// put the ticket in the ticket map
// **
- user_ticket[uid] = m->get_ticket();
+ cout << "Got ticket for uid: " << uid << endl;
+ user_ticket[uid] = m->getTicket();
// wait up the waiter(s)
+ // this signals all ticket waiters
cout << "Entering for loop" << endl;
for (list<Cond*>::iterator p = ticket_waiter_cond[uid].begin();
p != ticket_waiter_cond[uid].end();
Ticket *Client::get_user_ticket(uid_t uid, gid_t gid)
{
+ cout << "Requesting ticket for uid: " << uid << ", gid: " << gid << endl;
// do we already have it?
if (user_ticket.count(uid) == 0) {
Cond cond;
string username; // i don't know!
- string key; // ...
+ string key; // get from cache or make it now
+
+ // no key, make one now
+ // this should be a function with some
+ // security stuff (password) to gen key
+ if (user_pub_key.count(uid) == 0) {
+ esignPriv privKey = esignPrivKey("crypto/esig1536.dat");
+ esignPub pubKey = esignPubKey(privKey);
+ user_priv_key[uid] = &privKey;
+ user_pub_key[uid] = &pubKey;
+ }
+ key = pubToString(*(user_pub_key[uid]));
+ // if no one has already requested the ticket
if (ticket_waiter_cond.count(uid) == 0) {
// request from monitor
int mon = monmap->pick_mon();
cout << "Waiting for a Wait" << endl;
// naively assume we'll get a ticket FIXME
- while (user_ticket.count(uid) == 0)
+ while (user_ticket.count(uid) == 0) {
+ cout << "user_ticket.count(uid) = " << user_ticket.count(uid) << endl;
cond.Wait(client_lock);
+ }
cout << "Did I break the loop?" << endl;
}
client_lock.Lock();
Ticket *tk = get_user_ticket(getuid(), getgid());
- cout << "Returned from ticket call" << endl;
+
if (!tk) {
client_lock.Unlock();
return -EPERM;
map<uid_t,Ticket*> user_ticket;
map<uid_t,int> user_ticket_ref;
map<uid_t,list<Cond*> > ticket_waiter_cond;
+ map<uid_t,esignPub*> user_pub_key;
+ map<uid_t,esignPriv*> user_priv_key;
- // user map?
- //map<uid_t>
+ // user map
+ //map<uid_t, User*> user_identity;
Ticket *get_user_ticket(uid_t uid, gid_t gid);
void put_user_ticket(Ticket *tk);
// messaging
void dispatch(Message *m);
-
void handle_mount_ack(class MClientMountAck*);
void handle_unmount_ack(Message*);
void handle_mds_map(class MMDSMap *m);
}
void sign_ticket(esignPriv privKey) {
- cout << "Trying to SIGN ticket" << endl << endl;
byte ticketArray[sizeof(identity)];
memcpy(ticketArray, &identity, sizeof(identity));
signature = esignSig(ticketArray, sizeof(identity), privKey);
}
bool verif_ticket (esignPub pubKey) {
- cout << "Verifying ticket" << endl << endl;
byte ticketArray[sizeof(identity)];
memcpy(ticketArray, &identity, sizeof(identity));
signature.Assign(allocSig, allocSig.size());
void decode(bufferlist& blist, int& off) {
- cout << "About to decode BL ticket" << endl;
- //int off = 0;
blist.copy(off, sizeof(identity.uid), (char*)&(identity.uid));
off += sizeof(identity.uid);
+ cout << "Decoded uid: " << identity.uid << endl;
blist.copy(off, sizeof(identity.gid), (char*)&(identity.gid));
off += sizeof(identity.gid);
blist.copy(off, sizeof(identity.t_s), (char*)&(identity.t_s));
_decode(identity.username, blist, off);
_decode(identity.pubKey, blist, off);
- cout << "Decoded BL ticket OK" << endl;
-
}
void encode(bufferlist& blist) {
- cout << "About to encode ticket" << endl;
+
blist.append((char*)&(identity.uid), sizeof(identity.uid));
blist.append((char*)&(identity.gid), sizeof(identity.gid));
blist.append((char*)&(identity.t_s), sizeof(identity.t_s));
blist.append((char*)&(identity.t_e), sizeof(identity.t_e));
blist.append((char*)&allocSig, sizeof(allocSig));
//blist.append((char*)&identity, sizeof(identity));
- cout << "Encoded ticket OK" << endl;
_encode(identity.iv, blist);
_encode(identity.username, blist);
#include "crypto/Ticket.h"
class MClientAuthUserAck : public Message {
- //bufferlist ticketBL;
Ticket myTicket;
+
public:
MClientAuthUserAck() : Message(MSG_CLIENT_AUTH_USER_ACK) {
}
MClientAuthUserAck(Ticket *ticket) : Message(MSG_CLIENT_AUTH_USER_ACK) {
- //ticket->encode(ticketBL);
myTicket = (*ticket);
}
char *get_type_name() { return "client_auth_user_ack"; }
- uid_t get_uid() { return 0; } // fixme
+ uid_t get_uid() { return myTicket.get_uid(); } // fixme
Ticket *getTicket() {
return &myTicket;
}
void decode_payload() {
- cout << "Trying decode payload ACK" << endl;
int off = 0;
- //::_decode(myTicket, payload, off);
myTicket.decode(payload, off);
- cout << "ACK Decoded OK" << endl;
}
void encode_payload() {
- cout << "Trying encode payload ACK" << endl;
- //::_encode(myTicket, payload);
myTicket.encode(payload);
- cout << "ACK Encoded OK" << endl;
}
};
#include "common/Timer.h"
-#include "crypto/Ticket.h"
-
#include "config.h"
#undef dout
#define dout(l) if (l<=g_conf.debug || l<=g_conf.debug_mon) cout << g_clock.now() << " mon" << mon->whoami << (mon->is_starting() ? (const char*)"(starting)":(mon->is_leader() ? (const char*)"(leader)":(mon->is_peon() ? (const char*)"(peon)":(const char*)"(?\?)"))) << ".client "
dout(7) << "client_auth_user from " << m->get_source() << " at " << m->get_source_inst() << endl;
assert(m->get_source().is_client());
//int from = m->get_source().num();
+
+ Ticket *userTicket;
// grab information
uid_t uid = m->get_uid();
- gid_t gid = m->get_gid();
- // ticket time = 60 minutes (too long, only for debug)
- utime_t t_s = g_clock.now();
- utime_t t_e = t_s;
- t_e += 3600;
- string name = "unknown";
- string key = m->get_str_key();
-
-
- // create iv
- char iv[RJBLOCKSIZE];
- memset(iv, 0x01, RJBLOCKSIZE); // worthless right now
- string k_0 = iv;
-
- // create a ticket
- Ticket userTicket(uid, gid, t_s, t_e, k_0, name, key);
-
- // sign the ticket
- userTicket.sign_ticket(mon->myPrivKey);
- cout << "SIGNED THE TICKET SUCCESFULY?" << endl << endl;
-
- // test the verification
- if (userTicket.verif_ticket(mon->myPubKey))
- cout << "Verification succeeded" << endl;
+ // do we have a ticket already?
+ // user should be able to make new ticket eventually
+ if (user_tickets.count(uid) == 0) {
+ gid_t gid = m->get_gid();
+ // ticket time = 60 minutes (too long? too short?)
+ utime_t t_s = g_clock.now();
+ utime_t t_e = t_s;
+ t_e += 3600;
+ string name = "unknown";
+ string key = m->get_str_key();
+
+ // create iv
+ char iv[RJBLOCKSIZE];
+ memset(iv, 0x01, RJBLOCKSIZE); // worthless right now
+ string k_0 = iv;
+
+ // create a ticket
+ userTicket = new Ticket(uid, gid, t_s, t_e, k_0, name, key);
+
+ // sign the ticket
+ userTicket->sign_ticket(mon->myPrivKey);
+
+ // test the verification
+ //if (userTicket.verif_ticket(mon->myPubKey))
+ // cout << "Verification succeeded" << endl;
+ //else
+ // cout << "Verification failed" << endl;
+
+ // cache the ticket
+ user_tickets[uid] = userTicket;
+ }
else
- cout << "Verification failed" << endl;
-
- // cache the ticket?
-
+ userTicket = user_tickets[uid];
// reply to auth_user
- cout << "send_ticket to " << m->get_source() <<
- " inst " << m->get_source_inst() << endl;
- messenger->send_message(new MClientAuthUserAck(&userTicket),
+ messenger->send_message(new MClientAuthUserAck(userTicket),
m->get_source(), m->get_source_inst());
- cout << "ACK Ticket sent to " << m->get_source() << endl;
}
-void ClientMonitor::send_ticket(msg_addr_t dest, const entity_inst_t& inst) {
- cout << "send_ticket to " << dest << " inst " << inst << endl;
- //messenger->send_message(new MClientAuthUserAck(&userTicket), dest, inst);
-}
-
/*
void ClientMonitor::handle_mds_shutdown(Message *m)
{
#include "crypto/CryptoLib.h"
using namespace CryptoLib;
+#include "crypto/Ticket.h"
+
class Monitor;
class ClientMonitor : public Dispatcher {
private:
int num_clients;
map<msg_addr_t,entity_inst_t> client_map;
+ map<uid_t, Ticket*> user_tickets;
void bcast_latest_mds();
projects / ceph.git / commitdiff