From: John Gibson Date: Sun, 24 Dec 2017 20:48:00 +0000 (-0500) Subject: rgw: Fixed several bugs in policies related to IPv6 addresses. X-Git-Tag: v12.2.3~207^2~4 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=1d8f684a3cf11c5fc422462790b5a87d5ab5b587;p=ceph.git rgw: Fixed several bugs in policies related to IPv6 addresses. The IPv6 conversion was not properly converting the address to host byte order. The text conversion of IPv6 addresses was using raw byte values instead of the converted number. The portions of the addresses were grouped by bytes instead of 16-bit words. The prefix length was erroneously being rendered in hex. http://tracker.ceph.com/issues/20991 Signed-off-by: John Gibson (cherry picked from commit a25ca37401d1e8dc4349201b9f64aa6990bea0d5) --- diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index 435df059c8f4..7ce6a2e42e47 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -915,14 +915,14 @@ bool ParseState::array_end() { ostream& operator <<(ostream& m, const MaskedIP& ip) { // I have a theory about why std::bitset is the way it is. if (ip.v6) { - for (int i = 15; i >= 0; --i) { - uint8_t b = 0; - for (int j = 7; j >= 0; --j) { - b |= (ip.addr[(i * 8) + j] << j); + for (int i = 7; i >= 0; --i) { + uint16_t hextet = 0; + for (int j = 15; j >= 0; --j) { + hextet |= (ip.addr[(i * 16) + j] << j); } - m << hex << b; + m << hex << (unsigned int) hextet; if (i != 0) { - m << "::"; + m << ":"; } } } else { @@ -938,7 +938,7 @@ ostream& operator <<(ostream& m, const MaskedIP& ip) { } } } - m << "/" << ip.prefix; + m << "/" << dec << ip.prefix; // It would explain a lot return m; } @@ -1097,27 +1097,27 @@ optional Condition::as_network(const string& s) { } if (m.v6) { - struct sockaddr_in6 a; - if (inet_pton(AF_INET6, p->c_str(), static_cast(&a.sin6_addr)) != 1) { + struct in6_addr a; + if (inet_pton(AF_INET6, p->c_str(), static_cast(&a)) != 1) { return none; } - m.addr |= Address(a.sin6_addr.s6_addr[0]) << 0; - m.addr |= Address(a.sin6_addr.s6_addr[1]) << 8; - m.addr |= Address(a.sin6_addr.s6_addr[2]) << 16; - m.addr |= Address(a.sin6_addr.s6_addr[3]) << 24; - m.addr |= Address(a.sin6_addr.s6_addr[4]) << 32; - m.addr |= Address(a.sin6_addr.s6_addr[5]) << 40; - m.addr |= Address(a.sin6_addr.s6_addr[6]) << 48; - m.addr |= Address(a.sin6_addr.s6_addr[7]) << 56; - m.addr |= Address(a.sin6_addr.s6_addr[8]) << 64; - m.addr |= Address(a.sin6_addr.s6_addr[9]) << 72; - m.addr |= Address(a.sin6_addr.s6_addr[10]) << 80; - m.addr |= Address(a.sin6_addr.s6_addr[11]) << 88; - m.addr |= Address(a.sin6_addr.s6_addr[12]) << 96; - m.addr |= Address(a.sin6_addr.s6_addr[13]) << 104; - m.addr |= Address(a.sin6_addr.s6_addr[14]) << 112; - m.addr |= Address(a.sin6_addr.s6_addr[15]) << 120; + m.addr |= Address(a.s6_addr[15]) << 0; + m.addr |= Address(a.s6_addr[14]) << 8; + m.addr |= Address(a.s6_addr[13]) << 16; + m.addr |= Address(a.s6_addr[12]) << 24; + m.addr |= Address(a.s6_addr[11]) << 32; + m.addr |= Address(a.s6_addr[10]) << 40; + m.addr |= Address(a.s6_addr[9]) << 48; + m.addr |= Address(a.s6_addr[8]) << 56; + m.addr |= Address(a.s6_addr[7]) << 64; + m.addr |= Address(a.s6_addr[6]) << 72; + m.addr |= Address(a.s6_addr[5]) << 80; + m.addr |= Address(a.s6_addr[4]) << 88; + m.addr |= Address(a.s6_addr[3]) << 96; + m.addr |= Address(a.s6_addr[2]) << 104; + m.addr |= Address(a.s6_addr[1]) << 112; + m.addr |= Address(a.s6_addr[0]) << 120; } else { struct in_addr a; if (inet_pton(AF_INET, p->c_str(), static_cast(&a)) != 1) {