*/
rgw_env.set("HTTP_HOST", "10.1.1.220" /* XXXX: fix me */);
+ RGWUserInfo userinfo;
+
/* XXX and -then- bloat up req_state with string copies from it */
- struct req_state rstate(req->cct, &rgw_env);
+ struct req_state rstate(req->cct, &rgw_env, &userinfo);
struct req_state *s = &rstate;
// XXX fix this
}
#endif
- if (s->user.suspended) {
- dout(10) << "user is suspended, uid=" << s->user.user_id << dendl;
+ if (s->user->suspended) {
+ dout(10) << "user is suspended, uid=" << s->user->user_id << dendl;
abort_req(s, op, -ERR_USER_SUSPENDED);
goto done;
}
}
-req_state::req_state(CephContext *_cct, class RGWEnv *e) : cct(_cct), cio(NULL), op(OP_UNKNOWN),
- has_acl_header(false),
- os_auth_token(NULL), info(_cct, e)
+req_state::req_state(CephContext* _cct, RGWEnv* e, RGWUserInfo* u)
+ : cct(_cct), cio(NULL), op(OP_UNKNOWN), user(u), has_acl_header(false),
+ os_auth_token(NULL), info(_cct, e)
{
enable_ops_log = e->conf->enable_ops_log;
enable_usage_log = e->conf->enable_usage_log;
if (!s->bucket_info.requester_pays)
return true;
- if (s->bucket_info.owner == s->user.user_id)
+ if (s->bucket_info.owner == s->user->user_id)
return true;
const char *request_payer = s->info.env->get("HTTP_X_AMZ_REQUEST_PAYER");
if (!verify_requester_payer_permission(s))
return false;
- return bucket_acl->verify_permission(s->user.user_id, perm, perm);
+ return bucket_acl->verify_permission(s->user->user_id, perm, perm);
}
bool verify_bucket_permission(struct req_state * const s, const int perm)
if (!object_acl)
return false;
- bool ret = object_acl->verify_permission(s->user.user_id, s->perm_mask, perm);
+ bool ret = object_acl->verify_permission(s->user->user_id, s->perm_mask,
+ perm);
if (ret)
return true;
return false;
/* we already verified the user mask above, so we pass swift_perm as the mask here,
otherwise the mask might not cover the swift permissions bits */
- return bucket_acl->verify_permission(s->user.user_id, swift_perm, swift_perm);
+ return bucket_acl->verify_permission(s->user->user_id, swift_perm,
+ swift_perm);
}
bool verify_object_permission(struct req_state *s, int perm)
bool has_bad_meta;
- RGWUserInfo user;
+ RGWUserInfo *user;
+
RGWAccessControlPolicy *bucket_acl;
RGWAccessControlPolicy *object_acl;
string req_id;
string trans_id;
- req_state(CephContext *_cct, class RGWEnv* e);
+ req_state(CephContext* _cct, RGWEnv* e, RGWUserInfo* u);
~req_state();
};
s->info.domain = ""; /* XXX ? */
/* XXX fake user_id (will fix) */
- s->user.user_id = user_id;
- s->user.display_name = user_id;
+ s->user->user_id = user_id;
+ s->user->display_name = user_id;
return 0;
}
s->info.domain = ""; /* XXX ? */
/* XXX fake user_id and perms (will fix) */
- s->user.user_id = user_id;
- s->user.display_name = user_id;
+ s->user->user_id = user_id;
+ s->user->display_name = user_id;
s->perm_mask = RGW_PERM_READ;
return 0;
if (!s->bucket_name.empty())
user = s->bucket_owner.get_id();
else
- user = s->user.user_id;
+ user = s->user->user_id;
string id = user.to_str();
rgw_usage_log_entry entry(id, s->bucket.name);
set_param_str(s, "REQUEST_URI", entry.uri);
set_param_str(s, "REQUEST_METHOD", entry.op);
- entry.user = s->user.user_id.to_str();
+ entry.user = s->user->user_id.to_str();
if (s->object_acl)
entry.object_owner = s->object_acl->get_owner().get_id();
entry.bucket_owner = s->bucket_owner.get_id();
if (ret < 0)
return ret;
rgw_user& owner = bucket_policy.get_owner().get_id();
- if (!s->system_request && owner.compare(s->user.user_id) != 0 &&
- !bucket_policy.verify_permission(s->user.user_id, s->perm_mask, RGW_PERM_READ))
+ if (!s->system_request && owner.compare(s->user->user_id) != 0 &&
+ !bucket_policy.verify_permission(s->user->user_id, s->perm_mask,
+ RGW_PERM_READ))
ret = -EACCES;
else
ret = -ENOENT;
rgw_obj_key no_obj;
ret = read_policy(store, s, s->bucket_info, s->bucket_attrs, s->bucket_acl, s->bucket, no_obj);
} else {
- s->bucket_acl->create_default(s->user.user_id, s->user.display_name);
+ s->bucket_acl->create_default(s->user->user_id, s->user->display_name);
ret = -ERR_NO_SUCH_BUCKET;
}
{
uint32_t required_mask = op_mask();
- ldout(s->cct, 20) << "required_mask= " << required_mask << " user.op_mask=" << s->user.op_mask << dendl;
+ ldout(s->cct, 20) << "required_mask= " << required_mask
+ << " user.op_mask=" << s->user->op_mask << dendl;
- if ((s->user.op_mask & required_mask) != required_mask) {
+ if ((s->user->op_mask & required_mask) != required_mask) {
return -EPERM;
}
- if (!s->system_request && (required_mask & RGW_OP_TYPE_MODIFY) && !store->zone.is_master) {
+ if (!s->system_request && (required_mask & RGW_OP_TYPE_MODIFY) &&
+ !store->zone.is_master) {
ldout(s->cct, 5) << "NOTICE: modify request to a non-master zone by a non-system user, permission denied" << dendl;
return -EPERM;
}
return 0;
/* init quota related stuff */
- if (!(s->user.op_mask & RGW_OP_TYPE_MODIFY)) {
+ if (!(s->user->op_mask & RGW_OP_TYPE_MODIFY)) {
return 0;
}
RGWUserInfo owner_info;
RGWUserInfo *uinfo;
- if (s->user.user_id == s->bucket_owner.get_id()) {
- uinfo = &s->user;
+ if (s->user->user_id == s->bucket_owner.get_id()) {
+ uinfo = s->user;
} else {
int r = rgw_get_user_info_by_uid(store, s->bucket_info.owner, owner_info);
if (r < 0)
RGWBucketInfo bucket_info;
map<string, bufferlist> bucket_attrs;
RGWObjectCtx obj_ctx(store);
- int r = store->get_bucket_info(obj_ctx, s->user.user_id.tenant, bucket_name,
- bucket_info, NULL, &bucket_attrs);
+ int r = store->get_bucket_info(obj_ctx, s->user->user_id.tenant,
+ bucket_name, bucket_info, NULL,
+ &bucket_attrs);
if (r < 0) {
- ldout(s->cct, 0) << "could not get bucket info for bucket=" << bucket_name << dendl;
+ ldout(s->cct, 0) << "could not get bucket info for bucket="
+ << bucket_name << dendl;
return r;
}
bucket = bucket_info.bucket;
RGWBucketInfo bucket_info;
map<string, bufferlist> bucket_attrs;
RGWObjectCtx obj_ctx(store);
- int r = store->get_bucket_info(obj_ctx, s->user.user_id.tenant,
+ int r = store->get_bucket_info(obj_ctx, s->user->user_id.tenant,
bucket_name, bucket_info, NULL, &bucket_attrs);
if (r < 0) {
- ldout(s->cct, 0) << "could not get bucket info for bucket=" << bucket_name << dendl;
+ ldout(s->cct, 0) << "could not get bucket info for bucket="
+ << bucket_name << dendl;
return r;
}
bucket = bucket_info.bucket;
}
if (supports_account_metadata()) {
- op_ret = rgw_get_user_attrs_by_uid(store, s->user.user_id, attrs);
+ op_ret = rgw_get_user_attrs_by_uid(store, s->user->user_id, attrs);
if (op_ret < 0) {
goto send_end;
}
read_count = max_buckets;
}
- op_ret = rgw_read_user_buckets(store, s->user.user_id, buckets,
+ op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets,
marker, end_marker, read_count,
should_get_stats(), 0);
-
if (op_ret < 0) {
/* hmm.. something wrong here.. the user was authenticated, so it
should exist */
- ldout(s->cct, 10) << "WARNING: failed on rgw_get_user_buckets uid=" << s->user.user_id << dendl;
+ ldout(s->cct, 10) << "WARNING: failed on rgw_get_user_buckets uid="
+ << s->user->user_id << dendl;
break;
}
map<string, RGWBucketEnt>& m = buckets.get_buckets();
do {
RGWUserBuckets buckets;
- op_ret = rgw_read_user_buckets(store, s->user.user_id, buckets,
+ op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets,
marker, string(), max_buckets, false);
if (op_ret < 0) {
/* hmm.. something wrong here.. the user was authenticated, so it
should exist */
- ldout(s->cct, 10) << "WARNING: failed on rgw_get_user_buckets uid=" << s->user.user_id << dendl;
+ ldout(s->cct, 10) << "WARNING: failed on rgw_get_user_buckets uid="
+ << s->user->user_id << dendl;
break;
} else {
map<string, RGWBucketEnt>& m = buckets.get_buckets();
int RGWGetBucketVersioning::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWSetBucketVersioning::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWGetBucketWebsite::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWSetBucketWebsite::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWDeleteBucketWebsite::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWGetBucketLogging::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWGetBucketLocation::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWCreateBucket::verify_permission()
{
- if (!rgw_user_is_authenticated(s->user))
+ if (!rgw_user_is_authenticated(*(s->user)))
return -EACCES;
- if (s->user.user_id.tenant != s->bucket_tenant) {
- ldout(s->cct, 10) << "user cannot create a bucket in a different tenant (user_id.tenant=" << s->user.user_id.tenant << " requested=" << s->bucket_tenant << ")" << dendl;
+ if (s->user->user_id.tenant != s->bucket_tenant) {
+ ldout(s->cct, 10)
+ << "user cannot create a bucket in a different tenant (user_id.tenant="
+ << s->user->user_id.tenant << " requested=" << s->bucket_tenant << ")"
+ << dendl;
return -EACCES;
}
- if (s->user.max_buckets) {
+ if (s->user->max_buckets) {
RGWUserBuckets buckets;
string marker;
- op_ret = rgw_read_user_buckets(store, s->user.user_id, buckets,
- marker, string(), s->user.max_buckets,
+ op_ret = rgw_read_user_buckets(store, s->user->user_id, buckets,
+ marker, string(), s->user->max_buckets,
false);
if (op_ret < 0)
return op_ret;
map<string, RGWBucketEnt>& m = buckets.get_buckets();
- if (m.size() >= s->user.max_buckets) {
+ if (m.size() >= s->user->max_buckets) {
return -ERR_TOO_MANY_BUCKETS;
}
}
return 0;
}
-static int forward_request_to_master(struct req_state *s, obj_version *objv, RGWRados *store, bufferlist& in_data, JSONParser *jp)
+static int forward_request_to_master(struct req_state *s, obj_version *objv,
+ RGWRados *store, bufferlist& in_data,
+ JSONParser *jp)
{
if (!store->rest_master_conn) {
ldout(s->cct, 0) << "rest connection is invalid" << dendl;
}
ldout(s->cct, 0) << "sending create_bucket request to master region" << dendl;
bufferlist response;
- string uid_str = s->user.user_id.to_str();
+ string uid_str = s->user->user_id.to_str();
#define MAX_REST_RESPONSE (128 * 1024) // we expect a very small response
- int ret = store->rest_master_conn->forward(uid_str, s->info, objv, MAX_REST_RESPONSE, &in_data, &response);
+ int ret = store->rest_master_conn->forward(uid_str, s->info, objv,
+ MAX_REST_RESPONSE, &in_data,
+ &response);
if (ret < 0)
return ret;
return;
}
- /* we need to make sure we read bucket info, it's not read before for this specific request */
+ /* we need to make sure we read bucket info, it's not read before for this
+ * specific request */
RGWObjectCtx& obj_ctx = *static_cast<RGWObjectCtx *>(s->obj_ctx);
op_ret = store->get_bucket_info(obj_ctx, s->bucket_tenant, s->bucket_name,
s->bucket_info, NULL, &s->bucket_attrs);
return;
s->bucket_exists = (op_ret != -ENOENT);
- s->bucket_owner.set_id(s->user.user_id);
- s->bucket_owner.set_name(s->user.display_name);
+ s->bucket_owner.set_id(s->user->user_id);
+ s->bucket_owner.set_name(s->user->display_name);
if (s->bucket_exists) {
- int r = get_policy_from_attr(s->cct, store, s->obj_ctx, s->bucket_info, s->bucket_attrs,
- &old_policy, obj);
+ int r = get_policy_from_attr(s->cct, store, s->obj_ctx, s->bucket_info,
+ s->bucket_attrs, &old_policy, obj);
if (r >= 0) {
- if (old_policy.get_owner().get_id().compare(s->user.user_id) != 0) {
+ if (old_policy.get_owner().get_id().compare(s->user->user_id) != 0) {
op_ret = -EEXIST;
return;
}
if (s->bucket_exists) {
string selected_placement_rule;
rgw_bucket bucket;
- op_ret = store->select_bucket_placement(s->user, region_name,
- placement_rule,
- s->bucket_tenant, s->bucket_name,
- bucket, &selected_placement_rule);
+ op_ret = store->select_bucket_placement(*(s->user), region_name,
+ placement_rule, s->bucket_tenant,
+ s->bucket_name, bucket,
+ &selected_placement_rule);
if (selected_placement_rule != s->bucket_info.placement_rule) {
op_ret = -EEXIST;
return;
}
s->bucket.tenant = s->bucket_tenant; /* ignored if bucket exists */
s->bucket.name = s->bucket_name;
- op_ret = store->create_bucket(s->user, s->bucket, region_name, placement_rule,
- attrs, info, pobjv, &ep_objv, creation_time,
- pmaster_bucket, true);
- /* continue if EEXIST and create_bucket will fail below. this way we can recover
- * from a partial create by retrying it. */
+ op_ret = store->create_bucket(*(s->user), s->bucket, region_name,
+ placement_rule, attrs, info, pobjv, &ep_objv,
+ creation_time, pmaster_bucket, true);
+ /* continue if EEXIST and create_bucket will fail below. this way we can
+ * recover from a partial create by retrying it. */
ldout(s->cct, 20) << "rgw_create_bucket returned ret=" << op_ret << " bucket=" << s->bucket << dendl;
if (op_ret && op_ret != -EEXIST)
* If all is ok then update the user's list of buckets.
* Otherwise inform client about a name conflict.
*/
- if (info.owner.compare(s->user.user_id) != 0) {
+ if (info.owner.compare(s->user->user_id) != 0) {
op_ret = -EEXIST;
return;
}
s->bucket = info.bucket;
}
- op_ret = rgw_link_bucket(store, s->user.user_id, s->bucket,
+ op_ret = rgw_link_bucket(store, s->user->user_id, s->bucket,
info.creation_time, false);
if (op_ret && !existed && op_ret != -EEXIST) {
/* if it exists (or previously existed), don't remove it! */
- op_ret = rgw_unlink_bucket(store, s->user.user_id, s->bucket.tenant,
+ op_ret = rgw_unlink_bucket(store, s->user->user_id, s->bucket.tenant,
s->bucket.name);
if (op_ret < 0) {
ldout(s->cct, 0) << "WARNING: failed to unlink bucket: ret=" << op_ret
op_ret = store->delete_bucket(s->bucket, ot);
if (op_ret == 0) {
- op_ret = rgw_unlink_bucket(store, s->user.user_id, s->bucket.tenant,
+ op_ret = rgw_unlink_bucket(store, s->user->user_id, s->bucket.tenant,
s->bucket.name, false);
if (op_ret < 0) {
ldout(s->cct, 0) << "WARNING: failed to unlink bucket: ret=" << op_ret
}
}
-int RGWPutMetadataAccount::handle_temp_url_update(const map<int, string>& temp_url_keys) {
+int RGWPutMetadataAccount::handle_temp_url_update(
+ const map<int, string>& temp_url_keys) {
RGWUserAdminOpState user_op;
- user_op.set_user_id(s->user.user_id);
+ user_op.set_user_id(s->user->user_id);
map<int, string>::const_iterator iter;
for (iter = temp_url_keys.begin(); iter != temp_url_keys.end(); ++iter) {
int RGWPutMetadataAccount::verify_permission()
{
- if (!rgw_user_is_authenticated(s->user)) {
+ if (!rgw_user_is_authenticated(*(s->user))) {
return -EACCES;
}
// if ((s->perm_mask & RGW_PERM_WRITE) == 0) {
}
rgw_get_request_metadata(s->cct, s->info, attrs, false);
- rgw_get_user_attrs_by_uid(store, s->user.user_id, orig_attrs, &acct_op_tracker);
+ rgw_get_user_attrs_by_uid(store, s->user->user_id, orig_attrs,
+ &acct_op_tracker);
prepare_add_del_attrs(orig_attrs, rmattr_names, attrs, rmattrs);
populate_with_generic_attrs(s, attrs);
}
/* XXX tenant needed? */
- op_ret = rgw_store_user_attrs(store, s->user.user_id.id, attrs, &rmattrs,
+ op_ret = rgw_store_user_attrs(store, s->user->user_id.id, attrs, &rmattrs,
&acct_op_tracker);
if (op_ret < 0) {
return;
return op_ret;
if (!s->system_request && /* system request overrides permission checks */
- !src_policy.verify_permission(s->user.user_id, s->perm_mask, RGW_PERM_READ))
+ !src_policy.verify_permission(s->user->user_id, s->perm_mask,
+ RGW_PERM_READ))
return -EACCES;
}
return op_ret;
if (!s->system_request && /* system request overrides permission checks */
- !dest_bucket_policy.verify_permission(s->user.user_id, s->perm_mask, RGW_PERM_WRITE))
+ !dest_bucket_policy.verify_permission(s->user->user_id, s->perm_mask,
+ RGW_PERM_WRITE))
return -EACCES;
op_ret = init_dest_policy();
encode_delete_at_attr(delete_at, attrs);
op_ret = store->copy_obj(obj_ctx,
- s->user.user_id,
+ s->user->user_id,
client_id,
op_id,
&s->info,
int RGWGetCORS::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWPutCORS::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWDeleteCORS::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
int RGWSetRequestPayment::verify_permission()
{
- if (s->user.user_id.compare(s->bucket_owner.get_id()) != 0)
+ if (s->user->user_id.compare(s->bucket_owner.get_id()) != 0)
return -EACCES;
return 0;
RGWBucketInfo binfo;
map<string, bufferlist> battrs;
- int ret = store->get_bucket_info(obj_ctx, s->user.user_id.tenant,
- path.bucket_name, binfo, NULL, &battrs);
+ int ret = store->get_bucket_info(obj_ctx, s->user->user_id.tenant,
+ path.bucket_name, binfo, NULL, &battrs);
if (ret < 0) {
goto binfo_fail;
}
RGWEnv& rgw_env = client_io->get_env();
- struct req_state rstate(g_ceph_context, &rgw_env);
+ RGWUserInfo userinfo;
- struct req_state* s = &rstate;
+ struct req_state rstate(g_ceph_context, &rgw_env, &userinfo);
+ struct req_state *s = &rstate;
RGWObjectCtx rados_ctx(store, s);
s->obj_ctx = &rados_ctx;
goto done;
}
- if (s->user.suspended) {
- dout(10) << "user is suspended, uid=" << s->user.user_id << dendl;
+ if (s->user->suspended) {
+ dout(10) << "user is suspended, uid=" << s->user->user_id << dendl;
abort_early(s, op, -ERR_USER_SUSPENDED, handler);
goto done;
}
dump_trans_id(s);
if ((!s->err.is_err()) &&
- (s->bucket_info.owner != s->user.user_id) &&
+ (s->bucket_info.owner != s->user->user_id) &&
(s->bucket_info.requester_pays)) {
STREAM_IO(s)->print("x-amz-request-charged: requester\r\n");
}
int RGWRESTOp::verify_permission()
{
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
RGWOp* RGWHandler_REST::get_op(RGWRados* store)
return caps.check_cap("bilog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
virtual void send_response();
virtual void send_response(list<rgw_bi_log_entry>& entries, string& marker);
return caps.check_cap("bilog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
virtual void send_response();
void execute();
return caps.check_cap("mdlog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
return caps.check_cap("mdlog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
return caps.check_cap("mdlog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
return caps.check_cap("datalog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
return caps.check_cap("datalog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
return caps.check_cap("datalog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
return caps.check_cap("opstate", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
return caps.check_cap(obj_type.c_str(), RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
return caps.check_cap("bilog", RGW_CAP_READ);
}
int verify_permission() {
- return check_caps(s->user.caps);
+ return check_caps(s->user->caps);
}
void execute();
virtual void send_response();
if (! op_ret) {
list_all_buckets_start(s);
- dump_owner(s, s->user.user_id, s->user.display_name);
+ dump_owner(s, s->user->user_id, s->user->display_name);
s->formatter->open_array_section("Buckets");
sent_data = true;
}
return r;
}
- s->user = user_info;
+ // deep copy
+ *(s->user) = user_info;
s->owner.set_id(user_info.user_id);
s->owner.set_name(user_info.display_name);
} else {
s->formatter->open_array_section("Upload");
s->formatter->dump_string("Key", mp.get_key());
s->formatter->dump_string("UploadId", mp.get_upload_id());
- dump_owner(s, s->user.user_id, s->user.display_name, "Initiator");
- dump_owner(s, s->user.user_id, s->user.display_name);
+ dump_owner(s, s->user->user_id, s->user->display_name, "Initiator");
+ dump_owner(s, s->user->user_id, s->user->display_name);
s->formatter->dump_string("StorageClass", "STANDARD");
time_t mtime = iter->obj.mtime.sec();
dump_time(s, "Initiated", &mtime);
if (s->init_state.url_bucket.empty()) {
// Save bucket to tide us over until token is parsed.
s->init_state.url_bucket = first;
-
if (pos >= 0) {
string encoded_obj_str = req.substr(pos+1);
s->object = rgw_obj_key(encoded_obj_str, s->info.args.get("versionId"));
struct req_init_state *t = &s->init_state;
bool relaxed_names = s->cct->_conf->rgw_relaxed_s3_bucket_names;
- rgw_parse_url_bucket(t->url_bucket, s->user.user_id.tenant, s->bucket_tenant, s->bucket_name);
+ rgw_parse_url_bucket(t->url_bucket, s->user->user_id.tenant,
+ s->bucket_tenant, s->bucket_name);
dout(10) << "s->object=" << (!s->object.empty() ? s->object : rgw_obj_key("<NULL>"))
<< " s->bucket=" << rgw_make_bucket_entry_name(s->bucket_tenant, s->bucket_name) << dendl;
return ret;
if (!t->src_bucket.empty()) {
- rgw_parse_url_bucket(t->src_bucket, s->user.user_id.tenant, s->src_tenant_name, s->src_bucket_name);
+ rgw_parse_url_bucket(t->src_bucket, s->user->user_id.tenant,
+ s->src_tenant_name, s->src_bucket_name);
ret = validate_tenant_name(s->src_tenant_name);
if (ret)
return ret;
static void init_anon_user(struct req_state *s)
{
- rgw_get_anon_user(s->user);
+ rgw_get_anon_user(*(s->user));
s->perm_mask = RGW_PERM_FULL_CONTROL;
}
return -ERR_REQUEST_TIME_SKEWED;
}
-
- s->user.user_id = keystone_validator.response.token.tenant.id;
- s->user.display_name
+ s->user->user_id = keystone_validator.response.token.tenant.id;
+ s->user->display_name
= keystone_validator.response.token.tenant.name; // wow.
rgw_user uid(keystone_validator.response.token.tenant.id);
/* try to store user if it not already exists */
- if (rgw_get_user_info_by_uid(store, uid, s->user) < 0) {
- int ret = rgw_store_user_info(store, s->user, NULL, NULL, 0, true);
+ if (rgw_get_user_info_by_uid(store, uid, *(s->user)) < 0) {
+ int ret = rgw_store_user_info(store, *(s->user), NULL, NULL, 0, true);
if (ret < 0)
dout(10) << "NOTICE: failed to store new user's info: ret="
<< ret << dendl;
/* now try rados backend, but only if keystone did not succeed */
if (keystone_result < 0) {
/* get the user info */
- if (rgw_get_user_info_by_access_key(store, auth_id, s->user) < 0) {
+ if (rgw_get_user_info_by_access_key(store, auth_id, *(s->user)) < 0) {
dout(5) << "error reading user info, uid=" << auth_id
<< " can't authenticate" << dendl;
return -ERR_INVALID_ACCESS_KEY;
}
/* now verify signature */
-
string auth_hdr;
if (!rgw_create_s3_canonical_header(s->info, &s->header_time, auth_hdr,
qsr)) {
}
map<string, RGWAccessKey>::iterator iter =
- s->user.access_keys.find(auth_id);
- if (iter == s->user.access_keys.end()) {
+ s->user->access_keys.find(auth_id);
+ if (iter == s->user->access_keys.end()) {
dout(0) << "ERROR: access key not encoded in user info" << dendl;
return -EPERM;
}
if (!k.subuser.empty()) {
map<string, RGWSubUser>::iterator uiter =
- s->user.subusers.find(k.subuser);
- if (uiter == s->user.subusers.end()) {
+ s->user->subusers.find(k.subuser);
+ if (uiter == s->user->subusers.end()) {
dout(0) << "NOTICE: could not find subuser: " << k.subuser << dendl;
return -EPERM;
}
return -ERR_SIGNATURE_NO_MATCH;
}
- if (s->user.system) {
+ if (s->user->system) {
s->system_request = true;
dout(20) << "system request" << dendl;
s->info.args.set_system();
ldout(s->cct, 0) << "User lookup failed!" << dendl;
return -ENOENT;
}
- s->user = effective_user;
+ *(s->user) = effective_user;
}
}
} /* if keystone_result < 0 */
// populate the owner info
- s->owner.set_id(s->user.user_id);
- s->owner.set_name(s->user.display_name);
+ s->owner.set_id(s->user->user_id);
+ s->owner.set_name(s->user->display_name);
return 0;
}
/* Dump TempURL-related stuff */
if (s->perm_mask == RGW_PERM_FULL_CONTROL) {
map<int, string>::iterator iter;
- iter = s->user.temp_url_keys.find(0);
- if (iter != s->user.temp_url_keys.end() && !iter->second.empty()) {
+ iter = s->user->temp_url_keys.find(0);
+ if (iter != s->user->temp_url_keys.end() && !iter->second.empty()) {
STREAM_IO(s)->print("X-Account-Meta-Temp-Url-Key: %s\r\n",
iter->second.c_str());
}
- iter = s->user.temp_url_keys.find(1);
- if (iter != s->user.temp_url_keys.end() && !iter->second.empty()) {
+ iter = s->user->temp_url_keys.find(1);
+ if (iter != s->user->temp_url_keys.end() && !iter->second.empty()) {
STREAM_IO(s)->print("X-Account-Meta-Temp-Url-Key-2: %s\r\n",
iter->second.c_str());
}
if (! op_ret) {
dump_start(s);
s->formatter->open_array_section_with_attrs("account",
- FormatterAttrs("name", s->user.display_name.c_str(), NULL));
+ FormatterAttrs("name", s->user->display_name.c_str(), NULL));
sent_data = true;
}
void RGWStatAccount_ObjStore_SWIFT::execute()
{
RGWStatAccount_ObjStore::execute();
-
- op_ret = rgw_get_user_attrs_by_uid(store, s->user.user_id, attrs);
+ op_ret = rgw_get_user_attrs_by_uid(store, s->user->user_id, attrs);
}
void RGWStatAccount_ObjStore_SWIFT::send_response()
{
if (op_ret >= 0) {
op_ret = STATUS_NO_CONTENT;
- dump_account_metadata(s, buckets_count, buckets_objcount, buckets_size, buckets_size_rounded, attrs);
+ dump_account_metadata(s, buckets_count, buckets_objcount, buckets_size,
+ buckets_size_rounded, attrs);
}
set_req_state_err(s, op_ret);
if (read_attr || write_attr) {
RGWAccessControlPolicy_SWIFT swift_policy(s->cct);
- int r = swift_policy.create(store, s->user.user_id, s->user.display_name, read_list, write_list);
+ int r = swift_policy.create(store, s->user->user_id, s->user->display_name, read_list, write_list);
if (r < 0)
return r;
}
if (!has_policy) {
- policy.create_default(s->user.user_id, s->user.display_name);
+ policy.create_default(s->user->user_id, s->user->display_name);
}
location_constraint = store->region.api_name;
}
}
- policy.create_default(s->user.user_id, s->user.display_name);
+ policy.create_default(s->user->user_id, s->user->display_name);
int r = get_delete_at_param(s, &delete_at);
if (r < 0) {
int RGWCopyObj_ObjStore_SWIFT::init_dest_policy()
{
- dest_policy.create_default(s->user.user_id, s->user.display_name);
+ dest_policy.create_default(s->user->user_id, s->user->display_name);
return 0;
}
/* Dump X-Copied-From-Account */
string account_name;
- url_encode(s->user.user_id.id, account_name); // XXX tenant
+ url_encode(s->user->user_id.id, account_name); // XXX tenant
STREAM_IO(s)->print("X-Copied-From-Account: %s\r\n", account_name.c_str());
/* Dump X-Copied-From-Last-Modified. */
if ((!s->os_auth_token && s->info.args.get("temp_url_sig").empty()) ||
(s->op == OP_OPTIONS)) {
/* anonymous access */
- rgw_get_anon_user(s->user);
+ rgw_get_anon_user(*(s->user));
s->perm_mask = RGW_PERM_FULL_CONTROL;
return 0;
}
struct req_init_state* t = &s->init_state;
/* XXX Stub this until Swift Auth sets account into URL. */
- s->bucket_tenant = s->user.user_id.tenant;
+ s->bucket_tenant = s->user->user_id.tenant;
s->bucket_name = t->url_bucket;
dout(10) << "s->object=" <<
* We don't allow cross-tenant copy at present. It requires account
* names in the URL for Swift.
*/
- s->src_tenant_name = s->user.user_id.tenant;
+ s->src_tenant_name = s->user->user_id.tenant;
s->src_bucket_name = t->src_bucket;
ret = validate_bucket_name(s->src_bucket_name);
RESTArgs::get_bool(s, "system", false, &system);
RESTArgs::get_bool(s, "exclusive", false, &exclusive);
- if (!s->user.system && system) {
+ if (!s->user->system && system) {
ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl;
http_ret = -EINVAL;
return;
RESTArgs::get_bool(s, "system", false, &system);
- if (!s->user.system && system) {
+ if (!s->user->system && system) {
ldout(s->cct, 0) << "cannot set system flag by non-system user" << dendl;
http_ret = -EINVAL;
return;
return -EPERM;
dout(20) << "temp url user (bucket owner): " << bucket_info.owner << dendl;
- if (rgw_get_user_info_by_uid(store, bucket_info.owner, s->user) < 0) {
+ if (rgw_get_user_info_by_uid(store, bucket_info.owner, *(s->user)) < 0) {
return -EPERM;
}
- if (s->user.temp_url_keys.empty()) {
+ if (s->user->temp_url_keys.empty()) {
dout(5) << "user does not have temp url key set, aborting" << dendl;
return -EPERM;
}
dout(20) << "temp url signature (plain text): " << str << dendl;
map<int, string>::iterator iter;
- for (iter = s->user.temp_url_keys.begin(); iter != s->user.temp_url_keys.end(); ++iter) {
+ for (iter = s->user->temp_url_keys.begin(); iter != s->user->temp_url_keys.end(); ++iter) {
string& temp_url_key = iter->second;
if (temp_url_key.empty())
subuser = s->swift_user.substr(pos + 1);
}
s->perm_mask = 0;
- map<string, RGWSubUser>::iterator iter = s->user.subusers.find(subuser);
- if (iter != s->user.subusers.end()) {
+ map<string, RGWSubUser>::iterator iter = s->user->subusers.find(subuser);
+ if (iter != s->user->subusers.end()) {
RGWSubUser& subuser_ = iter->second;
s->perm_mask = subuser_.perm_mask;
}
}
if (strncmp(s->os_auth_token, "AUTH_rgwtk", 10) == 0) {
- int ret = rgw_swift_verify_signed_token(s->cct, store, s->os_auth_token, s->user, &s->swift_user);
+ int ret = rgw_swift_verify_signed_token(s->cct, store, s->os_auth_token,
+ *(s->user), &s->swift_user);
if (ret < 0)
return false;
int ret;
if (supports_keystone()) {
- ret = validate_keystone_token(store, s->os_auth_token, &info, s->user);
+ ret = validate_keystone_token(store, s->os_auth_token, &info, *(s->user));
return (ret >= 0);
}
ldout(cct, 10) << "swift user=" << s->swift_user << dendl;
- if (rgw_get_user_info_by_swift(store, swift_user, s->user) < 0) {
+ if (rgw_get_user_info_by_swift(store, swift_user, *(s->user)) < 0) {
ldout(cct, 0) << "NOTICE: couldn't map swift user" << dendl;
return false;
}
- ldout(cct, 10) << "user_id=" << s->user.user_id << dendl;
+ ldout(cct, 10) << "user_id=" << s->user->user_id << dendl;
return true;
}
projects / ceph.git / commitdiff