From: Radoslaw Zarzynski Date: Fri, 19 May 2017 15:23:27 +0000 (+0200) Subject: rgw: replace magic strings in the AWSv4 code. X-Git-Tag: v12.1.0~155^2~8 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7e8d1d7cf969d0d5184022d4ca168c9e2f932689;p=ceph.git rgw: replace magic strings in the AWSv4 code. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h index 0d9c8eac28a8..2cb8c0da6a00 100644 --- a/src/rgw/rgw_auth_s3.h +++ b/src/rgw/rgw_auth_s3.h @@ -9,6 +9,7 @@ #include #include +#include #include #include #include @@ -322,6 +323,11 @@ static constexpr char AWS4_HMAC_SHA256_STR[] = "AWS4-HMAC-SHA256"; static constexpr char AWS4_EMPTY_PAYLOAD_HASH[] = \ "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"; +static constexpr char AWS4_UNSIGNED_PAYLOAD_HASH[] = "UNSIGNED-PAYLOAD"; + +static constexpr char AWS4_STREAMING_PAYLOAD_HASH[] = \ + "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"; + int parse_credentials(const req_info& info, /* in */ boost::string_view& access_key_id, /* out */ boost::string_view& credential_scope, /* out */ @@ -365,7 +371,7 @@ static inline const char* get_v4_exp_payload_hash(const req_info& info) * when you create a presigned URL, you don't know the payload content * because the URL is used to upload an arbitrary payload. Instead, you * use a constant string UNSIGNED-PAYLOAD. */ - expected_request_payload_hash = "UNSIGNED-PAYLOAD"; + expected_request_payload_hash = AWS4_UNSIGNED_PAYLOAD_HASH; } return expected_request_payload_hash; @@ -373,7 +379,7 @@ static inline const char* get_v4_exp_payload_hash(const req_info& info) static inline bool is_v4_payload_unsigned(const char* const exp_payload_hash) { - return boost::string_ref("UNSIGNED-PAYLOAD").compare(exp_payload_hash) == 0; + return boost::equals(exp_payload_hash, AWS4_UNSIGNED_PAYLOAD_HASH); } static inline bool is_v4_payload_empty(const req_state* const s) @@ -389,7 +395,7 @@ static inline bool is_v4_payload_empty(const req_state* const s) static inline bool is_v4_payload_streamed(const char* const exp_payload_hash) { - return boost::string_ref("STREAMING-AWS4-HMAC-SHA256-PAYLOAD").compare(exp_payload_hash) == 0; + return boost::equals(exp_payload_hash, AWS4_STREAMING_PAYLOAD_HASH); } std::string get_v4_canonical_qs(const req_info& info, bool using_qs); diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index f8a76071847f..49895bee710a 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -1507,8 +1507,9 @@ int RGWPostObj_ObjStore_S3::get_policy() bool aws4_auth = false; /* x-amz-algorithm handling */ + using rgw::auth::s3::AWS4_HMAC_SHA256_STR; if ((part_str(parts, "x-amz-algorithm", &s->auth.s3_postobj_creds.x_amz_algorithm)) && - (s->auth.s3_postobj_creds.x_amz_algorithm.compare("AWS4-HMAC-SHA256") == 0)) { + (s->auth.s3_postobj_creds.x_amz_algorithm == AWS4_HMAC_SHA256_STR)) { ldout(s->cct, 0) << "Signature verification algorithm AWS v4 (AWS4-HMAC-SHA256)" << dendl; aws4_auth = true; } else { @@ -3640,7 +3641,7 @@ AWSGeneralAbstractor::get_auth_data_v4(const req_state* const s, auto string_to_sign = \ rgw::auth::s3::get_v4_string_to_sign(s->cct, - "AWS4-HMAC-SHA256", + AWS4_HMAC_SHA256_STR, date, credential_scope, std::move(canonical_req_hash)); @@ -3869,7 +3870,7 @@ std::tuple AWSBrowserUploadAbstractor::get_auth_data(const req_state* const s) const { - if (s->auth.s3_postobj_creds.x_amz_algorithm == "AWS4-HMAC-SHA256") { + if (s->auth.s3_postobj_creds.x_amz_algorithm == AWS4_HMAC_SHA256_STR) { ldout(s->cct, 0) << "Signature verification algorithm AWS v4" << " (AWS4-HMAC-SHA256)" << dendl; return get_auth_data_v2(s);