};
}
-rgw::auth::Engine::result_t EC2Engine::authenticate(const std::string& access_key_id,
- const std::string& signature,
- const std::string& string_to_sign,
- /* Passthorugh only! */
- const req_state* s) const
+rgw::auth::Engine::result_t EC2Engine::authenticate(
+ const std::string& access_key_id,
+ const std::string& signature,
+ const std::string& string_to_sign,
+ const signature_factory_t& signature_factory,
+ const completer_factory_t& completer_factory,
+ /* Passthorugh only! */
+ const req_state* s) const
{
/* This will be initialized on the first call to this method. In C++11 it's
* also thread-safe. */
auto apl = apl_factory->create_apl_remote(cct, s, get_acl_strategy(*t),
get_creds_info(*t, accepted_roles.admin));
- return result_t::grant(std::move(apl));
+ return result_t::grant(std::move(apl), completer_factory());
}
}
result_t authenticate(const std::string& access_key_id,
const std::string& signature,
const std::string& string_to_sign,
+ const signature_factory_t& signature_factory,
+ const completer_factory_t& completer_factory,
const req_state* s) const override;
public:
EC2Engine(CephContext* const cct,
dest_str = dest;
}
-int rgw_get_s3_header_digest(const string& auth_hdr, const string& key, string& dest)
+int rgw_get_s3_header_digest(const std::string& auth_hdr,
+ const std::string& key,
+ std::string& dest)
{
if (key.empty())
return -EINVAL;
}
rgw::auth::Engine::result_t
-rgw::auth::s3::LDAPEngine::authenticate(const std::string& access_key_id,
- const std::string& signature,
- const std::string& string_to_sign,
- const req_state* const s) const
+rgw::auth::s3::LDAPEngine::authenticate(
+ const std::string& access_key_id,
+ const std::string& signature,
+ const std::string& string_to_sign,
+ const signature_factory_t& signature_factory,
+ const completer_factory_t& completer_factory,
+ const req_state* const s) const
{
/* boost filters and/or string_ref may throw on invalid input */
rgw::RGWToken base64_token;
auto apl = apl_factory->create_apl_remote(cct, s, get_acl_strategy(),
get_creds_info(base64_token));
- return result_t::grant(std::move(apl));
+ return result_t::grant(std::move(apl), completer_factory());
}
/* LocalEndgine */
rgw::auth::Engine::result_t
-rgw::auth::s3::LocalEngine::authenticate(const std::string& access_key_id,
- const std::string& signature,
- const std::string& string_to_sign,
- const req_state* const s) const
+rgw::auth::s3::LocalEngine::authenticate(
+ const std::string& access_key_id,
+ const std::string& signature,
+ const std::string& string_to_sign,
+ const signature_factory_t& signature_factory,
+ const completer_factory_t& completer_factory,
+ const req_state* const s) const
{
/* get the user info */
RGWUserInfo user_info;
}
const RGWAccessKey& k = iter->second;
- std::string digest;
- int ret = rgw_get_s3_header_digest(string_to_sign, k.key, digest);
- if (ret < 0) {
- return result_t::deny(-EPERM);
- }
+ std::string digest = signature_factory(cct, k.key, string_to_sign);
ldout(cct, 15) << "string_to_sign=" << rgw::crypt_sanitize::log_content{string_to_sign.c_str()} << dendl;
ldout(cct, 15) << "calculated digest=" << digest << dendl;
}
auto apl = apl_factory->create_apl_local(cct, s, user_info, k.subuser);
- return result_t::grant(std::move(apl));
+ return result_t::grant(std::move(apl), completer_factory());
}
}
using result_t = rgw::auth::Engine::result_t;
+ using signature_factory_t = VersionAbstractor::signature_factory_t;
+ using completer_factory_t = VersionAbstractor::completer_factory_t;
+ /* TODO(rzarzynski): clean up. We've too many input parameter hee. Also
+ * the signature get_auth_data() of VersionAbstractor is too complicated.
+ * Replace these thing with a simple, dedicated structure. */
virtual result_t authenticate(const std::string& access_key_id,
const std::string& signature,
const std::string& string_to_sign,
+ const signature_factory_t& signature_factory,
+ const completer_factory_t& completer_factory,
const req_state* s) const = 0;
public:
if (access_key_id.empty() || signature.empty()) {
return result_t::deny(-EINVAL);
} else {
- return authenticate(access_key_id, signature, string_to_sign, s);
+ return authenticate(access_key_id, signature, string_to_sign,
+ signature_factory, completer_factory, s);
}
}
};
result_t authenticate(const std::string& access_key_id,
const std::string& signature,
const std::string& string_to_sign,
+ const signature_factory_t& signature_factory,
+ const completer_factory_t& completer_factory,
const req_state* s) const override;
public:
LDAPEngine(CephContext* const cct,
result_t authenticate(const std::string& access_key_id,
const std::string& signature,
const std::string& string_to_sign,
+ const signature_factory_t& signature_factory,
+ const completer_factory_t& completer_factory,
const req_state* s) const override;
public:
LocalEngine(CephContext* const cct,
projects / ceph.git / commitdiff