mon: add 'auth export ]name]' to export a full or partial keyring

diff --git a/src/auth/KeyRing.h b/src/auth/KeyRing.h
index 186c8489671b239d540c361d9312ebdaa8249016..bbd250b82f6ac71c9224b728561f380298c41dac 100644 (file)
--- a/src/auth/KeyRing.h
+++ b/src/auth/KeyRing.h
@@ -49,7 +49,7 @@ public:
   }
 
   // modifiers
-  void add(EntityName& name, EntityAuth &a) {
+  void add(const EntityName& name, EntityAuth &a) {
     keys[name] = a;
   }
   void set_caps(EntityName& name, map<string, bufferlist>& caps) {

diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 141e332524ecfc5e0bd6dc83d295cd498f04aaaf..cfc4448ce2d768973ef8b467f17f3b30597799a8 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -17,6 +17,7 @@
 
 #include "config.h"
 
+#include "auth/KeyRing.h"
 #include "CephxProtocol.h"
 
 #include "common/Timer.h"
@@ -234,6 +235,13 @@ public:
     Mutex::Locker l(lock);
     dst = data;
   }
+  void export_keyring(KeyRing& keyring) {
+    for (map<EntityName, EntityAuth>::iterator p = data.secrets.begin();
+        p != data.secrets.end();
+        p++) {
+      keyring.add(p->first, p->second);
+    }
+  }
 
   bool updated_rotating(bufferlist& rotating_bl, version_t& rotating_ver);
 

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index cf5693739b0e0633edbaba76db292cc6641408de..ea82f70c95e92826f383d7026c7bf6afc15595a6 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -465,17 +465,52 @@ bool AuthMonitor::preprocess_command(MMonCommand *m)
         m->cmd[1] == "list") {
       return false;
     }
+    else if (m->cmd[1] == "export") {
+      KeyRing keyring;
+      export_keyring(keyring);
+      if (m->cmd.size() > 2) {
+       EntityName ename;
+       EntityAuth eauth;
+       if (ename.from_str(m->cmd[2])) {
+         if (keyring.get_auth(ename, eauth)) {
+           KeyRing kr;
+           kr.add(ename, eauth);
+           ::encode(kr, rdata);
+           ss << "export " << eauth;
+           r = 0;
+         } else {
+           ss << "no key for " << eauth;
+           r = -ENOENT;
+         }
+       } else {
+         ss << "invalid entity_auth " << m->cmd[2];
+         r = -EINVAL;
+       }
+      } else {
+       ::encode(keyring, rdata);
+       ss << "exported master keyring";
+       r = 0;
+      }
+    } else {
+      auth_usage(ss);
+      r = -EINVAL;
+    }
+  } else {
+    auth_usage(ss);
+    r = -EINVAL;
   }
 
-  auth_usage(ss);
-  r = -EINVAL;
-
   string rs;
   getline(ss, rs, '\0');
   mon->reply_command(m, r, rs, rdata, paxos->get_version());
   return true;
 }
 
+void AuthMonitor::export_keyring(KeyRing& keyring)
+{
+  mon->key_server.export_keyring(keyring);
+}
+
 void AuthMonitor::import_keyring(KeyRing& keyring)
 {
   for (map<EntityName, EntityAuth>::iterator p = keyring.get_keys().begin();

diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h
index b97e178faafc15ae02fa9ef135a61ceba2004f9d..d70da029ea7abe3f5199d9ed461e96144f1e53ff 100644 (file)
--- a/src/mon/AuthMonitor.h
+++ b/src/mon/AuthMonitor.h
@@ -79,6 +79,7 @@ private:
   uint64_t max_global_id;
   uint64_t last_allocated_id;
 
+  void export_keyring(KeyRing& keyring);
   void import_keyring(KeyRing& keyring);
 
   void push_cephx_inc(KeyServerData::Incremental& auth_inc) {