RGWUserInfo user_info;
rgw_get_anon_user(user_info);
- // FIXME: over 80 columns
- auto apl = apl_factory->create_apl_local(cct, s, user_info,
- rgw::auth::LocalApplier::NO_SUBUSER);
+ auto apl = \
+ apl_factory->create_apl_local(cct, s, user_info,
+ rgw::auth::LocalApplier::NO_SUBUSER);
return result_t::grant(std::move(apl));
}
}
/* A class aggregating the knowledge about all Strategies in RadosGW. It is
* responsible for handling the dynamic reconfiguration on e.g. realm update. */
class StrategyRegistry {
- template <class AbstractorT>
- using s3_strategy_t = rgw::auth::s3::AWSAuthStrategy<AbstractorT>;
+ template <class AbstractorT,
+ bool AllowAnonAccessT = false>
+ using s3_strategy_t = \
+ rgw::auth::s3::AWSAuthStrategy<AbstractorT, AllowAnonAccessT>;
struct s3_main_strategy_t : public Strategy {
using s3_main_strategy_plain_t = \
- s3_strategy_t<rgw::auth::s3::AWSGeneralAbstractor>;
+ s3_strategy_t<rgw::auth::s3::AWSGeneralAbstractor, true>;
using s3_main_strategy_boto2_t = \
- s3_strategy_t<rgw::auth::s3::AWSGeneralBoto2Abstractor>;
+ s3_strategy_t<rgw::auth::s3::AWSGeneralBoto2Abstractor, true>;
s3_main_strategy_plain_t s3_main_strategy_plain;
s3_main_strategy_boto2_t s3_main_strategy_boto2;
};
-template <class AbstractorT>
+template <class AbstractorT,
+ bool AllowAnonAccessT = false>
class AWSAuthStrategy : public rgw::auth::Strategy,
public rgw::auth::LocalApplier::Factory {
typedef rgw::auth::IdentityApplier::aplptr_t aplptr_t;
RGWRados* const store;
AbstractorT ver_abstractor;
+ S3AnonymousEngine anonymous_engine;
ExternalAuthStrategy external_engines;
LocalEngine local_engine;
RGWRados* const store)
: store(store),
ver_abstractor(cct),
+ anonymous_engine(cct,
+ static_cast<rgw::auth::LocalApplier::Factory*>(this)),
external_engines(cct, store, &ver_abstractor),
local_engine(cct, store, ver_abstractor,
static_cast<rgw::auth::LocalApplier::Factory*>(this)) {
+ /* The anynoymous auth. */
+ if (AllowAnonAccessT) {
+ add_engine(Control::SUFFICIENT, anonymous_engine);
+ }
+ /* The external auth. */
Control local_engine_mode;
if (! external_engines.is_empty()) {
add_engine(Control::SUFFICIENT, external_engines);
local_engine_mode = Control::SUFFICIENT;
}
+ /* The local auth. */
if (cct->_conf->rgw_s3_auth_use_rados) {
add_engine(local_engine_mode, local_engine);
}
return -EPERM;
}
- if (s->op == OP_OPTIONS) {
- init_anon_user(s);
- return 0;
- }
-
- AwsVersion version;
- AwsRoute route;
- std::tie(version, route) = discover_aws_flavour(s->info);
-
- if (route == AwsRoute::QUERY_STRING && version == AwsVersion::UNKOWN) {
- /* FIXME(rzarzynski): handle anon user. */
- init_anon_user(const_cast<req_state*>(s));
- return 0;
- }
-
- return authorize_v2(store, auth_registry, s);
-}
-
-
-/*
- * handle v2 signatures
- */
-int RGW_Auth_S3::authorize_v2(RGWRados* const store,
- const rgw::auth::StrategyRegistry& auth_registry,
- struct req_state* const s)
-{
const auto ret = rgw::auth::Strategy::apply(auth_registry.get_s3_main(), s);
if (ret == 0) {
/* Populate the owner info. */
auto apl = apl_factory->create_apl_local(cct, s, user_info, k.subuser);
return result_t::grant(std::move(apl), completer_factory(k.key));
}
+
+bool rgw::auth::s3::S3AnonymousEngine::is_applicable(
+ const req_state* s
+) const noexcept {
+ if (s->op == OP_OPTIONS) {
+ return true;
+ }
+
+ AwsVersion version;
+ AwsRoute route;
+ std::tie(version, route) = discover_aws_flavour(s->info);
+
+ return route == AwsRoute::QUERY_STRING && version == AwsVersion::UNKOWN;
+}
};
class RGW_Auth_S3 {
-private:
- static int authorize_v2(RGWRados *store,
- const rgw::auth::StrategyRegistry& auth_registry,
- struct req_state *s);
public:
static int authorize(RGWRados *store,
const rgw::auth::StrategyRegistry& auth_registry,
};
+class S3AnonymousEngine : public rgw::auth::AnonymousEngine {
+ bool is_applicable(const req_state* s) const noexcept override;
+
+public:
+ /* Let's reuse the parent class' constructor. */
+ using rgw::auth::AnonymousEngine::AnonymousEngine;
+
+ const char* get_name() const noexcept override {
+ return "rgw::auth::s3::S3AnonymousEngine";
+ }
+};
+
+
class S3AuthFactory : public rgw::auth::RemoteApplier::Factory,
public rgw::auth::LocalApplier::Factory {
typedef rgw::auth::IdentityApplier::aplptr_t aplptr_t;
projects / ceph-ci.git / commitdiff