* compute a request's signature
*/
bool rgw_create_s3_canonical_header(const DoutPrefixProvider *dpp,
+ RGWOpType op_type,
const req_info& info,
utime_t* const header_time,
std::string& dest,
request_uri = info.effective_uri;
}
- rgw_create_s3_canonical_header(dpp, info.method, content_md5, content_type,
+ auto method = rgw::auth::s3::get_canonical_method(dpp, op_type, info);
+ rgw_create_s3_canonical_header(dpp, method.c_str(), content_md5, content_type,
date.c_str(), meta_map, qs_map,
request_uri.c_str(), sub_resources, dest);
return true;
return canonical_qs;
}
-std::string get_v4_canonical_method(const req_state* s)
-{
- /* If this is a OPTIONS request we need to compute the v4 signature for the
- * intended HTTP method and not the OPTIONS request itself. */
- if (s->op_type == RGW_OP_OPTIONS_CORS) {
- const char *cors_method = s->info.env->get("HTTP_ACCESS_CONTROL_REQUEST_METHOD");
-
- if (cors_method) {
- /* Validate request method passed in access-control-request-method is valid. */
- auto cors_flags = get_cors_method_flags(cors_method);
- if (!cors_flags) {
- ldpp_dout(s, 1) << "invalid access-control-request-method header = "
- << cors_method << dendl;
- throw -EINVAL;
- }
-
- ldpp_dout(s, 10) << "canonical req method = " << cors_method
- << ", due to access-control-request-method header" << dendl;
- return cors_method;
- } else {
- ldpp_dout(s, 1) << "invalid http options req missing "
- << "access-control-request-method header" << dendl;
- throw -EINVAL;
- }
- }
-
- return s->info.method;
-}
-
boost::optional<std::string>
get_v4_canonical_headers(const req_info& info,
const std::string_view& signedheaders,
return std::make_shared<AWSv4ComplSingle>(s);
}
+std::string get_canonical_method(const DoutPrefixProvider *dpp, RGWOpType op_type, const req_info& info)
+{
+ /* If this is a OPTIONS request we need to compute the v4 signature for the
+ * intended HTTP method and not the OPTIONS request itself. */
+ if (op_type == RGW_OP_OPTIONS_CORS) {
+ const char *cors_method = info.env->get("HTTP_ACCESS_CONTROL_REQUEST_METHOD");
+
+ if (cors_method) {
+ /* Validate request method passed in access-control-request-method is valid. */
+ auto cors_flags = get_cors_method_flags(cors_method);
+ if (!cors_flags) {
+ ldpp_dout(dpp, 1) << "invalid access-control-request-method header = "
+ << cors_method << dendl;
+ throw -EINVAL;
+ }
+
+ ldpp_dout(dpp, 10) << "canonical req method = " << cors_method
+ << ", due to access-control-request-method header" << dendl;
+ return cors_method;
+ } else {
+ ldpp_dout(dpp, 1) << "invalid http options req missing "
+ << "access-control-request-method header" << dendl;
+ throw -EINVAL;
+ }
+ }
+
+ return info.method;
+}
} // namespace rgw::auth::s3
const std::map<std::string, std::string>& sub_resources,
std::string& dest_str);
bool rgw_create_s3_canonical_header(const DoutPrefixProvider *dpp,
+ RGWOpType op_type,
const req_info& info,
utime_t *header_time, /* out */
std::string& dest, /* out */
bool qsr);
static inline std::tuple<bool, std::string, utime_t>
-rgw_create_s3_canonical_header(const DoutPrefixProvider *dpp, const req_info& info, const bool qsr) {
+rgw_create_s3_canonical_header(const DoutPrefixProvider *dpp, RGWOpType op_type, const req_info& info, const bool qsr) {
std::string dest;
utime_t header_time;
- const bool ok = rgw_create_s3_canonical_header(dpp, info, &header_time, dest, qsr);
+ const bool ok = rgw_create_s3_canonical_header(dpp, op_type, info, &header_time, dest, qsr);
return std::make_tuple(ok, dest, header_time);
}
std::string gen_v4_canonical_qs(const req_info& info, bool is_non_s3_op);
-std::string get_v4_canonical_method(const req_state* s);
-
boost::optional<std::string>
get_v4_canonical_headers(const req_info& info,
const std::string_view& signedheaders,
get_v2_signature(CephContext*,
const std::string& secret_key,
const AWSEngine::VersionAbstractor::string_to_sign_t& string_to_sign);
+
+std::string get_canonical_method(const DoutPrefixProvider *dpp, RGWOpType op_type, const req_info& info);
} /* namespace s3 */
} /* namespace auth */
} /* namespace rgw */
}
string canonical_header;
- if (!rgw_create_s3_canonical_header(dpp, info, NULL, canonical_header, false)) {
+ if (!rgw_create_s3_canonical_header(dpp, RGW_OP_UNKNOWN, info, NULL, canonical_header, false)) {
ldpp_dout(dpp, 0) << "failed to create canonical s3 header" << dendl;
return -EINVAL;
}
auto canonical_qs = rgw::auth::s3::get_v4_canonical_qs(s->info, using_qs);
/* Craft canonical method. */
- auto canonical_method = rgw::auth::s3::get_v4_canonical_method(s);
+ auto canonical_method = rgw::auth::s3::get_canonical_method(s, s->op_type, s->info);
/* Craft canonical request. */
auto canonical_req_hash = \
/* Let's canonize the HTTP headers that are covered by the AWS auth v2. */
std::string string_to_sign;
utime_t header_time;
- if (! rgw_create_s3_canonical_header(s, s->info, &header_time, string_to_sign,
+ if (! rgw_create_s3_canonical_header(s, s->op_type, s->info, &header_time, string_to_sign,
qsr)) {
ldpp_dout(s, 10) << "failed to create the canonized auth header\n"
<< rgw::crypt_sanitize::auth{s,string_to_sign} << dendl;
projects / ceph.git / commitdiff