From: Yehuda Sadeh Date: Sun, 3 Dec 2017 14:31:18 +0000 (-0800) Subject: rgw-admin, cls/otp: get current time for otp resync from osd X-Git-Tag: v13.1.0~343^2~10 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7210b9dbfca90e87514162b9f63ad2a28865682c;p=ceph.git rgw-admin, cls/otp: get current time for otp resync from osd add a new method to the otp objclass that returns the current time. Signed-off-by: Yehuda Sadeh --- diff --git a/src/cls/otp/cls_otp.cc b/src/cls/otp/cls_otp.cc index a8ca2b5afae..9c3e54bfae4 100644 --- a/src/cls/otp/cls_otp.cc +++ b/src/cls/otp/cls_otp.cc @@ -466,6 +466,26 @@ static int otp_get_result(cls_method_context_t hctx, return 0; } +static int otp_get_current_time_op(cls_method_context_t hctx, + bufferlist *in, bufferlist *out) +{ + CLS_LOG(20, "%s", __func__); + cls_otp_get_current_time_op op; + try { + auto iter = in->begin(); + ::decode(op, iter); + } catch (const buffer::error &err) { + CLS_ERR("ERROR: %s(): failed to decode request", __func__); + return -EINVAL; + } + + cls_otp_get_current_time_reply reply; + reply.time = real_clock::now(); + ::encode(reply, *out); + + return 0; +} + CLS_INIT(otp) { CLS_LOG(20, "Loaded otp class!"); @@ -488,6 +508,7 @@ CLS_INIT(otp) * to authenticate. */ cls_method_handle_t h_remove_otp_op; + cls_method_handle_t h_get_current_time_op; cls_register("otp", &h_class); cls_register_cxx_method(h_class, "otp_set", @@ -505,6 +526,9 @@ CLS_INIT(otp) cls_register_cxx_method(h_class, "otp_remove", CLS_METHOD_RD | CLS_METHOD_WR, otp_remove_op, &h_remove_otp_op); + cls_register_cxx_method(h_class, "get_current_time", + CLS_METHOD_RD, + otp_get_current_time_op, &h_get_current_time_op); return; } diff --git a/src/cls/otp/cls_otp_client.cc b/src/cls/otp/cls_otp_client.cc index 2aed1d26949..126e46d5eeb 100644 --- a/src/cls/otp/cls_otp_client.cc +++ b/src/cls/otp/cls_otp_client.cc @@ -157,6 +157,35 @@ namespace rados { return get(op, ioctx, oid, nullptr, true, result); } + int OTP::get_current_time(librados::IoCtx& ioctx, const string& oid, + ceph::real_time *result) { + cls_otp_get_current_time_op op; + bufferlist in; + bufferlist out; + int op_ret; + ::encode(op, in); + ObjectReadOperation rop; + rop.exec("otp", "get_current_time", in, &out, &op_ret); + int r = ioctx.operate(oid, &rop, nullptr); + if (r < 0) { + return r; + } + if (op_ret < 0) { + return op_ret; + } + + cls_otp_get_current_time_reply ret; + auto iter = out.begin(); + try { + ::decode(ret, iter); + } catch (buffer::error& err) { + return -EBADMSG; + } + + *result = ret.time; + + return 0; + } } // namespace otp } // namespace cls } // namespace rados diff --git a/src/cls/otp/cls_otp_client.h b/src/cls/otp/cls_otp_client.h index 9708f94acb1..c4f4ea4acaa 100644 --- a/src/cls/otp/cls_otp_client.h +++ b/src/cls/otp/cls_otp_client.h @@ -31,6 +31,8 @@ namespace rados { list *result); static int check(CephContext *cct, librados::IoCtx& ioctx, const string& oid, const string& id, const string& val, otp_check_t *result); + static int get_current_time(librados::IoCtx& ioctx, const string& oid, + ceph::real_time *result); }; class TOTPConfig { diff --git a/src/cls/otp/cls_otp_ops.h b/src/cls/otp/cls_otp_ops.h index 86ea9f4126f..a9642d7f872 100644 --- a/src/cls/otp/cls_otp_ops.h +++ b/src/cls/otp/cls_otp_ops.h @@ -147,4 +147,34 @@ struct cls_otp_get_otp_reply }; WRITE_CLASS_ENCODER(cls_otp_get_otp_reply) +struct cls_otp_get_current_time_op +{ + void encode(bufferlist &bl) const { + ENCODE_START(1, 1, bl); + ENCODE_FINISH(bl); + } + void decode(bufferlist::iterator &bl) { + DECODE_START(1, bl); + DECODE_FINISH(bl); + } +}; +WRITE_CLASS_ENCODER(cls_otp_get_current_time_op) + +struct cls_otp_get_current_time_reply +{ + ceph::real_time time; + + void encode(bufferlist &bl) const { + ENCODE_START(1, 1, bl); + ::encode(time, bl); + ENCODE_FINISH(bl); + } + void decode(bufferlist::iterator &bl) { + DECODE_START(1, bl); + ::decode(time, bl); + DECODE_FINISH(bl); + } +}; +WRITE_CLASS_ENCODER(cls_otp_get_current_time_reply) + #endif diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index c6e601a3f47..58a159d72e3 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -7543,8 +7543,13 @@ next: return -ret; } - ceph::real_time now = real_clock::now(); // need to get it from the osd + ceph::real_time now; + ret = store->otp_get_current_time(user_id, &now); + if (ret < 0) { + cerr << "ERROR: failed to fetch current time from osd: " << cpp_strerror(-ret) << std::endl; + return -ret; + } time_t time_ofs; ret = scan_totp(store->ctx(), now, config, totp_pin, &time_ofs); diff --git a/src/rgw/rgw_rados.cc b/src/rgw/rgw_rados.cc index 1c02c4362b8..6f0069f0cce 100644 --- a/src/rgw/rgw_rados.cc +++ b/src/rgw/rgw_rados.cc @@ -14296,6 +14296,23 @@ int RGWRados::list_mfa(const rgw_user& user, list * return 0; } +int RGWRados::otp_get_current_time(const rgw_user& user, ceph::real_time *result) +{ + rgw_rados_ref ref; + + int r = get_mfa_ref(user, &ref); + if (r < 0) { + return r; + } + + r = rados::cls::otp::OTP::get_current_time(ref.ioctx, ref.oid, result); + if (r < 0) { + return r; + } + + return 0; +} + int RGWRados::set_mfa(const string& oid, const list& entries, bool reset_obj, RGWObjVersionTracker *objv_tracker, const real_time& mtime) diff --git a/src/rgw/rgw_rados.h b/src/rgw/rgw_rados.h index de8eeb5fbf9..8601600e394 100644 --- a/src/rgw/rgw_rados.h +++ b/src/rgw/rgw_rados.h @@ -3730,6 +3730,7 @@ public: RGWObjVersionTracker *objv_tracker, const ceph::real_time& mtime); int get_mfa(const rgw_user& user, const string& id, rados::cls::otp::otp_info_t *result); int list_mfa(const rgw_user& user, list *result); + int otp_get_current_time(const rgw_user& user, ceph::real_time *result); /* mfa interfaces used by metadata engine */ int set_mfa(const string& oid, const list& entries, bool reset_obj,