}
TokenEngine::token_envelope_t
-TokenEngine::decode_pki_token(const std::string& token) const
+TokenEngine::decode_pki_token(const DoutPrefixProvider* dpp, const std::string& token) const
{
ceph::buffer::list token_body_bl;
int ret = rgw_decode_b64_cms(cct, token, token_body_bl);
if (ret < 0) {
- ldout(cct, 20) << "cannot decode pki token" << dendl;
+ ldpp_dout(dpp, 20) << "cannot decode pki token" << dendl;
throw ret;
} else {
- ldout(cct, 20) << "successfully decoded pki token" << dendl;
+ ldpp_dout(dpp, 20) << "successfully decoded pki token" << dendl;
}
TokenEngine::token_envelope_t token_body;
}
boost::optional<TokenEngine::token_envelope_t>
-TokenEngine::get_from_keystone(const std::string& token) const
+TokenEngine::get_from_keystone(const DoutPrefixProvider* dpp, const std::string& token) const
{
/* Unfortunately, we can't use the short form of "using" here. It's because
* we're aliasing a class' member, not namespace. */
validate.get_http_status() ==
/* Most likely: non-existent token supplied by the client. */
RGWValidateKeystoneToken::HTTP_STATUS_NOTFOUND) {
- ldout(cct, 5) << "Failed keystone auth from " << url << " with "
+ ldpp_dout(dpp, 5) << "Failed keystone auth from " << url << " with "
<< validate.get_http_status() << dendl;
return boost::none;
}
- ldout(cct, 20) << "received response status=" << validate.get_http_status()
+ ldpp_dout(dpp, 20) << "received response status=" << validate.get_http_status()
<< ", body=" << token_body_bl.c_str() << dendl;
TokenEngine::token_envelope_t token_body;
/* Retrieve token. */
if (rgw_is_pki_token(token)) {
try {
- t = decode_pki_token(token);
+ t = decode_pki_token(dpp, token);
} catch (...) {
/* Last resort. */
- t = get_from_keystone(token);
+ t = get_from_keystone(dpp, token);
}
} else {
/* Can't decode, just go to the Keystone server for validation. */
- t = get_from_keystone(token);
+ t = get_from_keystone(dpp, token);
}
if (! t) {
* Try to validate S3 auth against keystone s3token interface
*/
std::pair<boost::optional<rgw::keystone::TokenEnvelope>, int>
-EC2Engine::get_from_keystone(const boost::string_view& access_key_id,
+EC2Engine::get_from_keystone(const DoutPrefixProvider* dpp, const boost::string_view& access_key_id,
const std::string& string_to_sign,
const boost::string_view& signature) const
{
int ret = rgw::keystone::Service::get_admin_token(cct, token_cache, config,
admin_token);
if (ret < 0) {
- ldout(cct, 2) << "s3 keystone: cannot get token for keystone access"
+ ldpp_dout(dpp, 2) << "s3 keystone: cannot get token for keystone access"
<< dendl;
throw ret;
}
/* send request */
ret = validate.process();
if (ret < 0) {
- ldout(cct, 2) << "s3 keystone: token validation ERROR: "
+ ldpp_dout(dpp, 2) << "s3 keystone: token validation ERROR: "
<< token_body_bl.c_str() << dendl;
throw ret;
}
rgw::keystone::TokenEnvelope token_envelope;
ret = token_envelope.parse(cct, std::string(), token_body_bl, api_version);
if (ret < 0) {
- ldout(cct, 2) << "s3 keystone: token parsing failed, ret=0" << ret
+ ldpp_dout(dpp, 2) << "s3 keystone: token parsing failed, ret=0" << ret
<< dendl;
throw ret;
}
boost::optional<token_envelope_t> t;
int failure_reason;
std::tie(t, failure_reason) = \
- get_from_keystone(access_key_id, string_to_sign, signature);
+ get_from_keystone(dpp, access_key_id, string_to_sign, signature);
if (! t) {
return result_t::deny(failure_reason);
}
/* Helper methods. */
bool is_applicable(const std::string& token) const noexcept;
- token_envelope_t decode_pki_token(const std::string& token) const;
+ token_envelope_t decode_pki_token(const DoutPrefixProvider* dpp, const std::string& token) const;
boost::optional<token_envelope_t>
- get_from_keystone(const std::string& token) const;
+ get_from_keystone(const DoutPrefixProvider* dpp, const std::string& token) const;
acl_strategy_t get_acl_strategy(const token_envelope_t& token) const;
auth_info_t get_creds_info(const token_envelope_t& token,
const std::vector<std::string>& admin_roles
) const noexcept;
std::pair<boost::optional<token_envelope_t>, int>
- get_from_keystone(const boost::string_view& access_key_id,
+ get_from_keystone(const DoutPrefixProvider* dpp, const boost::string_view& access_key_id,
const std::string& string_to_sign,
const boost::string_view& signature) const;
result_t authenticate(const DoutPrefixProvider* dpp,
s->info.args.exists("temp_url_expires");
}
-void TempURLEngine::get_owner_info(const req_state* const s,
+void TempURLEngine::get_owner_info(const DoutPrefixProvider* dpp, const req_state* const s,
RGWUserInfo& owner_info) const
{
/* We cannot use req_state::bucket_name because it isn't available
throw ret;
}
- ldout(cct, 20) << "temp url user (bucket owner): " << bucket_info.owner
+ ldpp_dout(dpp, 20) << "temp url user (bucket owner): " << bucket_info.owner
<< dendl;
if (rgw_get_user_info_by_uid(store, bucket_info.owner, owner_info) < 0) {
RGWUserInfo owner_info;
try {
- get_owner_info(s, owner_info);
+ get_owner_info(dpp, s, owner_info);
} catch (...) {
ldpp_dout(dpp, 5) << "cannot get user_info of account's owner" << dendl;
return result_t::reject();
projects / ceph.git / commitdiff