From d1cb0f52e3a8ed03d7529fa8f32234f4814071a0 Mon Sep 17 00:00:00 2001 From: anwleung Date: Tue, 6 Feb 2007 23:48:46 +0000 Subject: [PATCH] Passing of keys is working...but not finished git-svn-id: https://ceph.svn.sf.net/svnroot/ceph@1080 29311d96-e01e-0410-9327-a35deaab8ce9 --- .../aleung/security1/ceph/client/Client.cc | 111 ++++++++++----- .../aleung/security1/ceph/client/Client.h | 100 ++++++++----- branches/aleung/security1/ceph/client/fuse.cc | 4 + .../aleung/security1/ceph/crypto/Ticket.h | 132 +++++++++++------- .../ceph/messages/MClientAuthUserAck.h | 24 +++- .../security1/ceph/mon/ClientMonitor.cc | 58 ++++++++ .../aleung/security1/ceph/mon/ClientMonitor.h | 4 + branches/aleung/security1/ceph/mon/Monitor.h | 14 +- 8 files changed, 315 insertions(+), 132 deletions(-) diff --git a/branches/aleung/security1/ceph/client/Client.cc b/branches/aleung/security1/ceph/client/Client.cc index 9a8374b41ecbb..b017daeee0504 100644 --- a/branches/aleung/security1/ceph/client/Client.cc +++ b/branches/aleung/security1/ceph/client/Client.cc @@ -217,7 +217,7 @@ void Client::dump_cache() } - +// should send boot message? void Client::init() { } @@ -635,18 +635,26 @@ void Client::handle_client_reply(MClientReply *reply) void Client::handle_auth_user_ack(MClientAuthUserAck *m) { + cout << "Handling auth user ack" << endl; uid_t uid = m->get_uid(); dout(10) << "handle_auth_user_ack for " << uid << endl; // put the ticket in the ticket map // ** + user_ticket[uid] = m->get_ticket(); // wait up the waiter(s) + cout << "Entering for loop" << endl; for (list::iterator p = ticket_waiter_cond[uid].begin(); p != ticket_waiter_cond[uid].end(); - ++p) + ++p) { + cout << "In the for loop" << endl; (*p)->Signal(); + cout << "Signal waiter" << endl; + } + cout << "Out of the for loop" << endl; ticket_waiter_cond.erase(uid); + cout << "Leaving the auth user ack handler" << endl; } Ticket *Client::get_user_ticket(uid_t uid, gid_t gid) @@ -669,14 +677,18 @@ Ticket *Client::get_user_ticket(uid_t uid, gid_t gid) dout(10) << "get_user_ticket waiting for ticket for uid " << uid << endl; } + cout << "Ready to wait for reply" << endl; // wait for reply ticket_waiter_cond[uid].push_back( &cond ); + cout << "Waiting for a Wait" << endl; // naively assume we'll get a ticket FIXME while (user_ticket.count(uid) == 0) cond.Wait(client_lock); + + cout << "Did I break the loop?" << endl; } - + cout << "About to leave sending request function" << endl; // inc ref count user_ticket_ref[uid]++; return user_ticket[uid]; @@ -1210,15 +1222,22 @@ void Client::handle_unmount_ack(Message* m) // namespace ops -int Client::link(const char *existing, const char *newname) +int Client::link(const char *existing, const char *newname, + __int64_t uid, __int64_t gid) { client_lock.Lock(); dout(3) << "op: client->link(\"" << existing << "\", \"" << newname << "\");" << endl; tout << "link" << endl; tout << existing << endl; tout << newname << endl; - + Ticket *tk = get_user_ticket(getuid(), getgid()); + //Ticket *tk; + //if (uid == -1 || gid == -1) + // tk = get_user_ticket(getuid(), getgid()); + //else + // tk = get_user_ticket(uid, gid); + if (!tk) { client_lock.Unlock(); return -EPERM; @@ -1251,11 +1270,12 @@ int Client::link(const char *existing, const char *newname) } -int Client::unlink(const char *relpath) +int Client::unlink(const char *relpath, __int64_t uid, __int64_t gid) { client_lock.Lock(); Ticket *tk = get_user_ticket(getuid(), getgid()); + if (!tk) { client_lock.Unlock(); return -EPERM; @@ -1300,7 +1320,8 @@ int Client::unlink(const char *relpath) return res; } -int Client::rename(const char *relfrom, const char *relto) +int Client::rename(const char *relfrom, const char *relto, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1347,7 +1368,7 @@ int Client::rename(const char *relfrom, const char *relto) // dirs -int Client::mkdir(const char *relpath, mode_t mode) +int Client::mkdir(const char *relpath, mode_t mode, __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1389,7 +1410,7 @@ int Client::mkdir(const char *relpath, mode_t mode) return res; } -int Client::rmdir(const char *relpath) +int Client::rmdir(const char *relpath, __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1441,7 +1462,8 @@ int Client::rmdir(const char *relpath) // symlinks -int Client::symlink(const char *reltarget, const char *rellink) +int Client::symlink(const char *reltarget, const char *rellink, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1486,7 +1508,8 @@ int Client::symlink(const char *reltarget, const char *rellink) return res; } -int Client::readlink(const char *relpath, char *buf, off_t size) +int Client::readlink(const char *relpath, char *buf, off_t size, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1531,7 +1554,8 @@ int Client::readlink(const char *relpath, char *buf, off_t size) // inode stuff -int Client::_lstat(const char *path, int mask, Inode **in) +int Client::_lstat(const char *path, int mask, Inode **in, + __int64_t uid, __int64_t gid) { MClientRequest *req = 0; filepath fpath(path); @@ -1630,7 +1654,8 @@ void Client::fill_statlite(inode_t& inode, struct statlite *st) } -int Client::lstat(const char *relpath, struct stat *stbuf) +int Client::lstat(const char *relpath, struct stat *stbuf, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1664,7 +1689,8 @@ int Client::lstat(const char *relpath, struct stat *stbuf) } -int Client::lstatlite(const char *relpath, struct statlite *stl) +int Client::lstatlite(const char *relpath, struct statlite *stl, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1705,7 +1731,8 @@ int Client::lstatlite(const char *relpath, struct statlite *stl) -int Client::chmod(const char *relpath, mode_t mode) +int Client::chmod(const char *relpath, mode_t mode, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1745,7 +1772,9 @@ int Client::chmod(const char *relpath, mode_t mode) return res; } -int Client::chown(const char *relpath, uid_t uid, gid_t gid) +//int Client::chown(const char *relpath, uid_t uid, gid_t gid, +// __int64_t uid, __int64_t gid) +int Client::chown(const char *relpath, __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1789,7 +1818,8 @@ int Client::chown(const char *relpath, uid_t uid, gid_t gid) return res; } -int Client::utime(const char *relpath, struct utimbuf *buf) +int Client::utime(const char *relpath, struct utimbuf *buf, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1837,7 +1867,8 @@ int Client::utime(const char *relpath, struct utimbuf *buf) -int Client::mknod(const char *relpath, mode_t mode) +int Client::mknod(const char *relpath, mode_t mode, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -1977,7 +2008,7 @@ int Client::getdir(const char *relpath, map& contents) /** POSIX stubs **/ -DIR *Client::opendir(const char *name) +DIR *Client::opendir(const char *name, __int64_t uid, __int64_t gid) { DirResult *d = new DirResult; d->size = getdir(name, d->contents); @@ -1986,7 +2017,7 @@ DIR *Client::opendir(const char *name) return (DIR*)d; } -int Client::closedir(DIR *dir) +int Client::closedir(DIR *dir, __int64_t uid, __int64_t gid) { DirResult *d = (DirResult*)dir; delete d; @@ -2001,7 +2032,7 @@ int Client::closedir(DIR *dir) // char d_name[256]; /* filename */ //}; -struct dirent *Client::readdir(DIR *dirp) +struct dirent *Client::readdir(DIR *dirp, __int64_t uid, __int64_t gid) { DirResult *d = (DirResult*)dirp; @@ -2036,20 +2067,20 @@ struct dirent *Client::readdir(DIR *dirp) return &d->dp.d_dirent; } -void Client::rewinddir(DIR *dirp) +void Client::rewinddir(DIR *dirp, __int64_t uid, __int64_t gid) { DirResult *d = (DirResult*)dirp; d->p = d->contents.begin(); d->off = 0; } -off_t Client::telldir(DIR *dirp) +off_t Client::telldir(DIR *dirp, __int64_t uid, __int64_t gid) { DirResult *d = (DirResult*)dirp; return d->off; } -void Client::seekdir(DIR *dirp, off_t offset) +void Client::seekdir(DIR *dirp, off_t offset, __int64_t uid, __int64_t gid) { DirResult *d = (DirResult*)dirp; @@ -2064,7 +2095,8 @@ void Client::seekdir(DIR *dirp, off_t offset) } } -struct dirent_plus *Client::readdirplus(DIR *dirp) +struct dirent_plus *Client::readdirplus(DIR *dirp, + __int64_t uid, __int64_t gid) { DirResult *d = (DirResult*)dirp; @@ -2165,11 +2197,12 @@ struct dirent_lite *Client::readdirlite(DIR *dirp) /****** file i/o **********/ -int Client::open(const char *relpath, int flags) +int Client::open(const char *relpath, int flags, __int64_t uid, __int64_t gid) { client_lock.Lock(); Ticket *tk = get_user_ticket(getuid(), getgid()); + cout << "Returned from ticket call" << endl; if (!tk) { client_lock.Unlock(); return -EPERM; @@ -2315,7 +2348,7 @@ void Client::close_safe(Inode *in) mount_cond.Signal(); } -int Client::close(fh_t fh) +int Client::close(fh_t fh, __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -2396,7 +2429,8 @@ int Client::close(fh_t fh) // blocking osd interface -int Client::read(fh_t fh, char *buf, off_t size, off_t offset) +int Client::read(fh_t fh, char *buf, off_t size, off_t offset, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -2525,7 +2559,8 @@ void Client::hack_sync_write_safe() client_lock.Unlock(); } -int Client::write(fh_t fh, const char *buf, off_t size, off_t offset) +int Client::write(fh_t fh, const char *buf, off_t size, off_t offset, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -2651,7 +2686,7 @@ int Client::write(fh_t fh, const char *buf, off_t size, off_t offset) } -int Client::truncate(const char *file, off_t size) +int Client::truncate(const char *file, off_t size, __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -2688,7 +2723,7 @@ int Client::truncate(const char *file, off_t size) } -int Client::fsync(fh_t fh, bool syncdataonly) +int Client::fsync(fh_t fh, bool syncdataonly, __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -2733,7 +2768,7 @@ int Client::fsync(fh_t fh, bool syncdataonly) // not written yet, but i want to link! -int Client::chdir(const char *path) +int Client::chdir(const char *path, __int64_t uid, __int64_t gid) { // fake it for now! string abs; @@ -2744,7 +2779,8 @@ int Client::chdir(const char *path) } #ifdef DARWIN -int Client::statfs(const char *path, struct statvfs *stbuf) +int Client::statfs(const char *path, struct statvfs *stbuf, + __int64_t uid, __int64_t gid) { bzero (stbuf, sizeof (struct statvfs)); // FIXME @@ -2761,7 +2797,8 @@ int Client::statfs(const char *path, struct statvfs *stbuf) return 0; } #else -int Client::statfs(const char *path, struct statfs *stbuf) +int Client::statfs(const char *path, struct statfs *stbuf, + __int64_t uid, __int64_t gid) { assert(0); // implement me return 0; @@ -2769,7 +2806,8 @@ int Client::statfs(const char *path, struct statfs *stbuf) #endif -int Client::lazyio_propogate(int fd, off_t offset, size_t count) +int Client::lazyio_propogate(int fd, off_t offset, size_t count, + __int64_t uid, __int64_t gid) { client_lock.Lock(); @@ -2813,7 +2851,8 @@ int Client::lazyio_propogate(int fd, off_t offset, size_t count) return 0; } -int Client::lazyio_synchronize(int fd, off_t offset, size_t count) +int Client::lazyio_synchronize(int fd, off_t offset, size_t count, + __int64_t uid, __int64_t gid) { client_lock.Lock(); diff --git a/branches/aleung/security1/ceph/client/Client.h b/branches/aleung/security1/ceph/client/Client.h index 1c2210a6f04c4..350e7e420c43c 100644 --- a/branches/aleung/security1/ceph/client/Client.h +++ b/branches/aleung/security1/ceph/client/Client.h @@ -50,6 +50,9 @@ using namespace CryptoLib; #include using namespace std; +#include +#include + #include using namespace __gnu_cxx; @@ -494,6 +497,9 @@ protected: map user_ticket_ref; map > ticket_waiter_cond; + // user map? + //map + Ticket *get_user_ticket(uid_t uid, gid_t gid); void put_user_ticket(Ticket *tk); @@ -542,69 +548,95 @@ protected: // these shoud (more or less) mirror the actual system calls. #ifdef DARWIN - int statfs(const char *path, struct statvfs *stbuf); + int statfs(const char *path, struct statvfs *stbuf, + __int64_t uid, __int64_t gid); #else - int statfs(const char *path, struct statfs *stbuf); + int statfs(const char *path, struct statfs *stbuf, + __int64_t uid, __int64_t gid); #endif // crap - int chdir(const char *s); + int chdir(const char *s, __int64_t uid, __int64_t gid); // namespace ops int getdir(const char *path, list& contents); int getdir(const char *path, map& contents); - DIR *opendir(const char *name); - int closedir(DIR *dir); - struct dirent *readdir(DIR *dir); - void rewinddir(DIR *dir); - off_t telldir(DIR *dir); - void seekdir(DIR *dir, off_t offset); + DIR *opendir(const char *name, __int64_t uid = -1, __int64_t gid = -1); + int closedir(DIR *dir, __int64_t uid = -1, __int64_t gid = -1); + struct dirent *readdir(DIR *dir, __int64_t uid = -1, __int64_t gid = -1); + void rewinddir(DIR *dir, __int64_t uid = -1, __int64_t gid = -1); + off_t telldir(DIR *dir, __int64_t uid = -1, __int64_t gid = -1); + void seekdir(DIR *dir, off_t offset, + __int64_t uid = -1, __int64_t gid = -1); - struct dirent_plus *readdirplus(DIR *dirp); + struct dirent_plus *readdirplus(DIR *dirp, + __int64_t uid = -1, __int64_t gid = -1); int readdirplus_r(DIR *dirp, struct dirent_plus *entry, struct dirent_plus **result); - struct dirent_lite *readdirlite(DIR *dirp); + struct dirent_lite *readdirlite(DIR *dirp, __int64_t uid, __int64_t gid); int readdirlite_r(DIR *dirp, struct dirent_lite *entry, struct dirent_lite **result); - int link(const char *existing, const char *newname); - int unlink(const char *path); - int rename(const char *from, const char *to); + int link(const char *existing, const char *newname, + __int64_t uid = -1, __int64_t gid = -1); + int unlink(const char *path, __int64_t uid = -1, __int64_t gid = -1); + int rename(const char *from, const char *to, + __int64_t uid = -1, __int64_t gid = -1); // dirs - int mkdir(const char *path, mode_t mode); - int rmdir(const char *path); + int mkdir(const char *path, mode_t mode, + __int64_t uid = -1, __int64_t gid = -1); + int rmdir(const char *path, __int64_t uid = -1, __int64_t gid = -1); // symlinks - int readlink(const char *path, char *buf, off_t size); - int symlink(const char *existing, const char *newname); + int readlink(const char *path, char *buf, off_t size, + __int64_t uid = -1, __int64_t gid = -1); + int symlink(const char *existing, const char *newname, + __int64_t uid = -1, __int64_t gid = -1); // inode stuff - int _lstat(const char *path, int mask, Inode **in); - int lstat(const char *path, struct stat *stbuf); - int lstatlite(const char *path, struct statlite *buf); - - int chmod(const char *path, mode_t mode); - int chown(const char *path, uid_t uid, gid_t gid); - int utime(const char *path, struct utimbuf *buf); + int _lstat(const char *path, int mask, Inode **in, + __int64_t uid = -1, __int64_t gid = -1); + int lstat(const char *path, struct stat *stbuf, + __int64_t uid = -1, __int64_t gid = -1); + int lstatlite(const char *path, struct statlite *buf, + __int64_t uid = -1, __int64_t gid = -1); + + int chmod(const char *path, mode_t mode, + __int64_t uid = -1, __int64_t gid = -1); + //int chown(const char *path, uid_t uid, gid_t gid, + // __int64_t uid = -1, __int64_t gid = -1); + int chown(const char *path, __int64_t uid, __int64_t gid); + int utime(const char *path, struct utimbuf *buf, + __int64_t uid = -1, __int64_t gid = -1); // file ops - int mknod(const char *path, mode_t mode); - int open(const char *path, int mode); - int close(fh_t fh); - int read(fh_t fh, char *buf, off_t size, off_t offset=-1); - int write(fh_t fh, const char *buf, off_t size, off_t offset=-1); - int truncate(const char *file, off_t size); + int mknod(const char *path, mode_t mode, + __int64_t uid = -1, __int64_t gid = -1); + int open(const char *path, int mode, + __int64_t uid = -1, __int64_t gid = -1); + int close(fh_t fh, + __int64_t uid = -1, __int64_t gid = -1); + int read(fh_t fh, char *buf, off_t size, off_t offset=-1, + __int64_t uid = -1, __int64_t gid = -1); + int write(fh_t fh, const char *buf, off_t size, off_t offset=-1, + __int64_t uid = -1, __int64_t gid = -1); + int truncate(const char *file, off_t size, + __int64_t uid = -1, __int64_t gid = -1); //int truncate(fh_t fh, long long size); - int fsync(fh_t fh, bool syncdataonly); + int fsync(fh_t fh, bool syncdataonly, + __int64_t uid = -1, __int64_t gid = -1); // hpc lazyio - int lazyio_propogate(int fd, off_t offset, size_t count); - int lazyio_synchronize(int fd, off_t offset, size_t count); + int lazyio_propogate(int fd, off_t offset, size_t count, + __int64_t uid = -1, __int64_t gid = -1); + int lazyio_synchronize(int fd, off_t offset, size_t count, + __int64_t uid = -1, __int64_t gid = -1); int describe_layout(char *fn, list& result); void ms_handle_failure(Message*, msg_addr_t dest, const entity_inst_t& inst); + }; #endif diff --git a/branches/aleung/security1/ceph/client/fuse.cc b/branches/aleung/security1/ceph/client/fuse.cc index 94d15f9f79179..8e92962a17862 100644 --- a/branches/aleung/security1/ceph/client/fuse.cc +++ b/branches/aleung/security1/ceph/client/fuse.cc @@ -63,6 +63,10 @@ Client *client; // the ceph client // ------ // fuse hooks +// checks fuse context or else returns the real getuid +//static int ceph_getuid() { +//} + static int ceph_getattr(const char *path, struct stat *stbuf) { return client->lstat(path, stbuf); diff --git a/branches/aleung/security1/ceph/crypto/Ticket.h b/branches/aleung/security1/ceph/crypto/Ticket.h index c117774eb9105..ba82fae2db6bd 100644 --- a/branches/aleung/security1/ceph/crypto/Ticket.h +++ b/branches/aleung/security1/ceph/crypto/Ticket.h @@ -19,15 +19,18 @@ using namespace CryptoLib; class Ticket { private: // identification - uid_t uid; - gid_t gid; - epoch_t t_s; - epoch_t t_e; - // shared key IV - // needs to be converted back to a byte arry to be used - string iv; - string username; - string pubKey; + struct ident_t { + uid_t uid; + gid_t gid; + utime_t t_s; + utime_t t_e; + // shared key IV + // needs to be converted back to a byte arry to be used + string iv; + string username; + string pubKey; + }; + ident_t identity; esignPub realKey; FixedSigBuf allocSig; SigBuf signature; @@ -39,35 +42,35 @@ public: friend class MDS; public: - // constructor when a fixed buffer is passed - Ticket(uid_t u, gid_t g, string user, epoch_t s, - epoch_t e, string initVec, string key, - FixedSigBuf sig) : uid(u), gid(g), username(user), - t_s(s), t_e(e), iv(initVec), - pubKey(key), allocSig(sig), - keyConverted(false) {} - // constructor when a non-fixed buffer is passed - Ticket(uid_t u, gid_t g, string user, epoch_t s, - epoch_t e, string initVec, string key, - SigBuf sig) : uid(u), gid(g), username(user), - t_s(s), t_e(e), iv(initVec), - pubKey(key), keyConverted(false) { - allocSig.Assign(sig, sig.size()); + Ticket () : keyConverted(false), sigConverted(false) { } + Ticket(uid_t u, gid_t g, utime_t s, utime_t e, + string initVec, string user, string key) { + identity.uid = u; + identity.gid = g; + identity.t_s = s; + identity.t_e = e; + identity.iv = initVec; + identity.username = user, + identity.pubKey = key; + keyConverted = false; + sigConverted = false; } - epoch_t get_ts() const { return t_s; } - epoch_t get_te() const { return t_e; } + ~Ticket() { } + + utime_t get_ts() const { return identity.t_s; } + utime_t get_te() const { return identity.t_e; } - uid_t get_uid() const { return uid; } - uid_t get_gid() const { return gid; } + uid_t get_uid() const { return identity.uid; } + uid_t get_gid() const { return identity.gid; } - const string& get_iv() { return iv; } + const string& get_iv() { return identity.iv; } - const string& get_str_key() { return pubKey; } + const string& get_str_key() { return identity.pubKey; } esignPub get_key() { if (keyConverted) return realKey; - realKey = _fromStr_esignPubKey(pubKey); + realKey = _fromStr_esignPubKey(identity.pubKey); keyConverted = true; return realKey; } @@ -79,39 +82,62 @@ public: sigConverted = true; return signature; } + + void sign_ticket(esignPriv privKey) { + cout << "Trying to SIGN ticket" << endl << endl; + byte ticketArray[sizeof(identity)]; + memcpy(ticketArray, &identity, sizeof(identity)); + signature = esignSig(ticketArray, sizeof(identity), privKey); + allocSig.Assign(signature,signature.size()); + } + + bool verif_ticket (esignPub pubKey) { + cout << "Verifying ticket" << endl << endl; + byte ticketArray[sizeof(identity)]; + memcpy(ticketArray, &identity, sizeof(identity)); + signature.Assign(allocSig, allocSig.size()); + return esignVer(ticketArray, sizeof(identity), signature, pubKey); + } - void decode(bufferlist& blist) { - int off = 0; - blist.copy(off, sizeof(uid), (char*)&uid); - off += sizeof(uid); - blist.copy(off, sizeof(gid), (char*)&gid); - off += sizeof(gid); - blist.copy(off, sizeof(t_s), (char*)&t_s); - off += sizeof(t_s); - blist.copy(off, sizeof(t_e), (char*)&t_e); - off += sizeof(t_e); + void decode(bufferlist& blist, int& off) { + cout << "About to decode BL ticket" << endl; + + //int off = 0; + blist.copy(off, sizeof(identity.uid), (char*)&(identity.uid)); + off += sizeof(identity.uid); + blist.copy(off, sizeof(identity.gid), (char*)&(identity.gid)); + off += sizeof(identity.gid); + blist.copy(off, sizeof(identity.t_s), (char*)&(identity.t_s)); + off += sizeof(identity.t_s); + blist.copy(off, sizeof(identity.t_e), (char*)&(identity.t_e)); + off += sizeof(identity.t_e); blist.copy(off, sizeof(allocSig), (char*)&allocSig); off += sizeof(allocSig); + //blist.copy(off, sizeof(identity), (char*)&identity); + //off += sizeof(identity); - _decode(iv, blist, off); - _decode(username, blist, off); - _decode(pubKey, blist, off); + _decode(identity.iv, blist, off); + _decode(identity.username, blist, off); + _decode(identity.pubKey, blist, off); + + cout << "Decoded BL ticket OK" << endl; + } void encode(bufferlist& blist) { - blist.append((char*)&uid, sizeof(uid)); - blist.append((char*)&gid, sizeof(gid)); - blist.append((char*)&t_s, sizeof(t_s)); - blist.append((char*)&t_e, sizeof(t_e)); + cout << "About to encode ticket" << endl; + blist.append((char*)&(identity.uid), sizeof(identity.uid)); + blist.append((char*)&(identity.gid), sizeof(identity.gid)); + blist.append((char*)&(identity.t_s), sizeof(identity.t_s)); + blist.append((char*)&(identity.t_e), sizeof(identity.t_e)); blist.append((char*)&allocSig, sizeof(allocSig)); + //blist.append((char*)&identity, sizeof(identity)); + cout << "Encoded ticket OK" << endl; - _encode(iv, blist); - _encode(username, blist); - _encode(pubKey, blist); + _encode(identity.iv, blist); + _encode(identity.username, blist); + _encode(identity.pubKey, blist); } - //bl.append((char*)&uid,sizeof(uid)); - //bl.copy(off,sizeof(uid),(char*)&uid); - //off += sizeof(uid); }; #endif diff --git a/branches/aleung/security1/ceph/messages/MClientAuthUserAck.h b/branches/aleung/security1/ceph/messages/MClientAuthUserAck.h index af16d1e6ee296..7366e258c07a2 100644 --- a/branches/aleung/security1/ceph/messages/MClientAuthUserAck.h +++ b/branches/aleung/security1/ceph/messages/MClientAuthUserAck.h @@ -16,19 +16,39 @@ #define __MCLIENTAUTHUSERACK_H #include "msg/Message.h" +#include "crypto/Ticket.h" class MClientAuthUserAck : public Message { + //bufferlist ticketBL; + Ticket myTicket; public: MClientAuthUserAck() : Message(MSG_CLIENT_AUTH_USER_ACK) { } + MClientAuthUserAck(Ticket *ticket) : Message(MSG_CLIENT_AUTH_USER_ACK) { + //ticket->encode(ticketBL); + myTicket = (*ticket); + } char *get_type_name() { return "client_auth_user_ack"; } uid_t get_uid() { return 0; } // fixme - void decode_payload() { + Ticket *getTicket() { + return &myTicket; + } + + void decode_payload() { + cout << "Trying decode payload ACK" << endl; + int off = 0; + //::_decode(myTicket, payload, off); + myTicket.decode(payload, off); + cout << "ACK Decoded OK" << endl; } - void encode_payload() { + void encode_payload() { + cout << "Trying encode payload ACK" << endl; + //::_encode(myTicket, payload); + myTicket.encode(payload); + cout << "ACK Encoded OK" << endl; } }; diff --git a/branches/aleung/security1/ceph/mon/ClientMonitor.cc b/branches/aleung/security1/ceph/mon/ClientMonitor.cc index 8da75ab066ee0..9ad411e18e46d 100644 --- a/branches/aleung/security1/ceph/mon/ClientMonitor.cc +++ b/branches/aleung/security1/ceph/mon/ClientMonitor.cc @@ -17,11 +17,15 @@ #include "MDSMonitor.h" #include "messages/MClientBoot.h" +#include "messages/MClientAuthUser.h" +#include "messages/MClientAuthUserAck.h" #include "messages/MMDSMap.h" //#include "messages/MMDSFailure.h" #include "common/Timer.h" +#include "crypto/Ticket.h" + #include "config.h" #undef dout #define dout(l) if (l<=g_conf.debug || l<=g_conf.debug_mon) cout << g_clock.now() << " mon" << mon->whoami << (mon->is_starting() ? (const char*)"(starting)":(mon->is_leader() ? (const char*)"(leader)":(mon->is_peon() ? (const char*)"(peon)":(const char*)"(?\?)"))) << ".client " @@ -37,6 +41,9 @@ void ClientMonitor::dispatch(Message *m) case MSG_CLIENT_BOOT: handle_client_boot((MClientBoot*)m); break; + case MSG_CLIENT_AUTH_USER: + handle_client_auth_user((MClientAuthUser*)m); + break; /* case MSG_client_FAILURE: @@ -69,6 +76,57 @@ void ClientMonitor::handle_client_boot(MClientBoot *m) delete m; } +void ClientMonitor::handle_client_auth_user(MClientAuthUser *m) +{ + dout(7) << "client_auth_user from " << m->get_source() << " at " << m->get_source_inst() << endl; + assert(m->get_source().is_client()); + //int from = m->get_source().num(); + + // grab information + uid_t uid = m->get_uid(); + gid_t gid = m->get_gid(); + // ticket time = 60 minutes (too long, only for debug) + utime_t t_s = g_clock.now(); + utime_t t_e = t_s; + t_e += 3600; + string name = "unknown"; + string key = m->get_str_key(); + + + // create iv + char iv[RJBLOCKSIZE]; + memset(iv, 0x01, RJBLOCKSIZE); // worthless right now + string k_0 = iv; + + // create a ticket + Ticket userTicket(uid, gid, t_s, t_e, k_0, name, key); + + // sign the ticket + userTicket.sign_ticket(mon->myPrivKey); + cout << "SIGNED THE TICKET SUCCESFULY?" << endl << endl; + + // test the verification + if (userTicket.verif_ticket(mon->myPubKey)) + cout << "Verification succeeded" << endl; + else + cout << "Verification failed" << endl; + + // cache the ticket? + + // reply to auth_user + cout << "send_ticket to " << m->get_source() << + " inst " << m->get_source_inst() << endl; + messenger->send_message(new MClientAuthUserAck(&userTicket), + m->get_source(), m->get_source_inst()); + cout << "ACK Ticket sent to " << m->get_source() << endl; + +} + +void ClientMonitor::send_ticket(msg_addr_t dest, const entity_inst_t& inst) { + cout << "send_ticket to " << dest << " inst " << inst << endl; + //messenger->send_message(new MClientAuthUserAck(&userTicket), dest, inst); +} + /* void ClientMonitor::handle_mds_shutdown(Message *m) { diff --git a/branches/aleung/security1/ceph/mon/ClientMonitor.h b/branches/aleung/security1/ceph/mon/ClientMonitor.h index a85bb1e2fe86d..f905b6878aa95 100644 --- a/branches/aleung/security1/ceph/mon/ClientMonitor.h +++ b/branches/aleung/security1/ceph/mon/ClientMonitor.h @@ -23,6 +23,9 @@ using namespace std; #include "mds/MDSMap.h" +#include "crypto/CryptoLib.h" +using namespace CryptoLib; + class Monitor; class ClientMonitor : public Dispatcher { @@ -41,6 +44,7 @@ class ClientMonitor : public Dispatcher { void handle_client_boot(class MClientBoot *m); void handle_client_auth_user(class MClientAuthUser *m); + void send_ticket(msg_addr_t dest, const entity_inst_t& inst); public: ClientMonitor(Monitor *mn, Messenger *m, Mutex& l) : mon(mn), messenger(m), lock(l), diff --git a/branches/aleung/security1/ceph/mon/Monitor.h b/branches/aleung/security1/ceph/mon/Monitor.h index 3e0ab26834f82..b071e39b18a86 100644 --- a/branches/aleung/security1/ceph/mon/Monitor.h +++ b/branches/aleung/security1/ceph/mon/Monitor.h @@ -38,6 +38,10 @@ protected: MonMap *monmap; + // mon pub/priv keys + esignPriv myPrivKey; + esignPub myPubKey; + // timer. Context *tick_timer; Cond tick_timer_cond; @@ -48,10 +52,6 @@ protected: // my local store ObjectStore *store; - // mon pub/priv keys - esignPriv myPrivKey; - esignPub myPubKey; - const static int INO_ELECTOR = 1; const static int INO_MON_MAP = 2; const static int INO_OSD_MAP = 10; @@ -118,8 +118,9 @@ protected: } Monitor(int w, Messenger *m, MonMap *mm, esignPriv key) : whoami(w), - messenger(m), + messenger(m), monmap(mm), + myPrivKey(key), tick_timer(0), store(0), elector(this, w), @@ -127,8 +128,7 @@ protected: state(STATE_STARTING), leader(0), osdmon(0), - mdsmon(0), - myPrivKey(key) + mdsmon(0) { // hack leader, until election works. if (whoami == 0) -- 2.39.5