From 80ed795adda93ad21897adc35686f554f451b3f7 Mon Sep 17 00:00:00 2001 From: anwleung Date: Tue, 20 Mar 2007 20:25:17 +0000 Subject: [PATCH] key management changes git-svn-id: https://ceph.svn.sf.net/svnroot/ceph@1268 29311d96-e01e-0410-9327-a35deaab8ce9 --- .../aleung/security1/ceph/client/Client.cc | 6 +- .../aleung/security1/ceph/crypto/CryptoLib.h | 3 +- .../aleung/security1/ceph/crypto/ExtCap.h | 6 +- .../aleung/security1/ceph/crypto/MerkleTree.h | 1 + .../aleung/security1/ceph/crypto/driver.cc | 6 +- .../aleung/security1/ceph/crypto/esig1023.dat | 1 + branches/aleung/security1/ceph/mds/CInode.cc | 45 ++++++++++++- branches/aleung/security1/ceph/mds/CInode.h | 13 ++++ branches/aleung/security1/ceph/mds/Locker.cc | 1 + branches/aleung/security1/ceph/mds/MDS.cc | 3 +- branches/aleung/security1/ceph/mds/Server.cc | 64 ++++++------------- branches/aleung/security1/ceph/mon/MonMap.h | 3 +- branches/aleung/security1/ceph/osd/OSD.cc | 3 +- 13 files changed, 98 insertions(+), 57 deletions(-) create mode 100644 branches/aleung/security1/ceph/crypto/esig1023.dat diff --git a/branches/aleung/security1/ceph/client/Client.cc b/branches/aleung/security1/ceph/client/Client.cc index 4ad458afa9bba..e58dc8f28e425 100644 --- a/branches/aleung/security1/ceph/client/Client.cc +++ b/branches/aleung/security1/ceph/client/Client.cc @@ -102,6 +102,7 @@ Client::Client(Messenger *m, MonMap *mm) // which client am i? whoami = m->get_myname().num(); monmap = mm; + monmap->prepare_mon_key(); mounted = false; unmounting = false; @@ -649,7 +650,7 @@ void Client::handle_auth_user_ack(MClientAuthUserAck *m) user_ticket[uid] = m->getTicket(); // verify the ticket - assert(user_ticket[uid]->verif_ticket(monmap->get_key())); + //assert(user_ticket[uid]->verif_ticket(monmap->get_key())); // wait up the waiter(s) // this signals all ticket waiters @@ -676,7 +677,8 @@ Ticket *Client::get_user_ticket(uid_t uid, gid_t gid) // this should be a function with some // security stuff (password) to gen key if (user_pub_key.count(uid) == 0) { - esignPriv privKey = esignPrivKey("crypto/esig1536.dat"); + //esignPriv privKey = esignPrivKey("crypto/esig1536.dat"); + esignPriv privKey = esignPrivKey("crypto/esig1023.dat"); esignPub pubKey = esignPubKey(privKey); user_priv_key[uid] = &privKey; user_pub_key[uid] = &pubKey; diff --git a/branches/aleung/security1/ceph/crypto/CryptoLib.h b/branches/aleung/security1/ceph/crypto/CryptoLib.h index 5671d1c3fe2ca..1b6a74ffbc589 100644 --- a/branches/aleung/security1/ceph/crypto/CryptoLib.h +++ b/branches/aleung/security1/ceph/crypto/CryptoLib.h @@ -45,7 +45,8 @@ namespace CryptoLib { enum {MD5DIGESTSIZE=16, SHA1DIGESTSIZE=20, SHA256DIGESTSIZE=32, SHA384DIGESTSIZE=48, SHA512DIGESTSIZE=64}; enum {RJ128KEYSIZE=16, RJBLOCKSIZE=16, RC5KEYSIZE=16, RC5BLOCKSIZE=8}; - enum {ESIGNSIGSIZE=192, ESIGNKEYSIZE=404, ESIGNPRIVSIZE=674}; + //enum {ESIGNSIGSIZE=192, ESIGNKEYSIZE=404, ESIGNPRIVSIZE=674}; + enum {ESIGNSIGSIZE=128, ESIGNKEYSIZE=274, ESIGNPRIVSIZE=454}; typedef CryptoPP::SecByteBlock SigBuf; typedef CryptoPP::FixedSizeSecBlock FixedSigBuf; diff --git a/branches/aleung/security1/ceph/crypto/ExtCap.h b/branches/aleung/security1/ceph/crypto/ExtCap.h index 9f154a5d8d67c..5974464fe66aa 100644 --- a/branches/aleung/security1/ceph/crypto/ExtCap.h +++ b/branches/aleung/security1/ceph/crypto/ExtCap.h @@ -79,7 +79,7 @@ private: utime_t t_s; // creation time utime_t t_e; // expiration time int mode; // I/O mode - __uint8_t type; // specify mds policy + int type; // specify mds policy // single user ident uid_t uid; // user id @@ -176,7 +176,7 @@ public: gid_t get_gid() const { return data.gid; } inodeno_t get_ino() const { return data.ino; } int mode() const { return data.mode; } - __int8_t get_type() const { return data.type; } + int get_type() const { return data.type; } // in case the mode needs to be changed // FYI, you should resign the cap after this @@ -189,7 +189,7 @@ public: data.id.cid = capid.cid; data.id.mds_id = capid.mds_id; } - void set_type(__int8_t new_type) { data.type = new_type;} + void set_type(int new_type) { data.type = new_type;} void set_user_hash(hash_t nhash) { data.user_group = nhash; } void set_file_hash(hash_t nhash) { data.file_group = nhash; } diff --git a/branches/aleung/security1/ceph/crypto/MerkleTree.h b/branches/aleung/security1/ceph/crypto/MerkleTree.h index 66a0de1536372..350c2f7558ab4 100644 --- a/branches/aleung/security1/ceph/crypto/MerkleTree.h +++ b/branches/aleung/security1/ceph/crypto/MerkleTree.h @@ -15,6 +15,7 @@ #include #include +#include using namespace std; #include "CryptoLib.h" diff --git a/branches/aleung/security1/ceph/crypto/driver.cc b/branches/aleung/security1/ceph/crypto/driver.cc index c473874fd482a..2eb9c503de5a5 100644 --- a/branches/aleung/security1/ceph/crypto/driver.cc +++ b/branches/aleung/security1/ceph/crypto/driver.cc @@ -73,14 +73,16 @@ int main(int argc, char* argv[]) { cout << "MD5 of " << msg << " is " << string((const char*)hexmd5,2*MD5DIGESTSIZE) << endl; // esign signature - byte* signMsg = (byte *)"Message to sign"; - char* keyInput = "esig1536.dat"; + byte* signMsg = (byte *)"Message to sign is getting bigger by the minutefdsfdfdsffdfsfsdfdsfdfdsfsdfdsfsdfdsfsdsfdssdfsdfdsfdsffds"; + //char* keyInput = "esig1536.dat"; + char* keyInput = "esig1023.dat"; esignPriv privKey = esignPrivKey(keyInput); esignPub pubKey = esignPubKey(privKey); SigBuf mySignature = esignSig(signMsg, strlen((const char*)signMsg), privKey); // testing --> remove me! byte testBuf[mySignature.size()]; memcpy((void*)testBuf,(void*)mySignature, mySignature.size()); + cout << "ESIGN signature size " << mySignature.size() << endl; //SigBuf testSecBuf = new SigBuf(testBuf, mySignature.size()); SigBuf testSecBuf(testBuf, mySignature.size()); FixedSigBuf testFixedBuf; diff --git a/branches/aleung/security1/ceph/crypto/esig1023.dat b/branches/aleung/security1/ceph/crypto/esig1023.dat new file mode 100644 index 0000000000000..4e43ad46291dc --- /dev/null +++ b/branches/aleung/security1/ceph/crypto/esig1023.dat @@ -0,0 +1 @@ +3081E00281807040653BA4FCD5C66E3318B31E82654C5A62957F68D2EE6AE10BD6678D7A14EEF8EBF0C85F28FE22056C12B2A2DD4E9C897EB2FF06D57DB03B872C049ED2806DC3E4D86F2947D134065AC642F233F95FBCB55C533274FA91FFDC0CEB9E71B8795B71A977C7956001FC19E28DE18A80B20E4AE8F775B952CEEA0DEFEAE8E93D7F020120022B1EC74E9FC5EEA090E8DDF4BDB64861C7DC3F8EC7E64286EC2FE39DA55B4763C582DB48146521BDEF0146D5022B1E559EB15755298408E4E4C6F4791BF075C7A8C9B3C7F5B7FA3E8C322BA0A160C09A9DB6BBC4974BE0F877 \ No newline at end of file diff --git a/branches/aleung/security1/ceph/mds/CInode.cc b/branches/aleung/security1/ceph/mds/CInode.cc index 98c861683e758..46b2a25c8e3bc 100644 --- a/branches/aleung/security1/ceph/mds/CInode.cc +++ b/branches/aleung/security1/ceph/mds/CInode.cc @@ -141,7 +141,7 @@ void CInode::buffer_entry() // plus i need to release the lock for anyone // waiting for me to init cout << "Buffer thread waiting on cond" << endl; - if (!batching) + while (!batching) buffer_cond.Wait(buffer_lock); cout << "Buffer thread signaled" << endl; @@ -158,7 +158,6 @@ void CInode::buffer_entry() for (set::iterator si = buffered_reqs.begin(); si != buffered_reqs.end(); si++) { - //user_set.insert((*si)->get_caller_uid()); user_set.push_back((*si)->get_caller_uid()); users_hash.add_user((*si)->get_caller_uid()); } @@ -189,6 +188,8 @@ void CInode::buffer_entry() server->handle_client_open(*ri, this); } + buffered_reqs.clear(); + //turn batching off batching = false; } @@ -197,6 +198,46 @@ void CInode::buffer_entry() cout << "<------buffer finish" << endl; } +void CInode::add_to_buffer(MClientRequest *req, Server *serve, MDS *metads) { + cout << "Buffering the request for uid:" << + req->get_caller_uid() << " on client:" << + req->get_client() << " for file:" << + inode.ino << " with client inst:" << req->get_client_inst() << endl; + + buffer_lock.Lock(); + + // wait until the thread has initialized + while (! thread_init) + buffer_cond.Wait(buffer_lock); + + // was batching thread already on? + if (batching) { + cout << "Buffering request into existing buffer" << endl; + buffered_reqs.insert(req); + } + else { + cout << "Buffering request into new buffer" << endl; + + // set external helper classes + server = serve; + mds = metads; + + batch_id.cid = mds->cap_id_count; + batch_id.mds_id = mds->get_nodeid(); + mds->cap_id_count++; + + batching = true; + batch_id_set = true; + + buffered_reqs.insert(req); + + // start the buffering now + buffer_cond.Signal(); + } + + buffer_lock.Unlock(); + return; +} // pins diff --git a/branches/aleung/security1/ceph/mds/CInode.h b/branches/aleung/security1/ceph/mds/CInode.h index 51cf225b7e7ad..91d67739c83db 100644 --- a/branches/aleung/security1/ceph/mds/CInode.h +++ b/branches/aleung/security1/ceph/mds/CInode.h @@ -205,6 +205,19 @@ class CInode : public MDSCacheObject { } } buffer_thread; + bool is_batching() { return batching; } + bool should_batch(utime_t new_request_time) { + //if (new_request_time - two_req_ago < utime_t(0, 5000) ) { + if (new_request_time > utime_t()) + return true; + return false; + } + void update_buffer_time(utime_t new_request_time) { + two_req_ago = one_req_ago; + one_req_ago = new_request_time; + } + void add_to_buffer(MClientRequest *req, Server *serve, MDS *metads); + // -- distributed state -- public: // inode metadata locks diff --git a/branches/aleung/security1/ceph/mds/Locker.cc b/branches/aleung/security1/ceph/mds/Locker.cc index f07681f99e44c..064d872dc362e 100644 --- a/branches/aleung/security1/ceph/mds/Locker.cc +++ b/branches/aleung/security1/ceph/mds/Locker.cc @@ -322,6 +322,7 @@ ExtCap* Locker::issue_new_extcaps(CInode *in, int mode, MClientRequest *req) { else { //utime_t make_time_start = g_clock.now(); ext_cap = new ExtCap(my_want, my_user, in->ino()); + ext_cap->set_type(0); //utime_t make_time_end = g_clock.now(); //cout << "Capability make time " << make_time_end - make_time_start << endl; } diff --git a/branches/aleung/security1/ceph/mds/MDS.cc b/branches/aleung/security1/ceph/mds/MDS.cc index 400a242b7a656..0f6adbe7df340 100644 --- a/branches/aleung/security1/ceph/mds/MDS.cc +++ b/branches/aleung/security1/ceph/mds/MDS.cc @@ -92,7 +92,8 @@ MDS::MDS(int whoami, Messenger *m, MonMap *mm) : timer(mds_lock) { locker = new Locker(this, mdcache); // init keys - myPrivKey = esignPrivKey("crypto/esig1536.dat"); + //myPrivKey = esignPrivKey("crypto/esig1536.dat"); + myPrivKey = esignPrivKey("crypto/esig1023.dat"); myPubKey = esignPubKey(myPrivKey); // create unix_groups from file? diff --git a/branches/aleung/security1/ceph/mds/Server.cc b/branches/aleung/security1/ceph/mds/Server.cc index 7d4583c70cbc0..3e5936cf2fe29 100644 --- a/branches/aleung/security1/ceph/mds/Server.cc +++ b/branches/aleung/security1/ceph/mds/Server.cc @@ -491,33 +491,7 @@ void Server::dispatch_request(Message *m, CInode *ref) case MDS_OP_OPEN: if (req->get_iarg() & O_CREAT) handle_client_openc(req, ref); - else {/* - if (g_conf.mds_group == 2) { - utime_t open_req_time = g_clock.now(); - // if this request is within 10ms of the last 2, flash crowd! - cout << "Buffering time check" << open_req_time - ref->two_req_ago - << endl; - if (open_req_time - ref->two_req_ago < utime_t(0, 10000)) { - cout << "Buffering the request" << endl; - ref->buffer_lock.Lock(); - ref->buffered_reqs.insert(req); - if (ref->buffer_stop) { - ref->batch_id.cid = mds->cap_id_count; - ref->batch_id.mds_id = mds->get_nodeid(); - ref->batch_id_set = true; - ref->buffer_stop = false; - } - ref->buffer_lock.Unlock(); - return; - } - else { - cout << "Not buffering the request" << endl; - ref->two_req_ago = ref->one_req_ago; - ref->one_req_ago = open_req_time; - handle_client_open(req, ref); - } - } - else*/ + else { handle_client_open(req, ref); } break; @@ -2464,22 +2438,23 @@ void Server::handle_client_openc(MClientRequest *req, CInode *diri) // exists! // FIXME: do i need to repin path based existant inode? hmm. if (g_conf.mds_group == 2) { + utime_t open_req_time = g_clock.now(); - // if this request is within 10ms of the last 2, flash crowd! - cout << "Buffering time check" << open_req_time - in->two_req_ago - << " against " << utime_t(1, 0) << endl; - //if (open_req_time - in->two_req_ago < utime_t(1, 0)) { - if (open_req_time > utime_t()) { - cout << "Buffering the request for uid:" << - req->get_caller_uid() << " on client:" << - req->get_client() << " for file:" << - in->ino() << " with client inst:" << req->get_client_inst() << endl; - in->two_req_ago = in->one_req_ago; - in->one_req_ago = open_req_time; - - cout << "HCO: Grabbing lock" << endl; + + if (in->should_batch(open_req_time)) { + + in->update_buffer_time(open_req_time); + + in->add_to_buffer(req, this, mds); + + return; + + /* + //in->two_req_ago = in->one_req_ago; + //in->one_req_ago = open_req_time; + //cout << "HCO: Grabbing lock" << endl; in->buffer_lock.Lock(); - cout << "HCO: Grabbed lock" << endl; + //cout << "HCO: Grabbed lock" << endl; // wait for thread if it hasn't init'd if (! in->thread_init) @@ -2521,12 +2496,13 @@ void Server::handle_client_openc(MClientRequest *req, CInode *diri) cout << "HCO: releasing lock" << endl; in->buffer_lock.Unlock(); cout << "HCO: released lock" << endl; - return; + */ } else { cout << "Not buffering the request" << endl; - in->two_req_ago = in->one_req_ago; - in->one_req_ago = open_req_time; + //in->two_req_ago = in->one_req_ago; + //in->one_req_ago = open_req_time; + in->update_buffer_time(open_req_time); handle_client_open(req, in); } } diff --git a/branches/aleung/security1/ceph/mon/MonMap.h b/branches/aleung/security1/ceph/mon/MonMap.h index 68bbe3f304f7b..3236169908119 100644 --- a/branches/aleung/security1/ceph/mon/MonMap.h +++ b/branches/aleung/security1/ceph/mon/MonMap.h @@ -39,7 +39,8 @@ class MonMap { //void generate_key_pair(string& private_key) { // private_key is assumed to already be allocated to right size void generate_key_pair(char *private_key) { - esignPriv tempKey = esignPrivKey("crypto/esig1536.dat"); + //esignPriv tempKey = esignPrivKey("crypto/esig1536.dat"); + esignPriv tempKey = esignPrivKey("crypto/esig1023.dat"); //private_key = privToString(tempKey); memcpy(private_key, privToString(tempKey).c_str(), ESIGNPRIVSIZE); pub_key = esignPubKey(tempKey); diff --git a/branches/aleung/security1/ceph/osd/OSD.cc b/branches/aleung/security1/ceph/osd/OSD.cc index 19fd3dcb3aec8..66d0e62ea80a7 100644 --- a/branches/aleung/security1/ceph/osd/OSD.cc +++ b/branches/aleung/security1/ceph/osd/OSD.cc @@ -116,7 +116,8 @@ OSD::OSD(int id, Messenger *m, MonMap *mm, char *dev) : timer(osd_lock) boot_epoch = 0; // create public/private keys - myPrivKey = esignPrivKey("crypto/esig1536.dat"); + //myPrivKey = esignPrivKey("crypto/esig1536.dat"); + myPrivKey = esignPrivKey("crypto/esig1023.dat"); myPubKey = esignPubKey(myPrivKey); // write these out to disk -- 2.39.5