rgw: Policies now properly evaluate the X-Forwarded-For header.

author John Gibson <jgibson@mitre.org>

Tue, 19 Sep 2017 13:17:22 +0000 (09:17 -0400)

committer Adam C. Emerson <aemerson@redhat.com>

Sun, 7 Jan 2018 10:15:23 +0000 (05:15 -0500)
author John Gibson <jgibson@mitre.org>
Tue, 19 Sep 2017 13:17:22 +0000 (09:17 -0400)
committer Adam C. Emerson <aemerson@redhat.com>
Sun, 7 Jan 2018 10:15:23 +0000 (05:15 -0500)
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc

index 4127d3254d4e8de212945a2281e9a74bc47a6555..65dd6db318433b6dc9a6ce36aafcda3631c487d5 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -610,7 +610,16 @@ rgw::IAM::Environment rgw_build_iam_environment(RGWRados* store,
      i = m.find("REMOTE_ADDR");
    }
    if (i != m.end()) {
-    e.emplace("aws:SourceIp", i->second);
+    const string* ip = &(i->second);
+    string temp;
+    if (remote_addr_param == "HTTP_X_FORWARDED_FOR") {
+      const auto comma = ip->find(',');
+      if (comma != string::npos) {
+       temp.assign(*ip, 0, comma);
+       ip = &temp;
+      }
+    }
+    e.emplace("aws:SourceIp", *ip);
    }
  
    i = m.find("HTTP_USER_AGENT"); {
author	John Gibson <jgibson@mitre.org>
	Tue, 19 Sep 2017 13:17:22 +0000 (09:17 -0400)
committer	Adam C. Emerson <aemerson@redhat.com>
	Sun, 7 Jan 2018 10:15:23 +0000 (05:15 -0500)