From: Radoslaw Zarzynski <rzarzynski@mirantis.com>
Date: Fri, 21 Oct 2016 15:14:47 +0000 (+0200)
Subject: rgw: implement the rgw::auth::Strategy.
X-Git-Tag: v12.0.2~305^2~46
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=f799efe02eefc6b3e9c347174fef988abefc114a;p=ceph-ci.git

rgw: implement the rgw::auth::Strategy.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
---

diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index 23272a67371..75ba0c329ca 100644
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -509,3 +509,50 @@ RGWAuthApplier::aplptr_t RGWKeystoneAuthEngine::authenticate() const
 
   return nullptr;
 }
+
+rgw::auth::Engine::result_t
+rgw::auth::Strategy::authenticate(const req_state* const s) const
+{
+  for (const stack_item_t& kv : auth_stack) {
+    const rgw::auth::Engine& engine = kv.first;
+    const auto& policy = kv.second;
+
+    rgw::auth::Engine::result_t res;
+    try {
+      res = engine.authenticate(s);
+    } catch (int err) {
+      /* NOP */
+    }
+
+    const auto& applier = res.first;
+    if (! applier) {
+      /* The current auth engine denied authenticate the request returning
+       * a null rgw::auth::Applier. As it has been included into strategy
+       * as an obligatory one, we quite immediately. */
+      switch (policy) {
+        case Control::REQUISITE:
+          goto auth_fail;
+        case Control::SUFFICIENT:
+          /* Just try next. */
+          continue;
+        default:
+          /* Huh, memory corruption? */
+          abort();
+      }
+    } else {
+      /* Success. */
+      return std::move(res);
+    }
+  }
+
+auth_fail:
+  /* Returning nullptr as the rgw::auth::Applier means access denied. */
+  return Engine::result_t(nullptr, nullptr);
+}
+
+void
+rgw::auth::Strategy::add_engine(const Control ctrl_flag,
+                                const Engine& engine) noexcept
+{
+  auth_stack.push_back(std::make_pair(std::cref(engine), ctrl_flag));
+}
diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h
index e20b1c62ef3..7b4d5986e61 100644
--- a/src/rgw/rgw_auth.h
+++ b/src/rgw/rgw_auth.h
@@ -512,6 +512,13 @@ public:
 
   Engine::result_t authenticate(const req_state* s) const override final;
 
+private:
+  /* Using the reference wrapper here to explicitly point out we are not
+   * interested in storing nulls while preserving the dynamic polymorphism. */
+  using stack_item_t = std::pair<std::reference_wrapper<const Engine>,
+                                 Control>;
+  std::vector<stack_item_t> auth_stack;
+
 protected:
   void add_engine(Control ctrl_flag, const Engine& engine) noexcept;
 };