rgw::io::add_conlen_controlling(
&real_client))));
RGWRestfulIO client(&real_client_io);
- process_request(env.store, env.rest, &req, env.uri_prefix, &client,
- env.olog);
+ process_request(env.store, env.rest, &req, env.uri_prefix,
+ *env.auth_registry, &client, env.olog);
}
void write_bad_request() {
void stop();
void join();
void pause();
- void unpause(RGWRados *store);
+ void unpause(RGWRados* store, rgw_auth_registry_ptr_t);
};
int AsioFrontend::init()
ldout(ctx(), 4) << "frontend paused" << dendl;
}
-void AsioFrontend::unpause(RGWRados *store)
+void AsioFrontend::unpause(RGWRados* const store,
+ rgw_auth_registry_ptr_t auth_registry)
{
env.store = store;
+ env.auth_registry = std::move(auth_registry);
ldout(ctx(), 4) << "frontend unpaused" << dendl;
service.reset();
acceptor.async_accept(peer_socket,
impl->pause();
}
-void RGWAsioFrontend::unpause_with_new_config(RGWRados *store)
-{
- impl->unpause(store);
+void RGWAsioFrontend::unpause_with_new_config(
+ RGWRados* const store,
+ rgw_auth_registry_ptr_t auth_registry
+) {
+ impl->unpause(store, std::move(auth_registry));
}
void join() override;
void pause_for_new_config() override;
- void unpause_with_new_config(RGWRados *store) override;
+ void unpause_with_new_config(RGWRados *store,
+ rgw_auth_registry_ptr_t auth_registry) override;
};
#endif // RGW_ASIO_FRONTEND_H
* Engine. It is responsible for ordering its sub-engines and managing
* fall-backs between them. Derivatee is supposed to encapsulate engine
* instances and add them using the add_engine() method in the order it
- * wants to be tried during the call to authenticate(). */
+ * wants to be tried during the call to authenticate().
+ *
+ * Each new Strategy should be exposed to StrategyRegistry for handling
+ * the dynamic reconfiguration. */
class Strategy : public Engine {
public:
/* Specifiers controlling what happens when an associated engine fails.
};
+/* A class aggregating the knowledge about all Strategies in RadosGW. It is
+ * responsible for handling the dynamic reconfiguration on e.g. realm update.
+ * The definition is in rgw/rgw_auth_registry.h,
+ *
+ * Each new Strategy should be exposed to it. */
+class StrategyRegistry;
+
/* rgw::auth::RemoteApplier targets those authentication engines which don't
* need to ask the RADOS store while performing the auth process. Instead,
* they obtain credentials from an external source like Keystone or LDAP.
--- /dev/null
+// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+
+#ifndef CEPH_RGW_AUTH_REGISTRY_H
+#define CEPH_RGW_AUTH_REGISTRY_H
+
+#include <functional>
+#include <memory>
+#include <ostream>
+#include <type_traits>
+#include <utility>
+
+#include "rgw_auth.h"
+#include "rgw_auth_s3.h"
+#include "rgw_swift_auth.h"
+
+namespace rgw {
+namespace auth {
+
+/* A class aggregating the knowledge about all Strategies in RadosGW. It is
+ * responsible for handling the dynamic reconfiguration on e.g. realm update. */
+class StrategyRegistry {
+ template <class ExtractorT>
+ using s3_strategy_t = rgw::auth::s3::AWSv2AuthStrategy<ExtractorT>;
+
+ using s3_main_strategy_t = \
+ s3_strategy_t<rgw::auth::s3::RGWS3V2Extractor>;
+ using s3_post_strategy_t = \
+ s3_strategy_t<rgw::auth::s3::RGWGetPolicyV2Extractor>;
+
+ s3_main_strategy_t s3_main_strategy;
+ s3_post_strategy_t s3_post_strategy;
+
+ rgw::auth::swift::DefaultStrategy swift_strategy;
+
+public:
+ StrategyRegistry(CephContext* const cct,
+ RGWRados* const store)
+ : s3_main_strategy(cct, store),
+ s3_post_strategy(cct, store),
+ swift_strategy(cct, store) {
+ }
+
+public:
+ const s3_main_strategy_t& get_s3_main() const {
+ return s3_main_strategy;
+ }
+
+ const s3_post_strategy_t& get_s3_post() const {
+ return s3_post_strategy;
+ }
+
+ const rgw::auth::swift::DefaultStrategy& get_swift() const {
+ return swift_strategy;
+ }
+
+ static std::shared_ptr<StrategyRegistry>
+ create(CephContext* const cct,
+ RGWRados* const store) {
+ return std::make_shared<StrategyRegistry>(cct, store);
+ }
+};
+
+} /* namespace auth */
+} /* namespace rgw */
+
+using rgw_auth_registry_t = rgw::auth::StrategyRegistry;
+using rgw_auth_registry_ptr_t = std::shared_ptr<rgw_auth_registry_t>;
+
+#endif /* CEPH_RGW_AUTH_REGISTRY_H */
RGWRequest req(env.store->get_new_req_id());
int ret = process_request(env.store, env.rest, &req, env.uri_prefix,
- &client_io, env.olog);
+ *env.auth_registry, &client_io, env.olog);
if (ret < 0) {
/* We don't really care about return code. */
dout(20) << "process_request() returned " << ret << dendl;
RGWRestfulIO client_io(&real_client_io);
- int ret = process_request(store, rest, req, uri_prefix, &client_io, olog);
+ int ret = process_request(store, rest, req, uri_prefix,
+ *auth_registry, &client_io, olog);
if (ret < 0) {
/* we don't really care about return code */
dout(20) << "process_request() returned " << ret << dendl;
#include "rgw_civetweb_log.h"
#include "civetweb/civetweb.h"
+#include "rgw_auth_registry.h"
+
#define dout_context g_ceph_context
#define dout_subsys ceph_subsys_rgw
virtual void join() = 0;
virtual void pause_for_new_config() = 0;
- virtual void unpause_with_new_config(RGWRados* store) = 0;
+ virtual void unpause_with_new_config(RGWRados* store,
+ rgw_auth_registry_ptr_t auth_registry) = 0;
};
env.mutex.get_write();
}
- void unpause_with_new_config(RGWRados *store) override {
+ void unpause_with_new_config(RGWRados* const store,
+ rgw_auth_registry_ptr_t auth_registry) override {
env.store = store;
+ env.auth_registry = std::move(auth_registry);
// unpause callbacks
env.mutex.put_write();
}
pprocess->pause();
}
- void unpause_with_new_config(RGWRados *store) override {
+ void unpause_with_new_config(RGWRados* const store,
+ rgw_auth_registry_ptr_t auth_registry) override {
env.store = store;
- pprocess->unpause_with_new_config(store);
+ env.auth_registry = auth_registry;
+ pprocess->unpause_with_new_config(store, std::move(auth_registry));
}
}; /* RGWProcessFrontend */
class RGWFrontendPauser : public RGWRealmReloader::Pauser {
std::list<RGWFrontend*> &frontends;
RGWRealmReloader::Pauser* pauser;
+
public:
RGWFrontendPauser(std::list<RGWFrontend*> &frontends,
RGWRealmReloader::Pauser* pauser = nullptr)
pauser->pause();
}
void resume(RGWRados *store) override {
+ /* Initialize the registry of auth strategies which will coordinate
+ * the dynamic reconfiguration. */
+ auto auth_registry = \
+ rgw::auth::StrategyRegistry::create(g_ceph_context, store);
+
for (auto frontend : frontends)
- frontend->unpause_with_new_config(store);
+ frontend->unpause_with_new_config(store, auth_registry);
if (pauser)
pauser->resume(store);
}
RGWLoadGenIO real_client_io(&env);
RGWRestfulIO client_io(&real_client_io);
- int ret = process_request(store, rest, req, uri_prefix, &client_io, olog);
+ int ret = process_request(store, rest, req, uri_prefix,
+ *auth_registry, &client_io, olog);
if (ret < 0) {
/* we don't really care about return code */
dout(20) << "process_request() returned " << ret << dendl;
}
if (apis_map.count("swift") > 0) {
- static const rgw::auth::swift::DefaultStrategy auth_strategy(g_ceph_context,
- store);
-
- RGWRESTMgr_SWIFT* const swift_resource = new RGWRESTMgr_SWIFT(
- &auth_strategy);
+ RGWRESTMgr_SWIFT* const swift_resource = new RGWRESTMgr_SWIFT;
if (! g_conf->rgw_cross_domain_policy.empty()) {
swift_resource->register_resource("crossdomain.xml",
set_logging(new RGWRESTMgr_SWIFT_HealthCheck));
swift_resource->register_resource("info",
- set_logging(new RGWRESTMgr_SWIFT_Info(&auth_strategy)));
+ set_logging(new RGWRESTMgr_SWIFT_Info));
if (! swift_at_root) {
rest.register_resource(g_conf->rgw_swift_url_prefix,
rest.register_resource(g_conf->rgw_admin_entry, admin_resource);
}
+ /* Initialize the registry of auth strategies which will coordinate
+ * the dynamic reconfiguration. */
+ auto auth_registry = \
+ rgw::auth::StrategyRegistry::create(g_ceph_context, store);
+
/* Header custom behavior */
rest.register_x_headers(g_conf->rgw_log_http_headers);
std::string uri_prefix;
config->get_val("prefix", "", &uri_prefix);
- RGWProcessEnv env = { store, &rest, olog, 0, uri_prefix };
+ RGWProcessEnv env = { store, &rest, olog, 0, uri_prefix, auth_registry };
fe = new RGWCivetWebFrontend(env, config);
}
std::string uri_prefix;
config->get_val("prefix", "", &uri_prefix);
- RGWProcessEnv env = { store, &rest, olog, port, uri_prefix };
+ RGWProcessEnv env = { store, &rest, olog, port, uri_prefix, auth_registry };
fe = new RGWLoadGenFrontend(env, config);
}
config->get_val("port", 80, &port);
std::string uri_prefix;
config->get_val("prefix", "", &uri_prefix);
- RGWProcessEnv env{ store, &rest, olog, port, uri_prefix };
+ RGWProcessEnv env{ store, &rest, olog, port, uri_prefix, auth_registry };
fe = new RGWAsioFrontend(env);
}
#endif /* WITH_RADOSGW_ASIO_FRONTEND */
else if (framework == "fastcgi" || framework == "fcgi") {
std::string uri_prefix;
config->get_val("prefix", "", &uri_prefix);
- RGWProcessEnv fcgi_pe = { store, &rest, olog, 0, uri_prefix };
+ RGWProcessEnv fcgi_pe = { store, &rest, olog, 0, uri_prefix, auth_registry };
fe = new RGWFCGXFrontend(fcgi_pe, config);
}
struct req_state;
class RGWOp;
+
+namespace rgw {
+namespace auth {
+namespace registry {
+
+class StrategyRegistry;
+
+}
+}
+}
+
+
class RGWHandler {
protected:
RGWRados* store;
* authentication. The alternative is to duplicate parts of the method-
* dispatch logic in RGWHandler::authorize() and pollute it with a lot
* of special cases. */
- virtual int verify_requester() {
+ virtual int verify_requester(const rgw::auth::StrategyRegistry& auth_registry) {
/* TODO(rzarzynski): rename RGWHandler::authorize to generic_authenticate. */
return dialect_handler->authorize();
}
RGWREST* const rest,
RGWRequest* const req,
const std::string& frontend_prefix,
+ const rgw_auth_registry_t& auth_registry,
RGWRestfulIO* const client_io,
OpsLogSocket* const olog)
{
int init_error = 0;
bool should_log = false;
RGWRESTMgr *mgr;
- RGWHandler_REST *handler = rest->get_handler(store, s, frontend_prefix,
+ RGWHandler_REST *handler = rest->get_handler(store, s,
+ auth_registry,
+ frontend_prefix,
client_io, &mgr, &init_error);
if (init_error != 0) {
abort_early(s, NULL, init_error, NULL);
s->op_type = op->get_type();
req->log(s, "verifying requester");
- ret = op->verify_requester();
+ ret = op->verify_requester(auth_registry);
if (ret < 0) {
dout(10) << "failed to authorize request" << dendl;
abort_early(s, NULL, ret, handler);
#include "rgw_common.h"
#include "rgw_rados.h"
#include "rgw_acl.h"
+#include "rgw_auth_registry.h"
#include "rgw_user.h"
#include "rgw_op.h"
#include "rgw_rest.h"
OpsLogSocket *olog;
int port;
std::string uri_prefix;
+ std::shared_ptr<rgw::auth::StrategyRegistry> auth_registry;
};
class RGWFrontendConfig;
protected:
CephContext *cct;
RGWRados* store;
+ rgw_auth_registry_ptr_t auth_registry;
OpsLogSocket* olog;
ThreadPool m_tp;
Throttle req_throttle;
RGWFrontendConfig* const conf)
: cct(cct),
store(pe->store),
+ auth_registry(pe->auth_registry),
olog(pe->olog),
m_tp(cct, "RGWProcess::m_tp", "tp_rgw_process", num_threads),
req_throttle(cct, "rgw_ops", num_threads * 2),
m_tp.pause();
}
- void unpause_with_new_config(RGWRados *store) {
+ void unpause_with_new_config(RGWRados* const store,
+ rgw_auth_registry_ptr_t auth_registry) {
this->store = store;
+ this->auth_registry = std::move(auth_registry);
m_tp.unpause();
}
RGWREST* rest,
RGWRequest* req,
const std::string& frontend_prefix,
+ const rgw_auth_registry_t& auth_registry,
RGWRestfulIO* client_io,
OpsLogSocket* olog);
return 0;
}
-RGWHandler_REST* RGWREST::get_handler(RGWRados * const store,
- struct req_state* const s,
- const std::string& frontend_prefix,
- RGWRestfulIO* const rio,
- RGWRESTMgr** const pmgr,
- int* const init_error)
-{
+RGWHandler_REST* RGWREST::get_handler(
+ RGWRados * const store,
+ struct req_state* const s,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ const std::string& frontend_prefix,
+ RGWRestfulIO* const rio,
+ RGWRESTMgr** const pmgr,
+ int* const init_error
+) {
*init_error = preprocess(s, rio);
if (*init_error < 0) {
return nullptr;
*pmgr = m;
}
- RGWHandler_REST* handler = m->get_handler(s, frontend_prefix);
+ RGWHandler_REST* handler = m->get_handler(s, auth_registry, frontend_prefix);
if (! handler) {
*init_error = -ERR_METHOD_NOT_ALLOWED;
return NULL;
class RGWHandler_SWIFT_Auth;
class RGWHandler_REST_S3;
+namespace rgw {
+namespace auth {
+
+class StrategyRegistry;
+
+}
+}
class RGWRESTMgr {
bool should_log;
return get_resource_mgr(s, frontend_prefix + uri, out_uri);
}
- virtual RGWHandler_REST* get_handler(struct req_state* const s,
- const std::string& frontend_prefix) {
+ virtual RGWHandler_REST* get_handler(
+ struct req_state* const s,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ const std::string& frontend_prefix
+ ) {
return nullptr;
}
RGWREST() {}
RGWHandler_REST *get_handler(RGWRados *store,
struct req_state *s,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefix,
RGWRestfulIO *rio,
RGWRESTMgr **pmgr,
RGWOp *op_post() override;
RGWOp *op_delete() override;
public:
- RGWHandler_Bucket() {}
- ~RGWHandler_Bucket() override {}
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+ ~RGWHandler_Bucket() override = default;
int read_permissions(RGWOp*) override {
return 0;
~RGWRESTMgr_Bucket() override = default;
RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string&) override {
- return new RGWHandler_Bucket;
+ return new RGWHandler_Bucket(auth_registry);
}
};
return 0;
}
public:
- RGWHandler_Config() : RGWHandler_Auth_S3() {}
- ~RGWHandler_Config() override {}
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+ ~RGWHandler_Config() override = default;
};
~RGWRESTMgr_Config() override = default;
RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string&) override {
- return new RGWHandler_Config;
+ return new RGWHandler_Config(auth_registry);
}
};
return 0;
}
public:
- RGWHandler_Log() : RGWHandler_Auth_S3() {}
- ~RGWHandler_Log() override {}
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+ ~RGWHandler_Log() override = default;
};
class RGWRESTMgr_Log : public RGWRESTMgr {
~RGWRESTMgr_Log() override = default;
RGWHandler_REST* get_handler(struct req_state* const,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefixs) override {
- return new RGWHandler_Log;
+ return new RGWHandler_Log(auth_registry);
}
};
return 0;
}
public:
- RGWHandler_Metadata() : RGWHandler_Auth_S3() {}
- ~RGWHandler_Metadata() override {}
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+ ~RGWHandler_Metadata() override = default;
};
class RGWRESTMgr_Metadata : public RGWRESTMgr {
~RGWRESTMgr_Metadata() override = default;
RGWHandler_REST* get_handler(struct req_state* const s,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefix) override {
- return new RGWHandler_Metadata;
+ return new RGWHandler_Metadata(auth_registry);
}
};
return 0;
}
public:
- RGWHandler_Opstate() : RGWHandler_Auth_S3() {}
- ~RGWHandler_Opstate() override {}
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+ ~RGWHandler_Opstate() override = default;
};
class RGWRESTMgr_Opstate : public RGWRESTMgr {
~RGWRESTMgr_Opstate() override = default;
RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string&) override {
- return new RGWHandler_Opstate;
+ return new RGWHandler_Opstate(auth_registry);
}
};
class RGWHandler_Period : public RGWHandler_Auth_S3 {
protected:
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+
RGWOp *op_get() override { return new RGWOp_Period_Get; }
RGWOp *op_post() override { return new RGWOp_Period_Post; }
};
class RGWRESTMgr_Period : public RGWRESTMgr {
public:
RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string&) override {
- return new RGWHandler_Period;
+ return new RGWHandler_Period(auth_registry);
}
};
class RGWHandler_Realm : public RGWHandler_Auth_S3 {
protected:
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
RGWOp *op_get() override { return new RGWOp_Realm_Get; }
};
register_resource("period", new RGWRESTMgr_Period);
}
-RGWHandler_REST* RGWRESTMgr_Realm::get_handler(struct req_state*,
- const std::string&)
+RGWHandler_REST*
+RGWRESTMgr_Realm::get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ const std::string&)
{
- return new RGWHandler_Realm;
+ return new RGWHandler_Realm(auth_registry);
}
RGWRESTMgr_Realm();
RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string&) override;
};
return 0;
}
public:
- RGWHandler_ReplicaLog() : RGWHandler_Auth_S3() {}
- ~RGWHandler_ReplicaLog() override {}
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+ ~RGWHandler_ReplicaLog() override = default;
};
class RGWRESTMgr_ReplicaLog : public RGWRESTMgr {
~RGWRESTMgr_ReplicaLog() override = default;
RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string&) override {
- return new RGWHandler_ReplicaLog;
+ return new RGWHandler_ReplicaLog(auth_registry);
}
};
#include "rgw_keystone.h"
#include "rgw_auth_keystone.h"
+#include "rgw_auth_registry.h"
#include <typeinfo> // for 'typeid'
/* FIXME: this is a makeshift solution. The browser upload authentication will be
* handled by an instance of rgw::auth::Completer spawned in Handler's authorize()
* method. */
- static const rgw::auth::s3::AWSv2AuthStrategy<
- rgw::auth::s3::RGWGetPolicyV2Extractor> strategy(g_ceph_context, store);
+ const auto& strategy = auth_registry_ptr->get_s3_post();
try {
auto result = strategy.authenticate(s);
if (result.get_status() != decltype(result)::Status::GRANTED) {
*
* it tries AWS v4 before AWS v2
*/
-int RGW_Auth_S3::authorize(RGWRados *store, struct req_state *s)
+int RGW_Auth_S3::authorize(RGWRados* const store,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ struct req_state* const s)
{
/* neither keystone and rados enabled; warn and exit! */
string auth_id = s->info.args.get("AWSAccessKeyId");
if (auth_id.size()) {
- return authorize_v2(store, s);
+ return authorize_v2(store, auth_registry, s);
}
/* anonymous access */
/* AWS2 */
if (!strncmp(s->http_auth, "AWS ", 4)) {
- return authorize_v2(store, s);
+ return authorize_v2(store, auth_registry, s);
}
}
/*
* handle v2 signatures
*/
-int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
+int RGW_Auth_S3::authorize_v2(RGWRados* const store,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ struct req_state* const s)
{
- /* TODO(rzarzynski): this will be moved to the S3 handlers -- in exactly
- * way like we currently have in the case of Swift API. */
- static const rgw::auth::s3::AWSv2AuthStrategy<rgw::auth::s3::RGWS3V2Extractor> strategy(g_ceph_context, store);
+ const auto& auth_strategy = auth_registry.get_s3_main();
try {
- auto result = strategy.authenticate(s);
+ auto result = auth_strategy.authenticate(s);
if (result.get_status() != decltype(result)::Status::GRANTED) {
ldout(s->cct, 5) << "Failed the S3 auth strategy, reason="
<< result.get_reason() << dendl;
}
RGWHandler_REST* RGWRESTMgr_S3::get_handler(struct req_state* const s,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefix)
{
bool is_s3website = enable_s3website && (s->prot_flags & RGW_REST_WEBSITE);
// TODO: Make this more readable
if (is_s3website) {
if (s->init_state.url_bucket.empty()) {
- handler = new RGWHandler_REST_Service_S3Website;
+ handler = new RGWHandler_REST_Service_S3Website(auth_registry);
} else if (s->object.empty()) {
- handler = new RGWHandler_REST_Bucket_S3Website;
+ handler = new RGWHandler_REST_Bucket_S3Website(auth_registry);
} else {
- handler = new RGWHandler_REST_Obj_S3Website;
+ handler = new RGWHandler_REST_Obj_S3Website(auth_registry);
}
} else {
if (s->init_state.url_bucket.empty()) {
- handler = new RGWHandler_REST_Service_S3;
+ handler = new RGWHandler_REST_Service_S3(auth_registry);
} else if (s->object.empty()) {
- handler = new RGWHandler_REST_Bucket_S3;
+ handler = new RGWHandler_REST_Bucket_S3(auth_registry);
} else {
- handler = new RGWHandler_REST_Obj_S3;
+ handler = new RGWHandler_REST_Obj_S3(auth_registry);
}
}
RGWPolicy post_policy;
string err_msg;
+ const rgw::auth::StrategyRegistry* auth_registry_ptr = nullptr;
+
int read_with_boundary(bufferlist& bl, uint64_t max, bool check_eol,
bool *reached_boundary,
bool *done);
RGWPostObj_ObjStore_S3() {}
~RGWPostObj_ObjStore_S3() override {}
+ int verify_requester(const rgw::auth::StrategyRegistry& auth_registry) {
+ auth_registry_ptr = &auth_registry;
+ return RGWPostObj_ObjStore::verify_requester(auth_registry);
+ }
+
int get_params() override;
int complete_get_params();
void send_response() override;
class RGW_Auth_S3 {
private:
- static int authorize_v2(RGWRados *store, struct req_state *s);
+ static int authorize_v2(RGWRados *store,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ struct req_state *s);
static int authorize_v4(RGWRados *store, struct req_state *s, bool force_boto2_compat = true);
static int authorize_v4_complete(RGWRados *store, struct req_state *s,
const string& request_payload,
bool unsigned_payload);
public:
- static int authorize(RGWRados *store, struct req_state *s);
+ static int authorize(RGWRados *store,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ struct req_state *s);
static int authorize_aws4_auth_complete(RGWRados *store, struct req_state *s);
};
class RGWHandler_Auth_S3 : public RGWHandler_REST {
friend class RGWRESTMgr_S3;
+
+ const rgw::auth::StrategyRegistry& auth_registry;
+
public:
- RGWHandler_Auth_S3() : RGWHandler_REST() {}
- ~RGWHandler_Auth_S3() override {}
+ RGWHandler_Auth_S3(const rgw::auth::StrategyRegistry& auth_registry)
+ : RGWHandler_REST(),
+ auth_registry(auth_registry) {
+ }
+ ~RGWHandler_Auth_S3() override = default;
static int validate_bucket_name(const string& bucket);
static int validate_object_name(const string& bucket);
struct req_state *s,
rgw::io::BasicClient *cio) override;
int authorize() override {
- return RGW_Auth_S3::authorize(store, s);
+ return RGW_Auth_S3::authorize(store, auth_registry, s);
}
int postauth_init() override { return 0; }
};
class RGWHandler_REST_S3 : public RGWHandler_REST {
friend class RGWRESTMgr_S3;
+
+ const rgw::auth::StrategyRegistry& auth_registry;
public:
static int init_from_header(struct req_state *s, int default_formatter, bool configurable_format);
- RGWHandler_REST_S3() : RGWHandler_REST() {}
- ~RGWHandler_REST_S3() override {}
+ RGWHandler_REST_S3(const rgw::auth::StrategyRegistry& auth_registry)
+ : RGWHandler_REST(),
+ auth_registry(auth_registry) {
+ }
+ ~RGWHandler_REST_S3() override = default;
int init(RGWRados *store,
struct req_state *s,
rgw::io::BasicClient *cio) override;
int authorize() override {
- return RGW_Auth_S3::authorize(store, s);
+ return RGW_Auth_S3::authorize(store, auth_registry, s);
}
int postauth_init() override;
};
RGWOp *op_head() override;
RGWOp *op_post() override;
public:
- RGWHandler_REST_Service_S3() {}
- ~RGWHandler_REST_Service_S3() override {}
+ using RGWHandler_REST_S3::RGWHandler_REST_S3;
+ ~RGWHandler_REST_Service_S3() override = default;
};
class RGWHandler_REST_Bucket_S3 : public RGWHandler_REST_S3 {
RGWOp *op_post() override;
RGWOp *op_options() override;
public:
- RGWHandler_REST_Bucket_S3() {}
- ~RGWHandler_REST_Bucket_S3() override {}
+ using RGWHandler_REST_S3::RGWHandler_REST_S3;
+ ~RGWHandler_REST_Bucket_S3() override = default;
};
class RGWHandler_REST_Obj_S3 : public RGWHandler_REST_S3 {
RGWOp *op_post() override;
RGWOp *op_options() override;
public:
- RGWHandler_REST_Obj_S3() {}
- ~RGWHandler_REST_Obj_S3() override {}
+ using RGWHandler_REST_S3::RGWHandler_REST_S3;
+ ~RGWHandler_REST_Obj_S3() override = default;
};
class RGWRESTMgr_S3 : public RGWRESTMgr {
~RGWRESTMgr_S3() override = default;
RGWHandler_REST *get_handler(struct req_state* s,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefix) override;
};
int serve_errordoc(int http_ret, const string &errordoc_key);
public:
- RGWHandler_REST_S3Website() : RGWHandler_REST_S3() {}
- ~RGWHandler_REST_S3Website() override {}
+ using RGWHandler_REST_S3::RGWHandler_REST_S3;
+ ~RGWHandler_REST_S3Website() override = default;
int error_handler(int err_no, string *error_content) override;
};
protected:
RGWOp *get_obj_op(bool get_data) override;
public:
- RGWHandler_REST_Service_S3Website() {}
- ~RGWHandler_REST_Service_S3Website() override {}
+ using RGWHandler_REST_S3Website::RGWHandler_REST_S3Website;
+ ~RGWHandler_REST_Service_S3Website() override = default;
};
class RGWHandler_REST_Obj_S3Website : public RGWHandler_REST_S3Website {
protected:
RGWOp *get_obj_op(bool get_data) override;
public:
- RGWHandler_REST_Obj_S3Website() {}
- ~RGWHandler_REST_Obj_S3Website() override {}
+ using RGWHandler_REST_S3Website::RGWHandler_REST_S3Website;
+ ~RGWHandler_REST_Obj_S3Website() override = default;
};
/* The cross-inheritance from Obj to Bucket is deliberate!
protected:
RGWOp *get_obj_op(bool get_data) override;
public:
- RGWHandler_REST_Bucket_S3Website() {}
- ~RGWHandler_REST_Bucket_S3Website() override {}
+ using RGWHandler_REST_S3Website::RGWHandler_REST_S3Website;
+ ~RGWHandler_REST_Bucket_S3Website() override = default;
};
// TODO: do we actually need this?
return RGWHandler_REST::init(store, s, cio);
}
-RGWHandler_REST* RGWRESTMgr_SWIFT::get_handler(struct req_state* const s,
- const std::string& frontend_prefix)
+RGWHandler_REST*
+RGWRESTMgr_SWIFT::get_handler(struct req_state* const s,
+ const rgw::auth::StrategyRegistry& auth_registry,
+ const std::string& frontend_prefix)
{
int ret = RGWHandler_REST_SWIFT::init_from_header(s, frontend_prefix);
if (ret < 0) {
return nullptr;
}
+ const auto& auth_strategy = auth_registry.get_swift();
+
if (s->init_state.url_bucket.empty()) {
return new RGWHandler_REST_Service_SWIFT(auth_strategy);
}
RGWHandler_REST* RGWRESTMgr_SWIFT_Info::get_handler(
struct req_state* const s,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefix)
{
s->prot_flags |= RGW_REST_SWIFT;
+ const auto& auth_strategy = auth_registry.get_swift();
return new RGWHandler_REST_SWIFT_Info(auth_strategy);
}
};
class RGWRESTMgr_SWIFT : public RGWRESTMgr {
- const rgw::auth::Strategy& auth_strategy;
-
protected:
RGWRESTMgr* get_resource_mgr_as_default(struct req_state* const s,
const std::string& uri,
}
public:
- RGWRESTMgr_SWIFT(const rgw::auth::Strategy* const auth_strategy)
- : auth_strategy(*auth_strategy) {
- }
+ RGWRESTMgr_SWIFT() = default;
~RGWRESTMgr_SWIFT() override = default;
RGWHandler_REST *get_handler(struct req_state *s,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefix) override;
};
~RGWRESTMgr_SWIFT_CrossDomain() override = default;
RGWHandler_REST* get_handler(struct req_state* const s,
+ const rgw::auth::StrategyRegistry&,
const std::string&) override {
s->prot_flags |= RGW_REST_SWIFT;
return new RGWHandler_SWIFT_CrossDomain;
~RGWRESTMgr_SWIFT_HealthCheck() override = default;
RGWHandler_REST* get_handler(struct req_state* const s,
+ const rgw::auth::StrategyRegistry&,
const std::string&) override {
s->prot_flags |= RGW_REST_SWIFT;
return new RGWHandler_SWIFT_HealthCheck;
class RGWHandler_REST_SWIFT_Info : public RGWHandler_REST_SWIFT {
public:
- //using RGWHandler_REST_SWIFT::RGWHandler_REST_SWIFT;
- RGWHandler_REST_SWIFT_Info(const rgw::auth::Strategy& auth_strategy)
- : RGWHandler_REST_SWIFT(auth_strategy) {
- }
+ using RGWHandler_REST_SWIFT::RGWHandler_REST_SWIFT;
~RGWHandler_REST_SWIFT_Info() override = default;
RGWOp *op_get() override {
};
class RGWRESTMgr_SWIFT_Info : public RGWRESTMgr {
- const rgw::auth::Strategy& auth_strategy;
-
public:
- RGWRESTMgr_SWIFT_Info(const rgw::auth::Strategy* const auth_strategy)
- : auth_strategy(*auth_strategy) {
- }
+ RGWRESTMgr_SWIFT_Info() = default;
~RGWRESTMgr_SWIFT_Info() override = default;
RGWHandler_REST *get_handler(struct req_state* s,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string& frontend_prefix) override;
};
RGWOp *op_get() override;
RGWOp *op_delete() override;
public:
- RGWHandler_Usage() {}
- ~RGWHandler_Usage() override {}
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+ ~RGWHandler_Usage() override = default;
int read_permissions(RGWOp*) override {
return 0;
~RGWRESTMgr_Usage() override = default;
RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string&) override {
- return new RGWHandler_Usage;
+ return new RGWHandler_Usage(auth_registry);
}
};
RGWOp *op_post() override;
RGWOp *op_delete() override;
public:
- RGWHandler_User() {}
- ~RGWHandler_User() override {}
+ using RGWHandler_Auth_S3::RGWHandler_Auth_S3;
+ ~RGWHandler_User() override = default;
int read_permissions(RGWOp*) override {
return 0;
~RGWRESTMgr_User() override = default;
RGWHandler_REST *get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry& auth_registry,
const std::string&) override {
- return new RGWHandler_User;
+ return new RGWHandler_User(auth_registry);
}
};
}
RGWHandler_REST* get_handler(struct req_state*,
+ const rgw::auth::StrategyRegistry&,
const std::string&) override {
return new RGWHandler_SWIFT_Auth;
}
projects / ceph-ci.git / commitdiff