rgw/auth: move http options v4 logic to get_v4_canonical_method()

author Tobias Urdin <tobias.urdin@binero.se>

Thu, 17 Aug 2023 11:45:06 +0000 (11:45 +0000)

committer Mykola Golub <mgolub@suse.com>

Tue, 12 Sep 2023 09:39:28 +0000 (12:39 +0300)
author Tobias Urdin <tobias.urdin@binero.se>
Thu, 17 Aug 2023 11:45:06 +0000 (11:45 +0000)
committer Mykola Golub <mgolub@suse.com>
Tue, 12 Sep 2023 09:39:28 +0000 (12:39 +0300)
diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc

index 41bd8761cfc327d1c3f0fddf649934a3a856e75c..e1d96d45c0923eec97de4ad29cf88e6b030afa73 100644 (file)
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -589,6 +589,35 @@ std::string get_v4_canonical_qs(const req_info& info, const bool using_qs)
    return canonical_qs;
  }
  
+std::string get_v4_canonical_method(const req_state* s)
+{
+  /* If this is a OPTIONS request we need to compute the v4 signature for the
+   * intended HTTP method and not the OPTIONS request itself. */
+  if (s->op_type == RGW_OP_OPTIONS_CORS) {
+    const char *cors_method = s->info.env->get("HTTP_ACCESS_CONTROL_REQUEST_METHOD");
+
+    if (cors_method) {
+      /* Validate request method passed in access-control-request-method is valid. */
+      auto cors_flags = get_cors_method_flags(cors_method);
+      if (!cors_flags) {
+          ldpp_dout(s, 1) << "invalid access-control-request-method header = "
+                          << cors_method << dendl;
+          throw -EINVAL;
+      }
+
+      ldpp_dout(s, 10) << "canonical req method = " << cors_method
+                       << ", due to access-control-request-method header" << dendl;
+      return cors_method;
+    } else {
+      ldpp_dout(s, 1) << "invalid http options req missing "
+                      << "access-control-request-method header" << dendl;
+      throw -EINVAL;
+    }
+  }
+
+  return s->info.method;
+}
+
  boost::optional<std::string>
  get_v4_canonical_headers(const req_info& info,
                           const std::string_view& signedheaders,
diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h

index cebc05933e35f7ea89ebbc8a372984631381a092..0794cc673912bf778c4d4e682cfbf1119a29c0e5 100644 (file)
--- a/src/rgw/rgw_auth_s3.h
+++ b/src/rgw/rgw_auth_s3.h
@@ -583,6 +583,8 @@ static inline bool is_v4_payload_streamed(const char* const exp_payload_hash)
  
  std::string get_v4_canonical_qs(const req_info& info, bool using_qs);
  
+std::string get_v4_canonical_method(const req_state* s);
+
  boost::optional<std::string>
  get_v4_canonical_headers(const req_info& info,
                           const std::string_view& signedheaders,
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc

index 7be866ba291a2932d54769722809b45b1b213e5b..fe45f6c71d7777d5a1dc80ff52e182680802a871 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -5291,37 +5291,13 @@ AWSGeneralAbstractor::get_auth_data_v4(const req_state* const s,
    /* Craft canonical query string. std::moving later so non-const here. */
    auto canonical_qs = rgw::auth::s3::get_v4_canonical_qs(s->info, using_qs);
  
-  const char *req_meth = s->info.method;
-
-  /* If this is a OPTIONS request we need to compute the v4 signature for the
-   * intended HTTP method and not the OPTIONS request itself. */
-  if (s->op_type == RGW_OP_OPTIONS_CORS) {
-    /* Validate signature for CORS header if set otherwise use HTTP request method. */
-    const char *cors_method = s->info.env->get("HTTP_ACCESS_CONTROL_REQUEST_METHOD");
-
-    if (cors_method) {
-      /* Validate request method passed in access-control-request-method is valid. */
-      auto cors_flags = get_cors_method_flags(cors_method);
-      if (!cors_flags) {
-          ldpp_dout(s, 1) << "invalid access-control-request-method header = "
-                          << cors_method << dendl;
-          throw -EINVAL;
-      }
-
-      req_meth = cors_method;
-      ldpp_dout(s, 10) << "setting canonical req method = " << cors_method
-                       << ", due to access-control-request-method header" << dendl;
-    } else {
-      ldpp_dout(s, 1) << "invalid http options req missing "
-                      << "access-control-request-method header" << dendl;
-      throw -EINVAL;
-    }
-  }
+  /* Craft canonical method. */
+  auto canonical_method = rgw::auth::s3::get_v4_canonical_method(s);
  
    /* Craft canonical request. */
    auto canonical_req_hash = \
      rgw::auth::s3::get_v4_canon_req_hash(s->cct,
-                                         req_meth,
+                                         std::move(canonical_method),
                                           std::move(canonical_uri),
                                           std::move(canonical_qs),
                                           std::move(*canonical_headers),
author	Tobias Urdin <tobias.urdin@binero.se>
	Thu, 17 Aug 2023 11:45:06 +0000 (11:45 +0000)
committer	Mykola Golub <mgolub@suse.com>
	Tue, 12 Sep 2023 09:39:28 +0000 (12:39 +0300)
src/rgw/rgw_auth_s3.cc		patch \| blob \| history
src/rgw/rgw_auth_s3.h		patch \| blob \| history
src/rgw/rgw_rest_s3.cc		patch \| blob \| history