]>
git.proxmox.com Git - ceph.git/blob - ceph/src/mon/AuthMonitor.h
4312b56071f4b7503ddee6468c58a9a616efbdf7
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 * Ceph - scalable distributed file system
6 * Copyright (C) 2004-2006 Sage Weil <sage@newdream.net>
8 * This is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License version 2.1, as published by the Free Software
11 * Foundation. See file COPYING.
15 #ifndef CEPH_AUTHMONITOR_H
16 #define CEPH_AUTHMONITOR_H
21 #include "global/global_init.h"
22 #include "include/ceph_features.h"
23 #include "include/types.h"
24 #include "mon/PaxosService.h"
25 #include "mon/MonitorDBStore.h"
31 #define MIN_GLOBAL_ID 0x1000
33 class AuthMonitor
: public PaxosService
{
41 uint64_t max_global_id
;
43 ceph::buffer::list auth_data
;
45 Incremental() : inc_type(GLOBAL_ID
), max_global_id(0), auth_type(0) {}
47 void encode(ceph::buffer::list
& bl
, uint64_t features
=-1) const {
49 ENCODE_START(2, 2, bl
);
50 __u32 _type
= (__u32
)inc_type
;
52 if (_type
== GLOBAL_ID
) {
53 encode(max_global_id
, bl
);
55 encode(auth_type
, bl
);
56 encode(auth_data
, bl
);
60 void decode(ceph::buffer::list::const_iterator
& bl
) {
61 DECODE_START_LEGACY_COMPAT_LEN(2, 2, 2, bl
);
64 inc_type
= (IncType
)_type
;
65 ceph_assert(inc_type
>= GLOBAL_ID
&& inc_type
<= AUTH_DATA
);
66 if (_type
== GLOBAL_ID
) {
67 decode(max_global_id
, bl
);
69 decode(auth_type
, bl
);
70 decode(auth_data
, bl
);
74 void dump(ceph::Formatter
*f
) const {
75 f
->dump_int("type", inc_type
);
76 f
->dump_int("max_global_id", max_global_id
);
77 f
->dump_int("auth_type", auth_type
);
78 f
->dump_int("auth_data_len", auth_data
.length());
80 static void generate_test_instances(std::list
<Incremental
*>& ls
) {
81 ls
.push_back(new Incremental
);
82 ls
.push_back(new Incremental
);
83 ls
.back()->inc_type
= GLOBAL_ID
;
84 ls
.back()->max_global_id
= 1234;
85 ls
.push_back(new Incremental
);
86 ls
.back()->inc_type
= AUTH_DATA
;
87 ls
.back()->auth_type
= 12;
88 ls
.back()->auth_data
.append("foo");
92 struct auth_entity_t
{
99 std::vector
<Incremental
> pending_auth
;
100 uint64_t max_global_id
;
101 uint64_t last_allocated_id
;
103 // these are protected by mon->auth_lock
104 int mon_num
= 0, mon_rank
= 0;
106 bool _upgrade_format_to_dumpling();
107 bool _upgrade_format_to_luminous();
108 bool _upgrade_format_to_mimic();
109 void upgrade_format() override
;
111 void export_keyring(KeyRing
& keyring
);
112 int import_keyring(KeyRing
& keyring
);
114 void push_cephx_inc(KeyServerData::Incremental
& auth_inc
) {
116 inc
.inc_type
= AUTH_DATA
;
117 encode(auth_inc
, inc
.auth_data
);
118 inc
.auth_type
= CEPH_AUTH_CEPHX
;
119 pending_auth
.push_back(inc
);
122 /* validate mon/osd/mds caps; fail on unrecognized service/type */
123 bool valid_caps(const std::string
& type
, const std::string
& caps
, std::ostream
*out
);
124 bool valid_caps(const std::string
& type
, const ceph::buffer::list
& bl
, std::ostream
*out
) {
130 } catch (ceph::buffer::error
& e
) {
131 *out
<< "corrupt capability encoding";
134 return valid_caps(type
, v
, out
);
136 bool valid_caps(const std::vector
<std::string
>& caps
, std::ostream
*out
);
138 void on_active() override
;
139 bool should_propose(double& delay
) override
;
140 void get_initial_keyring(KeyRing
*keyring
);
141 void create_initial_keys(KeyRing
*keyring
);
142 void create_initial() override
;
143 void update_from_paxos(bool *need_bootstrap
) override
;
144 void create_pending() override
; // prepare a new pending
145 bool prepare_global_id(MonOpRequestRef op
);
146 bool _should_increase_max_global_id(); ///< called under mon->auth_lock
147 void increase_max_global_id();
148 uint64_t assign_global_id(bool should_increase_max
);
150 uint64_t _assign_global_id(); ///< called under mon->auth_lock
151 void _set_mon_num_rank(int num
, int rank
); ///< called under mon->auth_lock
154 // propose pending update to peers
155 void encode_pending(MonitorDBStore::TransactionRef t
) override
;
156 void encode_full(MonitorDBStore::TransactionRef t
) override
;
157 version_t
get_trim_to() const override
;
159 bool preprocess_query(MonOpRequestRef op
) override
; // true if processed.
160 bool prepare_update(MonOpRequestRef op
) override
;
162 bool prep_auth(MonOpRequestRef op
, bool paxos_writable
);
164 bool preprocess_command(MonOpRequestRef op
);
165 bool prepare_command(MonOpRequestRef op
);
169 bool entity_is_pending(EntityName
& entity
);
170 int exists_and_matches_entity(
171 const auth_entity_t
& entity
,
173 std::stringstream
& ss
);
174 int exists_and_matches_entity(
175 const EntityName
& name
,
176 const EntityAuth
& auth
,
177 const std::map
<std::string
,ceph::buffer::list
>& caps
,
179 std::stringstream
& ss
);
180 int remove_entity(const EntityName
&entity
);
182 const EntityName
& name
,
183 const EntityAuth
& auth
);
186 AuthMonitor(Monitor
&mn
, Paxos
&p
, const std::string
& service_name
)
187 : PaxosService(mn
, p
, service_name
),
192 void pre_auth(MAuth
*m
);
194 void tick() override
; // check state, take actions
196 int validate_osd_destroy(
199 EntityName
& cephx_entity
,
200 EntityName
& lockbox_entity
,
201 std::stringstream
& ss
);
203 const EntityName
& cephx_entity
,
204 const EntityName
& lockbox_entity
);
207 const auth_entity_t
& cephx_entity
,
208 const auth_entity_t
& lockbox_entity
,
210 int validate_osd_new(
213 const std::string
& cephx_secret
,
214 const std::string
& lockbox_secret
,
215 auth_entity_t
& cephx_entity
,
216 auth_entity_t
& lockbox_entity
,
217 std::stringstream
& ss
);
219 void dump_info(ceph::Formatter
*f
);
221 bool is_valid_cephx_key(const std::string
& k
) {
227 ea
.key
.decode_base64(k
);
229 } catch (ceph::buffer::error
& e
) { /* fallthrough */ }
235 WRITE_CLASS_ENCODER_FEATURES(AuthMonitor::Incremental
)