crimson/auth: add KeyRing

Signed-off-by: Kefu Chai <kchai@redhat.com>

diff --git a/src/crimson/CMakeLists.txt b/src/crimson/CMakeLists.txt
index eef0d736c63ff86bcf1bbae9894b54fa8b588f7f..48ec8b75c90801dddd0ff19f66593377e13a1547 100644 (file)
--- a/src/crimson/CMakeLists.txt
+++ b/src/crimson/CMakeLists.txt
@@ -108,6 +108,8 @@ target_link_libraries(crimson-common
     Boost::random
     ${NSS_LIBRARIES} ${NSPR_LIBRARIES} ${OPENSSL_LIBRARIES})
 
+set(crimson_auth_srcs
+  auth/KeyRing.cc)
 set(crimson_mon_srcs
   ${PROJECT_SOURCE_DIR}/src/mon/MonMap.cc
   ${PROJECT_SOURCE_DIR}/src/mon/MonSub.cc)
@@ -120,6 +122,7 @@ set(crimson_thread_srcs
   thread/ThreadPool.cc
   thread/Throttle.cc)
 add_library(crimson STATIC
+  ${crimson_auth_srcs}
   ${crimson_mon_srcs}
   ${crimson_net_srcs}
   ${crimson_thread_srcs}

diff --git a/src/crimson/auth/KeyRing.cc b/src/crimson/auth/KeyRing.cc
new file mode 100644 (file)
index 0000000..5f82a26
--- /dev/null
+++ b/src/crimson/auth/KeyRing.cc
@@ -0,0 +1,89 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
+// vim: ts=8 sw=2 smarttab
+
+#include "KeyRing.h"
+
+#include <boost/algorithm/string.hpp>
+
+#include <seastar/core/do_with.hh>
+#include <seastar/core/fstream.hh>
+#include <seastar/core/future-util.hh>
+#include <seastar/core/reactor.hh>
+
+#include "common/buffer_seastar.h"
+#include "auth/KeyRing.h"
+#include "include/denc.h"
+#include "crimson/common/config_proxy.h"
+
+namespace ceph::auth {
+
+seastar::future<seastar::temporary_buffer<char>> read_file(const std::string& path)
+{
+  return seastar::open_file_dma(path, seastar::open_flags::ro).then([] (seastar::file f) {
+    return f.size().then([f = std::move(f)](size_t s) {
+      return seastar::do_with(seastar::make_file_input_stream(f), [s](seastar::input_stream<char>& in) {
+        return in.read_exactly(s);
+      });
+    });
+  });
+}
+
+seastar::future<KeyRing*> load_from_keyring(KeyRing* keyring)
+{
+  std::vector<std::string> paths;
+  boost::split(paths, ceph::common::local_conf()->keyring,
+               boost::is_any_of(",;"));
+  std::pair<bool, std::string> found;
+  return seastar::map_reduce(paths, [](auto path) {
+    return seastar::engine().file_exists(path).then([path](bool file_exists) {
+      return std::make_pair(file_exists, path);
+    });
+  }, std::move(found), [](auto found, auto file_exists_and_path) {
+    if (!found.first && file_exists_and_path.first) {
+      found = std::move(file_exists_and_path);
+    }
+    return found;
+  }).then([keyring] (auto file_exists_and_path) {
+    const auto& [exists, path] = file_exists_and_path;
+    if (exists) {
+      return read_file(path).then([keyring](auto buf) {
+        bufferlist bl;
+        bl.append(buffer::create(std::move(buf)));
+        auto i = bl.cbegin();
+        keyring->decode(i);
+        return seastar::make_ready_future<KeyRing*>(keyring);
+      });
+    } else {
+      return seastar::make_ready_future<KeyRing*>(keyring);
+    }
+  });
+}
+
+seastar::future<KeyRing*> load_from_keyfile(KeyRing* keyring)
+{
+  auto& path = ceph::common::local_conf()->keyfile;
+  if (!path.empty()) {
+    return read_file(path).then([keyring](auto buf) {
+      EntityAuth ea;
+      ea.key.decode_base64(std::string(buf.begin(),
+                                       buf.end()));
+      keyring->add(ceph::common::local_conf()->name, ea);
+      return seastar::make_ready_future<KeyRing*>(keyring);
+    });
+  } else {
+    return seastar::make_ready_future<KeyRing*>(keyring);
+  }
+}
+
+seastar::future<KeyRing*> load_from_key(KeyRing* keyring)
+{
+  auto& key = ceph::common::local_conf()->key;
+  if (!key.empty()) {
+    EntityAuth ea;
+    ea.key.decode_base64(key);
+    keyring->add(ceph::common::local_conf()->name, ea);
+  }
+  return seastar::make_ready_future<KeyRing*>(keyring);
+}
+
+} // namespace ceph::auth

diff --git a/src/crimson/auth/KeyRing.h b/src/crimson/auth/KeyRing.h
new file mode 100644 (file)
index 0000000..b68e638
--- /dev/null
+++ b/src/crimson/auth/KeyRing.h
@@ -0,0 +1,15 @@
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- 
+// vim: ts=8 sw=2 smarttab
+
+#pragma once
+
+#include <seastar/core/future.hh>
+
+class KeyRing;
+
+namespace ceph::auth {
+  // see KeyRing::from_ceph_context
+  seastar::future<KeyRing*> load_from_keyring(KeyRing* keyring);
+  seastar::future<KeyRing*> load_from_keyfile(KeyRing* keyring);
+  seastar::future<KeyRing*> load_from_key(KeyRing* keyring);
+}