using namespace ceph::crypto;
+namespace rgw {
+namespace auth {
+namespace swift {
+
/* TempURL: applier */
-void RGWTempURLAuthApplier::modify_request_state(req_state * s) const /* in/out */
+void TempURLApplier::modify_request_state(req_state* s) const /* in/out */
{
bool inline_exists = false;
const std::string& filename = s->info.args.get("filename");
}
/* TempURL: engine */
-bool RGWTempURLAuthEngine::is_applicable() const noexcept
+bool TempURLEngine::is_applicable(const req_state* const s) const noexcept
{
return s->info.args.exists("temp_url_sig") ||
s->info.args.exists("temp_url_expires");
}
-void RGWTempURLAuthEngine::get_owner_info(RGWUserInfo& owner_info) const
+void TempURLEngine::get_owner_info(const req_state* const s,
+ RGWUserInfo& owner_info) const
{
/* We cannot use req_state::bucket_name because it isn't available
* now. It will be initialized in RGWHandler_REST_SWIFT::postauth_init(). */
throw ret;
}
- ldout(s->cct, 20) << "temp url user (bucket owner): " << bucket_info.owner
- << dendl;
+ ldout(cct, 20) << "temp url user (bucket owner): " << bucket_info.owner
+ << dendl;
if (rgw_get_user_info_by_uid(store, bucket_info.owner, owner_info) < 0) {
throw -EPERM;
}
}
-bool RGWTempURLAuthEngine::is_expired(const std::string& expires) const
+bool TempURLEngine::is_expired(const std::string& expires) const
{
string err;
const utime_t now = ceph_clock_now();
}
}
-class RGWTempURLAuthEngine::SignatureHelper
+class TempURLEngine::SignatureHelper
{
private:
static constexpr uint32_t output_size =
return rhs.compare(0 /* pos */, output_size, dest_str) == 0;
}
-}; /* RGWTempURLAuthEngine::SignatureHelper */
+}; /* TempURLEngine::SignatureHelper */
-RGWAuthApplier::aplptr_t RGWTempURLAuthEngine::authenticate() const
+TempURLEngine::result_t
+TempURLEngine::authenticate(const req_state* const s) const
{
+ if (! is_applicable(s)) {
+ return std::make_pair(nullptr, nullptr);
+ }
+
const string& temp_url_sig = s->info.args.get("temp_url_sig");
const string& temp_url_expires = s->info.args.get("temp_url_expires");
+
if (temp_url_sig.empty() || temp_url_expires.empty()) {
- return nullptr;
+ return std::make_pair(nullptr, nullptr);
}
RGWUserInfo owner_info;
try {
- get_owner_info(owner_info);
+ get_owner_info(s, owner_info);
} catch (...) {
ldout(cct, 5) << "cannot get user_info of account's owner" << dendl;
- return nullptr;
+ return std::make_pair(nullptr, nullptr);
}
if (owner_info.temp_url_keys.empty()) {
ldout(cct, 5) << "user does not have temp url key set, aborting" << dendl;
- return nullptr;
+ return std::make_pair(nullptr, nullptr);
}
if (is_expired(temp_url_expires)) {
ldout(cct, 5) << "temp url link expired" << dendl;
- return nullptr;
+ return std::make_pair(nullptr, nullptr);
}
/* We need to verify two paths because of compliance with Swift, Tempest
<< dendl;
if (sig_helper.is_equal_to(temp_url_sig)) {
- return apl_factory->create_apl_turl(cct, owner_info);
+ auto apl = apl_factory->create_apl_turl(cct, owner_info);
+ return std::make_pair(std::move(apl), nullptr);
} else {
ldout(s->cct, 5) << "temp url signature mismatch: " << local_sig
<< " != " << temp_url_sig << dendl;
}
}
- return nullptr;
+ return std::make_pair(nullptr, nullptr);
}
-namespace rgw {
-namespace auth {
-namespace swift {
-
/* External token */
bool ExternalTokenEngine::is_applicable(const std::string& token) const noexcept
{
#define RGW_SWIFT_TOKEN_EXPIRATION (15 * 60)
+namespace rgw {
+namespace auth {
+namespace swift {
+
/* TempURL: applier. */
-class RGWTempURLAuthApplier : public RGWLocalAuthApplier {
+class TempURLApplier : public rgw::auth::LocalApplier {
public:
- RGWTempURLAuthApplier(CephContext * const cct,
- const RGWUserInfo& user_info)
- : RGWLocalAuthApplier(cct, user_info, RGWLocalAuthApplier::NO_SUBUSER) {
+ TempURLApplier(CephContext* const cct,
+ const RGWUserInfo& user_info)
+ : LocalApplier(cct, user_info, LocalApplier::NO_SUBUSER) {
};
void modify_request_state(req_state * s) const override; /* in/out */
};
/* TempURL: engine */
-class RGWTempURLAuthEngine : public RGWAuthEngine {
-protected:
- /* const */ RGWRados * const store;
- const req_state * const s;
- const RGWTempURLAuthApplier::Factory * const apl_factory;
+class TempURLEngine : public rgw::auth::Engine {
+ using result_t = rgw::auth::Engine::result_t;
+
+ CephContext* const cct;
+ /* const */ RGWRados* const store;
+ const TempURLApplier::Factory* const apl_factory;
/* Helper methods. */
- void get_owner_info(RGWUserInfo& owner_info) const;
+ void get_owner_info(const req_state* s,
+ RGWUserInfo& owner_info) const;
+ bool is_applicable(const req_state* s) const noexcept;
bool is_expired(const std::string& expires) const;
class SignatureHelper;
public:
- RGWTempURLAuthEngine(const req_state * const s,
- /*const*/ RGWRados * const store,
- const RGWTempURLAuthApplier::Factory * const apl_factory)
- : RGWAuthEngine(s->cct),
+ TempURLEngine(CephContext* const cct,
+ /*const*/ RGWRados* const store,
+ const TempURLApplier::Factory* const apl_factory)
+ : cct(cct),
store(store),
- s(s),
apl_factory(apl_factory) {
}
/* Interface implementations. */
const char* get_name() const noexcept override {
- return "RGWTempURLAuthEngine";
+ return "rgw::auth::swift::TempURLEngine";
}
- bool is_applicable() const noexcept override;
- RGWAuthApplier::aplptr_t authenticate() const override;
+ result_t authenticate(const req_state* const s) const override;
};
-namespace rgw {
-namespace auth {
-namespace swift {
-
/* AUTH_rgwtk */
class SignedTokenEngine : public rgw::auth::Engine {
using result_t = rgw::auth::Engine::result_t;
projects / ceph.git / commitdiff