rgw: Policies now properly evaluate the X-Forwarded-For header.

author John Gibson <jgibson@mitre.org>

Tue, 19 Sep 2017 13:17:22 +0000 (09:17 -0400)

committer John Gibson <jgibson@mitre.org>

Tue, 26 Dec 2017 21:59:09 +0000 (16:59 -0500)
author John Gibson <jgibson@mitre.org>
Tue, 19 Sep 2017 13:17:22 +0000 (09:17 -0400)
committer John Gibson <jgibson@mitre.org>
Tue, 26 Dec 2017 21:59:09 +0000 (16:59 -0500)
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc

index edae45f2848d105d848101ea29aa810d1dc2ad27..2bbc74e9c672011c3407cf248f597a0cda5f2aa5 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -607,7 +607,16 @@ rgw::IAM::Environment rgw_build_iam_environment(RGWRados* store,
      i = m.find("REMOTE_ADDR");
    }
    if (i != m.end()) {
-    e.emplace("aws:SourceIp", i->second);
+    const string* ip = &(i->second);
+    string temp;
+    if (remote_addr_param == "HTTP_X_FORWARDED_FOR") {
+      const auto comma = ip->find(',');
+      if (comma != string::npos) {
+       temp.assign(*ip, 0, comma);
+       ip = &temp;
+      }
+    }
+    e.emplace("aws:SourceIp", *ip);
    }
  
    i = m.find("HTTP_USER_AGENT"); {
author	John Gibson <jgibson@mitre.org>
	Tue, 19 Sep 2017 13:17:22 +0000 (09:17 -0400)
committer	John Gibson <jgibson@mitre.org>
	Tue, 26 Dec 2017 21:59:09 +0000 (16:59 -0500)