rgw: Fixed several bugs in policies related to IPv6 addresses.

The IPv6 conversion was not properly converting the address to host byte
order.
The text conversion of IPv6 addresses was using raw byte values instead of
the converted number. The portions of the addresses were grouped by bytes
instead of 16-bit words. The prefix length was erroneously being rendered
in hex.

http://tracker.ceph.com/issues/20991

Signed-off-by: John Gibson <jgibson@mitre.org>
(cherry picked from commit a25ca37401d1e8dc4349201b9f64aa6990bea0d5)

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index 435df059c8f40e37f4d4fa8b9a59c8f1527b2b68..7ce6a2e42e4784555914f760721b2ebc01441d61 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -915,14 +915,14 @@ bool ParseState::array_end() {
 ostream& operator <<(ostream& m, const MaskedIP& ip) {
   // I have a theory about why std::bitset is the way it is.
   if (ip.v6) {
-    for (int i = 15; i >= 0; --i) {
-      uint8_t b = 0;
-      for (int j = 7; j >= 0; --j) {
-       b |= (ip.addr[(i * 8) + j] << j);
+    for (int i = 7; i >= 0; --i) {
+      uint16_t hextet = 0;
+      for (int j = 15; j >= 0; --j) {
+       hextet |= (ip.addr[(i * 16) + j] << j);
       }
-      m << hex << b;
+      m << hex << (unsigned int) hextet;
       if (i != 0) {
-       m << "::";
+       m << ":";
       }
     }
   } else {
@@ -938,7 +938,7 @@ ostream& operator <<(ostream& m, const MaskedIP& ip) {
       }
     }
   }
-  m << "/" << ip.prefix;
+  m << "/" << dec << ip.prefix;
   // It would explain a lot
   return m;
 }
@@ -1097,27 +1097,27 @@ optional<MaskedIP> Condition::as_network(const string& s) {
   }
 
   if (m.v6) {
-    struct sockaddr_in6 a;
-    if (inet_pton(AF_INET6, p->c_str(), static_cast<void*>(&a.sin6_addr)) != 1) {
+    struct in6_addr a;
+    if (inet_pton(AF_INET6, p->c_str(), static_cast<void*>(&a)) != 1) {
       return none;
     }
 
-    m.addr |= Address(a.sin6_addr.s6_addr[0]) << 0;
-    m.addr |= Address(a.sin6_addr.s6_addr[1]) << 8;
-    m.addr |= Address(a.sin6_addr.s6_addr[2]) << 16;
-    m.addr |= Address(a.sin6_addr.s6_addr[3]) << 24;
-    m.addr |= Address(a.sin6_addr.s6_addr[4]) << 32;
-    m.addr |= Address(a.sin6_addr.s6_addr[5]) << 40;
-    m.addr |= Address(a.sin6_addr.s6_addr[6]) << 48;
-    m.addr |= Address(a.sin6_addr.s6_addr[7]) << 56;
-    m.addr |= Address(a.sin6_addr.s6_addr[8]) << 64;
-    m.addr |= Address(a.sin6_addr.s6_addr[9]) << 72;
-    m.addr |= Address(a.sin6_addr.s6_addr[10]) << 80;
-    m.addr |= Address(a.sin6_addr.s6_addr[11]) << 88;
-    m.addr |= Address(a.sin6_addr.s6_addr[12]) << 96;
-    m.addr |= Address(a.sin6_addr.s6_addr[13]) << 104;
-    m.addr |= Address(a.sin6_addr.s6_addr[14]) << 112;
-    m.addr |= Address(a.sin6_addr.s6_addr[15]) << 120;
+    m.addr |= Address(a.s6_addr[15]) << 0;
+    m.addr |= Address(a.s6_addr[14]) << 8;
+    m.addr |= Address(a.s6_addr[13]) << 16;
+    m.addr |= Address(a.s6_addr[12]) << 24;
+    m.addr |= Address(a.s6_addr[11]) << 32;
+    m.addr |= Address(a.s6_addr[10]) << 40;
+    m.addr |= Address(a.s6_addr[9]) << 48;
+    m.addr |= Address(a.s6_addr[8]) << 56;
+    m.addr |= Address(a.s6_addr[7]) << 64;
+    m.addr |= Address(a.s6_addr[6]) << 72;
+    m.addr |= Address(a.s6_addr[5]) << 80;
+    m.addr |= Address(a.s6_addr[4]) << 88;
+    m.addr |= Address(a.s6_addr[3]) << 96;
+    m.addr |= Address(a.s6_addr[2]) << 104;
+    m.addr |= Address(a.s6_addr[1]) << 112;
+    m.addr |= Address(a.s6_addr[0]) << 120;
   } else {
     struct in_addr a;
     if (inet_pton(AF_INET, p->c_str(), static_cast<void*>(&a)) != 1) {