-
Notifications
You must be signed in to change notification settings - Fork 5.8k
/
rgw_rest_s3.h
803 lines (663 loc) · 19.9 KB
/
rgw_rest_s3.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab
#ifndef CEPH_RGW_REST_S3_H
#define CEPH_RGW_REST_S3_H
#define TIME_BUF_SIZE 128
#include <mutex>
#include "rgw_op.h"
#include "rgw_http_errors.h"
#include "rgw_acl_s3.h"
#include "rgw_policy_s3.h"
#include "rgw_lc_s3.h"
#include "rgw_keystone.h"
#include "rgw_rest_conn.h"
#include "rgw_ldap.h"
#include "rgw_token.h"
#include "include/assert.h"
#include "rgw_auth.h"
#include "rgw_auth_decoimpl.h"
#define RGW_AUTH_GRACE_MINS 15
void rgw_get_errno_s3(struct rgw_http_errors *e, int err_no);
class RGWGetObj_ObjStore_S3 : public RGWGetObj_ObjStore
{
protected:
// Serving a custom error page from an object is really a 200 response with
// just the status line altered.
int custom_http_ret = 0;
public:
RGWGetObj_ObjStore_S3() {}
~RGWGetObj_ObjStore_S3() {}
int send_response_data_error();
int send_response_data(bufferlist& bl, off_t ofs, off_t len);
void set_custom_http_response(int http_ret) { custom_http_ret = http_ret; }
};
class RGWListBuckets_ObjStore_S3 : public RGWListBuckets_ObjStore {
public:
RGWListBuckets_ObjStore_S3() {}
~RGWListBuckets_ObjStore_S3() {}
int get_params() {
limit = -1; /* no limit */
return 0;
}
virtual void send_response_begin(bool has_buckets);
virtual void send_response_data(RGWUserBuckets& buckets);
virtual void send_response_end();
};
class RGWGetUsage_ObjStore_S3 : public RGWGetUsage_ObjStore {
public:
RGWGetUsage_ObjStore_S3() {}
~RGWGetUsage_ObjStore_S3() {}
int get_params() ;
virtual void send_response();
};
class RGWListBucket_ObjStore_S3 : public RGWListBucket_ObjStore {
bool objs_container;
public:
RGWListBucket_ObjStore_S3() : objs_container(false) {
default_max = 1000;
}
~RGWListBucket_ObjStore_S3() {}
int get_params();
void send_response();
void send_versioned_response();
};
class RGWGetBucketLogging_ObjStore_S3 : public RGWGetBucketLogging {
public:
RGWGetBucketLogging_ObjStore_S3() {}
~RGWGetBucketLogging_ObjStore_S3() {}
void send_response();
};
class RGWGetBucketLocation_ObjStore_S3 : public RGWGetBucketLocation {
public:
RGWGetBucketLocation_ObjStore_S3() {}
~RGWGetBucketLocation_ObjStore_S3() {}
void send_response();
};
class RGWGetBucketVersioning_ObjStore_S3 : public RGWGetBucketVersioning {
public:
RGWGetBucketVersioning_ObjStore_S3() {}
~RGWGetBucketVersioning_ObjStore_S3() {}
void send_response();
};
class RGWSetBucketVersioning_ObjStore_S3 : public RGWSetBucketVersioning {
public:
RGWSetBucketVersioning_ObjStore_S3() {}
~RGWSetBucketVersioning_ObjStore_S3() {}
int get_params();
void send_response();
};
class RGWGetBucketWebsite_ObjStore_S3 : public RGWGetBucketWebsite {
public:
RGWGetBucketWebsite_ObjStore_S3() {}
~RGWGetBucketWebsite_ObjStore_S3() {}
void send_response();
};
class RGWSetBucketWebsite_ObjStore_S3 : public RGWSetBucketWebsite {
public:
RGWSetBucketWebsite_ObjStore_S3() {}
~RGWSetBucketWebsite_ObjStore_S3() {}
int get_params();
void send_response();
};
class RGWDeleteBucketWebsite_ObjStore_S3 : public RGWDeleteBucketWebsite {
public:
RGWDeleteBucketWebsite_ObjStore_S3() {}
~RGWDeleteBucketWebsite_ObjStore_S3() {}
void send_response();
};
class RGWStatBucket_ObjStore_S3 : public RGWStatBucket_ObjStore {
public:
RGWStatBucket_ObjStore_S3() {}
~RGWStatBucket_ObjStore_S3() {}
void send_response();
};
class RGWCreateBucket_ObjStore_S3 : public RGWCreateBucket_ObjStore {
public:
RGWCreateBucket_ObjStore_S3() {}
~RGWCreateBucket_ObjStore_S3() {}
int get_params();
void send_response();
};
class RGWDeleteBucket_ObjStore_S3 : public RGWDeleteBucket_ObjStore {
public:
RGWDeleteBucket_ObjStore_S3() {}
~RGWDeleteBucket_ObjStore_S3() {}
void send_response();
};
class RGWPutObj_ObjStore_S3 : public RGWPutObj_ObjStore {
public:
RGWPutObj_ObjStore_S3() {}
~RGWPutObj_ObjStore_S3() {}
int get_params();
int get_data(bufferlist& bl);
void send_response();
int validate_aws4_single_chunk(char *chunk_str,
char *chunk_data_str,
unsigned int chunk_data_size,
string chunk_signature);
int validate_and_unwrap_available_aws4_chunked_data(bufferlist& bl_in,
bufferlist& bl_out);
};
struct post_part_field {
string val;
map<string, string> params;
};
struct post_form_part {
string name;
string content_type;
map<string, struct post_part_field, ltstr_nocase> fields;
bufferlist data;
};
class RGWPostObj_ObjStore_S3 : public RGWPostObj_ObjStore {
string boundary;
string filename;
bufferlist in_data;
map<string, post_form_part, const ltstr_nocase> parts;
RGWPolicyEnv env;
RGWPolicy post_policy;
string err_msg;
int read_with_boundary(bufferlist& bl, uint64_t max, bool check_eol,
bool *reached_boundary,
bool *done);
int read_line(bufferlist& bl, uint64_t max,
bool *reached_boundary, bool *done);
int read_data(bufferlist& bl, uint64_t max, bool *reached_boundary, bool *done);
int read_form_part_header(struct post_form_part *part,
bool *done);
bool part_str(const string& name, string *val);
bool part_bl(const string& name, bufferlist *pbl);
int get_policy();
void rebuild_key(string& key);
public:
RGWPostObj_ObjStore_S3() {}
~RGWPostObj_ObjStore_S3() {}
int get_params();
int complete_get_params();
void send_response();
int get_data(bufferlist& bl);
};
class RGWDeleteObj_ObjStore_S3 : public RGWDeleteObj_ObjStore {
public:
RGWDeleteObj_ObjStore_S3() {}
~RGWDeleteObj_ObjStore_S3() {}
int get_params();
void send_response();
};
class RGWCopyObj_ObjStore_S3 : public RGWCopyObj_ObjStore {
bool sent_header;
public:
RGWCopyObj_ObjStore_S3() : sent_header(false) {}
~RGWCopyObj_ObjStore_S3() {}
int init_dest_policy();
int get_params();
void send_partial_response(off_t ofs);
void send_response();
};
class RGWGetACLs_ObjStore_S3 : public RGWGetACLs_ObjStore {
public:
RGWGetACLs_ObjStore_S3() {}
~RGWGetACLs_ObjStore_S3() {}
void send_response();
};
class RGWPutACLs_ObjStore_S3 : public RGWPutACLs_ObjStore {
public:
RGWPutACLs_ObjStore_S3() {}
~RGWPutACLs_ObjStore_S3() {}
int get_policy_from_state(RGWRados *store, struct req_state *s, stringstream& ss);
void send_response();
int get_params();
};
class RGWGetLC_ObjStore_S3 : public RGWGetLC_ObjStore {
protected:
RGWLifecycleConfiguration_S3 config;
public:
RGWGetLC_ObjStore_S3() {}
~RGWGetLC_ObjStore_S3() {}
virtual void execute();
void send_response();
};
class RGWPutLC_ObjStore_S3 : public RGWPutLC_ObjStore {
public:
RGWPutLC_ObjStore_S3() {}
~RGWPutLC_ObjStore_S3() {}
void send_response();
};
class RGWDeleteLC_ObjStore_S3 : public RGWDeleteLC_ObjStore {
public:
RGWDeleteLC_ObjStore_S3() {}
~RGWDeleteLC_ObjStore_S3() {}
void send_response();
};
class RGWGetCORS_ObjStore_S3 : public RGWGetCORS_ObjStore {
public:
RGWGetCORS_ObjStore_S3() {}
~RGWGetCORS_ObjStore_S3() {}
void send_response();
};
class RGWPutCORS_ObjStore_S3 : public RGWPutCORS_ObjStore {
public:
RGWPutCORS_ObjStore_S3() {}
~RGWPutCORS_ObjStore_S3() {}
int get_params();
void send_response();
};
class RGWDeleteCORS_ObjStore_S3 : public RGWDeleteCORS_ObjStore {
public:
RGWDeleteCORS_ObjStore_S3() {}
~RGWDeleteCORS_ObjStore_S3() {}
void send_response();
};
class RGWOptionsCORS_ObjStore_S3 : public RGWOptionsCORS_ObjStore {
public:
RGWOptionsCORS_ObjStore_S3() {}
~RGWOptionsCORS_ObjStore_S3() {}
void send_response();
};
class RGWGetRequestPayment_ObjStore_S3 : public RGWGetRequestPayment {
public:
RGWGetRequestPayment_ObjStore_S3() {}
~RGWGetRequestPayment_ObjStore_S3() {}
void send_response();
};
class RGWSetRequestPayment_ObjStore_S3 : public RGWSetRequestPayment {
public:
RGWSetRequestPayment_ObjStore_S3() {}
~RGWSetRequestPayment_ObjStore_S3() {}
int get_params();
void send_response();
};
class RGWInitMultipart_ObjStore_S3 : public RGWInitMultipart_ObjStore {
public:
RGWInitMultipart_ObjStore_S3() {}
~RGWInitMultipart_ObjStore_S3() {}
int get_params();
void send_response();
};
class RGWCompleteMultipart_ObjStore_S3 : public RGWCompleteMultipart_ObjStore {
public:
RGWCompleteMultipart_ObjStore_S3() {}
~RGWCompleteMultipart_ObjStore_S3() {}
int get_params();
void send_response();
};
class RGWAbortMultipart_ObjStore_S3 : public RGWAbortMultipart_ObjStore {
public:
RGWAbortMultipart_ObjStore_S3() {}
~RGWAbortMultipart_ObjStore_S3() {}
void send_response();
};
class RGWListMultipart_ObjStore_S3 : public RGWListMultipart_ObjStore {
public:
RGWListMultipart_ObjStore_S3() {}
~RGWListMultipart_ObjStore_S3() {}
void send_response();
};
class RGWListBucketMultiparts_ObjStore_S3 : public RGWListBucketMultiparts_ObjStore {
public:
RGWListBucketMultiparts_ObjStore_S3() {
default_max = 1000;
}
~RGWListBucketMultiparts_ObjStore_S3() {}
void send_response();
};
class RGWDeleteMultiObj_ObjStore_S3 : public RGWDeleteMultiObj_ObjStore {
public:
RGWDeleteMultiObj_ObjStore_S3() {}
~RGWDeleteMultiObj_ObjStore_S3() {}
int get_params();
void send_status();
void begin_response();
void send_partial_response(rgw_obj_key& key, bool delete_marker,
const string& marker_version_id, int ret);
void end_response();
};
class RGW_Auth_S3_Keystone_ValidateToken : public RGWHTTPClient {
private:
bufferlist rx_buffer;
bufferlist tx_buffer;
bufferlist::iterator tx_buffer_it;
vector<string> accepted_roles;
public:
KeystoneToken response;
private:
void set_tx_buffer(const string& d) {
tx_buffer.clear();
tx_buffer.append(d);
tx_buffer_it = tx_buffer.begin();
set_send_length(tx_buffer.length());
}
public:
explicit RGW_Auth_S3_Keystone_ValidateToken(CephContext *_cct)
: RGWHTTPClient(_cct) {
get_str_vec(cct->_conf->rgw_keystone_accepted_roles, accepted_roles);
}
int receive_header(void *ptr, size_t len) {
return 0;
}
int receive_data(void *ptr, size_t len) {
rx_buffer.append((char *)ptr, len);
return 0;
}
int send_data(void *ptr, size_t len) {
if (!tx_buffer_it.get_remaining())
return 0; // nothing left to send
int l = MIN(tx_buffer_it.get_remaining(), len);
memcpy(ptr, tx_buffer_it.get_current_ptr().c_str(), l);
try {
tx_buffer_it.advance(l);
} catch (buffer::end_of_buffer &e) {
assert(0);
}
return l;
}
int validate_s3token(const string& auth_id, const string& auth_token, const string& auth_sign);
};
class RGW_Auth_S3 {
private:
static int authorize_v2(RGWRados *store, struct req_state *s);
static int authorize_v4(RGWRados *store, struct req_state *s);
static int authorize_v4_complete(RGWRados *store, struct req_state *s,
const string& request_payload,
bool unsigned_payload);
public:
static int authorize(RGWRados *store, struct req_state *s);
static int authorize_aws4_auth_complete(RGWRados *store, struct req_state *s);
};
class RGWHandler_Auth_S3 : public RGWHandler_REST {
friend class RGWRESTMgr_S3;
public:
RGWHandler_Auth_S3() : RGWHandler_REST() {}
virtual ~RGWHandler_Auth_S3() {}
static int validate_bucket_name(const string& bucket);
static int validate_object_name(const string& bucket);
virtual int init(RGWRados *store, struct req_state *s, RGWClientIO *cio);
virtual int authorize() {
return RGW_Auth_S3::authorize(store, s);
}
int postauth_init() { return 0; }
};
class RGWHandler_REST_S3 : public RGWHandler_REST {
friend class RGWRESTMgr_S3;
public:
static int init_from_header(struct req_state *s, int default_formatter, bool configurable_format);
RGWHandler_REST_S3() : RGWHandler_REST() {}
virtual ~RGWHandler_REST_S3() {}
virtual int init(RGWRados *store, struct req_state *s, RGWClientIO *cio);
virtual int authorize() {
return RGW_Auth_S3::authorize(store, s);
}
int postauth_init();
};
class RGWHandler_REST_Service_S3 : public RGWHandler_REST_S3 {
protected:
bool is_usage_op() {
return s->info.args.exists("usage");
}
RGWOp *op_get();
RGWOp *op_head();
public:
RGWHandler_REST_Service_S3() {}
virtual ~RGWHandler_REST_Service_S3() {}
};
class RGWHandler_REST_Bucket_S3 : public RGWHandler_REST_S3 {
protected:
bool is_acl_op() {
return s->info.args.exists("acl");
}
bool is_cors_op() {
return s->info.args.exists("cors");
}
bool is_lc_op() {
return s->info.args.exists("lifecycle");
}
bool is_obj_update_op() {
return is_acl_op() || is_cors_op();
}
bool is_request_payment_op() {
return s->info.args.exists("requestPayment");
}
RGWOp *get_obj_op(bool get_data);
RGWOp *op_get();
RGWOp *op_head();
RGWOp *op_put();
RGWOp *op_delete();
RGWOp *op_post();
RGWOp *op_options();
public:
RGWHandler_REST_Bucket_S3() {}
virtual ~RGWHandler_REST_Bucket_S3() {}
};
class RGWHandler_REST_Obj_S3 : public RGWHandler_REST_S3 {
protected:
bool is_acl_op() {
return s->info.args.exists("acl");
}
bool is_cors_op() {
return s->info.args.exists("cors");
}
bool is_obj_update_op() {
return is_acl_op();
}
RGWOp *get_obj_op(bool get_data);
RGWOp *op_get();
RGWOp *op_head();
RGWOp *op_put();
RGWOp *op_delete();
RGWOp *op_post();
RGWOp *op_options();
public:
RGWHandler_REST_Obj_S3() {}
virtual ~RGWHandler_REST_Obj_S3() {}
};
class RGWRESTMgr_S3 : public RGWRESTMgr {
private:
bool enable_s3website;
public:
explicit RGWRESTMgr_S3(bool _enable_s3website = false)
: enable_s3website(_enable_s3website)
{}
virtual ~RGWRESTMgr_S3() {}
virtual RGWHandler_REST *get_handler(struct req_state *s);
};
class RGWHandler_REST_Obj_S3Website;
static inline bool looks_like_ip_address(const char *bucket)
{
int num_periods = 0;
bool expect_period = false;
for (const char *b = bucket; *b; ++b) {
if (*b == '.') {
if (!expect_period)
return false;
++num_periods;
if (num_periods > 3)
return false;
expect_period = false;
}
else if (isdigit(*b)) {
expect_period = true;
}
else {
return false;
}
}
return (num_periods == 3);
}
static inline bool valid_s3_object_name(const string& name) {
if (name.size() > 1024) {
return false;
}
if (check_utf8(name.c_str(), name.size())) {
return false;
}
return true;
}
static inline int valid_s3_bucket_name(const string& name, bool relaxed=false)
{
// This function enforces Amazon's spec for bucket names.
// (The requirements, not the recommendations.)
int len = name.size();
if (len < 3) {
// Name too short
return -ERR_INVALID_BUCKET_NAME;
} else if (len > 255) {
// Name too long
return -ERR_INVALID_BUCKET_NAME;
}
// bucket names must start with a number, letter, or underscore
if (!(isalpha(name[0]) || isdigit(name[0]))) {
if (!relaxed)
return -ERR_INVALID_BUCKET_NAME;
else if (!(name[0] == '_' || name[0] == '.' || name[0] == '-'))
return -ERR_INVALID_BUCKET_NAME;
}
for (const char *s = name.c_str(); *s; ++s) {
char c = *s;
if (isdigit(c) || (c == '.'))
continue;
if (isalpha(c))
continue;
if ((c == '-') || (c == '_'))
continue;
// Invalid character
return -ERR_INVALID_BUCKET_NAME;
}
if (looks_like_ip_address(name.c_str()))
return -ERR_INVALID_BUCKET_NAME;
return 0;
}
class RGWS3V2AuthEngine : public RGWAuthEngine {
protected:
std::string access_key_id;
std::string signature;
std::string expires;
bool qsr;
public:
class Extractor {
public:
virtual ~Extractor() {};
virtual void get_auth_keys(std::string& access_key_id,
std::string& signature,
std::string& expires,
bool& qsr) const = 0;
};
RGWS3V2AuthEngine(CephContext* const cct, const Extractor& extr)
: RGWAuthEngine(cct) {
extr.get_auth_keys(access_key_id, signature, expires, qsr);
}
bool is_applicable() const noexcept override {
return ! (access_key_id.empty() && signature.empty());
}
};
class RGWS3V2Extractor : public RGWS3V2AuthEngine::Extractor {
protected:
const req_state* const s;
public:
RGWS3V2Extractor(const req_state * const s)
: s(s) {}
void get_auth_keys(std::string& access_key_id,
std::string& signature,
std::string& expires,
bool& qsr) const override;
};
class RGWLDAPAuthEngine: RGWS3V2AuthEngine
{
static rgw::LDAPHelper* ldh;
static std::mutex mtx;
rgw::RGWToken base64_token;
static void init(CephContext* const cct);
protected:
RGWRados* const store;
const RGWRemoteAuthApplier::Factory * const apl_factory;
RGWRemoteAuthApplier::acl_strategy_t get_acl_strategy() const;
RGWRemoteAuthApplier::AuthInfo get_creds_info(const rgw::RGWToken& token) const noexcept;
public:
RGWLDAPAuthEngine(CephContext* const cct,
RGWRados* const store,
Extractor &ex,
const RGWRemoteAuthApplier::Factory * const apl_factory)
: RGWS3V2AuthEngine(cct, ex),
store(store),
apl_factory(apl_factory) {
init(cct);
/* boost filters and/or string_ref may throw on invalid input */
try {
base64_token = rgw::from_base64(access_key_id);
} catch(...) {
base64_token = std::string("");
}
}
const char* get_name() const noexcept override {
return "RGWLDAPAuthEngine";
}
bool is_applicable() const noexcept override;
RGWAuthApplier::aplptr_t authenticate() const override;
};
class RGWS3V2LocalAuthEngine: RGWS3V2AuthEngine
{
protected:
req_state* const s;
RGWRados* const store;
const RGWLocalAuthApplier::Factory* const apl_factory;
public:
RGWS3V2LocalAuthEngine(req_state* const s,
RGWRados* const store,
const Extractor& extr,
const RGWLocalAuthApplier::Factory * const apl_factory)
: RGWS3V2AuthEngine(s->cct, extr),
s(s),
store(store),
apl_factory(apl_factory) {
}
const char* get_name() const noexcept override {
return "RGWS3V2LocalAuthEngine";
}
bool is_applicable() const noexcept override;
RGWAuthApplier::aplptr_t authenticate() const override;
};
class RGWGetPolicyV2Extractor:public RGWS3V2AuthEngine::Extractor {
private:
std::string access_key_id;
std::string signature;
public:
RGWGetPolicyV2Extractor(std::string access_key_id, std::string signature) {
access_key_id = std::move(access_key_id),
signature = std::move(signature);
}
void get_auth_keys(std::string& access_key_id,
std::string& signature,
std::string& expires,
bool& qsr) const override {
access_key_id = this->access_key_id;
signature = this->signature;
}
};
class S3AuthFactory : public RGWRemoteAuthApplier::Factory,
public RGWLocalAuthApplier::Factory {
typedef RGWAuthApplier::aplptr_t aplptr_t;
RGWRados* const store;
const std::string acct_override;
public:
S3AuthFactory(RGWRados* const store,
const std::string& acct_override)
: store(store),
acct_override(acct_override) {
}
aplptr_t create_apl_remote(CephContext* const cct,
RGWRemoteAuthApplier::acl_strategy_t&& acl_alg,
const RGWRemoteAuthApplier::AuthInfo info
) const override {
return aplptr_t(
new RGWThirdPartyAccountAuthApplier<RGWRemoteAuthApplier>(
RGWRemoteAuthApplier(cct, store, std::move(acl_alg), info),
store, acct_override));
}
aplptr_t create_apl_local(CephContext* const cct,
const RGWUserInfo& user_info,
const std::string& subuser) const override {
return aplptr_t(
new RGWThirdPartyAccountAuthApplier<RGWLocalAuthApplier>(
RGWLocalAuthApplier(cct, user_info, subuser),
store, acct_override));
}
};
#endif /* CEPH_RGW_REST_S3_H */