}
};
-#warning deleteme
-#if 0
-void RGWLibRequestEnv::set_date(utime_t& tm)
-{
- stringstream s;
- tm.asctime(s);
- date_str = s.str();
-}
-
-int RGWLibRequestEnv::sign(RGWAccessKey& access_key)
-{
- map<string, string> meta_map;
- map<string, string> sub_resources;
-
- string canonical_header;
- string digest;
-
- rgw_create_s3_canonical_header(request_method.c_str(),
- NULL, /* const char* content_md5 */
- content_type.c_str(),
- date_str.c_str(),
- meta_map,
- uri.c_str(),
- sub_resources,
- canonical_header);
-
- int ret = rgw_get_s3_header_digest(canonical_header, access_key.key, digest);
- if (ret < 0) {
- return ret;
- }
- return 0;
-}
-#endif /* 0 */
-
void RGWLibProcess::checkpoint()
{
m_tp.drain(&req_wq);
/* req is-a RGWOp, currently initialized separately */
ret = req->op_init();
- if (ret < 0) {
+ if (ret < 0) {
dout(10) << "failed to initialize RGWOp" << dendl;
abort_req(s, op, ret);
goto done;
}
+ /* XXX authorize does less here then in the REST path, e.g.,
+ * the user's info is cached, but still incomplete */
+ req->log(s, "authorizing");
+ ret = req->authorize();
+ if (ret < 0) {
+ dout(10) << "failed to authorize request" << dendl;
+ abort_req(s, op, ret);
+ goto done;
+ }
+
req->log(s, "reading op permissions");
ret = req->read_permissions(op);
if (ret < 0) {
goto done;
}
- /* XXXX 1s stall if this is skipped? */
+ /* XXXX almost correct, I think */
+ #if 0
req->log(s, "verifying op permissions");
ret = op->verify_permission();
if (ret < 0) {
goto done;
}
}
+ #endif
+ req->log(s, "here 3");
req->log(s, "verifying op params");
ret = op->verify_params();
}
return ret;
-}
+} /* RGWLibRequest::read_permissions */
+
+int RGWHandler_Lib::authorize()
+{
+ /* TODO: handle
+ * 1. subusers
+ * 2. anonymous access
+ * 3. system access
+ * 4. ?
+ *
+ * Much or all of this depends on handling the cached authorization
+ * correctly (e.g., dealing with keystone) at mount time.
+ */
+ s->perm_mask = RGW_PERM_FULL_CONTROL;
+
+ // populate the owner info
+ s->owner.set_id(s->user->user_id);
+ s->owner.set_name(s->user->display_name);
+
+ return 0;
+} /* RGWHandler_Lib::authorize */
/* global RGW library object */
static RGWLib rgwlib;
friend class RGWRESTMgr_Lib;
public:
- virtual int authorize() {
- return RGW_Auth_S3::authorize(store, s);
- }
+ virtual int authorize();
RGWHandler_Lib() {}
virtual ~RGWHandler_Lib() {}
RGWRequest::init_state(_s);
RGWHandler::init(rados_ctx->store, _s, io);
+ /* fixup _s->req */
+ _s->req = this;
+
log_init();
get_state()->obj_ctx = rados_ctx;
#include "common/debug.h"
#include "global/global_init.h"
+#define dout_subsys ceph_subsys_rgw
+
namespace {
librgw_t rgw = nullptr;
string uid("testuser");
return;
for (auto& fid : fids1) {
- std::cout << "readdir in bucket " << get<0>(fid) << std::endl;
+ ldout(g_ceph_context, 0) << __func__ << " readdir on bucket " << get<0>(fid)
+ << dendl;
bool eof = false;
uint64_t offset = 0;
int ret = rgw_readdir(fs, get<2>(fid), &offset, r2_cb, &fids2,
projects / ceph.git / commitdiff