rgw: match wildcards in StringLike policy conditions

Fixes: http://tracker.ceph.com/issues/20308
Signed-off-by: Casey Bodley <cbodley@redhat.com>

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index d5ce73130829d0437be125bc3398870c897c6a37..70231b17ab481169ed8775137e46ff1094b5ca5b 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -956,12 +956,11 @@ bool Condition::eval(const Environment& env) const {
   case TokenID::StringNotEqualsIgnoreCase:
     return orrible(std::not2(ci_equal_to()), s, vals);
 
-    // Implement actual StringLike with wildcarding later
   case TokenID::StringLike:
-    return orrible(std::equal_to<std::string>(), s, vals);
+    return orrible(string_like(), s, vals);
+
   case TokenID::StringNotLike:
-    return orrible(std::not2(std::equal_to<std::string>()),
-                  s, vals);
+    return orrible(std::not2(string_like()), s, vals);
 
     // Numeric
   case TokenID::NumericEquals:

diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
index aa121f5d0add7007010ed671d93a30c8d0ce6471..6fa1997c86aa77821ec952ca20b2598716f4fdab 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -24,11 +24,10 @@
 #include "rapidjson/error/error.h"
 #include "rapidjson/error/en.h"
 
-#include "fnmatch.h"
-
 #include "rgw_acl.h"
 #include "rgw_basic_types.h"
 #include "rgw_iam_policy_keywords.h"
+#include "rgw_string.h"
 
 #include "include/assert.h" // razzin' frazzin' ...grrr.
 
@@ -362,6 +361,14 @@ struct Condition {
     }
   };
 
+  struct string_like : public std::binary_function<const std::string,
+                                                   const std::string,
+                                                   bool> {
+    bool operator ()(const std::string& input,
+                     const std::string& pattern) const {
+      return match_wildcards(pattern, input, 0);
+    }
+  };
 
   template<typename F>
   static bool orrible(F&& f, const std::string& c,