From: Casey Bodley Date: Fri, 21 Jul 2017 14:14:11 +0000 (-0400) Subject: rgw: match wildcards in StringLike policy conditions X-Git-Tag: ses5-milestone10~3^2~26^2~5 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=5bd7462f3ae8aa44d6c2e52df8a04803e8865aca;p=ceph.git rgw: match wildcards in StringLike policy conditions Fixes: http://tracker.ceph.com/issues/20308 Signed-off-by: Casey Bodley --- diff --git a/src/rgw/rgw_iam_policy.cc b/src/rgw/rgw_iam_policy.cc index d5ce73130829..70231b17ab48 100644 --- a/src/rgw/rgw_iam_policy.cc +++ b/src/rgw/rgw_iam_policy.cc @@ -956,12 +956,11 @@ bool Condition::eval(const Environment& env) const { case TokenID::StringNotEqualsIgnoreCase: return orrible(std::not2(ci_equal_to()), s, vals); - // Implement actual StringLike with wildcarding later case TokenID::StringLike: - return orrible(std::equal_to(), s, vals); + return orrible(string_like(), s, vals); + case TokenID::StringNotLike: - return orrible(std::not2(std::equal_to()), - s, vals); + return orrible(std::not2(string_like()), s, vals); // Numeric case TokenID::NumericEquals: diff --git a/src/rgw/rgw_iam_policy.h b/src/rgw/rgw_iam_policy.h index aa121f5d0add..6fa1997c86aa 100644 --- a/src/rgw/rgw_iam_policy.h +++ b/src/rgw/rgw_iam_policy.h @@ -24,11 +24,10 @@ #include "rapidjson/error/error.h" #include "rapidjson/error/en.h" -#include "fnmatch.h" - #include "rgw_acl.h" #include "rgw_basic_types.h" #include "rgw_iam_policy_keywords.h" +#include "rgw_string.h" #include "include/assert.h" // razzin' frazzin' ...grrr. @@ -362,6 +361,14 @@ struct Condition { } }; + struct string_like : public std::binary_function { + bool operator ()(const std::string& input, + const std::string& pattern) const { + return match_wildcards(pattern, input, 0); + } + }; template static bool orrible(F&& f, const std::string& c,