From: yuliyang <yuliyang@cmss.chinamobile.com>
Date: Mon, 27 Nov 2017 06:32:44 +0000 (+0800)
Subject: rgw: implement ipv4 aws:SourceIp condition for bucket policy
X-Git-Tag: v13.0.2~808^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=2fb445b6f7c1e997e83b1c7da2a1fecdde164d35;p=ceph.git

rgw: implement ipv4 aws:SourceIp condition for bucket policy

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
---

diff --git a/src/rgw/rgw_asio_client.cc b/src/rgw/rgw_asio_client.cc
index d59e7bb03b90..39040a2607f2 100644
--- a/src/rgw/rgw_asio_client.cc
+++ b/src/rgw/rgw_asio_client.cc
@@ -75,6 +75,7 @@ void ClientIO::init_env(CephContext *cct)
   char port_buf[16];
   snprintf(port_buf, sizeof(port_buf), "%d", socket.local_endpoint().port());
   env.set("SERVER_PORT", port_buf);
+  env.set("REMOTE_ADDR", socket.remote_endpoint().address().to_string());
   // TODO: set SERVER_PORT_SECURE if using ssl
   // TODO: set REMOTE_USER if authenticated
 }
diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc
index 6414c8bb423a..0b967716ae28 100644
--- a/src/rgw/rgw_iam_policy.cc
+++ b/src/rgw/rgw_iam_policy.cc
@@ -1038,7 +1038,8 @@ optional<MaskedIP> Condition::as_network(const string& s) {
     return none;
   }
 
-  m.v6 = s.find(':');
+  m.v6 = (s.find(':') == string::npos) ? false : true;
+
   auto slash = s.find('/');
   if (slash == string::npos) {
     m.prefix = m.v6 ? 128 : 32;
@@ -1061,7 +1062,7 @@ optional<MaskedIP> Condition::as_network(const string& s) {
 
   if (m.v6) {
     struct sockaddr_in6 a;
-    if (inet_pton(AF_INET6, p->c_str(), static_cast<void*>(&a)) != 1) {
+    if (inet_pton(AF_INET6, p->c_str(), static_cast<void*>(&a.sin6_addr)) != 1) {
       return none;
     }
 
@@ -1083,13 +1084,13 @@ optional<MaskedIP> Condition::as_network(const string& s) {
     m.addr |= Address(a.sin6_addr.s6_addr[15]) << 120;
   } else {
     struct sockaddr_in a;
-    if (inet_pton(AF_INET, p->c_str(), static_cast<void*>(&a)) != 1) {
+    if (inet_pton(AF_INET, p->c_str(), static_cast<void*>(&a.sin_addr)) != 1) {
       return none;
     }
     m.addr = ntohl(a.sin_addr.s_addr);
   }
 
-  return none;
+  return m;
 }
 
 namespace {
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 73aa0ed54371..f6b0cd9a8206 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -603,7 +603,7 @@ rgw::IAM::Environment rgw_build_iam_environment(RGWRados* store,
     e.emplace("aws:SecureTransport", "true");
   }
 
-  i = m.find("HTTP_HOST");
+  i = m.find("REMOTE_ADDR");
   if (i != m.end()) {
     e.emplace("aws:SourceIp", i->second);
   }