/* XXX authorize does less here then in the REST path, e.g.,
* the user's info is cached, but still incomplete */
ldpp_dout(s, 2) << "authorizing" << dendl;
- ret = req->authorize();
+ ret = req->authorize(op);
if (ret < 0) {
dout(10) << "failed to authorize request" << dendl;
abort_req(s, op, ret);
/* XXX authorize does less here then in the REST path, e.g.,
* the user's info is cached, but still incomplete */
ldpp_dout(s, 2) << "authorizing" << dendl;
- ret = req->authorize();
+ ret = req->authorize(op);
if (ret < 0) {
dout(10) << "failed to authorize request" << dendl;
abort_req(s, op, ret);
return ret;
} /* RGWLibRequest::read_permissions */
- int RGWHandler_Lib::authorize()
+ int RGWHandler_Lib::authorize(const DoutPrefixProvider *dpp)
{
/* TODO: handle
* 1. subusers
}
int
-rgw::auth::Strategy::apply(const rgw::auth::Strategy& auth_strategy,
+rgw::auth::Strategy::apply(const DoutPrefixProvider *dpp, const rgw::auth::Strategy& auth_strategy,
req_state* const s) noexcept
{
try {
if (result.get_status() != decltype(result)::Status::GRANTED) {
/* Access denied is acknowledged by returning a std::unique_ptr with
* nullptr inside. */
- ldout(s->cct, 5) << "Failed the auth strategy, reason="
+ ldpp_dout(dpp, 5) << "Failed the auth strategy, reason="
<< result.get_reason() << dendl;
return result.get_reason();
}
return 0;
} catch (const int err) {
- ldout(s->cct, 5) << "applier throwed err=" << err << dendl;
+ ldpp_dout(dpp, 5) << "applier throwed err=" << err << dendl;
return err;
}
} catch (const int err) {
- ldout(s->cct, 5) << "auth engine throwed err=" << err << dendl;
+ ldpp_dout(dpp, 5) << "auth engine throwed err=" << err << dendl;
return err;
}
/* Engine doesn't grant the access but also doesn't reject it. */
DENIED,
- /* Engine successfully authenticated requester. */
+ /* Engine successfully authenicated requester. */
GRANTED,
/* Engine strictly indicates that a request should be rejected
return auth_stack.empty();
}
- static int apply(const Strategy& auth_strategy, req_state* s) noexcept;
+ static int apply(const DoutPrefixProvider* dpp, const Strategy& auth_strategy, req_state* s) noexcept;
private:
/* Using the reference wrapper here to explicitly point out we are not
friend class RGWRESTMgr_Lib;
public:
- int authorize() override;
+ int authorize(const DoutPrefixProvider *dpp) override;
RGWHandler_Lib() {}
~RGWHandler_Lib() override {}
}
virtual int read_permissions(RGWOp* op) = 0;
- virtual int authorize() = 0;
+ virtual int authorize(const DoutPrefixProvider* dpp) = 0;
virtual int postauth_init() = 0;
virtual int error_handler(int err_no, std::string* error_content);
virtual void dump(const string& code, const string& message) const {}
* of special cases. */
virtual int verify_requester(const rgw::auth::StrategyRegistry& auth_registry) {
/* TODO(rzarzynski): rename RGWHandler::authorize to generic_authenticate. */
- return dialect_handler->authorize();
+ return dialect_handler->authorize(this);
}
virtual int verify_permission() = 0;
virtual int verify_op_mask();
/* FIXME: this is a makeshift solution. The browser upload authentication will be
* handled by an instance of rgw::auth::Completer spawned in Handler's authorize()
* method. */
- const int ret = rgw::auth::Strategy::apply(auth_registry_ptr->get_s3_post(), s);
+ const int ret = rgw::auth::Strategy::apply(this, auth_registry_ptr->get_s3_post(), s);
if (ret != 0) {
return -EACCES;
} else {
*
* it tries AWS v4 before AWS v2
*/
-int RGW_Auth_S3::authorize(RGWRados* const store,
+int RGW_Auth_S3::authorize(const DoutPrefixProvider *dpp,
+ RGWRados* const store,
const rgw::auth::StrategyRegistry& auth_registry,
struct req_state* const s)
{
if (!store->ctx()->_conf->rgw_s3_auth_use_rados &&
!store->ctx()->_conf->rgw_s3_auth_use_keystone &&
!store->ctx()->_conf->rgw_s3_auth_use_ldap) {
- dout(0) << "WARNING: no authorization backend enabled! Users will never authenticate." << dendl;
+ ldpp_dout(dpp, 0) << "WARNING: no authorization backend enabled! Users will never authenticate." << dendl;
return -EPERM;
}
- const auto ret = rgw::auth::Strategy::apply(auth_registry.get_s3_main(), s);
+ const auto ret = rgw::auth::Strategy::apply(dpp, auth_registry.get_s3_main(), s);
if (ret == 0) {
/* Populate the owner info. */
s->owner.set_id(s->user->user_id);
/* TODO(rzarzynski): we need to have string-view taking variant. */
const std::string access_key_id = _access_key_id.to_string();
if (rgw_get_user_info_by_access_key(store, access_key_id, user_info) < 0) {
- ldout(cct, 5) << "error reading user info, uid=" << access_key_id
+ ldpp_dout(s, 5) << "error reading user info, uid=" << access_key_id
<< " can't authenticate" << dendl;
return result_t::deny(-ERR_INVALID_ACCESS_KEY);
}
const auto iter = user_info.access_keys.find(access_key_id);
if (iter == std::end(user_info.access_keys)) {
- ldout(cct, 0) << "ERROR: access key not encoded in user info" << dendl;
+ ldpp_dout(s, 0) << "ERROR: access key not encoded in user info" << dendl;
return result_t::deny(-EPERM);
}
const RGWAccessKey& k = iter->second;
class RGW_Auth_S3 {
public:
- static int authorize(RGWRados *store,
+ static int authorize(const DoutPrefixProvider *dpp,
+ RGWRados *store,
const rgw::auth::StrategyRegistry& auth_registry,
struct req_state *s);
};
int init(RGWRados *store,
struct req_state *s,
rgw::io::BasicClient *cio) override;
- int authorize() override {
- return RGW_Auth_S3::authorize(store, auth_registry, s);
+ int authorize(const DoutPrefixProvider *dpp) override {
+ return RGW_Auth_S3::authorize(dpp, store, auth_registry, s);
}
int postauth_init() override { return 0; }
};
int init(RGWRados *store,
struct req_state *s,
rgw::io::BasicClient *cio) override;
- int authorize() override {
- return RGW_Auth_S3::authorize(store, auth_registry, s);
+ int authorize(const DoutPrefixProvider *dpp) override {
+ return RGW_Auth_S3::authorize(dpp, store, auth_registry, s);
}
int postauth_init() override;
};
}
-int RGWHandler_REST_SWIFT::authorize()
+int RGWHandler_REST_SWIFT::authorize(const DoutPrefixProvider *dpp)
{
- return rgw::auth::Strategy::apply(auth_strategy, s);
+ return rgw::auth::Strategy::apply(dpp, auth_strategy, s);
}
int RGWHandler_REST_SWIFT::postauth_init()
int validate_bucket_name(const string& bucket);
int init(RGWRados *store, struct req_state *s, rgw::io::BasicClient *cio) override;
- int authorize() override;
+ int authorize(const DoutPrefixProvider *dpp) override;
int postauth_init() override;
RGWAccessControlPolicy *alloc_policy() { return nullptr; /* return new RGWAccessControlPolicy_SWIFT; */ }
return RGWHandler::init(store, state, cio);
}
- int authorize() override {
+ int authorize(const DoutPrefixProvider *dpp) override {
return 0;
}
return RGWHandler::init(store, state, cio);
}
- int authorize() override {
+ int authorize(const DoutPrefixProvider *dpp) override {
return 0;
}
return RGWHandler::init(store, state, cio);
}
- int authorize() override {
+ int authorize(const DoutPrefixProvider *dpp) override {
return 0;
}
return RGWHandler::init(store, state, cio);
}
-int RGWHandler_SWIFT_Auth::authorize()
+int RGWHandler_SWIFT_Auth::authorize(const DoutPrefixProvider *dpp)
{
return 0;
}
RGWOp *op_get() override;
int init(RGWRados *store, struct req_state *state, rgw::io::BasicClient *cio) override;
- int authorize() override;
+ int authorize(const DoutPrefixProvider *dpp) override;
int postauth_init() override { return 0; }
int read_permissions(RGWOp *op) override { return 0; }
projects / ceph-ci.git / commitdiff