/* FIXME: C++11 doesn't have std::rbegin nor std::rend. We would like to
* switch when C++14 becomes available. */
const auto iter = std::find_if(referer_list.crbegin(), referer_list.crend(),
- [http_referer](const ACLReferer& r) -> bool {
+ [&http_referer](const ACLReferer& r) -> bool {
return r.is_match(http_referer);
}
);
const std::vector<std::string>& uids,
const int perm)
{
- for (const auto uid : uids) {
+ for (const auto& uid : uids) {
ACLGrant grant;
RGWUserInfo grant_user;
std::vector<std::string> readonly;
/* Parition the grant map into three not-overlapping groups. */
- for (const auto item : get_acl().get_grant_map()) {
+ for (const auto& item : get_acl().get_grant_map()) {
const ACLGrant& grant = item.second;
const int perm = grant.get_permission().get_permissions();
return ss.str();
}
-void RGWRemoteAuthApplier::create_account(const rgw_user acct_user,
+void RGWRemoteAuthApplier::create_account(const rgw_user& acct_user,
RGWUserInfo& user_info) const /* out */
{
rgw_user new_acct_user = acct_user;
return false == cct->_conf->rgw_keystone_url.empty();
}
-KeystoneToken RGWKeystoneAuthEngine::decode_pki_token(const std::string token) const
+KeystoneToken RGWKeystoneAuthEngine::decode_pki_token(const std::string& token) const
{
bufferlist token_body_bl;
int ret = rgw_decode_b64_cms(cct, token, token_body_bl);
return token_body;
}
-KeystoneToken RGWKeystoneAuthEngine::get_from_keystone(const std::string token) const
+KeystoneToken RGWKeystoneAuthEngine::get_from_keystone(const std::string& token) const
{
bufferlist token_body_bl;
RGWValidateKeystoneToken validate(cct, &token_body_bl);
{
/* Check whether the user has an admin status. */
bool is_admin = false;
- for (const auto admin_role : admin_roles) {
+ for (const auto& admin_role : admin_roles) {
if (token.has_role(admin_role)) {
is_admin = true;
break;
};
}
-static inline const std::string make_spec_item(const std::string tenant,
- const std::string id)
+static inline const std::string make_spec_item(const std::string& tenant,
+ const std::string& id)
{
return tenant + ":" + id;
}
RGWKeystoneAuthEngine::get_acl_strategy(const KeystoneToken& token) const
{
/* The primary identity is constructed upon UUIDs. */
- const auto tenant_uuid = token.get_project_id();
- const auto user_uuid = token.get_user_id();
+ const auto& tenant_uuid = token.get_project_id();
+ const auto& user_uuid = token.get_user_id();
/* For Keystone v2 an alias may be also used. */
- const auto tenant_name = token.get_project_name();
- const auto user_name = token.get_user_name();
+ const auto& tenant_name = token.get_project_name();
+ const auto& user_name = token.get_user_name();
/* Construct all possible combinations including Swift's wildcards. */
const std::vector<std::string> allowed_items = {
/* Token ID is a concept that makes dealing with PKI tokens more effective.
* Instead of storing several kilobytes, a short hash can be burried. */
- const auto token_id = rgw_get_token_id(token);
+ const auto& token_id = rgw_get_token_id(token);
ldout(cct, 20) << "token_id=" << token_id << dendl;
/* Check cache first. */
}
/* Check for necessary roles. */
- for (const auto role : roles.plain) {
+ for (const auto& role : roles.plain) {
if (t.has_role(role) == true) {
ldout(cct, 0) << "validated token: " << t.get_project_name()
<< ":" << t.get_user_name()
const bool is_admin;
public:
- AuthInfo(const rgw_user acct_user,
- const std::string acct_name,
+ AuthInfo(const rgw_user& acct_user,
+ const std::string& acct_name,
const uint32_t perm_mask,
const bool is_admin)
: acct_user(acct_user),
const AuthInfo info;
- virtual void create_account(const rgw_user acct_user,
+ virtual void create_account(const rgw_user& acct_user,
RGWUserInfo& user_info) const; /* out */
public:
RGWRemoteAuthApplier(CephContext * const cct,
RGWRados * const store,
acl_strategy_t&& extra_acl_strategy,
- const AuthInfo info)
+ const AuthInfo& info)
: RGWAuthApplier(cct),
store(store),
extra_acl_strategy(std::move(extra_acl_strategy)),
const RGWRemoteAuthApplier::Factory * const apl_factory;
/* Helper methods. */
- KeystoneToken decode_pki_token(const std::string token) const;
- KeystoneToken get_from_keystone(const std::string token) const;
+ KeystoneToken decode_pki_token(const std::string& token) const;
+ KeystoneToken get_from_keystone(const std::string& token) const;
acl_strategy_t get_acl_strategy(const KeystoneToken& token) const;
RGWRemoteAuthApplier::AuthInfo get_creds_info(const KeystoneToken& token,
const std::vector<std::string>& admin_roles
// FIXME: default ctor needs to be eradicated here
KeystoneToken() = default;
time_t get_expires() const { return token.expires; }
- string get_domain_id() const {return project.domain.id;};
- string get_domain_name() const {return project.domain.name;};
- string get_project_id() const {return project.id;};
- string get_project_name() const {return project.name;};
- string get_user_id() const {return user.id;};
- string get_user_name() const {return user.name;};
+ const std::string& get_domain_id() const {return project.domain.id;};
+ const std::string& get_domain_name() const {return project.domain.name;};
+ const std::string& get_project_id() const {return project.id;};
+ const std::string& get_project_name() const {return project.name;};
+ const std::string& get_user_id() const {return user.id;};
+ const std::string& get_user_name() const {return user.name;};
bool has_role(const string& r) const;
bool expired() {
uint64_t now = ceph_clock_now(NULL).sec();
/* check if we have a valid role */
bool found = false;
- for (const auto role : accepted_roles) {
+ for (const auto& role : accepted_roles) {
if (response.has_role(role) == true) {
found = true;
break;
void RGWTempURLAuthApplier::modify_request_state(req_state * s) const /* in/out */
{
bool inline_exists = false;
- string filename = s->info.args.get("filename");
+ const string& filename = s->info.args.get("filename");
s->info.args.get("inline", &inline_exists);
if (inline_exists) {
if (0 == swift_groups.size()) {
return nullptr;
} else {
- swift_user = swift_groups[0];
+ swift_user = std::move(swift_groups[0]);
}
} catch (std::out_of_range) {
/* The X-Auth-Groups header isn't present in the response. */
RGWXAuthTokenExtractor(const req_state * const s)
: s(s) {
}
- std::string get_token() const {
+ std::string get_token() const override {
+ /* Returning a reference here would end in GCC complaining about a reference
+ * to temporary. */
return s->info.env->get("HTTP_X_AUTH_TOKEN", "");
}
};
projects / ceph.git / commitdiff