int gen_secret_key = 0;
bool set_perm = false;
bool set_temp_url_key = false;
- string temp_url_key;
+ map<int, string> temp_url_keys;
string bucket_id;
Formatter *formatter = NULL;
int purge_data = false;
perm_mask = rgw_str_to_perm(access.c_str());
set_perm = true;
} else if (ceph_argparse_witharg(args, i, &val, "--temp-url-key", (char*)NULL)) {
- temp_url_key = val;
+ temp_url_keys[0] = val;
+ set_temp_url_key = true;
+ } else if (ceph_argparse_witharg(args, i, &val, "--temp-url-key2", "--temp-url-key-2", (char*)NULL)) {
+ temp_url_keys[1] = val;
set_temp_url_key = true;
} else if (ceph_argparse_witharg(args, i, &val, "--bucket-id", (char*)NULL)) {
bucket_id = val;
if (set_perm)
user_op.set_perm(perm_mask);
- if (set_temp_url_key)
- user_op.set_temp_url_key(temp_url_key);
+ if (set_temp_url_key) {
+ map<int, string>::iterator iter = temp_url_keys.begin();
+ for (; iter != temp_url_keys.end(); ++iter) {
+ user_op.set_temp_url_key(iter->second, iter->first);
+ }
+ }
if (!op_mask_str.empty()) {
uint32_t op_mask;
string default_placement;
list<string> placement_tags;
RGWQuotaInfo bucket_quota;
- string temp_url_key;
+ map<int, string> temp_url_keys;
RGWUserInfo() : auid(0), suspended(0), max_buckets(RGW_DEFAULT_MAX_BUCKETS), op_mask(RGW_OP_TYPE_ALL), system(0) {}
::encode(default_placement, bl);
::encode(placement_tags, bl);
::encode(bucket_quota, bl);
- ::encode(temp_url_key, bl);
+ ::encode(temp_url_keys, bl);
ENCODE_FINISH(bl);
}
void decode(bufferlist::iterator& bl) {
::decode(bucket_quota, bl);
}
if (struct_v >= 15) {
- ::decode(temp_url_key, bl);
+ ::decode(temp_url_keys, bl);
}
DECODE_FINISH(bl);
}
encode_json("default_placement", default_placement, f);
encode_json("placement_tags", placement_tags, f);
encode_json("bucket_quota", bucket_quota, f);
- encode_json("temp_url_key", temp_url_key, f);
+ encode_json("temp_url_keys", temp_url_keys, f);
}
JSONDecoder::decode_json("default_placement", default_placement, obj);
JSONDecoder::decode_json("placement_tags", placement_tags, obj);
JSONDecoder::decode_json("bucket_quota", bucket_quota, obj);
- JSONDecoder::decode_json("temp_url_key", temp_url_key, obj);
+ JSONDecoder::decode_json("temp_url_keys", temp_url_keys, obj);
}
void RGWQuotaInfo::dump(Formatter *f) const
return -EPERM;
}
- if (s->user.temp_url_key.empty()) {
+ if (s->user.temp_url_keys.empty()) {
dout(5) << "user does not have temp url key set, aborting" << dendl;
return -EPERM;
}
string str = string(s->info.method) + "\n" + temp_url_expires + "\n" + object_path;
dout(20) << "temp url signature (plain text): " << str << dendl;
- char dest[CEPH_CRYPTO_HMACSHA1_DIGESTSIZE];
- calc_hmac_sha1(s->user.temp_url_key.c_str(), s->user.temp_url_key.size(),
- str.c_str(), str.size(), dest);
- char dest_str[CEPH_CRYPTO_HMACSHA1_DIGESTSIZE * 2 + 1];
- buf_to_hex((const unsigned char *)dest, sizeof(dest), dest_str);
- dout(20) << "temp url signature (calculated): " << dest_str << dendl;
+ map<int, string>::iterator iter;
+ for (iter = s->user.temp_url_keys.begin(); iter != s->user.temp_url_keys.end(); ++iter) {
+ string& temp_url_key = iter->second;
- if (dest_str != temp_url_sig) {
- dout(5) << "temp url signature mismatch: " << dest_str << " != " << temp_url_sig << dendl;
- return -EPERM;
+ if (temp_url_key.empty())
+ continue;
+
+ char dest[CEPH_CRYPTO_HMACSHA1_DIGESTSIZE];
+ calc_hmac_sha1(temp_url_key.c_str(), temp_url_key.size(),
+ str.c_str(), str.size(), dest);
+
+ char dest_str[CEPH_CRYPTO_HMACSHA1_DIGESTSIZE * 2 + 1];
+ buf_to_hex((const unsigned char *)dest, sizeof(dest), dest_str);
+ dout(20) << "temp url signature [" << iter->first << "] (calculated): " << dest_str << dendl;
+
+ if (dest_str != temp_url_sig) {
+ dout(5) << "temp url signature mismatch: " << dest_str << " != " << temp_url_sig << dendl;
+ } else {
+ return 0;
+ }
}
- return 0;
+ return -EPERM;
}
bool RGWSwift::verify_swift_token(RGWRados *store, req_state *s)
if (op_state.has_bucket_quota())
user_info.bucket_quota = op_state.get_bucket_quota();
- if (op_state.temp_url_key_specified)
- user_info.temp_url_key = op_state.temp_url_key;
+ if (op_state.temp_url_key_specified) {
+ map<int, string>::iterator iter;
+ for (iter = op_state.temp_url_keys.begin();
+ iter != op_state.temp_url_keys.end(); ++iter) {
+ user_info.temp_url_keys[iter->first] = iter->second;
+ }
+ }
// update the request
op_state.set_user_info(user_info);
if (op_state.system_specified)
user_info.system = op_state.system;
- if (op_state.temp_url_key_specified)
- user_info.temp_url_key = op_state.temp_url_key;
+ if (op_state.temp_url_key_specified) {
+ map<int, string>::iterator iter;
+ for (iter = op_state.temp_url_keys.begin();
+ iter != op_state.temp_url_keys.end(); ++iter) {
+ user_info.temp_url_keys[iter->first] = iter->second;
+ }
+ }
if (op_state.op_mask_specified)
user_info.op_mask = op_state.get_op_mask();
std::string caps;
RGWObjVersionTracker objv;
uint32_t op_mask;
- string temp_url_key;
+ map<int, string> temp_url_keys;
// subuser attributes
std::string subuser;
op_mask = mask;
op_mask_specified = true;
}
- void set_temp_url_key(const string& key) {
- temp_url_key = key;
+ void set_temp_url_key(const string& key, int index) {
+ temp_url_keys[index] = key;
temp_url_key_specified = true;
}
void set_key_type(int32_t type) {
std::string get_caps() { return caps; };
std::string get_user_email() { return user_email; };
std::string get_display_name() { return display_name; };
- std::string get_temp_url_key() { return temp_url_key; };
+ map<int, std::string>& get_temp_url_keys() { return temp_url_keys; };
RGWUserInfo& get_user_info() { return info; };
projects / ceph.git / commitdiff