1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #ifndef CEPH_RGW_USER_H
5 #define CEPH_RGW_USER_H
8 #include <boost/algorithm/string.hpp>
9 #include "include/assert.h"
11 #include "include/types.h"
12 #include "rgw_common.h"
13 #include "rgw_tools.h"
15 #include "rgw_rados.h"
17 #include "rgw_string.h"
19 #include "common/Formatter.h"
20 #include "rgw_formats.h"
22 #define RGW_USER_ANON_ID "anonymous"
24 #define SECRET_KEY_LEN 40
25 #define PUBLIC_ID_LEN 20
26 #define RAND_SUBUSER_LEN 5
28 #define XMLNS_AWS_S3 "http://s3.amazonaws.com/doc/2006-03-01/"
31 * A string wrapper that includes encode/decode functions
32 * for easily accessing a UID in all forms
37 void encode(bufferlist
& bl
) const {
42 void decode(bufferlist::iterator
& bl
) {
48 WRITE_CLASS_ENCODER(RGWUID
)
50 extern int rgw_user_sync_all_stats(RGWRados
*store
, const rgw_user
& user_id
);
51 extern int rgw_user_get_all_buckets_stats(RGWRados
*store
, const rgw_user
& user_id
, map
<string
, cls_user_bucket_entry
>&buckets_usage_map
);
54 * Get the anonymous (ie, unauthenticated) user info.
56 extern void rgw_get_anon_user(RGWUserInfo
& info
);
59 * Save the given user information to storage.
60 * Returns: 0 on success, -ERR# on failure.
62 extern int rgw_store_user_info(RGWRados
*store
,
64 RGWUserInfo
*old_info
,
65 RGWObjVersionTracker
*objv_tracker
,
68 map
<string
, bufferlist
> *pattrs
= NULL
);
71 * Given an user_id, finds the user info associated with it.
72 * returns: 0 on success, -ERR# on failure (including nonexistence)
74 extern int rgw_get_user_info_by_uid(RGWRados
*store
,
75 const rgw_user
& user_id
,
77 RGWObjVersionTracker
*objv_tracker
= NULL
,
78 real_time
*pmtime
= NULL
,
79 rgw_cache_entry_info
*cache_info
= NULL
,
80 map
<string
, bufferlist
> *pattrs
= NULL
);
82 * Given an email, finds the user info associated with it.
83 * returns: 0 on success, -ERR# on failure (including nonexistence)
85 extern int rgw_get_user_info_by_email(RGWRados
*store
, string
& email
, RGWUserInfo
& info
,
86 RGWObjVersionTracker
*objv_tracker
= NULL
, real_time
*pmtime
= NULL
);
88 * Given an swift username, finds the user info associated with it.
89 * returns: 0 on success, -ERR# on failure (including nonexistence)
91 extern int rgw_get_user_info_by_swift(RGWRados
*store
,
92 const string
& swift_name
,
93 RGWUserInfo
& info
, /* out */
94 RGWObjVersionTracker
*objv_tracker
= nullptr,
95 real_time
*pmtime
= nullptr);
97 * Given an access key, finds the user info associated with it.
98 * returns: 0 on success, -ERR# on failure (including nonexistence)
100 extern int rgw_get_user_info_by_access_key(RGWRados
* store
,
101 const std::string
& access_key
,
103 RGWObjVersionTracker
* objv_tracker
= nullptr,
104 real_time
* pmtime
= nullptr);
106 * Get all the custom metadata stored for user specified in @user_id
107 * and put it into @attrs.
108 * Returns: 0 on success, -ERR# on failure.
110 extern int rgw_get_user_attrs_by_uid(RGWRados
*store
,
111 const rgw_user
& user_id
,
112 map
<string
, bufferlist
>& attrs
,
113 RGWObjVersionTracker
*objv_tracker
= NULL
);
115 * Given an RGWUserInfo, deletes the user and its bucket ACLs.
117 extern int rgw_delete_user(RGWRados
*store
, RGWUserInfo
& user
, RGWObjVersionTracker
& objv_tracker
);
120 * remove the different indexes
122 extern int rgw_remove_key_index(RGWRados
*store
, RGWAccessKey
& access_key
);
123 extern int rgw_remove_uid_index(RGWRados
*store
, rgw_user
& uid
);
124 extern int rgw_remove_email_index(RGWRados
*store
, string
& email
);
125 extern int rgw_remove_swift_name_index(RGWRados
*store
, string
& swift_name
);
127 extern void rgw_perm_to_str(uint32_t mask
, char *buf
, int len
);
128 extern uint32_t rgw_str_to_perm(const char *str
);
130 extern int rgw_validate_tenant_name(const string
& t
);
151 * An RGWUser class along with supporting classes created
152 * to support the creation of an RESTful administrative API
154 struct RGWUserAdminOpState
{
158 std::string user_email
;
159 std::string display_name
;
167 RGWObjVersionTracker objv
;
169 map
<int, string
> temp_url_keys
;
171 // subuser attributes
176 std::string id
; // access key
177 std::string key
; // secret key
180 // operation attributes
183 bool existing_subuser
;
185 bool subuser_specified
;
192 bool key_type_setbycontext
; // key type set by user or subuser context
195 bool display_name_specified
;
196 bool user_email_specified
;
197 bool max_buckets_specified
;
199 bool op_mask_specified
;
202 bool admin_specified
= false;
203 bool system_specified
;
205 bool temp_url_key_specified
;
213 bool key_params_checked
;
214 bool subuser_params_checked
;
215 bool user_params_checked
;
217 bool bucket_quota_specified
;
218 bool user_quota_specified
;
220 RGWQuotaInfo bucket_quota
;
221 RGWQuotaInfo user_quota
;
223 void set_access_key(std::string
& access_key
) {
224 if (access_key
.empty())
233 void set_secret_key(std::string
& secret_key
) {
234 if (secret_key
.empty())
238 key_specified
= true;
243 void set_user_id(rgw_user
& id
) {
250 void set_user_email(std::string
& email
) {
251 /* always lowercase email address */
252 boost::algorithm::to_lower(email
);
254 user_email_specified
= true;
257 void set_display_name(std::string
& name
) {
262 display_name_specified
= true;
265 void set_subuser(std::string
& _subuser
) {
266 if (_subuser
.empty())
269 size_t pos
= _subuser
.find(":");
270 if (pos
!= string::npos
) {
272 tmp_id
.from_str(_subuser
.substr(0, pos
));
273 if (tmp_id
.tenant
.empty()) {
274 user_id
.id
= tmp_id
.id
;
278 subuser
= _subuser
.substr(pos
+1);
283 subuser_specified
= true;
286 void set_caps(std::string
& _caps
) {
291 caps_specified
= true;
294 void set_perm(uint32_t perm
) {
296 perm_specified
= true;
299 void set_op_mask(uint32_t mask
) {
301 op_mask_specified
= true;
304 void set_temp_url_key(const string
& key
, int index
) {
305 temp_url_keys
[index
] = key
;
306 temp_url_key_specified
= true;
309 void set_key_type(int32_t type
) {
311 type_specified
= true;
314 void set_suspension(__u8 is_suspended
) {
315 suspended
= is_suspended
;
316 suspension_op
= true;
319 void set_admin(__u8 is_admin
) {
321 admin_specified
= true;
324 void set_system(__u8 is_system
) {
326 system_specified
= true;
329 void set_exclusive(__u8 is_exclusive
) {
330 exclusive
= is_exclusive
;
333 void set_fetch_stats(__u8 is_fetch_stats
) {
334 fetch_stats
= is_fetch_stats
;
337 void set_user_info(RGWUserInfo
& user_info
) {
338 user_id
= user_info
.user_id
;
342 void set_max_buckets(int32_t mb
) {
344 max_buckets_specified
= true;
347 void set_gen_access() {
352 void set_gen_secret() {
357 void set_generate_key() {
365 void clear_generate_key() {
370 void set_purge_keys() {
375 void set_bucket_quota(RGWQuotaInfo
& quota
) {
376 bucket_quota
= quota
;
377 bucket_quota_specified
= true;
380 void set_user_quota(RGWQuotaInfo
& quota
) {
382 user_quota_specified
= true;
385 bool is_populated() { return populated
; }
386 bool is_initialized() { return initialized
; }
387 bool has_existing_user() { return existing_user
; }
388 bool has_existing_key() { return existing_key
; }
389 bool has_existing_subuser() { return existing_subuser
; }
390 bool has_existing_email() { return existing_email
; }
391 bool has_subuser() { return subuser_specified
; }
392 bool has_key_op() { return key_op
; }
393 bool has_caps_op() { return caps_specified
; }
394 bool has_suspension_op() { return suspension_op
; }
395 bool has_subuser_perm() { return perm_specified
; }
396 bool has_op_mask() { return op_mask_specified
; }
397 bool will_gen_access() { return gen_access
; }
398 bool will_gen_secret() { return gen_secret
; }
399 bool will_gen_subuser() { return gen_subuser
; }
400 bool will_purge_keys() { return purge_keys
; }
401 bool will_purge_data() { return purge_data
; }
402 bool will_generate_subuser() { return gen_subuser
; }
403 bool has_bucket_quota() { return bucket_quota_specified
; }
404 bool has_user_quota() { return user_quota_specified
; }
405 void set_populated() { populated
= true; }
406 void clear_populated() { populated
= false; }
407 void set_initialized() { initialized
= true; }
408 void set_existing_user(bool flag
) { existing_user
= flag
; }
409 void set_existing_key(bool flag
) { existing_key
= flag
; }
410 void set_existing_subuser(bool flag
) { existing_subuser
= flag
; }
411 void set_existing_email(bool flag
) { existing_email
= flag
; }
412 void set_purge_data(bool flag
) { purge_data
= flag
; }
413 void set_generate_subuser(bool flag
) { gen_subuser
= flag
; }
414 __u8
get_suspension_status() { return suspended
; }
415 int32_t get_key_type() {return key_type
; }
416 uint32_t get_subuser_perm() { return perm_mask
; }
417 int32_t get_max_buckets() { return max_buckets
; }
418 uint32_t get_op_mask() { return op_mask
; }
419 RGWQuotaInfo
& get_bucket_quota() { return bucket_quota
; }
420 RGWQuotaInfo
& get_user_quota() { return user_quota
; }
422 rgw_user
& get_user_id() { return user_id
; }
423 std::string
get_subuser() { return subuser
; }
424 std::string
get_access_key() { return id
; }
425 std::string
get_secret_key() { return key
; }
426 std::string
get_caps() { return caps
; }
427 std::string
get_user_email() { return user_email
; }
428 std::string
get_display_name() { return display_name
; }
429 map
<int, std::string
>& get_temp_url_keys() { return temp_url_keys
; }
431 RGWUserInfo
& get_user_info() { return info
; }
433 map
<std::string
, RGWAccessKey
> *get_swift_keys() { return &info
.swift_keys
; }
434 map
<std::string
, RGWAccessKey
> *get_access_keys() { return &info
.access_keys
; }
435 map
<std::string
, RGWSubUser
> *get_subusers() { return &info
.subusers
; }
437 RGWUserCaps
*get_caps_obj() { return &info
.caps
; }
439 std::string
build_default_swift_kid() {
440 if (user_id
.empty() || subuser
.empty())
451 std::string
generate_subuser() {
455 std::string generated_subuser
;
456 user_id
.to_str(generated_subuser
);
457 std::string rand_suffix
;
459 int sub_buf_size
= RAND_SUBUSER_LEN
+ 1;
460 char sub_buf
[RAND_SUBUSER_LEN
+ 1];
462 if (gen_rand_alphanumeric_upper(g_ceph_context
, sub_buf
, sub_buf_size
) < 0)
465 rand_suffix
= sub_buf
;
466 if (rand_suffix
.empty())
469 generated_subuser
.append(rand_suffix
);
470 subuser
= generated_subuser
;
472 return generated_subuser
;
475 RGWUserAdminOpState() : user_id(RGW_USER_ANON_ID
)
477 max_buckets
= RGW_DEFAULT_MAX_BUCKETS
;
479 perm_mask
= RGW_PERM_NONE
;
487 existing_user
= false;
488 existing_key
= false;
489 existing_subuser
= false;
490 existing_email
= false;
491 subuser_specified
= false;
492 caps_specified
= false;
497 id_specified
= false;
498 key_specified
= false;
499 type_specified
= false;
500 key_type_setbycontext
= false;
502 display_name_specified
= false;
503 user_email_specified
= false;
504 max_buckets_specified
= false;
505 perm_specified
= false;
506 op_mask_specified
= false;
507 suspension_op
= false;
508 system_specified
= false;
512 key_params_checked
= false;
513 subuser_params_checked
= false;
514 user_params_checked
= false;
515 bucket_quota_specified
= false;
516 temp_url_key_specified
= false;
517 user_quota_specified
= false;
518 found_by_uid
= false;
519 found_by_email
= false;
520 found_by_key
= false;
526 class RGWAccessKeyPool
530 std::map
<std::string
, int, ltstr_nocase
> key_type_map
;
534 map
<std::string
, RGWAccessKey
> *swift_keys
;
535 map
<std::string
, RGWAccessKey
> *access_keys
;
537 // we don't want to allow keys for the anonymous user or a null user
541 int create_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
542 int generate_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
543 int modify_key(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
545 int check_key_owner(RGWUserAdminOpState
& op_state
);
546 bool check_existing_key(RGWUserAdminOpState
& op_state
);
547 int check_op(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
549 /* API Contract Fulfilment */
550 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
551 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
552 int remove_subuser_keys(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
554 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
555 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
557 explicit RGWAccessKeyPool(RGWUser
* usr
);
560 int init(RGWUserAdminOpState
& op_state
);
562 /* API Contracted Methods */
563 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
564 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
566 friend class RGWUser
;
567 friend class RGWSubUserPool
;
576 bool subusers_allowed
;
578 map
<string
, RGWSubUser
> *subuser_map
;
581 int check_op(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
583 /* API Contract Fulfillment */
584 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
585 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
586 int execute_modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
588 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
589 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
590 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
592 explicit RGWSubUserPool(RGWUser
*user
);
595 bool exists(std::string subuser
);
596 int init(RGWUserAdminOpState
& op_state
);
598 /* API contracted methods */
599 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
600 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
601 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
603 friend class RGWUser
;
613 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
614 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
, bool defer_save
);
617 explicit RGWUserCapPool(RGWUser
*user
);
620 int init(RGWUserAdminOpState
& op_state
);
622 /* API contracted methods */
623 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
624 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
626 friend class RGWUser
;
633 RGWUserInfo old_info
;
639 void set_populated() { info_stored
= true; }
640 void clear_populated() { info_stored
= false; }
641 bool is_populated() { return info_stored
; }
643 int check_op(RGWUserAdminOpState
& req
, std::string
*err_msg
);
644 int update(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
646 void clear_members();
649 /* API Contract Fulfillment */
650 int execute_add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
651 int execute_remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
652 int execute_modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
);
658 int init(RGWRados
*storage
, RGWUserAdminOpState
& op_state
);
660 int init_storage(RGWRados
*storage
);
661 int init(RGWUserAdminOpState
& op_state
);
662 int init_members(RGWUserAdminOpState
& op_state
);
664 RGWRados
*get_store() { return store
; }
666 /* API Contracted Members */
668 RGWAccessKeyPool keys
;
669 RGWSubUserPool subusers
;
671 /* API Contracted Methods */
672 int add(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
673 int remove(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
675 /* remove an already populated RGWUser */
676 int remove(std::string
*err_msg
= NULL
);
678 int modify(RGWUserAdminOpState
& op_state
, std::string
*err_msg
= NULL
);
680 /* retrieve info from an existing user in the RGW system */
681 int info(RGWUserAdminOpState
& op_state
, RGWUserInfo
& fetched_info
, std::string
*err_msg
= NULL
);
683 /* info from an already populated RGWUser */
684 int info (RGWUserInfo
& fetched_info
, std::string
*err_msg
= NULL
);
686 friend class RGWAccessKeyPool
;
687 friend class RGWSubUserPool
;
688 friend class RGWUserCapPool
;
691 /* Wrapers for admin API functionality */
693 class RGWUserAdminOp_User
696 static int info(RGWRados
*store
,
697 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
699 static int create(RGWRados
*store
,
700 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
702 static int modify(RGWRados
*store
,
703 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
705 static int remove(RGWRados
*store
,
706 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
709 class RGWUserAdminOp_Subuser
712 static int create(RGWRados
*store
,
713 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
715 static int modify(RGWRados
*store
,
716 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
718 static int remove(RGWRados
*store
,
719 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
722 class RGWUserAdminOp_Key
725 static int create(RGWRados
*store
,
726 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
728 static int remove(RGWRados
*store
,
729 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
732 class RGWUserAdminOp_Caps
735 static int add(RGWRados
*store
,
736 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
738 static int remove(RGWRados
*store
,
739 RGWUserAdminOpState
& op_state
, RGWFormatterFlusher
& flusher
);
742 class RGWMetadataManager
;
744 extern void rgw_user_init(RGWRados
*store
);