1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #ifndef CEPH_RGW_USER_H
5 #define CEPH_RGW_USER_H
8 #include <boost/algorithm/string.hpp>
9 #include "include/assert.h"
11 #include "include/types.h"
12 #include "rgw_common.h"
13 #include "rgw_tools.h"
15 #include "rgw_rados.h"
17 #include "rgw_string.h"
19 #include "common/Formatter.h"
20 #include "rgw_formats.h"
22 #define RGW_USER_ANON_ID "anonymous"
24 #define SECRET_KEY_LEN 40
25 #define PUBLIC_ID_LEN 20
26 #define RAND_SUBUSER_LEN 5
28 #define XMLNS_AWS_S3 "http://s3.amazonaws.com/doc/2006-03-01/"
31 * A string wrapper that includes encode/decode functions
32 * for easily accessing a UID in all forms
37 void encode(bufferlist
& bl
) const {
42 void decode(bufferlist::iterator
& bl
) {
48 WRITE_CLASS_ENCODER(RGWUID
)
50 extern int rgw_user_sync_all_stats(RGWRados
*store
, const rgw_user
& user_id
);
51 extern int rgw_user_get_all_buckets_stats(RGWRados
*store
, const rgw_user
& user_id
, map
<string
, cls_user_bucket_entry
>&buckets_usage_map
);
54 * Get the anonymous (ie, unauthenticated) user info.
56 extern void rgw_get_anon_user(RGWUserInfo
& info
);
59 * Save the given user information to storage.
60 * Returns: 0 on success, -ERR# on failure.
62 extern int rgw_store_user_info(RGWRados
*store
,
64 RGWUserInfo
*old_info
,
65 RGWObjVersionTracker
*objv_tracker
,
68 map
<string
, bufferlist
> *pattrs
= NULL
);
71 * Given an user_id, finds the user info associated with it.
72 * returns: 0 on success, -ERR# on failure (including nonexistence)
74 extern int rgw_get_user_info_by_uid(RGWRados
*store
,
75 const rgw_user
& user_id
,
77 RGWObjVersionTracker
*objv_tracker
= NULL
,
78 real_time
*pmtime
= NULL
,
79 rgw_cache_entry_info
*cache_info
= NULL
,
80 map
<string
, bufferlist
> *pattrs
= NULL
);
82 * Given an email, finds the user info associated with it.
83 * returns: 0 on success, -ERR# on failure (including nonexistence)
85 extern int rgw_get_user_info_by_email(RGWRados
*store
, string
& email
, RGWUserInfo
& info
,
86 RGWObjVersionTracker
*objv_tracker
= NULL
, real_time
*pmtime
= NULL
);
88 * Given an swift username, finds the user info associated with it.
89 * returns: 0 on success, -ERR# on failure (including nonexistence)
91 extern int rgw_get_user_info_by_swift(RGWRados
*store
,
92 const string
& swift_name
,
93 RGWUserInfo
& info
, /* out */
94 RGWObjVersionTracker
*objv_tracker
= nullptr,
95 real_time
*pmtime
= nullptr);
97 * Given an access key, finds the user info associated with it.
98 * returns: 0 on success, -ERR# on failure (including nonexistence)
100 extern int rgw_get_user_info_by_access_key(RGWRados
* store
,
101 const std::string
& access_key
,
103 RGWObjVersionTracker
* objv_tracker
= nullptr,
104 real_time
* pmtime
= nullptr);
106 * Get all the custom metadata stored for user specified in @user_id
107 * and put it into @attrs.
108 * Returns: 0 on success, -ERR# on failure.
110 extern int rgw_get_user_attrs_by_uid(RGWRados
*store
,
111 const rgw_user
& user_id
,
112 map
<string
, bufferlist
>& attrs
,
113 RGWObjVersionTracker
*objv_tracker
= NULL
);
115 * Given an RGWUserInfo, deletes the user and its bucket ACLs.
117 extern int rgw_delete_user(RGWRados
*store
, RGWUserInfo
& user
, RGWObjVersionTracker
& objv_tracker
);
119 * Store a list of the user's buckets, with associated functinos.
123 * remove the different indexes
125 extern int rgw_remove_key_index(RGWRados
*store
, RGWAccessKey
& access_key
);
126 extern int rgw_remove_uid_index(RGWRados
*store
, rgw_user
& uid
);
127 extern int rgw_remove_email_index(RGWRados
*store
, string
& email
);
128 extern int rgw_remove_swift_name_index(RGWRados
*store
, string
& swift_name
);
131 * An RGWUser class along with supporting classes created
132 * to support the creation of an RESTful administrative API
135 extern void rgw_perm_to_str(uint32_t mask
, char *buf
, int len
);
136 extern uint32_t rgw_str_to_perm(const char *str
);
156 struct RGWUserAdminOpState
{
160 std::string user_email
;
161 std::string display_name
;
169 RGWObjVersionTracker objv
;
171 map
<int, string
> temp_url_keys
;
173 // subuser attributes
178 std::string id
; // access key
179 std::string key
; // secret key
182 // operation attributes
185 bool existing_subuser
;
187 bool subuser_specified
;
194 bool key_type_setbycontext
; // key type set by user or subuser context
197 bool display_name_specified
;
198 bool user_email_specified
;
199 bool max_buckets_specified
;
201 bool op_mask_specified
;
204 bool admin_specified
;
205 bool system_specified
;
207 bool temp_url_key_specified
;
215 bool key_params_checked
;
216 bool subuser_params_checked
;
217 bool user_params_checked
;
219 bool bucket_quota_specified
;
220 bool user_quota_specified
;
222 RGWQuotaInfo bucket_quota
;
223 RGWQuotaInfo user_quota
;
225 void set_access_key(std::string
& access_key
) {
226 if (access_key
.empty())
235 void set_secret_key(std::string
& secret_key
) {
236 if (secret_key
.empty())
240 key_specified
= true;
245 void set_user_id(rgw_user
& id
) {
252 void set_user_email(std::string
& email
) {
253 /* always lowercase email address */
254 boost::algorithm::to_lower(email
);
256 user_email_specified
= true;
259 void set_display_name(std::string
& name
) {
264 display_name_specified
= true;
267 void set_subuser(std::string
& _subuser
) {
268 if (_subuser
.empty())
271 size_t pos
= _subuser
.find(":");
272 if (pos
!= string::npos
) {
274 tmp_id
.from_str(_subuser
.substr(0, pos
));
275 if (tmp_id
.tenant
.empty()) {
276 user_id
.id
= tmp_id
.id
;
280 subuser
= _subuser
.substr(pos
+1);
285 subuser_specified
= true;
288 void set_caps(std::string
& _caps
) {
293 caps_specified
= true;
296 void set_perm(uint32_t perm
) {
298 perm_specified
= true;
301 void set_op_mask(uint32_t mask
) {
303 op_mask_specified
= true;
306 void set_temp_url_key(const string
& key
, int index
) {
307 temp_url_keys
[index
] = key
;
308 temp_url_key_specified
= true;
311 void set_key_type(int32_t type
) {
313 type_specified
= true;
316 void set_suspension(__u8 is_suspended
) {
317 suspended
= is_suspended
;
318 suspension_op
= true;
321 void set_admin(__u8 is_admin
) {
323 admin_specified
= true;
326 void set_system(__u8 is_system
) {
328 system_specified
= true;
331 void set_exclusive(__u8 is_exclusive
) {
332 exclusive
= is_exclusive
;
335 void set_fetch_stats(__u8 is_fetch_stats
) {
336 fetch_stats
= is_fetch_stats
;
339 void set_user_info(RGWUserInfo
& user_info
) {
340 user_id
= user_info
.user_id
;
344 void set_max_buckets(int32_t mb
) {
346 max_buckets_specified
= true;
349 void set_gen_access() {
354 void set_gen_secret() {
359 void set_generate_key() {
367 void clear_generate_key() {
372 void set_purge_keys() {
377 void set_bucket_quota(RGWQuotaInfo
& quota
) {
378 bucket_quota
= quota
;
379 bucket_quota_specified
= true;
382 void set_user_quota(RGWQuotaInfo
& quota
) {
384 user_quota_specified
= true;
387 bool is_populated() { return populated
; }
388 bool is_initialized() { return initialized
; }
389 bool has_existing_user() { return existing_user
; }
390 bool has_existing_key() { return existing_key
; }
391 bool has_existing_subuser() { return existing_subuser
; }
392 bool has_existing_email() { return existing_email
; }
393 bool has_subuser() { return subuser_specified
; }
394 bool has_key_op() { return key_op
; }
395 bool has_caps_op() { return caps_specified
; }
396 bool has_suspension_op() { return suspension_op
; }
397 bool has_subuser_perm() { return perm_specified
; }
398 bool has_op_mask() { return op_mask_specified
; }
399 bool will_gen_access() { return gen_access
; }
400 bool will_gen_secret() { return gen_secret
; }
401 bool will_gen_subuser() { return gen_subuser
; }
402 bool will_purge_keys() { return purge_keys
; }
403 bool will_purge_data() { return purge_data
; }
404 bool will_generate_subuser() { return gen_subuser
; }
405 bool has_bucket_quota() { return bucket_quota_specified
; }
406 bool has_user_quota() { return user_quota_specified
; }
407 void set_populated() { populated
= true; }
408 void clear_populated() { populated
= false; }
409 void set_initialized() { initialized
= true; }
410 void set_existing_user(bool flag
) { existing_user
= flag
; }
411 void set_existing_key(bool flag
) { existing_key
= flag
; }
412 void set_existing_subuser(bool flag
) { existing_subuser
= flag
; }
413 void set_existing_email(bool flag
) { existing_email
= flag
; }
414 void set_purge_data(bool flag
) { purge_data
= flag
; }
415 void set_generate_subuser(bool flag
) { gen_subuser
= flag
; }
416 __u8
get_suspension_status() { return suspended
; }
417 int32_t get_key_type() {return key_type
; }
418 uint32_t get_subuser_perm() { return perm_mask
; }
419 int32_t get_max_buckets() { return max_buckets
; }
420 uint32_t get_op_mask() { return op_mask
; }
421 RGWQuotaInfo
& get_bucket_quota() { return bucket_quota
; }
422 RGWQuotaInfo
& get_user_quota() { return user_quota
; }
424 rgw_user
& get_user_id() { return user_id
; }
425 std::string
get_subuser() { return subuser
; }
426 std::string
get_access_key() { return id
; }
427 std::string
get_secret_key() { return key
; }
428 std::string
get_caps() { return caps
; }
429 std::string
get_user_email() { return user_email
; }
430 std::string
get_display_name() { return display_name
; }
431 map
<int, std::string
>& get_temp_url_keys() { return temp_url_keys
; }
433 RGWUserInfo
& get_user_info() { return info
; }
435 map
<std::string
, RGWAccessKey
> *get_swift_keys() { return &info
.swift_keys
; }
436 map
<std::string
, RGWAccessKey
> *get_access_keys() { return &info
.access_keys
; }
437 map
<std::string
, RGWSubUser
> *get_subusers() { return &info
.subusers
; }
439 RGWUserCaps
*get_caps_obj() { return &info
.caps
; }
441 std::string
build_default_swift_kid() {
442 if (user_id
.empty() || subuser
.empty())
453 std::string
generate_subuser() {
457 std::string generated_subuser
;
458 user_id
.to_str(generated_subuser
);
459 std::string rand_suffix
;
461 int sub_buf_size
= RAND_SUBUSER_LEN
+ 1;
462 char sub_buf
[RAND_SUBUSER_LEN
+ 1];
464 if (gen_rand_alphanumeric_upper(g_ceph_context
, sub_buf
, sub_buf_size
) < 0)
467 rand_suffix
= sub_buf
;
468 if (rand_suffix
.empty())
471 generated_subuser
.append(rand_suffix
);
472 subuser
= generated_subuser
;
474 return generated_subuser
;
477 RGWUserAdminOpState() : user_id(RGW_USER_ANON_ID
)
479 max_buckets
= RGW_DEFAULT_MAX_BUCKETS
;
481 perm_mask
= RGW_PERM_NONE
;
489 existing_user
= false;
490 existing_key
= false;
491 existing_subuser
= false;
492 existing_email
= false;
493 subuser_specified
= false;
494 caps_specified
= false;
499 id_specified
= false;
500 key_specified
= false;
501 type_specified
= false;
502 key_type_setbycontext
= false;
504 display_name_specified
= false;
505 user_email_specified
= false;
506 max_buckets_specified
= false;
507 perm_specified
= false;
508 op_mask_specified
= false;
509 suspension_op
= false;
510 system_specified
= false;
514 key_params_checked
= false;
515 subuser_params_checked
= false;
516 user_params_checked
= false;
517 bucket_quota_specified
= false;
518 temp_url_key_specified
= false;
519 user_quota_specified
= false;
520 found_by_uid
= false;
521 found_by_email
= false;
522 found_by_key
= false;
528 class RGWAccessKeyPool
532 std::map
<std::string
, int, ltstr_nocase
> key_type_map
;
536 map
<std::string
, RGWAccessKey
> *swift_keys
;
537 map
<std::string
, RGWAccessKey
> *access_keys
;
539 // we don't want to allow keys for the anonymous user or a null user
543 int create_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
544 int generate_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
545 int modify_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
547 int check_key_owner(RGWUserAdminOpState
& op_state
);
548 bool check_existing_key(RGWUserAdminOpState
& op_state
);
549 int check_op(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
551 /* API Contract Fulfilment */
552 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
553 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
554 int remove_subuser_keys(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
556 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
557 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
559 explicit RGWAccessKeyPool(RGWUser
* usr
);
562 int init(RGWUserAdminOpState
& op_state
);
564 /* API Contracted Methods */
565 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
566 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
568 friend class RGWUser
;
569 friend class RGWSubUserPool
;
578 bool subusers_allowed
;
580 map
<string
, RGWSubUser
> *subuser_map
;
583 int check_op(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
585 /* API Contract Fulfillment */
586 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
587 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
588 int execute_modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
590 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
591 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
592 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
594 explicit RGWSubUserPool(RGWUser
*user
);
597 bool exists(std::string subuser
);
598 int init(RGWUserAdminOpState
& op_state
);
600 /* API contracted methods */
601 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
602 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
603 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
605 friend class RGWUser
;
615 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
616 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
619 explicit RGWUserCapPool(RGWUser
*user
);
622 int init(RGWUserAdminOpState
& op_state
);
624 /* API contracted methods */
625 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
626 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
628 friend class RGWUser
;
635 RGWUserInfo old_info
;
641 void set_populated() { info_stored
= true; }
642 void clear_populated() { info_stored
= false; }
643 bool is_populated() { return info_stored
; }
645 int check_op(RGWUserAdminOpState
& req
, std::string
*err_msg
);
646 int update(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
648 void clear_members();
651 /* API Contract Fulfillment */
652 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
653 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
654 int execute_modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
660 int init(RGWRados
*storage
, RGWUserAdminOpState
& op_state
);
662 int init_storage(RGWRados
*storage
);
663 int init(RGWUserAdminOpState
& op_state
);
664 int init_members(RGWUserAdminOpState
& op_state
);
666 RGWRados
*get_store() { return store
; }
668 /* API Contracted Members */
670 RGWAccessKeyPool keys
;
671 RGWSubUserPool subusers
;
673 /* API Contracted Methods */
674 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
675 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
677 /* remove an already populated RGWUser */
678 int remove(std::string
*err_msg
= NULL
);
680 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
682 /* retrieve info from an existing user in the RGW system */
683 int info(RGWUserAdminOpState
& op_state
, RGWUserInfo
& fetched_info
, std::string
*err_msg
= NULL
);
685 /* info from an already populated RGWUser */
686 int info (RGWUserInfo
& fetched_info
, std::string
*err_msg
= NULL
);
688 friend class RGWAccessKeyPool
;
689 friend class RGWSubUserPool
;
690 friend class RGWUserCapPool
;
693 /* Wrapers for admin API functionality */
695 class RGWUserAdminOp_User
698 static int info(RGWRados
*store
,
699 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
701 static int create(RGWRados
*store
,
702 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
704 static int modify(RGWRados
*store
,
705 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
707 static int remove(RGWRados
*store
,
708 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
711 class RGWUserAdminOp_Subuser
714 static int create(RGWRados
*store
,
715 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
717 static int modify(RGWRados
*store
,
718 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
720 static int remove(RGWRados
*store
,
721 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
724 class RGWUserAdminOp_Key
727 static int create(RGWRados
*store
,
728 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
730 static int remove(RGWRados
*store
,
731 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
734 class RGWUserAdminOp_Caps
737 static int add(RGWRados
*store
,
738 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
740 static int remove(RGWRados
*store
,
741 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
744 class RGWMetadataManager
;
746 extern void rgw_user_init(RGWRados
*store
);