_entity,
+      auth_entity_t& lockbox_entity,
+      stringstream& ss);
+
   void dump_info(Formatter *f);
+
+  bool is_valid_cephx_key(const string& k) {
+    if (k.empty())
+      return false;
+
+    EntityAuth ea;
+    try {
+      ea.key.decode_base64(k);
+      return true;
+    } catch (buffer::error& e) { /* fallthrough */ }
+    return false;
+  }
 };