From 61a7f7bcdb11aa62d7f753b6aeea1f1bee5e1c04 Mon Sep 17 00:00:00 2001 From: anwleung Date: Wed, 7 Feb 2007 02:07:35 +0000 Subject: [PATCH] client key distro is close to done git-svn-id: https://ceph.svn.sf.net/svnroot/ceph@1081 29311d96-e01e-0410-9327-a35deaab8ce9 --- .../aleung/security1/ceph/client/Client.cc | 25 ++++++- .../aleung/security1/ceph/client/Client.h | 7 +- .../aleung/security1/ceph/crypto/Ticket.h | 10 +-- .../ceph/messages/MClientAuthUserAck.h | 11 +-- .../security1/ceph/mon/ClientMonitor.cc | 74 +++++++++---------- .../aleung/security1/ceph/mon/ClientMonitor.h | 3 + 6 files changed, 67 insertions(+), 63 deletions(-) diff --git a/branches/aleung/security1/ceph/client/Client.cc b/branches/aleung/security1/ceph/client/Client.cc index b017daeee0504..baf2dad0216cd 100644 --- a/branches/aleung/security1/ceph/client/Client.cc +++ b/branches/aleung/security1/ceph/client/Client.cc @@ -641,9 +641,11 @@ void Client::handle_auth_user_ack(MClientAuthUserAck *m) // put the ticket in the ticket map // ** - user_ticket[uid] = m->get_ticket(); + cout << "Got ticket for uid: " << uid << endl; + user_ticket[uid] = m->getTicket(); // wait up the waiter(s) + // this signals all ticket waiters cout << "Entering for loop" << endl; for (list::iterator p = ticket_waiter_cond[uid].begin(); p != ticket_waiter_cond[uid].end(); @@ -659,12 +661,25 @@ void Client::handle_auth_user_ack(MClientAuthUserAck *m) Ticket *Client::get_user_ticket(uid_t uid, gid_t gid) { + cout << "Requesting ticket for uid: " << uid << ", gid: " << gid << endl; // do we already have it? if (user_ticket.count(uid) == 0) { Cond cond; string username; // i don't know! - string key; // ... + string key; // get from cache or make it now + + // no key, make one now + // this should be a function with some + // security stuff (password) to gen key + if (user_pub_key.count(uid) == 0) { + esignPriv privKey = esignPrivKey("crypto/esig1536.dat"); + esignPub pubKey = esignPubKey(privKey); + user_priv_key[uid] = &privKey; + user_pub_key[uid] = &pubKey; + } + key = pubToString(*(user_pub_key[uid])); + // if no one has already requested the ticket if (ticket_waiter_cond.count(uid) == 0) { // request from monitor int mon = monmap->pick_mon(); @@ -683,8 +698,10 @@ Ticket *Client::get_user_ticket(uid_t uid, gid_t gid) cout << "Waiting for a Wait" << endl; // naively assume we'll get a ticket FIXME - while (user_ticket.count(uid) == 0) + while (user_ticket.count(uid) == 0) { + cout << "user_ticket.count(uid) = " << user_ticket.count(uid) << endl; cond.Wait(client_lock); + } cout << "Did I break the loop?" << endl; } @@ -2202,7 +2219,7 @@ int Client::open(const char *relpath, int flags, __int64_t uid, __int64_t gid) client_lock.Lock(); Ticket *tk = get_user_ticket(getuid(), getgid()); - cout << "Returned from ticket call" << endl; + if (!tk) { client_lock.Unlock(); return -EPERM; diff --git a/branches/aleung/security1/ceph/client/Client.h b/branches/aleung/security1/ceph/client/Client.h index 350e7e420c43c..35ca1ccb2016e 100644 --- a/branches/aleung/security1/ceph/client/Client.h +++ b/branches/aleung/security1/ceph/client/Client.h @@ -496,9 +496,11 @@ protected: map user_ticket; map user_ticket_ref; map > ticket_waiter_cond; + map user_pub_key; + map user_priv_key; - // user map? - //map + // user map + //map user_identity; Ticket *get_user_ticket(uid_t uid, gid_t gid); void put_user_ticket(Ticket *tk); @@ -519,7 +521,6 @@ protected: // messaging void dispatch(Message *m); - void handle_mount_ack(class MClientMountAck*); void handle_unmount_ack(Message*); void handle_mds_map(class MMDSMap *m); diff --git a/branches/aleung/security1/ceph/crypto/Ticket.h b/branches/aleung/security1/ceph/crypto/Ticket.h index ba82fae2db6bd..c871756c13d49 100644 --- a/branches/aleung/security1/ceph/crypto/Ticket.h +++ b/branches/aleung/security1/ceph/crypto/Ticket.h @@ -84,7 +84,6 @@ public: } void sign_ticket(esignPriv privKey) { - cout << "Trying to SIGN ticket" << endl << endl; byte ticketArray[sizeof(identity)]; memcpy(ticketArray, &identity, sizeof(identity)); signature = esignSig(ticketArray, sizeof(identity), privKey); @@ -92,7 +91,6 @@ public: } bool verif_ticket (esignPub pubKey) { - cout << "Verifying ticket" << endl << endl; byte ticketArray[sizeof(identity)]; memcpy(ticketArray, &identity, sizeof(identity)); signature.Assign(allocSig, allocSig.size()); @@ -101,11 +99,10 @@ public: void decode(bufferlist& blist, int& off) { - cout << "About to decode BL ticket" << endl; - //int off = 0; blist.copy(off, sizeof(identity.uid), (char*)&(identity.uid)); off += sizeof(identity.uid); + cout << "Decoded uid: " << identity.uid << endl; blist.copy(off, sizeof(identity.gid), (char*)&(identity.gid)); off += sizeof(identity.gid); blist.copy(off, sizeof(identity.t_s), (char*)&(identity.t_s)); @@ -121,18 +118,15 @@ public: _decode(identity.username, blist, off); _decode(identity.pubKey, blist, off); - cout << "Decoded BL ticket OK" << endl; - } void encode(bufferlist& blist) { - cout << "About to encode ticket" << endl; + blist.append((char*)&(identity.uid), sizeof(identity.uid)); blist.append((char*)&(identity.gid), sizeof(identity.gid)); blist.append((char*)&(identity.t_s), sizeof(identity.t_s)); blist.append((char*)&(identity.t_e), sizeof(identity.t_e)); blist.append((char*)&allocSig, sizeof(allocSig)); //blist.append((char*)&identity, sizeof(identity)); - cout << "Encoded ticket OK" << endl; _encode(identity.iv, blist); _encode(identity.username, blist); diff --git a/branches/aleung/security1/ceph/messages/MClientAuthUserAck.h b/branches/aleung/security1/ceph/messages/MClientAuthUserAck.h index 7366e258c07a2..f291eb251bc5e 100644 --- a/branches/aleung/security1/ceph/messages/MClientAuthUserAck.h +++ b/branches/aleung/security1/ceph/messages/MClientAuthUserAck.h @@ -19,36 +19,29 @@ #include "crypto/Ticket.h" class MClientAuthUserAck : public Message { - //bufferlist ticketBL; Ticket myTicket; + public: MClientAuthUserAck() : Message(MSG_CLIENT_AUTH_USER_ACK) { } MClientAuthUserAck(Ticket *ticket) : Message(MSG_CLIENT_AUTH_USER_ACK) { - //ticket->encode(ticketBL); myTicket = (*ticket); } char *get_type_name() { return "client_auth_user_ack"; } - uid_t get_uid() { return 0; } // fixme + uid_t get_uid() { return myTicket.get_uid(); } // fixme Ticket *getTicket() { return &myTicket; } void decode_payload() { - cout << "Trying decode payload ACK" << endl; int off = 0; - //::_decode(myTicket, payload, off); myTicket.decode(payload, off); - cout << "ACK Decoded OK" << endl; } void encode_payload() { - cout << "Trying encode payload ACK" << endl; - //::_encode(myTicket, payload); myTicket.encode(payload); - cout << "ACK Encoded OK" << endl; } }; diff --git a/branches/aleung/security1/ceph/mon/ClientMonitor.cc b/branches/aleung/security1/ceph/mon/ClientMonitor.cc index 9ad411e18e46d..498e30941dbe4 100644 --- a/branches/aleung/security1/ceph/mon/ClientMonitor.cc +++ b/branches/aleung/security1/ceph/mon/ClientMonitor.cc @@ -24,8 +24,6 @@ #include "common/Timer.h" -#include "crypto/Ticket.h" - #include "config.h" #undef dout #define dout(l) if (l<=g_conf.debug || l<=g_conf.debug_mon) cout << g_clock.now() << " mon" << mon->whoami << (mon->is_starting() ? (const char*)"(starting)":(mon->is_leader() ? (const char*)"(leader)":(mon->is_peon() ? (const char*)"(peon)":(const char*)"(?\?)"))) << ".client " @@ -81,52 +79,50 @@ void ClientMonitor::handle_client_auth_user(MClientAuthUser *m) dout(7) << "client_auth_user from " << m->get_source() << " at " << m->get_source_inst() << endl; assert(m->get_source().is_client()); //int from = m->get_source().num(); + + Ticket *userTicket; // grab information uid_t uid = m->get_uid(); - gid_t gid = m->get_gid(); - // ticket time = 60 minutes (too long, only for debug) - utime_t t_s = g_clock.now(); - utime_t t_e = t_s; - t_e += 3600; - string name = "unknown"; - string key = m->get_str_key(); - - - // create iv - char iv[RJBLOCKSIZE]; - memset(iv, 0x01, RJBLOCKSIZE); // worthless right now - string k_0 = iv; - - // create a ticket - Ticket userTicket(uid, gid, t_s, t_e, k_0, name, key); - - // sign the ticket - userTicket.sign_ticket(mon->myPrivKey); - cout << "SIGNED THE TICKET SUCCESFULY?" << endl << endl; - - // test the verification - if (userTicket.verif_ticket(mon->myPubKey)) - cout << "Verification succeeded" << endl; + // do we have a ticket already? + // user should be able to make new ticket eventually + if (user_tickets.count(uid) == 0) { + gid_t gid = m->get_gid(); + // ticket time = 60 minutes (too long? too short?) + utime_t t_s = g_clock.now(); + utime_t t_e = t_s; + t_e += 3600; + string name = "unknown"; + string key = m->get_str_key(); + + // create iv + char iv[RJBLOCKSIZE]; + memset(iv, 0x01, RJBLOCKSIZE); // worthless right now + string k_0 = iv; + + // create a ticket + userTicket = new Ticket(uid, gid, t_s, t_e, k_0, name, key); + + // sign the ticket + userTicket->sign_ticket(mon->myPrivKey); + + // test the verification + //if (userTicket.verif_ticket(mon->myPubKey)) + // cout << "Verification succeeded" << endl; + //else + // cout << "Verification failed" << endl; + + // cache the ticket + user_tickets[uid] = userTicket; + } else - cout << "Verification failed" << endl; - - // cache the ticket? - + userTicket = user_tickets[uid]; // reply to auth_user - cout << "send_ticket to " << m->get_source() << - " inst " << m->get_source_inst() << endl; - messenger->send_message(new MClientAuthUserAck(&userTicket), + messenger->send_message(new MClientAuthUserAck(userTicket), m->get_source(), m->get_source_inst()); - cout << "ACK Ticket sent to " << m->get_source() << endl; } -void ClientMonitor::send_ticket(msg_addr_t dest, const entity_inst_t& inst) { - cout << "send_ticket to " << dest << " inst " << inst << endl; - //messenger->send_message(new MClientAuthUserAck(&userTicket), dest, inst); -} - /* void ClientMonitor::handle_mds_shutdown(Message *m) { diff --git a/branches/aleung/security1/ceph/mon/ClientMonitor.h b/branches/aleung/security1/ceph/mon/ClientMonitor.h index f905b6878aa95..2900e23e5115a 100644 --- a/branches/aleung/security1/ceph/mon/ClientMonitor.h +++ b/branches/aleung/security1/ceph/mon/ClientMonitor.h @@ -26,6 +26,8 @@ using namespace std; #include "crypto/CryptoLib.h" using namespace CryptoLib; +#include "crypto/Ticket.h" + class Monitor; class ClientMonitor : public Dispatcher { @@ -36,6 +38,7 @@ class ClientMonitor : public Dispatcher { private: int num_clients; map client_map; + map user_tickets; void bcast_latest_mds(); -- 2.39.5