From: Sage Weil <sage@newdream.net>
Date: Wed, 17 Feb 2010 00:37:59 +0000 (-0800)
Subject: mon: add 'auth export ]name]' to export a full or partial keyring
X-Git-Tag: v0.19~3
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f4a5f53b7c8d84d9f69b569850a069194249ce2c;p=ceph.git

mon: add 'auth export ]name]' to export a full or partial keyring
---

diff --git a/src/auth/KeyRing.h b/src/auth/KeyRing.h
index 186c8489671b..bbd250b82f6a 100644
--- a/src/auth/KeyRing.h
+++ b/src/auth/KeyRing.h
@@ -49,7 +49,7 @@ public:
   }
 
   // modifiers
-  void add(EntityName& name, EntityAuth &a) {
+  void add(const EntityName& name, EntityAuth &a) {
     keys[name] = a;
   }
   void set_caps(EntityName& name, map<string, bufferlist>& caps) {
diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 141e332524ec..cfc4448ce2d7 100644
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -17,6 +17,7 @@
 
 #include "config.h"
 
+#include "auth/KeyRing.h"
 #include "CephxProtocol.h"
 
 #include "common/Timer.h"
@@ -234,6 +235,13 @@ public:
     Mutex::Locker l(lock);
     dst = data;
   }
+  void export_keyring(KeyRing& keyring) {
+    for (map<EntityName, EntityAuth>::iterator p = data.secrets.begin();
+	 p != data.secrets.end();
+	 p++) {
+      keyring.add(p->first, p->second);
+    }
+  }
 
   bool updated_rotating(bufferlist& rotating_bl, version_t& rotating_ver);
 
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index cf5693739b0e..ea82f70c95e9 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -465,17 +465,52 @@ bool AuthMonitor::preprocess_command(MMonCommand *m)
         m->cmd[1] == "list") {
       return false;
     }
+    else if (m->cmd[1] == "export") {
+      KeyRing keyring;
+      export_keyring(keyring);
+      if (m->cmd.size() > 2) {
+	EntityName ename;
+	EntityAuth eauth;
+	if (ename.from_str(m->cmd[2])) {
+	  if (keyring.get_auth(ename, eauth)) {
+	    KeyRing kr;
+	    kr.add(ename, eauth);
+	    ::encode(kr, rdata);
+	    ss << "export " << eauth;
+	    r = 0;
+	  } else {
+	    ss << "no key for " << eauth;
+	    r = -ENOENT;
+	  }
+	} else {
+	  ss << "invalid entity_auth " << m->cmd[2];
+	  r = -EINVAL;
+	}
+      } else {
+	::encode(keyring, rdata);
+	ss << "exported master keyring";
+	r = 0;
+      }
+    } else {
+      auth_usage(ss);
+      r = -EINVAL;
+    }
+  } else {
+    auth_usage(ss);
+    r = -EINVAL;
   }
 
-  auth_usage(ss);
-  r = -EINVAL;
-
   string rs;
   getline(ss, rs, '\0');
   mon->reply_command(m, r, rs, rdata, paxos->get_version());
   return true;
 }
 
+void AuthMonitor::export_keyring(KeyRing& keyring)
+{
+  mon->key_server.export_keyring(keyring);
+}
+
 void AuthMonitor::import_keyring(KeyRing& keyring)
 {
   for (map<EntityName, EntityAuth>::iterator p = keyring.get_keys().begin();
diff --git a/src/mon/AuthMonitor.h b/src/mon/AuthMonitor.h
index b97e178faafc..d70da029ea7a 100644
--- a/src/mon/AuthMonitor.h
+++ b/src/mon/AuthMonitor.h
@@ -79,6 +79,7 @@ private:
   uint64_t max_global_id;
   uint64_t last_allocated_id;
 
+  void export_keyring(KeyRing& keyring);
   void import_keyring(KeyRing& keyring);
 
   void push_cephx_inc(KeyServerData::Incremental& auth_inc) {