From: Yehuda Sadeh Date: Thu, 30 Nov 2017 13:49:15 +0000 (-0800) Subject: rgw_admin: use metadata mutate for mfa updates X-Git-Tag: v13.1.0~343^2~15 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=bcf3432f0a9f258bc32881b553db525556385f3b;p=ceph.git rgw_admin: use metadata mutate for mfa updates Signed-off-by: Yehuda Sadeh --- diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc index 9350ae5752c..bd7df8dc86a 100644 --- a/src/rgw/rgw_admin.cc +++ b/src/rgw/rgw_admin.cc @@ -6240,7 +6240,7 @@ next: cerr << "ERROR: failed to read input: " << cpp_strerror(-ret) << std::endl; return -ret; } - ret = store->meta_mgr->put(metadata_key, bl, RGWMetadataHandler::APPLY_ALWAYS); + ret = store->meta_mgr->put(metadata_key, bl, RGWMetadataHandler::RGWMetadataHandler::APPLY_ALWAYS); if (ret < 0) { cerr << "ERROR: can't put key: " << cpp_strerror(-ret) << std::endl; return -ret; @@ -7325,7 +7325,14 @@ next: config.window = totp_window; } - int ret = store->create_mfa(user_id, config); + real_time mtime = real_clock::now(); + string oid = store->get_mfa_oid(user_id); + + int ret = store->meta_mgr->mutate(rgw_otp_get_handler(), oid, mtime, &objv_tracker, + MDLOG_STATUS_WRITE, RGWMetadataHandler::APPLY_ALWAYS, + [&] { + return store->create_mfa(user_id, config, &objv_tracker, mtime); + }); if (ret < 0) { cerr << "MFA creation failed, error: " << cpp_strerror(-ret) << std::endl; return -ret; @@ -7353,7 +7360,14 @@ next: return EINVAL; } - int ret = store->remove_mfa(user_id, totp_serial); + real_time mtime = real_clock::now(); + string oid = store->get_mfa_oid(user_id); + + int ret = store->meta_mgr->mutate(rgw_otp_get_handler(), oid, mtime, &objv_tracker, + MDLOG_STATUS_WRITE, RGWMetadataHandler::APPLY_ALWAYS, + [&] { + return store->remove_mfa(user_id, totp_serial, &objv_tracker, mtime); + }); if (ret < 0) { cerr << "MFA removal failed, error: " << cpp_strerror(-ret) << std::endl; return -ret; diff --git a/src/rgw/rgw_otp.cc b/src/rgw/rgw_otp.cc index 55ae10f2b96..263293ffea4 100644 --- a/src/rgw/rgw_otp.cc +++ b/src/rgw/rgw_otp.cc @@ -146,6 +146,11 @@ public: } }; +RGWMetadataHandler *rgw_otp_get_handler() +{ + return otp_meta_handler; +} + void rgw_otp_init(RGWRados *store) { otp_meta_handler = new RGWOTPMetadataHandler; diff --git a/src/rgw/rgw_otp.h b/src/rgw/rgw_otp.h index c3e4106b7e2..544913430d5 100644 --- a/src/rgw/rgw_otp.h +++ b/src/rgw/rgw_otp.h @@ -6,6 +6,9 @@ class RGWRados; +class RGWMetadataHandler; + +RGWMetadataHandler *rgw_otp_get_handler(void); void rgw_otp_init(RGWRados *store); #endif diff --git a/src/rgw/rgw_rados.cc b/src/rgw/rgw_rados.cc index 27f2270b5fe..1c02c4362b8 100644 --- a/src/rgw/rgw_rados.cc +++ b/src/rgw/rgw_rados.cc @@ -14161,9 +14161,14 @@ void RGWRados::call_zap() { return; } +string RGWRados::get_mfa_oid(const rgw_user& user) +{ + return string("user:") + user.to_str(); +} + int RGWRados::get_mfa_ref(const rgw_user& user, rgw_rados_ref *ref) { - string oid = string("user:") + user.to_str(); + string oid = get_mfa_oid(user); rgw_raw_obj obj(get_zone_params().otp_pool, oid); return get_system_obj_ref(obj, ref); } @@ -14188,7 +14193,32 @@ int RGWRados::check_mfa(const rgw_user& user, const string& otp_id, const string return (result.result == rados::cls::otp::OTP_CHECK_SUCCESS ? 0 : -EACCES); } -int RGWRados::create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t& config) +void RGWRados::prepare_mfa_write(librados::ObjectWriteOperation *op, + RGWObjVersionTracker *objv_tracker, + const ceph::real_time& mtime) +{ + RGWObjVersionTracker ot; + + if (objv_tracker) { + ot = *objv_tracker; + } + + if (ot.write_version.tag.empty()) { + if (ot.read_version.tag.empty()) { + ot.generate_new_write_ver(cct); + } else { + ot.write_version = ot.read_version; + ot.write_version.ver++; + } + } + + ot.prepare_op_for_write(op); + struct timespec mtime_ts = real_clock::to_timespec(mtime); + op->mtime2(&mtime_ts); +} + +int RGWRados::create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t& config, + RGWObjVersionTracker *objv_tracker, const ceph::real_time& mtime) { rgw_rados_ref ref; @@ -14198,6 +14228,7 @@ int RGWRados::create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t } librados::ObjectWriteOperation op; + prepare_mfa_write(&op, objv_tracker, mtime); rados::cls::otp::OTP::create(&op, config); r = ref.ioctx.operate(ref.oid, &op); if (r < 0) { @@ -14208,7 +14239,9 @@ int RGWRados::create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t return 0; } -int RGWRados::remove_mfa(const rgw_user& user, const string& id) +int RGWRados::remove_mfa(const rgw_user& user, const string& id, + RGWObjVersionTracker *objv_tracker, + const ceph::real_time& mtime) { rgw_rados_ref ref; @@ -14218,6 +14251,7 @@ int RGWRados::remove_mfa(const rgw_user& user, const string& id) } librados::ObjectWriteOperation op; + prepare_mfa_write(&op, objv_tracker, mtime); rados::cls::otp::OTP::remove(&op, id); r = ref.ioctx.operate(ref.oid, &op); if (r < 0) { @@ -14272,21 +14306,6 @@ int RGWRados::set_mfa(const string& oid, const list if (r < 0) { return r; } - RGWObjVersionTracker ot; - - if (objv_tracker) { - ot = *objv_tracker; - } - - if (ot.write_version.tag.empty()) { - if (ot.read_version.tag.empty()) { - ot.generate_new_write_ver(cct); - } else { - ot.write_version = ot.read_version; - ot.write_version.ver++; - } - } - librados::ObjectWriteOperation op; if (reset_obj) { @@ -14294,9 +14313,7 @@ int RGWRados::set_mfa(const string& oid, const list op.set_op_flags2(LIBRADOS_OP_FLAG_FAILOK); op.create(false); } - ot.prepare_op_for_write(&op); - struct timespec mtime_ts = real_clock::to_timespec(mtime); - op.mtime2(&mtime_ts); + prepare_mfa_write(&op, objv_tracker, mtime); rados::cls::otp::OTP::set(&op, entries); r = ref.ioctx.operate(ref.oid, &op); if (r < 0) { diff --git a/src/rgw/rgw_rados.h b/src/rgw/rgw_rados.h index 466f94d0895..de8eeb5fbf9 100644 --- a/src/rgw/rgw_rados.h +++ b/src/rgw/rgw_rados.h @@ -3716,10 +3716,18 @@ public: list& handles, bool keep_index_consistent); /* mfa/totp stuff */ + private: + void prepare_mfa_write(librados::ObjectWriteOperation *op, + RGWObjVersionTracker *objv_tracker, + const ceph::real_time& mtime); + public: + string get_mfa_oid(const rgw_user& user); int get_mfa_ref(const rgw_user& user, rgw_rados_ref *ref); int check_mfa(const rgw_user& user, const string& otp_id, const string& pin); - int create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t& config); - int remove_mfa(const rgw_user& user, const string& id); + int create_mfa(const rgw_user& user, const rados::cls::otp::otp_info_t& config, + RGWObjVersionTracker *objv_tracker, const ceph::real_time& mtime); + int remove_mfa(const rgw_user& user, const string& id, + RGWObjVersionTracker *objv_tracker, const ceph::real_time& mtime); int get_mfa(const rgw_user& user, const string& id, rados::cls::otp::otp_info_t *result); int list_mfa(const rgw_user& user, list *result);