]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commitdiff
rgw: share time skew check between v2 and v4 auth 20013/head
authorCasey Bodley <cbodley@redhat.com>
Tue, 9 Jan 2018 21:12:38 +0000 (16:12 -0500)
committerCasey Bodley <cbodley@redhat.com>
Thu, 18 Jan 2018 18:15:12 +0000 (13:15 -0500)
this moves the new std::chrono-based v4 time skew check into a common
helper function, then uses that in place of the v2 check

Signed-off-by: Casey Bodley <cbodley@redhat.com>
src/rgw/rgw_auth_s3.cc
src/rgw/rgw_auth_s3.h
src/rgw/rgw_rest_s3.cc
src/rgw/rgw_rest_s3.h

index 24e331503df5e538191b52c94036289875d4b3b6..551ced314340334bc69213c8d34575418ddf12ef 100644 (file)
@@ -223,8 +223,20 @@ namespace rgw {
 namespace auth {
 namespace s3 {
 
-/* FIXME(rzarzynski): duplicated from rgw_rest_s3.h. */
-#define RGW_AUTH_GRACE_MINS 15
+bool is_time_skew_ok(time_t t)
+{
+  auto req_tp = ceph::coarse_real_clock::from_time_t(t);
+  auto cur_tp = ceph::coarse_real_clock::now();
+
+  if (std::chrono::abs(cur_tp - req_tp) > RGW_AUTH_GRACE) {
+    dout(10) << "NOTICE: request time skew too big." << dendl;
+    using ceph::operator<<;
+    dout(10) << "req_tp=" << req_tp << ", cur_tp=" << cur_tp << dendl;
+    return false;
+  }
+
+  return true;
+}
 
 static inline int parse_v4_query_string(const req_info& info,              /* in */
                                         boost::string_view& credential,    /* out */
@@ -391,13 +403,7 @@ static inline int parse_v4_auth_header(const req_info& info,               /* in
   }
   date = d;
 
-  auto req_tp = ceph::coarse_real_clock::from_time_t(internal_timegm(&t));
-  auto cur_tp = ceph::coarse_real_clock::now();
-  constexpr auto grace = std::chrono::minutes{RGW_AUTH_GRACE_MINS};
-  if (std::chrono::abs(cur_tp - req_tp) > grace) {
-    dout(10) << "NOTICE: request time skew too big." << dendl;
-    using ceph::operator<<;
-    dout(10) << "req_tp=" << req_tp << ", cur_tp=" << cur_tp << dendl;
+  if (!is_time_skew_ok(internal_timegm(&t))) {
     return -ERR_REQUEST_TIME_SKEWED;
   }
 
index cdf5a02e8dc9d6c5a9f44e9917dc4a8203bbbaa4..a740990ce0d28c4fdc1485b5a46d0c775e9db63f 100644 (file)
@@ -27,6 +27,11 @@ namespace rgw {
 namespace auth {
 namespace s3 {
 
+static constexpr auto RGW_AUTH_GRACE = std::chrono::minutes{15};
+
+// returns true if the request time is within RGW_AUTH_GRACE of the current time
+bool is_time_skew_ok(time_t t);
+
 class ExternalAuthStrategy : public rgw::auth::Strategy,
                              public rgw::auth::RemoteApplier::Factory {
   typedef rgw::auth::IdentityApplier::aplptr_t aplptr_t;
index b9b5d1b6ffea3d2d612198ed3bd3805ce821884f..64f133dd460d0fcd221f4c032cf9a788b727b992 100644 (file)
@@ -3660,33 +3660,6 @@ namespace rgw {
 namespace auth {
 namespace s3 {
 
-bool AWSGeneralAbstractor::is_time_skew_ok(const utime_t& header_time) const
-{
-  /* Check for time skew first. */
-  const time_t req_sec = header_time.sec();
-  time_t now;
-  time(&now);
-
-  if (req_sec < now - RGW_AUTH_GRACE_MINS * 60 ||
-      req_sec > now + RGW_AUTH_GRACE_MINS * 60) {
-    ldout(cct, 10) << "req_sec=" << req_sec << " now=" << now
-                   << "; now - RGW_AUTH_GRACE_MINS="
-                   << now - RGW_AUTH_GRACE_MINS * 60
-                   << "; now + RGW_AUTH_GRACE_MINS="
-                   << now + RGW_AUTH_GRACE_MINS * 60
-                   << dendl;
-
-    ldout(cct, 0)  << "NOTICE: request time skew too big now="
-                   << utime_t(now, 0)
-                   << " req_time=" << header_time
-                   << dendl;
-    return false;
-  }
-
-  return true;
-}
-
-
 static rgw::auth::Completer::cmplptr_t
 null_completer_factory(const boost::optional<std::string>& secret_key)
 {
index f9a7baab9794f6b2a4e3239c77078a7b27e6bcff..dc9a0194a9b2ad9bad5597108378148dd1242f84 100644 (file)
@@ -28,8 +28,6 @@
 #include "rgw_auth.h"
 #include "rgw_auth_filters.h"
 
-#define RGW_AUTH_GRACE_MINS 15
-
 struct rgw_http_error {
   int http_ret;
   const char *s3_code;
@@ -765,8 +763,6 @@ public:
 class AWSGeneralAbstractor : public AWSEngine::VersionAbstractor {
   CephContext* const cct;
 
-  bool is_time_skew_ok(const utime_t& header_time) const;
-
   virtual boost::optional<std::string>
   get_v4_canonical_headers(const req_info& info,
                            const boost::string_view& signedheaders,