diff options
Diffstat (limited to 'src/crimson/auth')
| -rw-r--r-- | src/crimson/auth/Errors.cc | 31 | ||||
| -rw-r--r-- | src/crimson/auth/Errors.h | 37 | ||||
| -rw-r--r-- | src/crimson/auth/KeyRing.cc | 89 | ||||
| -rw-r--r-- | src/crimson/auth/KeyRing.h | 15 |
4 files changed, 172 insertions, 0 deletions
diff --git a/src/crimson/auth/Errors.cc b/src/crimson/auth/Errors.cc new file mode 100644 index 00000000..c5f1b8d8 --- /dev/null +++ b/src/crimson/auth/Errors.cc @@ -0,0 +1,31 @@ +#include "Errors.h" + +namespace ceph::net { + +const std::error_category& auth_category() +{ + struct category : public std::error_category { + const char* name() const noexcept override { + return "ceph::auth"; + } + + std::string message(int ev) const override { + switch (static_cast<error>(ev)) { + case error::success: + return "success", + case error::key_not_found: + return "key not found"; + case error::invalid_key: + return "corrupted key"; + case error::unknown_service: + return "unknown service"; + default: + return "unknown"; + } + } + }; + static category instance; + return instance; +} + +} // namespace ceph::auth diff --git a/src/crimson/auth/Errors.h b/src/crimson/auth/Errors.h new file mode 100644 index 00000000..92f5c733 --- /dev/null +++ b/src/crimson/auth/Errors.h @@ -0,0 +1,37 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#pragma once + +namespace ceph::auth { + +enum class error { + success = 0, + key_not_found, + invalid_key, + unknown_service, // no ticket handler for required service +}; + +const std::error_category& auth_category(); + +inline std::error_code make_error_code(error e) +{ + return {static_cast<int>(e), auth_category()}; +} + +inline std::error_condition make_error_condition(error e) +{ + return {static_cast<int>(e), auth_category()}; +} + +class auth_error : public std::runtime_error {}; + +} // namespace ceph::auth + +namespace std { + +/// enables implicit conversion to std::error_condition +template <> +struct is_error_condition_enum<ceph::auth::error> : public true_type {}; + +} // namespace std diff --git a/src/crimson/auth/KeyRing.cc b/src/crimson/auth/KeyRing.cc new file mode 100644 index 00000000..5f82a262 --- /dev/null +++ b/src/crimson/auth/KeyRing.cc @@ -0,0 +1,89 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#include "KeyRing.h" + +#include <boost/algorithm/string.hpp> + +#include <seastar/core/do_with.hh> +#include <seastar/core/fstream.hh> +#include <seastar/core/future-util.hh> +#include <seastar/core/reactor.hh> + +#include "common/buffer_seastar.h" +#include "auth/KeyRing.h" +#include "include/denc.h" +#include "crimson/common/config_proxy.h" + +namespace ceph::auth { + +seastar::future<seastar::temporary_buffer<char>> read_file(const std::string& path) +{ + return seastar::open_file_dma(path, seastar::open_flags::ro).then([] (seastar::file f) { + return f.size().then([f = std::move(f)](size_t s) { + return seastar::do_with(seastar::make_file_input_stream(f), [s](seastar::input_stream<char>& in) { + return in.read_exactly(s); + }); + }); + }); +} + +seastar::future<KeyRing*> load_from_keyring(KeyRing* keyring) +{ + std::vector<std::string> paths; + boost::split(paths, ceph::common::local_conf()->keyring, + boost::is_any_of(",;")); + std::pair<bool, std::string> found; + return seastar::map_reduce(paths, [](auto path) { + return seastar::engine().file_exists(path).then([path](bool file_exists) { + return std::make_pair(file_exists, path); + }); + }, std::move(found), [](auto found, auto file_exists_and_path) { + if (!found.first && file_exists_and_path.first) { + found = std::move(file_exists_and_path); + } + return found; + }).then([keyring] (auto file_exists_and_path) { + const auto& [exists, path] = file_exists_and_path; + if (exists) { + return read_file(path).then([keyring](auto buf) { + bufferlist bl; + bl.append(buffer::create(std::move(buf))); + auto i = bl.cbegin(); + keyring->decode(i); + return seastar::make_ready_future<KeyRing*>(keyring); + }); + } else { + return seastar::make_ready_future<KeyRing*>(keyring); + } + }); +} + +seastar::future<KeyRing*> load_from_keyfile(KeyRing* keyring) +{ + auto& path = ceph::common::local_conf()->keyfile; + if (!path.empty()) { + return read_file(path).then([keyring](auto buf) { + EntityAuth ea; + ea.key.decode_base64(std::string(buf.begin(), + buf.end())); + keyring->add(ceph::common::local_conf()->name, ea); + return seastar::make_ready_future<KeyRing*>(keyring); + }); + } else { + return seastar::make_ready_future<KeyRing*>(keyring); + } +} + +seastar::future<KeyRing*> load_from_key(KeyRing* keyring) +{ + auto& key = ceph::common::local_conf()->key; + if (!key.empty()) { + EntityAuth ea; + ea.key.decode_base64(key); + keyring->add(ceph::common::local_conf()->name, ea); + } + return seastar::make_ready_future<KeyRing*>(keyring); +} + +} // namespace ceph::auth diff --git a/src/crimson/auth/KeyRing.h b/src/crimson/auth/KeyRing.h new file mode 100644 index 00000000..b68e6389 --- /dev/null +++ b/src/crimson/auth/KeyRing.h @@ -0,0 +1,15 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#pragma once + +#include <seastar/core/future.hh> + +class KeyRing; + +namespace ceph::auth { + // see KeyRing::from_ceph_context + seastar::future<KeyRing*> load_from_keyring(KeyRing* keyring); + seastar::future<KeyRing*> load_from_keyfile(KeyRing* keyring); + seastar::future<KeyRing*> load_from_key(KeyRing* keyring); +} |