X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fsrc%2Frgw%2Frgw_rest_s3.h;fp=src%2Fceph%2Fsrc%2Frgw%2Frgw_rest_s3.h;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=d0aa098fa1b82fc74533aec9fb4f51fdfd5a2b19;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git diff --git a/src/ceph/src/rgw/rgw_rest_s3.h b/src/ceph/src/rgw/rgw_rest_s3.h deleted file mode 100644 index d0aa098..0000000 --- a/src/ceph/src/rgw/rgw_rest_s3.h +++ /dev/null @@ -1,934 +0,0 @@ -// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- -// vim: ts=8 sw=2 smarttab - -#ifndef CEPH_RGW_REST_S3_H - -#define CEPH_RGW_REST_S3_H -#define TIME_BUF_SIZE 128 - -#include - -#include -#include - -#include "common/backport14.h" -#include "common/sstring.hh" -#include "rgw_op.h" -#include "rgw_rest.h" -#include "rgw_http_errors.h" -#include "rgw_acl_s3.h" -#include "rgw_policy_s3.h" -#include "rgw_lc_s3.h" -#include "rgw_keystone.h" -#include "rgw_rest_conn.h" -#include "rgw_ldap.h" -#include "rgw_rest.h" - -#include "rgw_token.h" -#include "include/assert.h" - -#include "rgw_auth.h" -#include "rgw_auth_filters.h" - -#define RGW_AUTH_GRACE_MINS 15 - -struct rgw_http_error { - int http_ret; - const char *s3_code; -}; - -void rgw_get_errno_s3(struct rgw_http_error *e, int err_no); - -class RGWGetObj_ObjStore_S3 : public RGWGetObj_ObjStore -{ -protected: - // Serving a custom error page from an object is really a 200 response with - // just the status line altered. - int custom_http_ret = 0; - std::map crypt_http_responses; -public: - RGWGetObj_ObjStore_S3() {} - ~RGWGetObj_ObjStore_S3() override {} - - int get_params() override; - int send_response_data_error() override; - int send_response_data(bufferlist& bl, off_t ofs, off_t len) override; - void set_custom_http_response(int http_ret) { custom_http_ret = http_ret; } - int get_decrypt_filter(std::unique_ptr* filter, - RGWGetDataCB* cb, - bufferlist* manifest_bl) override; -}; - -class RGWGetObjTags_ObjStore_S3 : public RGWGetObjTags_ObjStore -{ - bufferlist tags_bl; -public: - RGWGetObjTags_ObjStore_S3() {} - ~RGWGetObjTags_ObjStore_S3() {} - - void send_response_data(bufferlist &bl) override; -}; - -class RGWPutObjTags_ObjStore_S3 : public RGWPutObjTags_ObjStore -{ -public: - RGWPutObjTags_ObjStore_S3() {} - ~RGWPutObjTags_ObjStore_S3() {} - - int get_params() override; - void send_response() override; -}; - -class RGWDeleteObjTags_ObjStore_S3 : public RGWDeleteObjTags -{ -public: - ~RGWDeleteObjTags_ObjStore_S3() override {} - void send_response() override; -}; - -class RGWListBuckets_ObjStore_S3 : public RGWListBuckets_ObjStore { -public: - RGWListBuckets_ObjStore_S3() {} - ~RGWListBuckets_ObjStore_S3() override {} - - int get_params() override { - limit = -1; /* no limit */ - return 0; - } - void send_response_begin(bool has_buckets) override; - void send_response_data(RGWUserBuckets& buckets) override; - void send_response_end() override; -}; - -class RGWGetUsage_ObjStore_S3 : public RGWGetUsage_ObjStore { -public: - RGWGetUsage_ObjStore_S3() {} - ~RGWGetUsage_ObjStore_S3() override {} - - int get_params() override ; - void send_response() override; -}; - -class RGWListBucket_ObjStore_S3 : public RGWListBucket_ObjStore { - bool objs_container; -public: - RGWListBucket_ObjStore_S3() : objs_container(false) { - default_max = 1000; - } - ~RGWListBucket_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; - void send_versioned_response(); -}; - -class RGWGetBucketLogging_ObjStore_S3 : public RGWGetBucketLogging { -public: - RGWGetBucketLogging_ObjStore_S3() {} - ~RGWGetBucketLogging_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWGetBucketLocation_ObjStore_S3 : public RGWGetBucketLocation { -public: - RGWGetBucketLocation_ObjStore_S3() {} - ~RGWGetBucketLocation_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWGetBucketVersioning_ObjStore_S3 : public RGWGetBucketVersioning { -public: - RGWGetBucketVersioning_ObjStore_S3() {} - ~RGWGetBucketVersioning_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWSetBucketVersioning_ObjStore_S3 : public RGWSetBucketVersioning { -public: - RGWSetBucketVersioning_ObjStore_S3() {} - ~RGWSetBucketVersioning_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; -}; - -class RGWGetBucketWebsite_ObjStore_S3 : public RGWGetBucketWebsite { -public: - RGWGetBucketWebsite_ObjStore_S3() {} - ~RGWGetBucketWebsite_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWSetBucketWebsite_ObjStore_S3 : public RGWSetBucketWebsite { -public: - RGWSetBucketWebsite_ObjStore_S3() {} - ~RGWSetBucketWebsite_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; -}; - -class RGWDeleteBucketWebsite_ObjStore_S3 : public RGWDeleteBucketWebsite { -public: - RGWDeleteBucketWebsite_ObjStore_S3() {} - ~RGWDeleteBucketWebsite_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWStatBucket_ObjStore_S3 : public RGWStatBucket_ObjStore { -public: - RGWStatBucket_ObjStore_S3() {} - ~RGWStatBucket_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWCreateBucket_ObjStore_S3 : public RGWCreateBucket_ObjStore { -public: - RGWCreateBucket_ObjStore_S3() {} - ~RGWCreateBucket_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; -}; - -class RGWDeleteBucket_ObjStore_S3 : public RGWDeleteBucket_ObjStore { -public: - RGWDeleteBucket_ObjStore_S3() {} - ~RGWDeleteBucket_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWPutObj_ObjStore_S3 : public RGWPutObj_ObjStore { -private: - std::map crypt_http_responses; - -public: - RGWPutObj_ObjStore_S3() {} - ~RGWPutObj_ObjStore_S3() override {} - - int get_params() override; - int get_data(bufferlist& bl) override; - void send_response() override; - - int get_encrypt_filter(std::unique_ptr* filter, - RGWPutObjDataProcessor* cb) override; - int get_decrypt_filter(std::unique_ptr* filter, - RGWGetDataCB* cb, - map& attrs, - bufferlist* manifest_bl) override; -}; - -class RGWPostObj_ObjStore_S3 : public RGWPostObj_ObjStore { - parts_collection_t parts; - std::string filename; - std::string content_type; - RGWPolicyEnv env; - RGWPolicy post_policy; - map crypt_http_responses; - - const rgw::auth::StrategyRegistry* auth_registry_ptr = nullptr; - - int get_policy(); - int get_tags(); - void rebuild_key(string& key); - - std::string get_current_filename() const override; - std::string get_current_content_type() const override; - -public: - RGWPostObj_ObjStore_S3() {} - ~RGWPostObj_ObjStore_S3() override {} - - int verify_requester(const rgw::auth::StrategyRegistry& auth_registry) { - auth_registry_ptr = &auth_registry; - return RGWPostObj_ObjStore::verify_requester(auth_registry); - } - - int get_params() override; - int complete_get_params(); - - void send_response() override; - int get_data(ceph::bufferlist& bl, bool& again) override; - int get_encrypt_filter(std::unique_ptr* filter, - RGWPutObjDataProcessor* cb) override; -}; - -class RGWDeleteObj_ObjStore_S3 : public RGWDeleteObj_ObjStore { -public: - RGWDeleteObj_ObjStore_S3() {} - ~RGWDeleteObj_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; -}; - -class RGWCopyObj_ObjStore_S3 : public RGWCopyObj_ObjStore { - bool sent_header; -public: - RGWCopyObj_ObjStore_S3() : sent_header(false) {} - ~RGWCopyObj_ObjStore_S3() override {} - - int init_dest_policy() override; - int get_params() override; - void send_partial_response(off_t ofs) override; - void send_response() override; -}; - -class RGWGetACLs_ObjStore_S3 : public RGWGetACLs_ObjStore { -public: - RGWGetACLs_ObjStore_S3() {} - ~RGWGetACLs_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWPutACLs_ObjStore_S3 : public RGWPutACLs_ObjStore { -public: - RGWPutACLs_ObjStore_S3() {} - ~RGWPutACLs_ObjStore_S3() override {} - - int get_policy_from_state(RGWRados *store, struct req_state *s, stringstream& ss) override; - void send_response() override; - int get_params() override; -}; - -class RGWGetLC_ObjStore_S3 : public RGWGetLC_ObjStore { -protected: - RGWLifecycleConfiguration_S3 config; -public: - RGWGetLC_ObjStore_S3() {} - ~RGWGetLC_ObjStore_S3() override {} - void execute() override; - - void send_response() override; -}; - -class RGWPutLC_ObjStore_S3 : public RGWPutLC_ObjStore { -public: - RGWPutLC_ObjStore_S3() {} - ~RGWPutLC_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWDeleteLC_ObjStore_S3 : public RGWDeleteLC_ObjStore { -public: - RGWDeleteLC_ObjStore_S3() {} - ~RGWDeleteLC_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWGetCORS_ObjStore_S3 : public RGWGetCORS_ObjStore { -public: - RGWGetCORS_ObjStore_S3() {} - ~RGWGetCORS_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWPutCORS_ObjStore_S3 : public RGWPutCORS_ObjStore { -public: - RGWPutCORS_ObjStore_S3() {} - ~RGWPutCORS_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; -}; - -class RGWDeleteCORS_ObjStore_S3 : public RGWDeleteCORS_ObjStore { -public: - RGWDeleteCORS_ObjStore_S3() {} - ~RGWDeleteCORS_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWOptionsCORS_ObjStore_S3 : public RGWOptionsCORS_ObjStore { -public: - RGWOptionsCORS_ObjStore_S3() {} - ~RGWOptionsCORS_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWGetRequestPayment_ObjStore_S3 : public RGWGetRequestPayment { -public: - RGWGetRequestPayment_ObjStore_S3() {} - ~RGWGetRequestPayment_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWSetRequestPayment_ObjStore_S3 : public RGWSetRequestPayment { -public: - RGWSetRequestPayment_ObjStore_S3() {} - ~RGWSetRequestPayment_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; -}; - -class RGWInitMultipart_ObjStore_S3 : public RGWInitMultipart_ObjStore { -private: - std::map crypt_http_responses; -public: - RGWInitMultipart_ObjStore_S3() {} - ~RGWInitMultipart_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; - int prepare_encryption(map& attrs) override; -}; - -class RGWCompleteMultipart_ObjStore_S3 : public RGWCompleteMultipart_ObjStore { -public: - RGWCompleteMultipart_ObjStore_S3() {} - ~RGWCompleteMultipart_ObjStore_S3() override {} - - int get_params() override; - void send_response() override; -}; - -class RGWAbortMultipart_ObjStore_S3 : public RGWAbortMultipart_ObjStore { -public: - RGWAbortMultipart_ObjStore_S3() {} - ~RGWAbortMultipart_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWListMultipart_ObjStore_S3 : public RGWListMultipart_ObjStore { -public: - RGWListMultipart_ObjStore_S3() {} - ~RGWListMultipart_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWListBucketMultiparts_ObjStore_S3 : public RGWListBucketMultiparts_ObjStore { -public: - RGWListBucketMultiparts_ObjStore_S3() { - default_max = 1000; - } - ~RGWListBucketMultiparts_ObjStore_S3() override {} - - void send_response() override; -}; - -class RGWDeleteMultiObj_ObjStore_S3 : public RGWDeleteMultiObj_ObjStore { -public: - RGWDeleteMultiObj_ObjStore_S3() {} - ~RGWDeleteMultiObj_ObjStore_S3() override {} - - int get_params() override; - void send_status() override; - void begin_response() override; - void send_partial_response(rgw_obj_key& key, bool delete_marker, - const string& marker_version_id, int ret) override; - void end_response() override; -}; - -class RGWGetObjLayout_ObjStore_S3 : public RGWGetObjLayout { -public: - RGWGetObjLayout_ObjStore_S3() {} - ~RGWGetObjLayout_ObjStore_S3() {} - - void send_response(); -}; - -class RGWConfigBucketMetaSearch_ObjStore_S3 : public RGWConfigBucketMetaSearch { -public: - RGWConfigBucketMetaSearch_ObjStore_S3() {} - ~RGWConfigBucketMetaSearch_ObjStore_S3() {} - - int get_params() override; - void send_response() override; -}; - -class RGWGetBucketMetaSearch_ObjStore_S3 : public RGWGetBucketMetaSearch { -public: - RGWGetBucketMetaSearch_ObjStore_S3() {} - ~RGWGetBucketMetaSearch_ObjStore_S3() {} - - void send_response() override; -}; - -class RGWDelBucketMetaSearch_ObjStore_S3 : public RGWDelBucketMetaSearch { -public: - RGWDelBucketMetaSearch_ObjStore_S3() {} - ~RGWDelBucketMetaSearch_ObjStore_S3() {} - - void send_response() override; -}; - -class RGW_Auth_S3 { -public: - static int authorize(RGWRados *store, - const rgw::auth::StrategyRegistry& auth_registry, - struct req_state *s); -}; - -class RGWHandler_Auth_S3 : public RGWHandler_REST { - friend class RGWRESTMgr_S3; - - const rgw::auth::StrategyRegistry& auth_registry; - -public: - RGWHandler_Auth_S3(const rgw::auth::StrategyRegistry& auth_registry) - : RGWHandler_REST(), - auth_registry(auth_registry) { - } - ~RGWHandler_Auth_S3() override = default; - - static int validate_bucket_name(const string& bucket); - static int validate_object_name(const string& bucket); - - int init(RGWRados *store, - struct req_state *s, - rgw::io::BasicClient *cio) override; - int authorize() override { - return RGW_Auth_S3::authorize(store, auth_registry, s); - } - int postauth_init() override { return 0; } -}; - -class RGWHandler_REST_S3 : public RGWHandler_REST { - friend class RGWRESTMgr_S3; - - const rgw::auth::StrategyRegistry& auth_registry; -public: - static int init_from_header(struct req_state *s, int default_formatter, bool configurable_format); - - RGWHandler_REST_S3(const rgw::auth::StrategyRegistry& auth_registry) - : RGWHandler_REST(), - auth_registry(auth_registry) { - } - ~RGWHandler_REST_S3() override = default; - - int init(RGWRados *store, - struct req_state *s, - rgw::io::BasicClient *cio) override; - int authorize() override { - return RGW_Auth_S3::authorize(store, auth_registry, s); - } - int postauth_init() override; -}; - -class RGWHandler_REST_Service_S3 : public RGWHandler_REST_S3 { -protected: - bool is_usage_op() { - return s->info.args.exists("usage"); - } - RGWOp *op_get() override; - RGWOp *op_head() override; - RGWOp *op_post() override; -public: - using RGWHandler_REST_S3::RGWHandler_REST_S3; - ~RGWHandler_REST_Service_S3() override = default; -}; - -class RGWHandler_REST_Bucket_S3 : public RGWHandler_REST_S3 { -protected: - bool is_acl_op() { - return s->info.args.exists("acl"); - } - bool is_cors_op() { - return s->info.args.exists("cors"); - } - bool is_lc_op() { - return s->info.args.exists("lifecycle"); - } - bool is_obj_update_op() override { - return is_acl_op() || is_cors_op(); - } - bool is_request_payment_op() { - return s->info.args.exists("requestPayment"); - } - bool is_policy_op() { - return s->info.args.exists("policy"); - } - RGWOp *get_obj_op(bool get_data); - - RGWOp *op_get() override; - RGWOp *op_head() override; - RGWOp *op_put() override; - RGWOp *op_delete() override; - RGWOp *op_post() override; - RGWOp *op_options() override; -public: - using RGWHandler_REST_S3::RGWHandler_REST_S3; - ~RGWHandler_REST_Bucket_S3() override = default; -}; - -class RGWHandler_REST_Obj_S3 : public RGWHandler_REST_S3 { -protected: - bool is_acl_op() { - return s->info.args.exists("acl"); - } - bool is_cors_op() { - return s->info.args.exists("cors"); - } - bool is_tagging_op() { - return s->info.args.exists("tagging"); - } - bool is_obj_update_op() override { - return is_acl_op() || is_tagging_op() ; - } - RGWOp *get_obj_op(bool get_data); - - RGWOp *op_get() override; - RGWOp *op_head() override; - RGWOp *op_put() override; - RGWOp *op_delete() override; - RGWOp *op_post() override; - RGWOp *op_options() override; -public: - using RGWHandler_REST_S3::RGWHandler_REST_S3; - ~RGWHandler_REST_Obj_S3() override = default; -}; - -class RGWRESTMgr_S3 : public RGWRESTMgr { -private: - bool enable_s3website; -public: - explicit RGWRESTMgr_S3(bool enable_s3website = false) - : enable_s3website(enable_s3website) { - } - - ~RGWRESTMgr_S3() override = default; - - RGWHandler_REST *get_handler(struct req_state* s, - const rgw::auth::StrategyRegistry& auth_registry, - const std::string& frontend_prefix) override; -}; - -class RGWHandler_REST_Obj_S3Website; - -static inline bool looks_like_ip_address(const char *bucket) -{ - int num_periods = 0; - bool expect_period = false; - for (const char *b = bucket; *b; ++b) { - if (*b == '.') { - if (!expect_period) - return false; - ++num_periods; - if (num_periods > 3) - return false; - expect_period = false; - } - else if (isdigit(*b)) { - expect_period = true; - } - else { - return false; - } - } - return (num_periods == 3); -} - -static inline int valid_s3_object_name(const string& name) { - if (name.size() > 1024) { - return -ERR_INVALID_OBJECT_NAME; - } - if (check_utf8(name.c_str(), name.size())) { - return -ERR_INVALID_OBJECT_NAME; - } - return 0; -} - -static inline int valid_s3_bucket_name(const string& name, bool relaxed=false) -{ - // This function enforces Amazon's spec for bucket names. - // (The requirements, not the recommendations.) - int len = name.size(); - if (len < 3) { - // Name too short - return -ERR_INVALID_BUCKET_NAME; - } else if (len > 255) { - // Name too long - return -ERR_INVALID_BUCKET_NAME; - } - - // bucket names must start with a number, letter, or underscore - if (!(isalpha(name[0]) || isdigit(name[0]))) { - if (!relaxed) - return -ERR_INVALID_BUCKET_NAME; - else if (!(name[0] == '_' || name[0] == '.' || name[0] == '-')) - return -ERR_INVALID_BUCKET_NAME; - } - - for (const char *s = name.c_str(); *s; ++s) { - char c = *s; - if (isdigit(c) || (c == '.')) - continue; - if (isalpha(c)) - continue; - if ((c == '-') || (c == '_')) - continue; - // Invalid character - return -ERR_INVALID_BUCKET_NAME; - } - - if (looks_like_ip_address(name.c_str())) - return -ERR_INVALID_BUCKET_NAME; - - return 0; -} - - -namespace rgw { -namespace auth { -namespace s3 { - -class AWSEngine : public rgw::auth::Engine { -public: - class VersionAbstractor { - static constexpr size_t DIGEST_SIZE_V2 = CEPH_CRYPTO_HMACSHA1_DIGESTSIZE; - static constexpr size_t DIGEST_SIZE_V4 = CEPH_CRYPTO_HMACSHA256_DIGESTSIZE; - - /* Knowing the signature max size allows us to employ the sstring, and thus - * avoid dynamic allocations. The multiplier comes from representing digest - * in the base64-encoded form. */ - static constexpr size_t SIGNATURE_MAX_SIZE = \ - ceph::max(DIGEST_SIZE_V2, DIGEST_SIZE_V4) * 2 + sizeof('\0'); - - public: - virtual ~VersionAbstractor() {}; - - using access_key_id_t = boost::string_view; - using client_signature_t = boost::string_view; - using server_signature_t = basic_sstring; - using string_to_sign_t = std::string; - - /* Transformation for crafting the AWS signature at server side which is - * used later to compare with the user-provided one. The methodology for - * doing that depends on AWS auth version. */ - using signature_factory_t = \ - std::function; - - /* Return an instance of Completer for verifying the payload's fingerprint - * if necessary. Otherwise caller gets nullptr. Caller may provide secret - * key */ - using completer_factory_t = \ - std::function& secret_key)>; - - struct auth_data_t { - access_key_id_t access_key_id; - client_signature_t client_signature; - string_to_sign_t string_to_sign; - signature_factory_t signature_factory; - completer_factory_t completer_factory; - }; - - virtual auth_data_t get_auth_data(const req_state* s) const = 0; - }; - -protected: - CephContext* cct; - const VersionAbstractor& ver_abstractor; - - AWSEngine(CephContext* const cct, const VersionAbstractor& ver_abstractor) - : cct(cct), - ver_abstractor(ver_abstractor) { - } - - using result_t = rgw::auth::Engine::result_t; - using string_to_sign_t = VersionAbstractor::string_to_sign_t; - using signature_factory_t = VersionAbstractor::signature_factory_t; - using completer_factory_t = VersionAbstractor::completer_factory_t; - - /* TODO(rzarzynski): clean up. We've too many input parameter hee. Also - * the signature get_auth_data() of VersionAbstractor is too complicated. - * Replace these thing with a simple, dedicated structure. */ - virtual result_t authenticate(const boost::string_view& access_key_id, - const boost::string_view& signature, - const string_to_sign_t& string_to_sign, - const signature_factory_t& signature_factory, - const completer_factory_t& completer_factory, - const req_state* s) const = 0; - -public: - result_t authenticate(const req_state* const s) const final; -}; - - -class AWSGeneralAbstractor : public AWSEngine::VersionAbstractor { - CephContext* const cct; - - bool is_time_skew_ok(const utime_t& header_time, - const bool qsr) const; - - virtual boost::optional - get_v4_canonical_headers(const req_info& info, - const boost::string_view& signedheaders, - const bool using_qs) const; - - auth_data_t get_auth_data_v2(const req_state* s) const; - auth_data_t get_auth_data_v4(const req_state* s, bool using_qs) const; - -public: - AWSGeneralAbstractor(CephContext* const cct) - : cct(cct) { - } - - auth_data_t get_auth_data(const req_state* s) const override; -}; - -class AWSGeneralBoto2Abstractor : public AWSGeneralAbstractor { - boost::optional - get_v4_canonical_headers(const req_info& info, - const boost::string_view& signedheaders, - const bool using_qs) const override; - -public: - using AWSGeneralAbstractor::AWSGeneralAbstractor; -}; - -class AWSBrowserUploadAbstractor : public AWSEngine::VersionAbstractor { - static std::string to_string(ceph::bufferlist bl) { - return std::string(bl.c_str(), - static_cast(bl.length())); - } - - auth_data_t get_auth_data_v2(const req_state* s) const; - auth_data_t get_auth_data_v4(const req_state* s) const; - -public: - AWSBrowserUploadAbstractor(CephContext*) { - } - - auth_data_t get_auth_data(const req_state* s) const override; -}; - - -class LDAPEngine : public AWSEngine { - static rgw::LDAPHelper* ldh; - static std::mutex mtx; - - static void init(CephContext* const cct); - - using acl_strategy_t = rgw::auth::RemoteApplier::acl_strategy_t; - using auth_info_t = rgw::auth::RemoteApplier::AuthInfo; - using result_t = rgw::auth::Engine::result_t; - -protected: - RGWRados* const store; - const rgw::auth::RemoteApplier::Factory* const apl_factory; - - acl_strategy_t get_acl_strategy() const; - auth_info_t get_creds_info(const rgw::RGWToken& token) const noexcept; - - result_t authenticate(const boost::string_view& access_key_id, - const boost::string_view& signature, - const string_to_sign_t& string_to_sign, - const signature_factory_t&, - const completer_factory_t& completer_factory, - const req_state* s) const override; -public: - LDAPEngine(CephContext* const cct, - RGWRados* const store, - const VersionAbstractor& ver_abstractor, - const rgw::auth::RemoteApplier::Factory* const apl_factory) - : AWSEngine(cct, ver_abstractor), - store(store), - apl_factory(apl_factory) { - init(cct); - } - - using AWSEngine::authenticate; - - const char* get_name() const noexcept override { - return "rgw::auth::s3::LDAPEngine"; - } -}; - - -class LocalEngine : public AWSEngine { - RGWRados* const store; - const rgw::auth::LocalApplier::Factory* const apl_factory; - - result_t authenticate(const boost::string_view& access_key_id, - const boost::string_view& signature, - const string_to_sign_t& string_to_sign, - const signature_factory_t& signature_factory, - const completer_factory_t& completer_factory, - const req_state* s) const override; -public: - LocalEngine(CephContext* const cct, - RGWRados* const store, - const VersionAbstractor& ver_abstractor, - const rgw::auth::LocalApplier::Factory* const apl_factory) - : AWSEngine(cct, ver_abstractor), - store(store), - apl_factory(apl_factory) { - } - - using AWSEngine::authenticate; - - const char* get_name() const noexcept override { - return "rgw::auth::s3::LocalEngine"; - } -}; - - -class S3AnonymousEngine : public rgw::auth::AnonymousEngine { - bool is_applicable(const req_state* s) const noexcept override; - -public: - /* Let's reuse the parent class' constructor. */ - using rgw::auth::AnonymousEngine::AnonymousEngine; - - const char* get_name() const noexcept override { - return "rgw::auth::s3::S3AnonymousEngine"; - } -}; - - -class S3AuthFactory : public rgw::auth::RemoteApplier::Factory, - public rgw::auth::LocalApplier::Factory { - typedef rgw::auth::IdentityApplier::aplptr_t aplptr_t; - RGWRados* const store; - -public: - S3AuthFactory(RGWRados* const store) - : store(store) { - } - - aplptr_t create_apl_remote(CephContext* const cct, - const req_state* const s, - rgw::auth::RemoteApplier::acl_strategy_t&& acl_alg, - const rgw::auth::RemoteApplier::AuthInfo info - ) const override { - return aplptr_t( - new rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info, - cct->_conf->rgw_keystone_implicit_tenants)); - } - - aplptr_t create_apl_local(CephContext* const cct, - const req_state* const s, - const RGWUserInfo& user_info, - const std::string& subuser) const override { - return aplptr_t( - new rgw::auth::LocalApplier(cct, user_info, subuser)); - } -}; - - -} /* namespace s3 */ -} /* namespace auth */ -} /* namespace rgw */ - - -#endif /* CEPH_RGW_REST_S3_H */