From: Casey Bodley Date: Thu, 16 Nov 2023 17:44:21 +0000 (-0500) Subject: rgw/acl/swift: parse acl header with ceph::split() X-Git-Tag: v19.0.0~9^2~17 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8fbd1efaf01f8b2bc92e96e7d5689765508fc1cd;p=ceph.git rgw/acl/swift: parse acl header with ceph::split() Signed-off-by: Casey Bodley --- diff --git a/src/rgw/rgw_acl_swift.cc b/src/rgw/rgw_acl_swift.cc index 70fa793dd9a..2a573da72a5 100644 --- a/src/rgw/rgw_acl_swift.cc +++ b/src/rgw/rgw_acl_swift.cc @@ -8,6 +8,7 @@ #include #include "common/ceph_json.h" +#include "common/split.h" #include "rgw_common.h" #include "rgw_user.h" #include "rgw_acl_swift.h" @@ -26,27 +27,6 @@ using namespace std; -static int parse_list(const char* uid_list, - std::vector& uids) /* out */ -{ - char *s = strdup(uid_list); - if (!s) { - return -ENOMEM; - } - - char *tokctx; - const char *p = strtok_r(s, " ,", &tokctx); - while (p) { - if (*p) { - string acl = p; - uids.push_back(acl); - } - p = strtok_r(NULL, " ,", &tokctx); - } - free(s); - return 0; -} - static bool is_referrer(const std::string& designator) { return designator.compare(".r") == 0 || @@ -135,45 +115,42 @@ static ACLGrant user_to_grant(const DoutPrefixProvider *dpp, return grant; } -int RGWAccessControlPolicy_SWIFT::add_grants(const DoutPrefixProvider *dpp, - rgw::sal::Driver* driver, - const std::vector& uids, - const uint32_t perm) +int RGWAccessControlPolicy_SWIFT::add_grant(const DoutPrefixProvider *dpp, + rgw::sal::Driver* driver, + const std::string& uid, + const uint32_t perm) { - for (const auto& uid : uids) { - boost::optional grant; - ldpp_dout(dpp, 20) << "trying to add grant for ACL uid=" << uid << dendl; - - /* Let's check whether the item has a separator potentially indicating - * a special meaning (like an HTTP referral-based grant). */ - const size_t pos = uid.find(':'); - if (std::string::npos == pos) { - /* No, it don't have -- we've got just a regular user identifier. */ + boost::optional grant; + ldpp_dout(dpp, 20) << "trying to add grant for ACL uid=" << uid << dendl; + + /* Let's check whether the item has a separator potentially indicating + * a special meaning (like an HTTP referral-based grant). */ + const size_t pos = uid.find(':'); + if (std::string::npos == pos) { + /* No, it don't have -- we've got just a regular user identifier. */ + grant = user_to_grant(dpp, driver, uid, perm); + } else { + /* Yes, *potentially* an HTTP referral. */ + auto designator = uid.substr(0, pos); + auto designatee = uid.substr(pos + 1); + + /* Swift strips whitespaces at both beginning and end. */ + boost::algorithm::trim(designator); + boost::algorithm::trim(designatee); + + if (! boost::algorithm::starts_with(designator, ".")) { grant = user_to_grant(dpp, driver, uid, perm); - } else { - /* Yes, *potentially* an HTTP referral. */ - auto designator = uid.substr(0, pos); - auto designatee = uid.substr(pos + 1); - - /* Swift strips whitespaces at both beginning and end. */ - boost::algorithm::trim(designator); - boost::algorithm::trim(designatee); - - if (! boost::algorithm::starts_with(designator, ".")) { - grant = user_to_grant(dpp, driver, uid, perm); - } else if ((perm & SWIFT_PERM_WRITE) == 0 && is_referrer(designator)) { - /* HTTP referrer-based ACLs aren't acceptable for writes. */ - grant = referrer_to_grant(designatee, perm); - } + } else if ((perm & SWIFT_PERM_WRITE) == 0 && is_referrer(designator)) { + /* HTTP referrer-based ACLs aren't acceptable for writes. */ + grant = referrer_to_grant(designatee, perm); } + } - if (grant) { - acl.add_grant(*grant); - } else { - return -EINVAL; - } + if (!grant) { + return -EINVAL; } + acl.add_grant(*grant); return 0; } @@ -192,36 +169,24 @@ int RGWAccessControlPolicy_SWIFT::create(const DoutPrefixProvider *dpp, rw_mask = 0; if (read_list) { - std::vector uids; - int r = parse_list(read_list, uids); - if (r < 0) { - ldpp_dout(dpp, 0) << "ERROR: parse_list for read returned r=" - << r << dendl; - return r; - } - - r = add_grants(dpp, driver, uids, SWIFT_PERM_READ); - if (r < 0) { - ldpp_dout(dpp, 0) << "ERROR: add_grants for read returned r=" - << r << dendl; - return r; + for (std::string_view uid : ceph::split(read_list, " ,")) { + int r = add_grant(dpp, driver, std::string{uid}, SWIFT_PERM_READ); + if (r < 0) { + ldpp_dout(dpp, 0) << "ERROR: add_grants for read returned r=" + << r << dendl; + return r; + } } rw_mask |= SWIFT_PERM_READ; } if (write_list) { - std::vector uids; - int r = parse_list(write_list, uids); - if (r < 0) { - ldpp_dout(dpp, 0) << "ERROR: parse_list for write returned r=" - << r << dendl; - return r; - } - - r = add_grants(dpp, driver, uids, SWIFT_PERM_WRITE); - if (r < 0) { - ldpp_dout(dpp, 0) << "ERROR: add_grants for write returned r=" - << r << dendl; - return r; + for (std::string_view uid : ceph::split(write_list, " ,")) { + int r = add_grant(dpp, driver, std::string{uid}, SWIFT_PERM_WRITE); + if (r < 0) { + ldpp_dout(dpp, 0) << "ERROR: add_grants for write returned r=" + << r << dendl; + return r; + } } rw_mask |= SWIFT_PERM_WRITE; } diff --git a/src/rgw/rgw_acl_swift.h b/src/rgw/rgw_acl_swift.h index 5ef83ab26a7..db12f606355 100644 --- a/src/rgw/rgw_acl_swift.h +++ b/src/rgw/rgw_acl_swift.h @@ -16,9 +16,8 @@ class RGWUserCtl; class RGWAccessControlPolicy_SWIFT : public RGWAccessControlPolicy { - int add_grants(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, - const std::vector& uids, - uint32_t perm); + int add_grant(const DoutPrefixProvider* dpp, rgw::sal::Driver* driver, + const std::string& uid, uint32_t perm); public: int create(const DoutPrefixProvider *dpp, @@ -34,11 +33,9 @@ public: class RGWAccessControlPolicy_SWIFTAcct : public RGWAccessControlPolicy { + void add_grants(const DoutPrefixProvider* dpp, rgw::sal::Driver* driver, + const std::vector& uids, uint32_t perm); public: - void add_grants(const DoutPrefixProvider *dpp, - rgw::sal::Driver* driver, - const std::vector& uids, - uint32_t perm); bool create(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, const rgw_user& id,