rgw: Remove assertions in IAM Policy

A couple of them could be triggered by user input.

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
(cherry picked from commit b3118cabb8060a8cc6a01c4e8264cb18e7b1745a)

diff --git a/src/rgw/rgw_basic_types.h b/src/rgw/rgw_basic_types.h
index 31e9d3a32acb4d4aac93aac5cadd993f44468e70..b4707b1a7088770b95b695a15ae5ac54f82eb360 100644 (file)
--- a/src/rgw/rgw_basic_types.h
+++ b/src/rgw/rgw_basic_types.h
@@ -160,12 +160,10 @@ public:
   }
 
   const std::string& get_tenant() const {
-    ceph_assert(t != Wildcard);
     return u.tenant;
   }
 
   const std::string& get_id() const {
-    ceph_assert(t != Wildcard && t != Tenant);
     return u.id;
   }
 

diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index 28b97d04d5c3ee2918abd50d3c1243f83b6176a7..cff4fa493351373f482e5a40d8d22e1a82499929 100644 (file)
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -221,7 +221,9 @@ optional<ARN> ARN::parse(const string& s, bool wildcards) {
   if ((s == "*") && wildcards) {
     return ARN(Partition::wildcard, Service::wildcard, "*", "*", "*");
   } else if (regex_match(s, match, wildcards ? rx_wild : rx_no_wild)) {
-    ceph_assert(match.size() == 6);
+    if (match.size() != 6) {
+      return boost::none;
+    }
 
     ARN a;
     {
@@ -771,7 +773,9 @@ static optional<Principal> parse_principal(CephContext* cct, TokenID t,
                          ECMAScript | optimize);
     smatch match;
     if (regex_match(a->resource, match, rx)) {
-      ceph_assert(match.size() == 3);
+      if (match.size() != 3) {
+       return boost::none;
+      }
 
       if (match[1] == "user") {
        return Principal::user(std::move(a->account),
@@ -839,7 +843,9 @@ bool ParseState::do_string(CephContext* cct, const char* s, size_t l) {
     // Principals
 
   } else if (w->kind == TokenKind::princ_type) {
-    ceph_assert(pp->s.size() > 1);
+    if (pp->s.size() <= 1) {
+      return false;
+    }
     auto& pri = pp->s[pp->s.size() - 2].w->id == TokenID::Principal ?
       t->princ : t->noprinc;
 

diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h
index 5236e6b02192179af17101d59518cffa19e5bbf1..59117456e0cc4a11c59213e29f7f37fe8fc9146d 100644 (file)
--- a/src/rgw/rgw_iam_policy.h
+++ b/src/rgw/rgw_iam_policy.h
@@ -29,8 +29,6 @@
 #include "rgw_iam_policy_keywords.h"
 #include "rgw_string.h"
 
-#include "include/assert.h" // razzin' frazzin' ...grrr.
-
 class RGWRados;
 namespace rgw {
 namespace auth {
@@ -254,7 +252,6 @@ string to_string(const MaskedIP& m);
 inline bool operator ==(const MaskedIP& l, const MaskedIP& r) {
   auto shift = std::max((l.v6 ? 128 : 32) - l.prefix,
                        (r.v6 ? 128 : 32) - r.prefix);
-  ceph_assert(shift > 0);
   return (l.addr >> shift) == (r.addr >> shift);
 }