void KeyRing::print(ostream& out)
{
- for (map<string, EntityAuth>::iterator p = keys.begin();
+ for (map<EntityName, EntityAuth>::iterator p = keys.begin();
p != keys.end();
++p) {
- string n = p->first;
- if (n.empty()) {
- out << "<default key>" << std::endl;
- } else {
- out << n << std::endl;
- }
+ out << p->first << std::endl;
out << "\tkey: " << p->second.key << std::endl;
for (map<string, bufferlist>::iterator q = p->second.caps.begin();
void KeyRing::import(KeyRing& other)
{
- for (map<string, EntityAuth>::iterator p = other.keys.begin();
+ for (map<EntityName, EntityAuth>::iterator p = other.keys.begin();
p != other.keys.end();
++p) {
dout(10) << " importing " << p->first << " " << p->second << dendl;
#include "auth/Auth.h"
class KeyRing : public KeyStore {
- map<string, EntityAuth> keys;
+ map<EntityName, EntityAuth> keys;
public:
- map<string, EntityAuth>& get_keys() { return keys; } // yuck
+ map<EntityName, EntityAuth>& get_keys() { return keys; } // yuck
bool load(const char *filename);
void print(ostream& out);
// accessors
bool get_auth(EntityName& name, EntityAuth &a) {
- string n = name.to_str();
- if (keys.count(n)) {
- a = keys[n];
+ if (keys.count(name)) {
+ a = keys[name];
return true;
}
return false;
}
bool get_secret(EntityName& name, CryptoKey& secret) {
- string n = name.to_str();
- if (keys.count(n)) {
- secret = keys[n].key;
+ if (keys.count(name)) {
+ secret = keys[name].key;
return true;
}
return false;
// modifiers
void add(EntityName& name, EntityAuth &a) {
- string s = name.to_str();
- keys[s] = a;
+ keys[name] = a;
}
void set_caps(EntityName& name, map<string, bufferlist>& caps) {
- string s = name.to_str();
- keys[s].caps = caps;
+ keys[name].caps = caps;
}
void import(KeyRing& other);
} catch (buffer::error *err) {
cerr << "error reading file " << g_conf.keyring << std::endl;
}
- if (read_ok) {
- string def;
- import_keyring(keyring, def);
- }
+ if (read_ok)
+ import_keyring(keyring);
}
}
return true;
}
-void AuthMonitor::import_keyring(KeyRing& keyring, string& def)
+void AuthMonitor::import_keyring(KeyRing& keyring)
{
- for (map<string, EntityAuth>::iterator p = keyring.get_keys().begin();
+ for (map<EntityName, EntityAuth>::iterator p = keyring.get_keys().begin();
p != keyring.get_keys().end();
p++) {
KeyServerData::Incremental auth_inc;
- if (p->first.empty()) {
- if (def.empty())
- continue;
- if (!auth_inc.name.from_str(def)) {
- dout(0) << "bad entity name" << def << dendl;
- }
- } else {
- if (!auth_inc.name.from_str(p->first)) {
- dout(0) << "bad entity name " << p->first << dendl;
- continue;
- }
- }
+ auth_inc.name = p->first;
auth_inc.auth = p->second;
auth_inc.op = KeyServerData::AUTH_INC_ADD;
dout(10) << " importing " << auth_inc.name << " " << auth_inc.auth << dendl;
// nothing here yet
if (m->cmd.size() > 1) {
- if (m->cmd[1] == "add" && m->cmd.size() >= 2) {
- string entity_name;
+ if (m->cmd[1] == "import") {
+ bufferlist bl = m->get_data();
+ bufferlist::iterator iter = bl.begin();
+ KeyRing keyring;
+ try {
+ ::decode(keyring, iter);
+ } catch (buffer::error *err) {
+ ss << "error decoding keyring";
+ rs = -EINVAL;
+ goto done;
+ }
+ import_keyring(keyring);
+ ss << "imported keyring";
+ getline(ss, rs);
+ paxos->wait_for_commit(new Monitor::C_Command(mon, m, 0, rs, paxos->get_version()));
+ return true;
+ }
+ else if (m->cmd[1] == "add" && m->cmd.size() >= 2) {
KeyServerData::Incremental auth_inc;
if (m->cmd.size() >= 3) {
- entity_name = m->cmd[2];
- if (!auth_inc.name.from_str(entity_name)) {
+ if (!auth_inc.name.from_str(m->cmd[2])) {
ss << "bad entity name";
rs = -EINVAL;
goto done;
goto done;
}
- import_keyring(keyring, entity_name);
- ss << "updated";
+ if (!keyring.get_auth(auth_inc.name, auth_inc.auth)) {
+ ss << "key for " << auth_inc.name << " not found in provided keyring";
+ rs = -EINVAL;
+ goto done;
+ }
+ auth_inc.op = KeyServerData::AUTH_INC_ADD;
+ dout(10) << " importing " << auth_inc.name << " " << auth_inc.auth << dendl;
+ push_cephx_inc(auth_inc);
+
+ ss << "added key for " << auth_inc.name;
getline(ss, rs);
paxos->wait_for_commit(new Monitor::C_Command(mon, m, 0, rs, paxos->get_version()));
return true;
- } else if (m->cmd[1] == "del" && m->cmd.size() >= 3) {
+ }
+ else if (m->cmd[1] == "del" && m->cmd.size() >= 3) {
string name = m->cmd[2];
KeyServerData::Incremental auth_inc;
auth_inc.name.from_str(name);
getline(ss, rs);
paxos->wait_for_commit(new Monitor::C_Command(mon, m, 0, rs, paxos->get_version()));
return true;
- } else if (m->cmd[1] == "list") {
+ }
+ else if (m->cmd[1] == "list") {
mon->key_server.list_secrets(ss);
err = 0;
goto done;
- } else {
+ }
+ else {
auth_usage(ss);
}
} else {
projects / ceph.git / commitdiff