cerr << "ERROR: failed to read input: " << cpp_strerror(-ret) << std::endl;
return -ret;
}
- ret = store->meta_mgr->put(metadata_key, bl, RGWMetadataHandler::APPLY_ALWAYS);
+ ret = store->meta_mgr->put(metadata_key, bl, RGWMetadataHandler::RGWMetadataHandler::APPLY_ALWAYS);
if (ret < 0) {
cerr << "ERROR: can't put key: " << cpp_strerror(-ret) << std::endl;
return -ret;
config.window = totp_window;
}
- int ret = store->create_mfa(user_id, config);
+ real_time mtime = real_clock::now();
+ string oid = store->get_mfa_oid(user_id);
+
+ int ret = store->meta_mgr->mutate(rgw_otp_get_handler(), oid, mtime, &objv_tracker,
+ MDLOG_STATUS_WRITE, RGWMetadataHandler::APPLY_ALWAYS,
+ [&] {
+ return store->create_mfa(user_id, config, &objv_tracker, mtime);
+ });
if (ret < 0) {
cerr << "MFA creation failed, error: " << cpp_strerror(-ret) << std::endl;
return -ret;
return EINVAL;
}
- int ret = store->remove_mfa(user_id, totp_serial);
+ real_time mtime = real_clock::now();
+ string oid = store->get_mfa_oid(user_id);
+
+ int ret = store->meta_mgr->mutate(rgw_otp_get_handler(), oid, mtime, &objv_tracker,
+ MDLOG_STATUS_WRITE, RGWMetadataHandler::APPLY_ALWAYS,
+ [&] {
+ return store->remove_mfa(user_id, totp_serial, &objv_tracker, mtime);
+ });
if (ret < 0) {
cerr << "MFA removal failed, error: " << cpp_strerror(-ret) << std::endl;
return -ret;
}
};
+RGWMetadataHandler *rgw_otp_get_handler()
+{
+ return otp_meta_handler;
+}
+
void rgw_otp_init(RGWRados *store)
{
otp_meta_handler = new RGWOTPMetadataHandler;
class RGWRados;
+class RGWMetadataHandler;
+
+RGWMetadataHandler *rgw_otp_get_handler(void);
void rgw_otp_init(RGWRados *store);
#endif
return;
}
+string RGWRados::get_mfa_oid(const rgw_user& user)
+{
+ return string("user:") + user.to_str();
+}
+
int RGWRados::get_mfa_ref(const rgw_user& user, rgw_rados_ref *ref)
{
- string oid = string("user:") + user.to_str();
+ string oid = get_mfa_oid(user);
rgw_raw_obj obj(get_zone_params().otp_pool, oid);
return get_system_obj_ref(obj, ref);
}
return (result.result == rados::cls::otp::OTP_CHECK_SUCCESS ? 0 : -EACCES);
}
-int RGWRados::create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t& config)
+void RGWRados::prepare_mfa_write(librados::ObjectWriteOperation *op,
+ RGWObjVersionTracker *objv_tracker,
+ const ceph::real_time& mtime)
+{
+ RGWObjVersionTracker ot;
+
+ if (objv_tracker) {
+ ot = *objv_tracker;
+ }
+
+ if (ot.write_version.tag.empty()) {
+ if (ot.read_version.tag.empty()) {
+ ot.generate_new_write_ver(cct);
+ } else {
+ ot.write_version = ot.read_version;
+ ot.write_version.ver++;
+ }
+ }
+
+ ot.prepare_op_for_write(op);
+ struct timespec mtime_ts = real_clock::to_timespec(mtime);
+ op->mtime2(&mtime_ts);
+}
+
+int RGWRados::create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t& config,
+ RGWObjVersionTracker *objv_tracker, const ceph::real_time& mtime)
{
rgw_rados_ref ref;
}
librados::ObjectWriteOperation op;
+ prepare_mfa_write(&op, objv_tracker, mtime);
rados::cls::otp::OTP::create(&op, config);
r = ref.ioctx.operate(ref.oid, &op);
if (r < 0) {
return 0;
}
-int RGWRados::remove_mfa(const rgw_user& user, const string& id)
+int RGWRados::remove_mfa(const rgw_user& user, const string& id,
+ RGWObjVersionTracker *objv_tracker,
+ const ceph::real_time& mtime)
{
rgw_rados_ref ref;
}
librados::ObjectWriteOperation op;
+ prepare_mfa_write(&op, objv_tracker, mtime);
rados::cls::otp::OTP::remove(&op, id);
r = ref.ioctx.operate(ref.oid, &op);
if (r < 0) {
if (r < 0) {
return r;
}
- RGWObjVersionTracker ot;
-
- if (objv_tracker) {
- ot = *objv_tracker;
- }
-
- if (ot.write_version.tag.empty()) {
- if (ot.read_version.tag.empty()) {
- ot.generate_new_write_ver(cct);
- } else {
- ot.write_version = ot.read_version;
- ot.write_version.ver++;
- }
- }
-
librados::ObjectWriteOperation op;
if (reset_obj) {
op.set_op_flags2(LIBRADOS_OP_FLAG_FAILOK);
op.create(false);
}
- ot.prepare_op_for_write(&op);
- struct timespec mtime_ts = real_clock::to_timespec(mtime);
- op.mtime2(&mtime_ts);
+ prepare_mfa_write(&op, objv_tracker, mtime);
rados::cls::otp::OTP::set(&op, entries);
r = ref.ioctx.operate(ref.oid, &op);
if (r < 0) {
list<librados::AioCompletion *>& handles, bool keep_index_consistent);
/* mfa/totp stuff */
+ private:
+ void prepare_mfa_write(librados::ObjectWriteOperation *op,
+ RGWObjVersionTracker *objv_tracker,
+ const ceph::real_time& mtime);
+ public:
+ string get_mfa_oid(const rgw_user& user);
int get_mfa_ref(const rgw_user& user, rgw_rados_ref *ref);
int check_mfa(const rgw_user& user, const string& otp_id, const string& pin);
- int create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t& config);
- int remove_mfa(const rgw_user& user, const string& id);
+ int create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t& config,
+ RGWObjVersionTracker *objv_tracker, const ceph::real_time& mtime);
+ int remove_mfa(const rgw_user& user, const string& id,
+ RGWObjVersionTracker *objv_tracker, const ceph::real_time& mtime);
int get_mfa(const rgw_user& user, const string& id, rados::cls::otp::otp_info_t *result);
int list_mfa(const rgw_user& user, list<rados::cls::otp::otp_info_t> *result);