From 01ce52e52e98dcb6f8b367cb8b352646b741b81c Mon Sep 17 00:00:00 2001 From: "Adam C. Emerson" Date: Wed, 11 Nov 2020 01:03:12 -0500 Subject: [PATCH] rgw: No null_yield in RGWOp Signed-off-by: Adam C. Emerson --- src/rgw/librgw.cc | 26 +- src/rgw/rgw_auth.cc | 10 +- src/rgw/rgw_auth.h | 8 +- src/rgw/rgw_auth_filters.h | 2 + src/rgw/rgw_auth_keystone.h | 3 +- src/rgw/rgw_cr_tools.cc | 2 +- src/rgw/rgw_file.cc | 2 +- src/rgw/rgw_file.h | 46 +-- src/rgw/rgw_lib.h | 6 +- src/rgw/rgw_op.cc | 491 +++++++++++++------------ src/rgw/rgw_op.h | 460 +++++++++++------------ src/rgw/rgw_process.cc | 35 +- src/rgw/rgw_process.h | 1 + src/rgw/rgw_rest.cc | 40 +- src/rgw/rgw_rest.h | 64 ++-- src/rgw/rgw_rest_admin.h | 1 + src/rgw/rgw_rest_bucket.cc | 38 +- src/rgw/rgw_rest_bucket.h | 2 +- src/rgw/rgw_rest_config.cc | 4 +- src/rgw/rgw_rest_config.h | 12 +- src/rgw/rgw_rest_iam.cc | 4 +- src/rgw/rgw_rest_iam.h | 5 +- src/rgw/rgw_rest_log.cc | 58 +-- src/rgw/rgw_rest_log.h | 48 +-- src/rgw/rgw_rest_metadata.cc | 16 +- src/rgw/rgw_rest_metadata.h | 15 +- src/rgw/rgw_rest_oidc_provider.cc | 14 +- src/rgw/rgw_rest_oidc_provider.h | 23 +- src/rgw/rgw_rest_pubsub.cc | 16 +- src/rgw/rgw_rest_pubsub.h | 9 +- src/rgw/rgw_rest_pubsub_common.cc | 30 +- src/rgw/rgw_rest_pubsub_common.h | 43 ++- src/rgw/rgw_rest_realm.cc | 26 +- src/rgw/rgw_rest_role.cc | 26 +- src/rgw/rgw_rest_role.h | 47 +-- src/rgw/rgw_rest_s3.cc | 126 +++---- src/rgw/rgw_rest_s3.h | 87 ++--- src/rgw/rgw_rest_s3website.h | 10 +- src/rgw/rgw_rest_sts.cc | 29 +- src/rgw/rgw_rest_sts.h | 25 +- src/rgw/rgw_rest_swift.cc | 78 ++-- src/rgw/rgw_rest_swift.h | 70 ++-- src/rgw/rgw_rest_usage.cc | 8 +- src/rgw/rgw_rest_usage.h | 2 +- src/rgw/rgw_rest_user.cc | 64 ++-- src/rgw/rgw_rest_user.h | 2 +- src/rgw/rgw_rest_user_policy.cc | 10 +- src/rgw/rgw_rest_user_policy.h | 11 +- src/rgw/rgw_role.h | 1 + src/rgw/rgw_swift_auth.cc | 17 +- src/rgw/rgw_swift_auth.h | 26 +- src/rgw/rgw_sync_module_es_rest.cc | 8 +- src/rgw/rgw_sync_module_pubsub_rest.cc | 24 +- 53 files changed, 1135 insertions(+), 1096 deletions(-) diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc index 374b5b74acacb..d9fb3f67a3f59 100644 --- a/src/rgw/librgw.cc +++ b/src/rgw/librgw.cc @@ -263,7 +263,7 @@ namespace rgw { /* XXX authorize does less here then in the REST path, e.g., * the user's info is cached, but still incomplete */ ldpp_dout(s, 2) << "authorizing" << dendl; - ret = req->authorize(op); + ret = req->authorize(op, null_yield); if (ret < 0) { dout(10) << "failed to authorize request" << dendl; abort_req(s, op, ret); @@ -277,14 +277,14 @@ namespace rgw { } ldpp_dout(s, 2) << "reading op permissions" << dendl; - ret = req->read_permissions(op); + ret = req->read_permissions(op, null_yield); if (ret < 0) { abort_req(s, op, ret); goto done; } ldpp_dout(s, 2) << "init op" << dendl; - ret = op->init_processing(); + ret = op->init_processing(null_yield); if (ret < 0) { abort_req(s, op, ret); goto done; @@ -298,7 +298,7 @@ namespace rgw { } ldpp_dout(s, 2) << "verifying op permissions" << dendl; - ret = op->verify_permission(); + ret = op->verify_permission(null_yield); if (ret < 0) { if (s->system_request) { dout(2) << "overriding permissions due to system operation" << dendl; @@ -319,7 +319,7 @@ namespace rgw { ldpp_dout(s, 2) << "executing" << dendl; op->pre_exec(); - op->execute(); + op->execute(null_yield); op->complete(); } catch (const ceph::crypto::DigestException& e) { @@ -395,7 +395,7 @@ namespace rgw { /* XXX authorize does less here then in the REST path, e.g., * the user's info is cached, but still incomplete */ ldpp_dout(s, 2) << "authorizing" << dendl; - ret = req->authorize(op); + ret = req->authorize(op, null_yield); if (ret < 0) { dout(10) << "failed to authorize request" << dendl; abort_req(s, op, ret); @@ -409,14 +409,14 @@ namespace rgw { } ldpp_dout(s, 2) << "reading op permissions" << dendl; - ret = req->read_permissions(op); + ret = req->read_permissions(op, null_yield); if (ret < 0) { abort_req(s, op, ret); goto done; } ldpp_dout(s, 2) << "init op" << dendl; - ret = op->init_processing(); + ret = op->init_processing(null_yield); if (ret < 0) { abort_req(s, op, ret); goto done; @@ -430,7 +430,7 @@ namespace rgw { } ldpp_dout(s, 2) << "verifying op permissions" << dendl; - ret = op->verify_permission(); + ret = op->verify_permission(null_yield); if (ret < 0) { if (s->system_request) { dout(2) << "overriding permissions due to system operation" << dendl; @@ -664,10 +664,10 @@ namespace rgw { return ret; } - int RGWLibRequest::read_permissions(RGWOp* op) { + int RGWLibRequest::read_permissions(RGWOp* op, optional_yield y) { /* bucket and object ops */ int ret = - rgw_build_bucket_policies(rgwlib.get_store(), get_state()); + rgw_build_bucket_policies(rgwlib.get_store(), get_state(), y); if (ret < 0) { ldout(get_state()->cct, 10) << "read_permissions (bucket policy) on " << get_state()->bucket << ":" @@ -679,7 +679,7 @@ namespace rgw { } else if (! only_bucket()) { /* object ops */ ret = rgw_build_object_policies(rgwlib.get_store(), get_state(), - op->prefetch_data()); + op->prefetch_data(), y); if (ret < 0) { ldout(get_state()->cct, 10) << "read_permissions (object policy) on" << get_state()->bucket << ":" @@ -692,7 +692,7 @@ namespace rgw { return ret; } /* RGWLibRequest::read_permissions */ - int RGWHandler_Lib::authorize(const DoutPrefixProvider *dpp) + int RGWHandler_Lib::authorize(const DoutPrefixProvider *dpp, optional_yield y) { /* TODO: handle * 1. subusers diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc index 1602c957e23cd..66c5e9d36b675 100644 --- a/src/rgw/rgw_auth.cc +++ b/src/rgw/rgw_auth.cc @@ -227,7 +227,7 @@ strategy_handle_granted(rgw::auth::Engine::result_t&& engine_result, } rgw::auth::Engine::result_t -rgw::auth::Strategy::authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const +rgw::auth::Strategy::authenticate(const DoutPrefixProvider* dpp, const req_state* const s, optional_yield y) const { result_t strategy_result = result_t::deny(); @@ -239,7 +239,7 @@ rgw::auth::Strategy::authenticate(const DoutPrefixProvider* dpp, const req_state result_t engine_result = result_t::deny(); try { - engine_result = engine.authenticate(dpp, s); + engine_result = engine.authenticate(dpp, s, y); } catch (const int err) { engine_result = result_t::deny(err); } @@ -287,10 +287,10 @@ rgw::auth::Strategy::authenticate(const DoutPrefixProvider* dpp, const req_state int rgw::auth::Strategy::apply(const DoutPrefixProvider *dpp, const rgw::auth::Strategy& auth_strategy, - req_state* const s) noexcept + req_state* const s, optional_yield y) noexcept { try { - auto result = auth_strategy.authenticate(dpp, s); + auto result = auth_strategy.authenticate(dpp, s, y); if (result.get_status() != decltype(result)::Status::GRANTED) { /* Access denied is acknowledged by returning a std::unique_ptr with * nullptr inside. */ @@ -795,7 +795,7 @@ void rgw::auth::RoleApplier::modify_request_state(const DoutPrefixProvider *dpp, } rgw::auth::Engine::result_t -rgw::auth::AnonymousEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const +rgw::auth::AnonymousEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s, optional_yield y) const { if (! is_applicable(s)) { return result_t::deny(-EPERM); diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h index 2519c19dcb328..1bfccbfe8ddd7 100644 --- a/src/rgw/rgw_auth.h +++ b/src/rgw/rgw_auth.h @@ -293,7 +293,7 @@ public: * interface. * * On error throws rgw::auth::Exception containing the reason. */ - virtual result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s) const = 0; + virtual result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s, optional_yield y) const = 0; }; @@ -336,13 +336,13 @@ public: FALLBACK, }; - Engine::result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s) const override final; + Engine::result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s, optional_yield y) const override final; bool is_empty() const { return auth_stack.empty(); } - static int apply(const DoutPrefixProvider* dpp, const Strategy& auth_strategy, req_state* s) noexcept; + static int apply(const DoutPrefixProvider* dpp, const Strategy& auth_strategy, req_state* s, optional_yield y) noexcept; private: /* Using the reference wrapper here to explicitly point out we are not @@ -717,7 +717,7 @@ public: return "rgw::auth::AnonymousEngine"; } - Engine::result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s) const override final; + Engine::result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s, optional_yield y) const override final; protected: virtual bool is_applicable(const req_state*) const noexcept { diff --git a/src/rgw/rgw_auth_filters.h b/src/rgw/rgw_auth_filters.h index f4b70b88feb83..fbd80e3b90be5 100644 --- a/src/rgw/rgw_auth_filters.h +++ b/src/rgw/rgw_auth_filters.h @@ -9,8 +9,10 @@ #include #include +#include "rgw_service.h" #include "rgw_common.h" #include "rgw_auth.h" +#include "rgw_user.h" namespace rgw { namespace auth { diff --git a/src/rgw/rgw_auth_keystone.h b/src/rgw/rgw_auth_keystone.h index 6c3e3b84c4540..2152afa877987 100644 --- a/src/rgw/rgw_auth_keystone.h +++ b/src/rgw/rgw_auth_keystone.h @@ -66,7 +66,8 @@ public: return "rgw::auth::keystone::TokenEngine"; } - result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override { + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s, + optional_yield y) const override { return authenticate(dpp, extractor->get_token(s), s); } }; /* class TokenEngine */ diff --git a/src/rgw/rgw_cr_tools.cc b/src/rgw/rgw_cr_tools.cc index a5a84742becff..46aa617c5a44e 100644 --- a/src/rgw/rgw_cr_tools.cc +++ b/src/rgw/rgw_cr_tools.cc @@ -139,7 +139,7 @@ int RGWBucketCreateLocalCR::Request::_send_request() bucket_owner.set_name(user_info->display_name); if (bucket_exists) { ret = rgw_op_get_bucket_policy_from_attr(cct, store, bucket_info, - bucket_attrs, &old_policy); + bucket_attrs, &old_policy, null_yield); if (ret >= 0) { if (old_policy.get_owner().get_id().compare(user) != 0) { return -EEXIST; diff --git a/src/rgw/rgw_file.cc b/src/rgw/rgw_file.cc index 67555de83dfd2..ffa76b806d4ee 100644 --- a/src/rgw/rgw_file.cc +++ b/src/rgw/rgw_file.cc @@ -1555,7 +1555,7 @@ namespace rgw { goto done; } - op_ret = get_params(); + op_ret = get_params(null_yield); if (op_ret < 0) goto done; diff --git a/src/rgw/rgw_file.h b/src/rgw/rgw_file.h index fe9eec65bac6c..3dde51a9bc7b7 100644 --- a/src/rgw/rgw_file.h +++ b/src/rgw/rgw_file.h @@ -64,16 +64,16 @@ namespace rgw { class RGWFileHandle; class RGWWriteRequest; - static inline bool operator <(const struct timespec& lhs, - const struct timespec& rhs) { + inline bool operator <(const struct timespec& lhs, + const struct timespec& rhs) { if (lhs.tv_sec == rhs.tv_sec) return lhs.tv_nsec < rhs.tv_nsec; else return lhs.tv_sec < rhs.tv_sec; } - static inline bool operator ==(const struct timespec& lhs, - const struct timespec& rhs) { + inline bool operator ==(const struct timespec& lhs, + const struct timespec& rhs) { return ((lhs.tv_sec == rhs.tv_sec) && (lhs.tv_nsec == rhs.tv_nsec)); } @@ -809,11 +809,11 @@ namespace rgw { WRITE_CLASS_ENCODER(RGWFileHandle); - static inline RGWFileHandle* get_rgwfh(struct rgw_file_handle* fh) { + inline RGWFileHandle* get_rgwfh(struct rgw_file_handle* fh) { return static_cast(fh->fh_private); } - static inline enum rgw_fh_type fh_type_of(uint32_t flags) { + inline enum rgw_fh_type fh_type_of(uint32_t flags) { enum rgw_fh_type fh_type; switch(flags & RGW_LOOKUP_TYPE_FLAGS) { @@ -1370,7 +1370,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { limit = -1; /* no limit */ return 0; } @@ -1546,7 +1546,7 @@ public: RGW_LOOKUP_FLAG_FILE); } - int get_params() override { + int get_params(optional_yield) override { max = default_max; return 0; } @@ -1716,7 +1716,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { max = default_max; return 0; } @@ -1762,7 +1762,7 @@ public: bool only_bucket() override { return false; } - int read_permissions(RGWOp* op_obj) override { + int read_permissions(RGWOp* op_obj, optional_yield) override { /* we ARE a 'create bucket' request (cf. rgw_rest.cc, ll. 1305-6) */ return 0; } @@ -1795,7 +1795,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { struct req_state* state = get_state(); RGWAccessControlPolicy_S3 s3policy(state->cct); /* we don't have (any) headers, so just create canned ACLs */ @@ -1917,7 +1917,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { struct req_state* state = get_state(); RGWAccessControlPolicy_S3 s3policy(state->cct); /* we don't have (any) headers, so just create canned ACLs */ @@ -2008,7 +2008,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { return 0; } @@ -2035,7 +2035,7 @@ public: return 0; } - int send_response_data_error() override { + int send_response_data_error(optional_yield) override { /* S3 implementation just sends nothing--there is no side effect * to simulate here */ return 0; @@ -2167,7 +2167,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { return 0; } @@ -2178,13 +2178,13 @@ public: return 0; } - int send_response_data_error() override { + int send_response_data_error(optional_yield) override { /* NOP */ return 0; } - void execute() override { - RGWGetObj::execute(); + void execute(optional_yield y) override { + RGWGetObj::execute(y); _size = get_state()->obj_size; } @@ -2317,7 +2317,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { max = default_max; return 0; } @@ -2437,7 +2437,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { struct req_state* state = get_state(); RGWAccessControlPolicy_S3 s3policy(state->cct); /* we don't have (any) headers, so just create canned ACLs */ @@ -2550,7 +2550,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { struct req_state* s = get_state(); RGWAccessControlPolicy_S3 s3policy(s->cct); /* we don't have (any) headers, so just create canned ACLs */ @@ -2607,7 +2607,7 @@ public: return 0; } - int get_params() override { + int get_params(optional_yield) override { return 0; } @@ -2646,7 +2646,7 @@ public: return 0; } - int get_params() override { return 0; } + int get_params(optional_yield) override { return 0; } bool only_bucket() override { return false; } void send_response() override { stats_req.kb = stats_op.kb; diff --git a/src/rgw/rgw_lib.h b/src/rgw/rgw_lib.h index 9b46a945b1ce7..63f34cf3d7942 100644 --- a/src/rgw/rgw_lib.h +++ b/src/rgw/rgw_lib.h @@ -117,7 +117,7 @@ namespace rgw { friend class RGWRESTMgr_Lib; public: - int authorize(const DoutPrefixProvider *dpp) override; + int authorize(const DoutPrefixProvider *dpp, optional_yield y) override; RGWHandler_Lib() {} ~RGWHandler_Lib() override {} @@ -141,7 +141,7 @@ namespace rgw { tuser(std::move(_user)), cct(_cct) {} - int postauth_init() override { return 0; } + int postauth_init(optional_yield) override { return 0; } /* descendant equivalent of *REST*::init_from_header(...): * prepare request for execute()--should mean, fixup URI-alikes @@ -182,7 +182,7 @@ namespace rgw { virtual bool only_bucket() = 0; - int read_permissions(RGWOp *op) override; + int read_permissions(RGWOp *op, optional_yield y) override; }; /* RGWLibRequest */ diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 10b2806c49715..a66604892dafd 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -213,7 +213,8 @@ int rgw_op_get_bucket_policy_from_attr(CephContext *cct, rgw::sal::RGWStore *store, RGWBucketInfo& bucket_info, map& bucket_attrs, - RGWAccessControlPolicy *policy) + RGWAccessControlPolicy *policy, + optional_yield y) { map::iterator aiter = bucket_attrs.find(RGW_ATTR_ACL); @@ -225,7 +226,7 @@ int rgw_op_get_bucket_policy_from_attr(CephContext *cct, ldout(cct, 0) << "WARNING: couldn't find acl header for bucket, generating default" << dendl; std::unique_ptr user = store->get_user(bucket_info.owner); /* object exists, but policy is broken */ - int r = user->load_by_id(null_yield); + int r = user->load_by_id(y); if (r < 0) return r; @@ -413,7 +414,8 @@ static int read_bucket_policy(rgw::sal::RGWStore *store, RGWBucketInfo& bucket_info, map& bucket_attrs, RGWAccessControlPolicy *policy, - rgw_bucket& bucket) + rgw_bucket& bucket, + optional_yield y) { if (!s->system_request && bucket_info.flags & BUCKET_SUSPENDED) { ldpp_dout(s, 0) << "NOTICE: bucket " << bucket_info.bucket.name @@ -425,7 +427,7 @@ static int read_bucket_policy(rgw::sal::RGWStore *store, return 0; } - int ret = rgw_op_get_bucket_policy_from_attr(s->cct, store, bucket_info, bucket_attrs, policy); + int ret = rgw_op_get_bucket_policy_from_attr(s->cct, store, bucket_info, bucket_attrs, policy, y); if (ret == -ENOENT) { ret = -ERR_NO_SUCH_BUCKET; } @@ -442,6 +444,7 @@ static int read_obj_policy(rgw::sal::RGWStore *store, boost::optional& policy, rgw::sal::RGWBucket* bucket, rgw::sal::RGWObject* object, + optional_yield y, bool copy_src=false) { string upload_id; @@ -474,7 +477,7 @@ static int read_obj_policy(rgw::sal::RGWStore *store, /* object does not exist checking the bucket's ACL to make sure that we send a proper error code */ RGWAccessControlPolicy bucket_policy(s->cct); - ret = rgw_op_get_bucket_policy_from_attr(s->cct, store, bucket_info, bucket_attrs, &bucket_policy); + ret = rgw_op_get_bucket_policy_from_attr(s->cct, store, bucket_info, bucket_attrs, &bucket_policy, y); if (ret < 0) { return ret; } @@ -506,7 +509,7 @@ static int read_obj_policy(rgw::sal::RGWStore *store, * only_bucket: If true, reads the user and bucket ACLs rather than the object ACL. * Returns: 0 on success, -ERR# otherwise. */ -int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* s) +int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* s, optional_yield y) { int ret = 0; auto obj_ctx = store->svc()->sysobj->init_obj_ctx(); @@ -576,7 +579,7 @@ int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* s->bucket_attrs = s->bucket->get_attrs(); ret = read_bucket_policy(store, s, s->bucket->get_info(), s->bucket->get_attrs(), - s->bucket_acl.get(), s->bucket->get_key()); + s->bucket_acl.get(), s->bucket->get_key(), y); acct_acl_user = { s->bucket->get_info().owner, s->bucket_acl->get_owner().get_display_name(), @@ -702,7 +705,7 @@ int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* * Returns: 0 on success, -ERR# otherwise. */ int rgw_build_object_policies(rgw::sal::RGWRadosStore *store, struct req_state *s, - bool prefetch_data) + bool prefetch_data, optional_yield y) { int ret = 0; @@ -720,7 +723,7 @@ int rgw_build_object_policies(rgw::sal::RGWRadosStore *store, struct req_state * } ret = read_obj_policy(store, s, s->bucket->get_info(), s->bucket_attrs, s->object_acl.get(), nullptr, s->iam_policy, s->bucket.get(), - s->object.get()); + s->object.get(), y); } return ret; @@ -881,7 +884,7 @@ int retry_raced_bucket_write(rgw::sal::RGWBucket* b, const F& f) { } -int RGWGetObj::verify_permission() +int RGWGetObj::verify_permission(optional_yield y) { s->object->set_atomic(s->obj_ctx); @@ -966,7 +969,7 @@ int RGWOp::verify_op_mask() return 0; } -int RGWGetObjTags::verify_permission() +int RGWGetObjTags::verify_permission(optional_yield y) { auto iam_action = s->object->get_instance().empty()? rgw::IAM::s3GetObjectTagging: @@ -994,7 +997,7 @@ void RGWGetObjTags::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetObjTags::execute() +void RGWGetObjTags::execute(optional_yield y) { rgw::sal::RGWAttrs attrs; @@ -1016,7 +1019,7 @@ void RGWGetObjTags::execute() send_response_data(tags_bl); } -int RGWPutObjTags::verify_permission() +int RGWPutObjTags::verify_permission(optional_yield y) { auto iam_action = s->object->get_instance().empty() ? rgw::IAM::s3PutObjectTagging: @@ -1037,9 +1040,9 @@ int RGWPutObjTags::verify_permission() return 0; } -void RGWPutObjTags::execute() +void RGWPutObjTags::execute(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -1061,7 +1064,7 @@ void RGWDeleteObjTags::pre_exec() } -int RGWDeleteObjTags::verify_permission() +int RGWDeleteObjTags::verify_permission(optional_yield y) { if (!rgw::sal::RGWObject::empty(s->object.get())) { auto iam_action = s->object->get_instance().empty() ? @@ -1084,7 +1087,7 @@ int RGWDeleteObjTags::verify_permission() return 0; } -void RGWDeleteObjTags::execute() +void RGWDeleteObjTags::execute(optional_yield y) { if (rgw::sal::RGWObject::empty(s->object.get())) return; @@ -1092,7 +1095,7 @@ void RGWDeleteObjTags::execute() op_ret = s->object->delete_obj_attrs(s->obj_ctx, RGW_ATTR_TAGS, s->yield); } -int RGWGetBucketTags::verify_permission() +int RGWGetBucketTags::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketTagging)) { @@ -1107,7 +1110,7 @@ void RGWGetBucketTags::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetBucketTags::execute() +void RGWGetBucketTags::execute(optional_yield y) { auto iter = s->bucket_attrs.find(RGW_ATTR_TAGS); if (iter != s->bucket_attrs.end()) { @@ -1119,13 +1122,14 @@ void RGWGetBucketTags::execute() send_response_data(tags_bl); } -int RGWPutBucketTags::verify_permission() { +int RGWPutBucketTags::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketTagging); } -void RGWPutBucketTags::execute() { +void RGWPutBucketTags::execute(optional_yield y) +{ - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -1147,12 +1151,12 @@ void RGWDeleteBucketTags::pre_exec() rgw_bucket_object_pre_exec(s); } -int RGWDeleteBucketTags::verify_permission() +int RGWDeleteBucketTags::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketTagging); } -void RGWDeleteBucketTags::execute() +void RGWDeleteBucketTags::execute(optional_yield y) { bufferlist in_data; op_ret = store->forward_request_to_master(s->user.get(), nullptr, in_data, nullptr, s->info); @@ -1174,7 +1178,7 @@ void RGWDeleteBucketTags::execute() }); } -int RGWGetBucketReplication::verify_permission() +int RGWGetBucketReplication::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3GetReplicationConfiguration)) { return -EACCES; @@ -1188,18 +1192,18 @@ void RGWGetBucketReplication::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetBucketReplication::execute() +void RGWGetBucketReplication::execute(optional_yield y) { send_response_data(); } -int RGWPutBucketReplication::verify_permission() { +int RGWPutBucketReplication::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutReplicationConfiguration); } -void RGWPutBucketReplication::execute() { +void RGWPutBucketReplication::execute(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -1233,12 +1237,12 @@ void RGWDeleteBucketReplication::pre_exec() rgw_bucket_object_pre_exec(s); } -int RGWDeleteBucketReplication::verify_permission() +int RGWDeleteBucketReplication::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3DeleteReplicationConfiguration); } -void RGWDeleteBucketReplication::execute() +void RGWDeleteBucketReplication::execute(optional_yield y) { bufferlist in_data; op_ret = store->forward_request_to_master(s->user.get(), nullptr, in_data, nullptr, s->info); @@ -1605,7 +1609,8 @@ static int iterate_user_manifest_parts(CephContext * const cct, off_t end_ofs, void *param, bool swift_slo), - void * const cb_param) + void * const cb_param, + optional_yield y) { uint64_t obj_ofs = 0, len_count = 0; bool found_start = false, found_end = false, handled_end = false; @@ -1620,8 +1625,8 @@ static int iterate_user_manifest_parts(CephContext * const cct, rgw::sal::RGWBucket::ListResults results; MD5 etag_sum; do { -#define MAX_LIST_OBJS 100 - int r = bucket->list(params, MAX_LIST_OBJS, results, null_yield); + static constexpr auto MAX_LIST_OBJS = 100u; + int r = bucket->list(params, MAX_LIST_OBJS, results, y); if (r < 0) { return r; } @@ -1783,7 +1788,7 @@ static int get_obj_user_manifest_iterate_cb(rgw::sal::RGWBucket* bucket, bucket, ent, bucket_acl, bucket_policy, start_ofs, end_ofs, swift_slo); } -int RGWGetObj::handle_user_manifest(const char *prefix) +int RGWGetObj::handle_user_manifest(const char *prefix, optional_yield y) { const std::string_view prefix_view(prefix); ldpp_dout(this, 2) << "RGWGetObj::handle_user_manifest() prefix=" @@ -1815,7 +1820,7 @@ int RGWGetObj::handle_user_manifest(const char *prefix) return r; } bucket_acl = &_bucket_acl; - r = read_bucket_policy(store, s, ubucket->get_info(), bucket_attrs, bucket_acl, ubucket->get_key()); + r = read_bucket_policy(store, s, ubucket->get_info(), bucket_attrs, bucket_acl, ubucket->get_key(), y); if (r < 0) { ldpp_dout(this, 0) << "failed to read bucket policy" << dendl; return r; @@ -1836,7 +1841,7 @@ int RGWGetObj::handle_user_manifest(const char *prefix) r = iterate_user_manifest_parts(s->cct, store, ofs, end, pbucket, obj_prefix, bucket_acl, *bucket_policy, nullptr, &s->obj_size, &lo_etag, - nullptr /* cb */, nullptr /* cb arg */); + nullptr /* cb */, nullptr /* cb arg */, y); if (r < 0) { return r; } @@ -1850,7 +1855,7 @@ int RGWGetObj::handle_user_manifest(const char *prefix) r = iterate_user_manifest_parts(s->cct, store, ofs, end, pbucket, obj_prefix, bucket_acl, *bucket_policy, &total_len, nullptr, nullptr, - nullptr, nullptr); + nullptr, nullptr, y); if (r < 0) { return r; } @@ -1864,7 +1869,7 @@ int RGWGetObj::handle_user_manifest(const char *prefix) r = iterate_user_manifest_parts(s->cct, store, ofs, end, pbucket, obj_prefix, bucket_acl, *bucket_policy, nullptr, nullptr, nullptr, - get_obj_user_manifest_iterate_cb, (void *)this); + get_obj_user_manifest_iterate_cb, (void *)this, y); if (r < 0) { return r; } @@ -1877,7 +1882,7 @@ int RGWGetObj::handle_user_manifest(const char *prefix) return r; } -int RGWGetObj::handle_slo_manifest(bufferlist& bl) +int RGWGetObj::handle_slo_manifest(bufferlist& bl, optional_yield y) { RGWSLOInfo slo_info; auto bliter = bl.cbegin(); @@ -1946,7 +1951,7 @@ int RGWGetObj::handle_slo_manifest(bufferlist& bl) bucket = tmp_bucket.get(); bucket_acl = &_bucket_acl; r = read_bucket_policy(store, s, tmp_bucket->get_info(), tmp_bucket->get_attrs(), bucket_acl, - tmp_bucket->get_key()); + tmp_bucket->get_key(), y); if (r < 0) { ldpp_dout(this, 0) << "failed to read bucket ACL for bucket " << bucket << dendl; @@ -2063,7 +2068,7 @@ static inline void rgw_cond_decode_objtags( } } -void RGWGetObj::execute() +void RGWGetObj::execute(optional_yield y) { bufferlist bl; gc_invalidate_time = ceph_clock_now(); @@ -2082,7 +2087,7 @@ void RGWGetObj::execute() std::unique_ptr read_op(s->object->get_read_op(s->obj_ctx)); - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) goto done_err; @@ -2157,7 +2162,7 @@ void RGWGetObj::execute() attr_iter = attrs.find(RGW_ATTR_USER_MANIFEST); if (attr_iter != attrs.end() && !skip_manifest) { - op_ret = handle_user_manifest(attr_iter->second.c_str()); + op_ret = handle_user_manifest(attr_iter->second.c_str(), y); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: failed to handle user manifest ret=" << op_ret << dendl; @@ -2169,7 +2174,7 @@ void RGWGetObj::execute() attr_iter = attrs.find(RGW_ATTR_SLO_MANIFEST); if (attr_iter != attrs.end() && !skip_manifest) { is_slo = true; - op_ret = handle_slo_manifest(attr_iter->second); + op_ret = handle_slo_manifest(attr_iter->second, y); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: failed to handle slo manifest ret=" << op_ret << dendl; @@ -2239,7 +2244,7 @@ void RGWGetObj::execute() return; done_err: - send_response_data_error(); + send_response_data_error(y); } int RGWGetObj::init_common() @@ -2267,7 +2272,7 @@ int RGWGetObj::init_common() return 0; } -int RGWListBuckets::verify_permission() +int RGWListBuckets::verify_permission(optional_yield y) { rgw::Partition partition = rgw::Partition::aws; rgw::Service service = rgw::Service::s3; @@ -2286,7 +2291,7 @@ int RGWListBuckets::verify_permission() return 0; } -int RGWGetUsage::verify_permission() +int RGWGetUsage::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -2295,7 +2300,7 @@ int RGWGetUsage::verify_permission() return 0; } -void RGWListBuckets::execute() +void RGWListBuckets::execute(optional_yield y) { bool done; bool started = false; @@ -2303,7 +2308,7 @@ void RGWListBuckets::execute() const uint64_t max_buckets = s->cct->_conf->rgw_list_buckets_max_chunk; - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { goto send_end; } @@ -2325,7 +2330,7 @@ void RGWListBuckets::execute() read_count = max_buckets; } - op_ret = s->user->list_buckets(marker, end_marker, read_count, should_get_stats(), buckets, null_yield); + op_ret = s->user->list_buckets(marker, end_marker, read_count, should_get_stats(), buckets, y); if (op_ret < 0) { /* hmm.. something wrong here.. the user was authenticated, so it @@ -2385,11 +2390,11 @@ send_end: send_response_end(); } -void RGWGetUsage::execute() +void RGWGetUsage::execute(optional_yield y) { uint64_t start_epoch = 0; uint64_t end_epoch = (uint64_t)-1; - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -2428,19 +2433,19 @@ void RGWGetUsage::execute() } } - op_ret = rgw_user_sync_all_stats(store, s->user->get_id(), null_yield); + op_ret = rgw_user_sync_all_stats(store, s->user->get_id(), y); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: failed to sync user stats" << dendl; return; } - op_ret = rgw_user_get_all_buckets_stats(store, s->user->get_id(), buckets_usage, null_yield); + op_ret = rgw_user_get_all_buckets_stats(store, s->user->get_id(), buckets_usage, y); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: failed to get user's buckets stats" << dendl; return; } - op_ret = store->ctl()->user->read_stats(s->user->get_id(), &stats, null_yield); + op_ret = store->ctl()->user->read_stats(s->user->get_id(), &stats, y); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: can't read user header" << dendl; return; @@ -2449,7 +2454,7 @@ void RGWGetUsage::execute() return; } -int RGWStatAccount::verify_permission() +int RGWStatAccount::verify_permission(optional_yield y) { if (!verify_user_permission_no_policy(this, s, RGW_PERM_READ)) { return -EACCES; @@ -2458,7 +2463,7 @@ int RGWStatAccount::verify_permission() return 0; } -void RGWStatAccount::execute() +void RGWStatAccount::execute(optional_yield y) { string marker; rgw::sal::RGWBucketList buckets; @@ -2469,7 +2474,7 @@ void RGWStatAccount::execute() lastmarker = nullptr; op_ret = rgw_read_user_buckets(store, s->user->get_id(), buckets, marker, - string(), max_buckets, true, null_yield); + string(), max_buckets, true, y); if (op_ret < 0) { /* hmm.. something wrong here.. the user was authenticated, so it should exist */ @@ -2514,7 +2519,7 @@ void RGWStatAccount::execute() } while (buckets.is_truncated()); } -int RGWGetBucketVersioning::verify_permission() +int RGWGetBucketVersioning::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketVersioning); } @@ -2524,7 +2529,7 @@ void RGWGetBucketVersioning::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetBucketVersioning::execute() +void RGWGetBucketVersioning::execute(optional_yield y) { if (! s->bucket_exists) { op_ret = -ERR_NO_SUCH_BUCKET; @@ -2536,7 +2541,7 @@ void RGWGetBucketVersioning::execute() mfa_enabled = s->bucket->get_info().mfa_enabled(); } -int RGWSetBucketVersioning::verify_permission() +int RGWSetBucketVersioning::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketVersioning); } @@ -2546,9 +2551,9 @@ void RGWSetBucketVersioning::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWSetBucketVersioning::execute() +void RGWSetBucketVersioning::execute(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -2628,7 +2633,7 @@ void RGWSetBucketVersioning::execute() } } -int RGWGetBucketWebsite::verify_permission() +int RGWGetBucketWebsite::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketWebsite); } @@ -2638,14 +2643,14 @@ void RGWGetBucketWebsite::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetBucketWebsite::execute() +void RGWGetBucketWebsite::execute(optional_yield y) { if (!s->bucket->get_info().has_website) { op_ret = -ERR_NO_SUCH_WEBSITE_CONFIGURATION; } } -int RGWSetBucketWebsite::verify_permission() +int RGWSetBucketWebsite::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketWebsite); } @@ -2655,9 +2660,9 @@ void RGWSetBucketWebsite::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWSetBucketWebsite::execute() +void RGWSetBucketWebsite::execute(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -2682,7 +2687,7 @@ void RGWSetBucketWebsite::execute() } } -int RGWDeleteBucketWebsite::verify_permission() +int RGWDeleteBucketWebsite::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3DeleteBucketWebsite); } @@ -2692,7 +2697,7 @@ void RGWDeleteBucketWebsite::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWDeleteBucketWebsite::execute() +void RGWDeleteBucketWebsite::execute(optional_yield y) { bufferlist in_data; @@ -2715,7 +2720,7 @@ void RGWDeleteBucketWebsite::execute() } } -int RGWStatBucket::verify_permission() +int RGWStatBucket::verify_permission(optional_yield y) { // This (a HEAD request on a bucket) is governed by the s3:ListBucket permission. if (!verify_bucket_permission(this, s, rgw::IAM::s3ListBucket)) { @@ -2730,7 +2735,7 @@ void RGWStatBucket::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWStatBucket::execute() +void RGWStatBucket::execute(optional_yield y) { if (!s->bucket_exists) { op_ret = -ERR_NO_SUCH_BUCKET; @@ -2744,9 +2749,9 @@ void RGWStatBucket::execute() op_ret = bucket->update_container_stats(); } -int RGWListBucket::verify_permission() +int RGWListBucket::verify_permission(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { return op_ret; } @@ -2785,7 +2790,7 @@ void RGWListBucket::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWListBucket::execute() +void RGWListBucket::execute(optional_yield y) { if (!s->bucket_exists) { op_ret = -ERR_NO_SUCH_BUCKET; @@ -2823,17 +2828,17 @@ void RGWListBucket::execute() } } -int RGWGetBucketLogging::verify_permission() +int RGWGetBucketLogging::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketLogging); } -int RGWGetBucketLocation::verify_permission() +int RGWGetBucketLocation::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketLocation); } -int RGWCreateBucket::verify_permission() +int RGWCreateBucket::verify_permission(optional_yield y) { /* This check is mostly needed for S3 that doesn't support account ACL. * Swift doesn't allow to delegate any permission to an anonymous user, @@ -2870,7 +2875,7 @@ int RGWCreateBucket::verify_permission() string marker; op_ret = rgw_read_user_buckets(store, s->user->get_id(), buckets, marker, string(), s->user->get_max_buckets(), - false, null_yield); + false, y); if (op_ret < 0) { return op_ret; } @@ -3054,14 +3059,14 @@ static void filter_out_website(std::map& add_attr } -void RGWCreateBucket::execute() +void RGWCreateBucket::execute(optional_yield y) { buffer::list aclbl; buffer::list corsbl; string bucket_name = rgw_make_bucket_entry_name(s->bucket_tenant, s->bucket_name); rgw_raw_obj obj(store->svc()->zone->get_zone_params().domain_root, bucket_name); - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -3179,7 +3184,7 @@ void RGWCreateBucket::execute() info.swift_ver_location, pquota_info, policy, attrs, info, ep_objv, true, obj_lock_enabled, &s->bucket_exists, s->info, - &s->bucket, null_yield); + &s->bucket, y); /* continue if EEXIST and create_bucket will fail below. this way we can * recover from a partial create by retrying it. */ @@ -3271,7 +3276,7 @@ void RGWCreateBucket::execute() } } -int RGWDeleteBucket::verify_permission() +int RGWDeleteBucket::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3DeleteBucket)) { return -EACCES; @@ -3285,7 +3290,7 @@ void RGWDeleteBucket::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWDeleteBucket::execute() +void RGWDeleteBucket::execute(optional_yield y) { if (s->bucket_name.empty()) { op_ret = -EINVAL; @@ -3317,7 +3322,7 @@ void RGWDeleteBucket::execute() } } - op_ret = s->bucket->sync_user_stats(null_yield); + op_ret = s->bucket->sync_user_stats(y); if ( op_ret < 0) { ldpp_dout(this, 1) << "WARNING: failed to sync user stats before bucket delete: op_ret= " << op_ret << dendl; } @@ -3363,7 +3368,7 @@ void RGWDeleteBucket::execute() return; } -int RGWPutObj::init_processing() { +int RGWPutObj::init_processing(optional_yield y) { copy_source = url_decode(s->info.env->get("HTTP_X_AMZ_COPY_SOURCE", "")); copy_source_range = s->info.env->get("HTTP_X_AMZ_COPY_SOURCE_RANGE"); map src_attrs; @@ -3453,10 +3458,10 @@ int RGWPutObj::init_processing() { } } /* copy_source */ - return RGWOp::init_processing(); + return RGWOp::init_processing(y); } -int RGWPutObj::verify_permission() +int RGWPutObj::verify_permission(optional_yield y) { if (! copy_source.empty()) { @@ -3476,7 +3481,7 @@ int RGWPutObj::verify_permission() /* check source object permissions */ if (read_obj_policy(store, s, copy_source_bucket_info, cs_attrs, &cs_acl, nullptr, - policy, cs_bucket.get(), cs_object.get(), true) < 0) { + policy, cs_bucket.get(), cs_object.get(), y, true) < 0) { return -EACCES; } @@ -3523,7 +3528,7 @@ int RGWPutObj::verify_permission() return -EACCES; } - auto op_ret = get_params(); + auto op_ret = get_params(y); if (op_ret < 0) { ldpp_dout(this, 20) << "get_params() returned ret=" << op_ret << dendl; return op_ret; @@ -3710,7 +3715,7 @@ static CompressorRef get_compressor_plugin(const req_state *s, return Compressor::create(s->cct, alg); } -void RGWPutObj::execute() +void RGWPutObj::execute(optional_yield y) { char supplied_md5_bin[CEPH_CRYPTO_MD5_DIGESTSIZE + 1]; char supplied_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1]; @@ -3768,7 +3773,7 @@ void RGWPutObj::execute() if (!chunked_upload) { /* with chunked upload we don't know how big is the upload. we also check sizes at the end anyway */ - op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->content_length, null_yield); + op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->content_length, y); if (op_ret < 0) { ldpp_dout(this, 20) << "check_quota() returned ret=" << op_ret << dendl; return; @@ -3978,7 +3983,7 @@ void RGWPutObj::execute() return; } - op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->obj_size, null_yield); + op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->obj_size, y); if (op_ret < 0) { ldpp_dout(this, 20) << "second check_quota() returned op_ret=" << op_ret << dendl; return; @@ -4090,7 +4095,7 @@ void RGWPutObj::execute() } } -int RGWPostObj::verify_permission() +int RGWPostObj::verify_permission(optional_yield y) { return 0; } @@ -4100,14 +4105,14 @@ void RGWPostObj::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWPostObj::execute() +void RGWPostObj::execute(optional_yield y) { boost::optional compressor; CompressorRef plugin; char supplied_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1]; /* Read in the data from the POST form. */ - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { return; } @@ -4162,7 +4167,7 @@ void RGWPostObj::execute() ceph::buffer::list bl, aclbl; int len = 0; - op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->content_length, null_yield); + op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->content_length, y); if (op_ret < 0) { return; } @@ -4267,7 +4272,7 @@ void RGWPostObj::execute() s->object->set_obj_size(ofs); - op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->obj_size, null_yield); + op_ret = s->bucket->check_quota(user_quota, bucket_quota, s->obj_size, y); if (op_ret < 0) { return; } @@ -4352,18 +4357,18 @@ void RGWPutMetadataAccount::filter_out_temp_url(map& add_att } } -int RGWPutMetadataAccount::init_processing() +int RGWPutMetadataAccount::init_processing(optional_yield y) { /* First, go to the base class. At the time of writing the method was * responsible only for initializing the quota. This isn't necessary * here as we are touching metadata only. I'm putting this call only * for the future. */ - op_ret = RGWOp::init_processing(); + op_ret = RGWOp::init_processing(y); if (op_ret < 0) { return op_ret; } - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { return op_ret; } @@ -4402,7 +4407,7 @@ int RGWPutMetadataAccount::init_processing() return 0; } -int RGWPutMetadataAccount::verify_permission() +int RGWPutMetadataAccount::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -4427,7 +4432,7 @@ int RGWPutMetadataAccount::verify_permission() return 0; } -void RGWPutMetadataAccount::execute() +void RGWPutMetadataAccount::execute(optional_yield y) { /* Params have been extracted earlier. See init_processing(). */ RGWUserInfo new_uinfo; @@ -4459,7 +4464,7 @@ void RGWPutMetadataAccount::execute() .set_attrs(&attrs)); } -int RGWPutMetadataBucket::verify_permission() +int RGWPutMetadataBucket::verify_permission(optional_yield y) { if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) { return -EACCES; @@ -4473,9 +4478,9 @@ void RGWPutMetadataBucket::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWPutMetadataBucket::execute() +void RGWPutMetadataBucket::execute(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { return; } @@ -4547,7 +4552,7 @@ void RGWPutMetadataBucket::execute() }); } -int RGWPutMetadataObject::verify_permission() +int RGWPutMetadataObject::verify_permission(optional_yield y) { // This looks to be something specific to Swift. We could add // operations like swift:PutMetadataObject to the Policy Engine. @@ -4563,14 +4568,14 @@ void RGWPutMetadataObject::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWPutMetadataObject::execute() +void RGWPutMetadataObject::execute(optional_yield y) { rgw_obj target_obj; rgw::sal::RGWAttrs attrs, rmattrs; s->object->set_atomic(s->obj_ctx); - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { return; } @@ -4609,7 +4614,7 @@ void RGWPutMetadataObject::execute() op_ret = s->object->set_obj_attrs(s->obj_ctx, &attrs, &rmattrs, s->yield, &target_obj); } -int RGWDeleteObj::handle_slo_manifest(bufferlist& bl) +int RGWDeleteObj::handle_slo_manifest(bufferlist& bl, optional_yield y) { RGWSLOInfo slo_info; auto bliter = bl.cbegin(); @@ -4650,7 +4655,7 @@ int RGWDeleteObj::handle_slo_manifest(bufferlist& bl) path.obj_key = s->object->get_key(); items.push_back(path); - int ret = deleter->delete_chunk(items); + int ret = deleter->delete_chunk(items, y); if (ret < 0) { return ret; } @@ -4658,9 +4663,9 @@ int RGWDeleteObj::handle_slo_manifest(bufferlist& bl) return 0; } -int RGWDeleteObj::verify_permission() +int RGWDeleteObj::verify_permission(optional_yield y) { - int op_ret = get_params(); + int op_ret = get_params(y); if (op_ret) { return op_ret; } @@ -4723,7 +4728,7 @@ void RGWDeleteObj::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWDeleteObj::execute() +void RGWDeleteObj::execute(optional_yield y) { if (!s->bucket_exists) { op_ret = -ERR_NO_SUCH_BUCKET; @@ -4797,7 +4802,7 @@ void RGWDeleteObj::execute() const auto slo_attr = attrs.find(RGW_ATTR_SLO_MANIFEST); if (slo_attr != attrs.end()) { - op_ret = handle_slo_manifest(slo_attr->second); + op_ret = handle_slo_manifest(slo_attr->second, y); if (op_ret < 0) { ldpp_dout(this, 0) << "ERROR: failed to handle slo manifest ret=" << op_ret << dendl; } @@ -4934,11 +4939,11 @@ bool RGWCopyObj::parse_copy_location(const std::string_view& url_src, return true; } -int RGWCopyObj::verify_permission() +int RGWCopyObj::verify_permission(optional_yield y) { RGWAccessControlPolicy src_acl(s->cct); boost::optional src_policy; - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return op_ret; @@ -4975,7 +4980,7 @@ int RGWCopyObj::verify_permission() /* check source object permissions */ op_ret = read_obj_policy(store, s, src_bucket->get_info(), src_bucket->get_attrs(), &src_acl, &src_placement.storage_class, - src_policy, src_bucket.get(), src_object.get()); + src_policy, src_bucket.get(), src_object.get(), y); if (op_ret < 0) { return op_ret; } @@ -5043,7 +5048,7 @@ int RGWCopyObj::verify_permission() /* check dest bucket permissions */ op_ret = read_bucket_policy(store, s, dest_bucket->get_info(), dest_bucket->get_attrs(), - &dest_bucket_policy, dest_bucket->get_key()); + &dest_bucket_policy, dest_bucket->get_key(), y); if (op_ret < 0) { return op_ret; } @@ -5139,7 +5144,7 @@ void RGWCopyObj::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWCopyObj::execute() +void RGWCopyObj::execute(optional_yield y) { if (init_common() < 0) return; @@ -5174,7 +5179,7 @@ void RGWCopyObj::execute() } // enforce quota against the destination bucket owner op_ret = dest_bucket->check_quota(user_quota, bucket_quota, - astate->accounted_size, null_yield); + astate->accounted_size, y); if (op_ret < 0) { return; } @@ -5230,7 +5235,7 @@ void RGWCopyObj::execute() } } -int RGWGetACLs::verify_permission() +int RGWGetACLs::verify_permission(optional_yield y) { bool perm; if (!rgw::sal::RGWObject::empty(s->object.get())) { @@ -5266,7 +5271,7 @@ void RGWGetACLs::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetACLs::execute() +void RGWGetACLs::execute(optional_yield y) { stringstream ss; RGWAccessControlPolicy* const acl = \ @@ -5279,7 +5284,7 @@ void RGWGetACLs::execute() -int RGWPutACLs::verify_permission() +int RGWPutACLs::verify_permission(optional_yield y) { bool perm; @@ -5299,7 +5304,7 @@ int RGWPutACLs::verify_permission() return 0; } -int RGWGetLC::verify_permission() +int RGWGetLC::verify_permission(optional_yield y) { bool perm; perm = verify_bucket_permission(this, s, rgw::IAM::s3GetLifecycleConfiguration); @@ -5309,7 +5314,7 @@ int RGWGetLC::verify_permission() return 0; } -int RGWPutLC::verify_permission() +int RGWPutLC::verify_permission(optional_yield y) { bool perm; perm = verify_bucket_permission(this, s, rgw::IAM::s3PutLifecycleConfiguration); @@ -5319,7 +5324,7 @@ int RGWPutLC::verify_permission() return 0; } -int RGWDeleteLC::verify_permission() +int RGWDeleteLC::verify_permission(optional_yield y) { bool perm; perm = verify_bucket_permission(this, s, rgw::IAM::s3PutLifecycleConfiguration); @@ -5349,7 +5354,7 @@ void RGWDeleteLC::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWPutACLs::execute() +void RGWPutACLs::execute(optional_yield y) { bufferlist bl; @@ -5371,7 +5376,7 @@ void RGWPutACLs::execute() owner = existing_policy->get_owner(); - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { if (op_ret == -ERANGE) { ldpp_dout(this, 4) << "The size of request xml data is larger than the max limitation, data size = " @@ -5485,7 +5490,7 @@ void RGWPutACLs::execute() } } -void RGWPutLC::execute() +void RGWPutLC::execute(optional_yield y) { bufferlist bl; @@ -5517,7 +5522,7 @@ void RGWPutLC::execute() return; } - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -5577,7 +5582,7 @@ void RGWPutLC::execute() return; } -void RGWDeleteLC::execute() +void RGWDeleteLC::execute(optional_yield y) { bufferlist data; op_ret = store->forward_request_to_master(s->user.get(), nullptr, data, nullptr, s->info); @@ -5593,12 +5598,12 @@ void RGWDeleteLC::execute() return; } -int RGWGetCORS::verify_permission() +int RGWGetCORS::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketCORS); } -void RGWGetCORS::execute() +void RGWGetCORS::execute(optional_yield y) { op_ret = read_bucket_cors(); if (op_ret < 0) @@ -5611,16 +5616,16 @@ void RGWGetCORS::execute() } } -int RGWPutCORS::verify_permission() +int RGWPutCORS::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketCORS); } -void RGWPutCORS::execute() +void RGWPutCORS::execute(optional_yield y) { rgw_raw_obj obj; - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -5637,13 +5642,13 @@ void RGWPutCORS::execute() }); } -int RGWDeleteCORS::verify_permission() +int RGWDeleteCORS::verify_permission(optional_yield y) { // No separate delete permission return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketCORS); } -void RGWDeleteCORS::execute() +void RGWDeleteCORS::execute(optional_yield y) { bufferlist data; op_ret = store->forward_request_to_master(s->user.get(), nullptr, data, nullptr, s->info); @@ -5696,7 +5701,7 @@ int RGWOptionsCORS::validate_cors_request(RGWCORSConfiguration *cc) { return 0; } -void RGWOptionsCORS::execute() +void RGWOptionsCORS::execute(optional_yield y) { op_ret = read_bucket_cors(); if (op_ret < 0) @@ -5728,7 +5733,7 @@ void RGWOptionsCORS::execute() return; } -int RGWGetRequestPayment::verify_permission() +int RGWGetRequestPayment::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketRequestPayment); } @@ -5738,12 +5743,12 @@ void RGWGetRequestPayment::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetRequestPayment::execute() +void RGWGetRequestPayment::execute(optional_yield y) { requester_pays = s->bucket->get_info().requester_pays; } -int RGWSetRequestPayment::verify_permission() +int RGWSetRequestPayment::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketRequestPayment); } @@ -5753,7 +5758,7 @@ void RGWSetRequestPayment::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWSetRequestPayment::execute() +void RGWSetRequestPayment::execute(optional_yield y) { op_ret = store->forward_request_to_master(s->user.get(), nullptr, in_data, nullptr, s->info); @@ -5762,7 +5767,7 @@ void RGWSetRequestPayment::execute() return; } - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -5777,7 +5782,7 @@ void RGWSetRequestPayment::execute() s->bucket_attrs = s->bucket->get_attrs(); } -int RGWInitMultipart::verify_permission() +int RGWInitMultipart::verify_permission(optional_yield y) { if (s->iam_policy || ! s->iam_user_policies.empty()) { auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env, @@ -5815,13 +5820,13 @@ void RGWInitMultipart::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWInitMultipart::execute() +void RGWInitMultipart::execute(optional_yield y) { bufferlist aclbl; map attrs; rgw_obj obj; - if (get_params() < 0) + if (get_params(y) < 0) return; if (rgw::sal::RGWObject::empty(s->object.get())) @@ -5893,7 +5898,7 @@ void RGWInitMultipart::execute() } } -int RGWCompleteMultipart::verify_permission() +int RGWCompleteMultipart::verify_permission(optional_yield y) { if (s->iam_policy || ! s->iam_user_policies.empty()) { auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env, @@ -5931,7 +5936,7 @@ void RGWCompleteMultipart::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWCompleteMultipart::execute() +void RGWCompleteMultipart::execute(optional_yield y) { RGWMultiCompleteUpload *parts; map::iterator iter; @@ -5951,7 +5956,7 @@ void RGWCompleteMultipart::execute() RGWObjManifest manifest; uint64_t olh_epoch = 0; - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; op_ret = get_system_versioning_params(s, &olh_epoch, &version_id); @@ -6032,7 +6037,7 @@ void RGWCompleteMultipart::execute() meta_obj->get_obj(), &meta_pool); store->getRados()->open_pool_ctx(meta_pool, serializer.ioctx, true); - op_ret = serializer.try_lock(raw_obj.oid, dur); + op_ret = serializer.try_lock(raw_obj.oid, dur, y); if (op_ret < 0) { ldpp_dout(this, 0) << "failed to acquire lock" << dendl; op_ret = -ERR_INTERNAL_ERROR; @@ -6217,13 +6222,13 @@ void RGWCompleteMultipart::execute() int RGWCompleteMultipart::MPSerializer::try_lock( const std::string& _oid, - utime_t dur) + utime_t dur, optional_yield y) { oid = _oid; op.assert_exists(); lock.set_duration(dur); lock.lock_exclusive(&op); - int ret = rgw_rados_operate(ioctx, oid, &op, null_yield); + int ret = rgw_rados_operate(ioctx, oid, &op, y); if (! ret) { locked = true; } @@ -6242,7 +6247,7 @@ void RGWCompleteMultipart::complete() send_response(); } -int RGWAbortMultipart::verify_permission() +int RGWAbortMultipart::verify_permission(optional_yield y) { if (s->iam_policy || ! s->iam_user_policies.empty()) { auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env, @@ -6279,7 +6284,7 @@ void RGWAbortMultipart::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWAbortMultipart::execute() +void RGWAbortMultipart::execute(optional_yield y) { op_ret = -EINVAL; string upload_id; @@ -6302,7 +6307,7 @@ void RGWAbortMultipart::execute() op_ret = abort_multipart_upload(store, s->cct, obj_ctx, s->bucket->get_info(), mp); } -int RGWListMultipart::verify_permission() +int RGWListMultipart::verify_permission(optional_yield y) { if (!verify_object_permission(this, s, rgw::IAM::s3ListMultipartUploadParts)) return -EACCES; @@ -6315,12 +6320,12 @@ void RGWListMultipart::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWListMultipart::execute() +void RGWListMultipart::execute(optional_yield y) { string meta_oid; RGWMPObj mp; - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -6335,7 +6340,7 @@ void RGWListMultipart::execute() marker, parts, NULL, &truncated); } -int RGWListBucketMultiparts::verify_permission() +int RGWListBucketMultiparts::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, @@ -6350,12 +6355,12 @@ void RGWListBucketMultiparts::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWListBucketMultiparts::execute() +void RGWListBucketMultiparts::execute(optional_yield y) { vector objs; string marker_meta; - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -6393,7 +6398,7 @@ void RGWListBucketMultiparts::execute() } } -void RGWGetHealthCheck::execute() +void RGWGetHealthCheck::execute(optional_yield y) { if (!g_conf()->rgw_healthcheck_disabling_path.empty() && (::access(g_conf()->rgw_healthcheck_disabling_path.c_str(), F_OK) == 0)) { @@ -6404,7 +6409,7 @@ void RGWGetHealthCheck::execute() } } -int RGWDeleteMultiObj::verify_permission() +int RGWDeleteMultiObj::verify_permission(optional_yield y) { if (s->iam_policy || ! s->iam_user_policies.empty()) { auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env, @@ -6445,7 +6450,7 @@ void RGWDeleteMultiObj::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWDeleteMultiObj::execute() +void RGWDeleteMultiObj::execute(optional_yield y) { RGWMultiDelDelete *multi_delete; vector::iterator iter; @@ -6453,7 +6458,7 @@ void RGWDeleteMultiObj::execute() RGWObjectCtx *obj_ctx = static_cast(s->obj_ctx); char* buf; - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { goto error; } @@ -6597,10 +6602,11 @@ error: bool RGWBulkDelete::Deleter::verify_permission(RGWBucketInfo& binfo, map& battrs, - ACLOwner& bucket_owner /* out */) + ACLOwner& bucket_owner /* out */, + optional_yield y) { RGWAccessControlPolicy bacl(store->ctx()); - int ret = read_bucket_policy(store, s, binfo, battrs, &bacl, binfo.bucket); + int ret = read_bucket_policy(store, s, binfo, battrs, &bacl, binfo.bucket, y); if (ret < 0) { return false; } @@ -6615,7 +6621,7 @@ bool RGWBulkDelete::Deleter::verify_permission(RGWBucketInfo& binfo, &bacl, policy, s->iam_user_policies, rgw::IAM::s3DeleteBucket); } -bool RGWBulkDelete::Deleter::delete_single(const acct_path_t& path) +bool RGWBulkDelete::Deleter::delete_single(const acct_path_t& path, optional_yield y) { std::unique_ptr bucket; ACLOwner bowner; @@ -6631,7 +6637,7 @@ bool RGWBulkDelete::Deleter::delete_single(const acct_path_t& path) goto binfo_fail; } - if (!verify_permission(bucket->get_info(), bucket->get_attrs(), bowner)) { + if (!verify_permission(bucket->get_info(), bucket->get_attrs(), bowner, y)) { ret = -EACCES; goto auth_fail; } @@ -6699,18 +6705,18 @@ delop_fail: return false; } -bool RGWBulkDelete::Deleter::delete_chunk(const std::list& paths) +bool RGWBulkDelete::Deleter::delete_chunk(const std::list& paths, optional_yield y) { ldpp_dout(s, 20) << "in delete_chunk" << dendl; for (auto path : paths) { ldpp_dout(s, 20) << "bulk deleting path: " << path << dendl; - delete_single(path); + delete_single(path, y); } return true; } -int RGWBulkDelete::verify_permission() +int RGWBulkDelete::verify_permission(optional_yield y) { return 0; } @@ -6720,7 +6726,7 @@ void RGWBulkDelete::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWBulkDelete::execute() +void RGWBulkDelete::execute(optional_yield y) { deleter = std::unique_ptr(new Deleter(this, store, s)); @@ -6733,7 +6739,7 @@ void RGWBulkDelete::execute() return; } - ret = deleter->delete_chunk(items); + ret = deleter->delete_chunk(items, y); } while (!op_ret && is_truncated); return; @@ -6742,7 +6748,7 @@ void RGWBulkDelete::execute() constexpr std::array RGWBulkUploadOp::terminal_errors; -int RGWBulkUploadOp::verify_permission() +int RGWBulkUploadOp::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -6820,14 +6826,14 @@ RGWBulkUploadOp::handle_upload_path(struct req_state *s) return std::make_pair(bucket_path, file_prefix); } -int RGWBulkUploadOp::handle_dir_verify_permission() +int RGWBulkUploadOp::handle_dir_verify_permission(optional_yield y) { if (s->user->get_max_buckets() > 0) { rgw::sal::RGWBucketList buckets; std::string marker; op_ret = rgw_read_user_buckets(store, s->user->get_user(), buckets, marker, std::string(), s->user->get_max_buckets(), - false, null_yield); + false, y); if (op_ret < 0) { return op_ret; } @@ -6862,11 +6868,11 @@ void RGWBulkUploadOp::init(rgw::sal::RGWRadosStore* const store, dir_ctx.emplace(store->svc()->sysobj->init_obj_ctx()); } -int RGWBulkUploadOp::handle_dir(const std::string_view path) +int RGWBulkUploadOp::handle_dir(const std::string_view path, optional_yield y) { ldpp_dout(this, 20) << "got directory=" << path << dendl; - op_ret = handle_dir_verify_permission(); + op_ret = handle_dir_verify_permission(y); if (op_ret < 0) { return op_ret; } @@ -6910,7 +6916,7 @@ int RGWBulkUploadOp::handle_dir(const std::string_view path) pquota_info, policy, attrs, out_info, ep_objv, true, false, &bucket_exists, - info, &bucket, null_yield); + info, &bucket, y); /* continue if EEXIST and create_bucket will fail below. this way we can * recover from a partial create by retrying it. */ ldpp_dout(this, 20) << "rgw_create_bucket returned ret=" << op_ret @@ -6957,10 +6963,11 @@ int RGWBulkUploadOp::handle_dir(const std::string_view path) bool RGWBulkUploadOp::handle_file_verify_permission(RGWBucketInfo& binfo, const rgw_obj& obj, std::map& battrs, - ACLOwner& bucket_owner /* out */) + ACLOwner& bucket_owner /* out */, + optional_yield y) { RGWAccessControlPolicy bacl(store->ctx()); - op_ret = read_bucket_policy(store, s, binfo, battrs, &bacl, binfo.bucket); + op_ret = read_bucket_policy(store, s, binfo, battrs, &bacl, binfo.bucket, y); if (op_ret < 0) { ldpp_dout(this, 20) << "cannot read_policy() for bucket" << dendl; return false; @@ -6993,7 +7000,7 @@ bool RGWBulkUploadOp::handle_file_verify_permission(RGWBucketInfo& binfo, int RGWBulkUploadOp::handle_file(const std::string_view path, const size_t size, - AlignedStreamGetter& body) + AlignedStreamGetter& body, optional_yield y) { ldpp_dout(this, 20) << "got file=" << path << ", size=" << size << dendl; @@ -7022,13 +7029,13 @@ int RGWBulkUploadOp::handle_file(const std::string_view path, if (! handle_file_verify_permission(bucket->get_info(), obj->get_obj(), - bucket->get_attrs(), bowner)) { + bucket->get_attrs(), bowner, y)) { ldpp_dout(this, 20) << "object creation unauthorized" << dendl; op_ret = -EACCES; return op_ret; } - op_ret = bucket->check_quota(user_quota, bucket_quota, size, null_yield); + op_ret = bucket->check_quota(user_quota, bucket_quota, size, y); if (op_ret < 0) { return op_ret; } @@ -7108,7 +7115,7 @@ int RGWBulkUploadOp::handle_file(const std::string_view path, return op_ret; } - op_ret = bucket->check_quota(user_quota, bucket_quota, size, null_yield); + op_ret = bucket->check_quota(user_quota, bucket_quota, size, y); if (op_ret < 0) { ldpp_dout(this, 20) << "quota exceeded for path=" << path << dendl; return op_ret; @@ -7157,7 +7164,7 @@ int RGWBulkUploadOp::handle_file(const std::string_view path, return op_ret; } -void RGWBulkUploadOp::execute() +void RGWBulkUploadOp::execute(optional_yield y) { ceph::bufferlist buffer(64 * 1024); @@ -7208,7 +7215,7 @@ void RGWBulkUploadOp::execute() rgw::tar::BLOCK_SIZE, *stream); op_ret = handle_file(filename, header->get_filesize(), - body); + body, y); if (! op_ret) { /* Only regular files counts. */ num_created++; @@ -7221,7 +7228,7 @@ void RGWBulkUploadOp::execute() ldpp_dout(this, 2) << "handling regular directory" << dendl; std::string_view dirname = bucket_path.empty() ? header->get_filename() : bucket_path; - op_ret = handle_dir(dirname); + op_ret = handle_dir(dirname, y); if (op_ret < 0 && op_ret != -ERR_BUCKET_EXISTS) { failures.emplace_back(op_ret, std::string(dirname)); } @@ -7281,7 +7288,7 @@ ssize_t RGWBulkUploadOp::AlignedStreamGetter::get_exactly(const size_t want, return len; } -int RGWSetAttrs::verify_permission() +int RGWSetAttrs::verify_permission(optional_yield y) { // This looks to be part of the RGW-NFS machinery and has no S3 or // Swift equivalent. @@ -7302,9 +7309,9 @@ void RGWSetAttrs::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWSetAttrs::execute() +void RGWSetAttrs::execute(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -7326,7 +7333,7 @@ void RGWGetObjLayout::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetObjLayout::execute() +void RGWGetObjLayout::execute(optional_yield y) { /* Make sure bucket is correct */ s->object->set_bucket(s->bucket.get()); @@ -7345,7 +7352,7 @@ void RGWGetObjLayout::execute() } -int RGWConfigBucketMetaSearch::verify_permission() +int RGWConfigBucketMetaSearch::verify_permission(optional_yield y) { if (!s->auth.identity->is_owner_of(s->bucket_owner.get_id())) { return -EACCES; @@ -7359,9 +7366,9 @@ void RGWConfigBucketMetaSearch::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWConfigBucketMetaSearch::execute() +void RGWConfigBucketMetaSearch::execute(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { ldpp_dout(this, 20) << "NOTICE: get_params() returned ret=" << op_ret << dendl; return; @@ -7378,7 +7385,7 @@ void RGWConfigBucketMetaSearch::execute() s->bucket_attrs = s->bucket->get_attrs(); } -int RGWGetBucketMetaSearch::verify_permission() +int RGWGetBucketMetaSearch::verify_permission(optional_yield y) { if (!s->auth.identity->is_owner_of(s->bucket_owner.get_id())) { return -EACCES; @@ -7392,7 +7399,7 @@ void RGWGetBucketMetaSearch::pre_exec() rgw_bucket_object_pre_exec(s); } -int RGWDelBucketMetaSearch::verify_permission() +int RGWDelBucketMetaSearch::verify_permission(optional_yield y) { if (!s->auth.identity->is_owner_of(s->bucket_owner.get_id())) { return -EACCES; @@ -7406,7 +7413,7 @@ void RGWDelBucketMetaSearch::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWDelBucketMetaSearch::execute() +void RGWDelBucketMetaSearch::execute(optional_yield y) { s->bucket->get_info().mdsearch_config.clear(); @@ -7434,9 +7441,9 @@ int RGWHandler::init(rgw::sal::RGWRadosStore *_store, return 0; } -int RGWHandler::do_init_permissions() +int RGWHandler::do_init_permissions(optional_yield y) { - int ret = rgw_build_bucket_policies(store, s); + int ret = rgw_build_bucket_policies(store, s, y); if (ret < 0) { ldpp_dout(s, 10) << "init_permissions on " << s->bucket << " failed, ret=" << ret << dendl; @@ -7447,13 +7454,13 @@ int RGWHandler::do_init_permissions() return ret; } -int RGWHandler::do_read_permissions(RGWOp *op, bool only_bucket) +int RGWHandler::do_read_permissions(RGWOp *op, bool only_bucket, optional_yield y) { if (only_bucket) { /* already read bucket info */ return 0; } - int ret = rgw_build_object_policies(store, s, op->prefetch_data()); + int ret = rgw_build_object_policies(store, s, op->prefetch_data(), y); if (ret < 0) { ldpp_dout(op, 10) << "read_permissions on " << s->bucket << ":" @@ -7468,11 +7475,11 @@ int RGWHandler::do_read_permissions(RGWOp *op, bool only_bucket) return ret; } -int RGWOp::error_handler(int err_no, string *error_content) { - return dialect_handler->error_handler(err_no, error_content); +int RGWOp::error_handler(int err_no, string *error_content, optional_yield y) { + return dialect_handler->error_handler(err_no, error_content, y); } -int RGWHandler::error_handler(int err_no, string *error_content) { +int RGWHandler::error_handler(int err_no, string *error_content, optional_yield) { // This is the do-nothing error handler return err_no; } @@ -7500,7 +7507,7 @@ void RGWPutBucketPolicy::send_response() end_header(s); } -int RGWPutBucketPolicy::verify_permission() +int RGWPutBucketPolicy::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3PutBucketPolicy)) { return -EACCES; @@ -7509,7 +7516,7 @@ int RGWPutBucketPolicy::verify_permission() return 0; } -int RGWPutBucketPolicy::get_params() +int RGWPutBucketPolicy::get_params(optional_yield y) { const auto max_size = s->cct->_conf->rgw_max_put_param_size; // At some point when I have more time I want to make a version of @@ -7520,9 +7527,9 @@ int RGWPutBucketPolicy::get_params() return op_ret; } -void RGWPutBucketPolicy::execute() +void RGWPutBucketPolicy::execute(optional_yield y) { - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { return; } @@ -7565,7 +7572,7 @@ void RGWGetBucketPolicy::send_response() dump_body(s, policy); } -int RGWGetBucketPolicy::verify_permission() +int RGWGetBucketPolicy::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketPolicy)) { return -EACCES; @@ -7574,7 +7581,7 @@ int RGWGetBucketPolicy::verify_permission() return 0; } -void RGWGetBucketPolicy::execute() +void RGWGetBucketPolicy::execute(optional_yield y) { rgw::sal::RGWAttrs attrs(s->bucket_attrs); auto aiter = attrs.find(RGW_ATTR_IAM_POLICY); @@ -7606,7 +7613,7 @@ void RGWDeleteBucketPolicy::send_response() end_header(s); } -int RGWDeleteBucketPolicy::verify_permission() +int RGWDeleteBucketPolicy::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3DeleteBucketPolicy)) { return -EACCES; @@ -7615,7 +7622,7 @@ int RGWDeleteBucketPolicy::verify_permission() return 0; } -void RGWDeleteBucketPolicy::execute() +void RGWDeleteBucketPolicy::execute(optional_yield y) { op_ret = retry_raced_bucket_write(s->bucket.get(), [this] { rgw::sal::RGWAttrs attrs(s->bucket_attrs); @@ -7630,12 +7637,12 @@ void RGWPutBucketObjectLock::pre_exec() rgw_bucket_object_pre_exec(s); } -int RGWPutBucketObjectLock::verify_permission() +int RGWPutBucketObjectLock::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketObjectLockConfiguration); } -void RGWPutBucketObjectLock::execute() +void RGWPutBucketObjectLock::execute(optional_yield y) { if (!s->bucket->get_info().obj_lock_enabled()) { ldpp_dout(this, 0) << "ERROR: object Lock configuration cannot be enabled on existing buckets" << dendl; @@ -7649,7 +7656,7 @@ void RGWPutBucketObjectLock::execute() op_ret = -EINVAL; return; } - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) { return; } @@ -7690,12 +7697,12 @@ void RGWGetBucketObjectLock::pre_exec() rgw_bucket_object_pre_exec(s); } -int RGWGetBucketObjectLock::verify_permission() +int RGWGetBucketObjectLock::verify_permission(optional_yield y) { return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketObjectLockConfiguration); } -void RGWGetBucketObjectLock::execute() +void RGWGetBucketObjectLock::execute(optional_yield y) { if (!s->bucket->get_info().obj_lock_enabled()) { op_ret = -ERR_NO_SUCH_OBJECT_LOCK_CONFIGURATION; @@ -7703,12 +7710,12 @@ void RGWGetBucketObjectLock::execute() } } -int RGWPutObjRetention::verify_permission() +int RGWPutObjRetention::verify_permission(optional_yield y) { if (!verify_object_permission(this, s, rgw::IAM::s3PutObjectRetention)) { return -EACCES; } - op_ret = get_params(); + op_ret = get_params(y); if (op_ret) { return op_ret; } @@ -7723,7 +7730,7 @@ void RGWPutObjRetention::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWPutObjRetention::execute() +void RGWPutObjRetention::execute(optional_yield y) { if (!s->bucket->get_info().obj_lock_enabled()) { ldpp_dout(this, 0) << "ERROR: object retention can't be set if bucket object lock not configured" << dendl; @@ -7789,7 +7796,7 @@ void RGWPutObjRetention::execute() return; } -int RGWGetObjRetention::verify_permission() +int RGWGetObjRetention::verify_permission(optional_yield y) { if (!verify_object_permission(this, s, rgw::IAM::s3GetObjectRetention)) { return -EACCES; @@ -7802,7 +7809,7 @@ void RGWGetObjRetention::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetObjRetention::execute() +void RGWGetObjRetention::execute(optional_yield y) { if (!s->bucket->get_info().obj_lock_enabled()) { ldpp_dout(this, 0) << "ERROR: bucket object lock not configured" << dendl; @@ -7833,7 +7840,7 @@ void RGWGetObjRetention::execute() return; } -int RGWPutObjLegalHold::verify_permission() +int RGWPutObjLegalHold::verify_permission(optional_yield y) { if (!verify_object_permission(this, s, rgw::IAM::s3PutObjectLegalHold)) { return -EACCES; @@ -7846,7 +7853,7 @@ void RGWPutObjLegalHold::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWPutObjLegalHold::execute() { +void RGWPutObjLegalHold::execute(optional_yield y) { if (!s->bucket->get_info().obj_lock_enabled()) { ldpp_dout(this, 0) << "ERROR: object legal hold can't be set if bucket object lock not configured" << dendl; op_ret = -ERR_INVALID_REQUEST; @@ -7860,7 +7867,7 @@ void RGWPutObjLegalHold::execute() { return; } - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -7883,7 +7890,7 @@ void RGWPutObjLegalHold::execute() { return; } -int RGWGetObjLegalHold::verify_permission() +int RGWGetObjLegalHold::verify_permission(optional_yield y) { if (!verify_object_permission(this, s, rgw::IAM::s3GetObjectLegalHold)) { return -EACCES; @@ -7896,7 +7903,7 @@ void RGWGetObjLegalHold::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWGetObjLegalHold::execute() +void RGWGetObjLegalHold::execute(optional_yield y) { if (!s->bucket->get_info().obj_lock_enabled()) { ldpp_dout(this, 0) << "ERROR: bucket object lock not configured" << dendl; @@ -7927,13 +7934,13 @@ void RGWGetObjLegalHold::execute() return; } -void RGWGetClusterStat::execute() +void RGWGetClusterStat::execute(optional_yield y) { op_ret = this->store->getRados()->get_rados_handle()->cluster_stat(stats_op); } -int RGWGetBucketPolicyStatus::verify_permission() +int RGWGetBucketPolicyStatus::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketPolicyStatus)) { return -EACCES; @@ -7942,12 +7949,12 @@ int RGWGetBucketPolicyStatus::verify_permission() return 0; } -void RGWGetBucketPolicyStatus::execute() +void RGWGetBucketPolicyStatus::execute(optional_yield y) { isPublic = (s->iam_policy && rgw::IAM::is_public(*s->iam_policy)) || s->bucket_acl->is_public(); } -int RGWPutBucketPublicAccessBlock::verify_permission() +int RGWPutBucketPublicAccessBlock::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3PutBucketPublicAccessBlock)) { return -EACCES; @@ -7956,14 +7963,14 @@ int RGWPutBucketPublicAccessBlock::verify_permission() return 0; } -int RGWPutBucketPublicAccessBlock::get_params() +int RGWPutBucketPublicAccessBlock::get_params(optional_yield y) { const auto max_size = s->cct->_conf->rgw_max_put_param_size; std::tie(op_ret, data) = rgw_rest_read_all_input(s, max_size, false); return op_ret; } -void RGWPutBucketPublicAccessBlock::execute() +void RGWPutBucketPublicAccessBlock::execute(optional_yield y) { RGWXMLDecoder::XMLParser parser; if (!parser.init()) { @@ -7972,7 +7979,7 @@ void RGWPutBucketPublicAccessBlock::execute() return; } - op_ret = get_params(); + op_ret = get_params(y); if (op_ret < 0) return; @@ -8006,7 +8013,7 @@ void RGWPutBucketPublicAccessBlock::execute() } -int RGWGetBucketPublicAccessBlock::verify_permission() +int RGWGetBucketPublicAccessBlock::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketPolicy)) { return -EACCES; @@ -8015,7 +8022,7 @@ int RGWGetBucketPublicAccessBlock::verify_permission() return 0; } -void RGWGetBucketPublicAccessBlock::execute() +void RGWGetBucketPublicAccessBlock::execute(optional_yield y) { auto attrs = s->bucket_attrs; if (auto aiter = attrs.find(RGW_ATTR_PUBLIC_ACCESS); @@ -8046,7 +8053,7 @@ void RGWDeleteBucketPublicAccessBlock::send_response() end_header(s); } -int RGWDeleteBucketPublicAccessBlock::verify_permission() +int RGWDeleteBucketPublicAccessBlock::verify_permission(optional_yield y) { if (!verify_bucket_permission(this, s, rgw::IAM::s3PutBucketPublicAccessBlock)) { return -EACCES; @@ -8055,7 +8062,7 @@ int RGWDeleteBucketPublicAccessBlock::verify_permission() return 0; } -void RGWDeleteBucketPublicAccessBlock::execute() +void RGWDeleteBucketPublicAccessBlock::execute(optional_yield y) { op_ret = retry_raced_bucket_write(s->bucket.get(), [this] { rgw::sal::RGWAttrs attrs(s->bucket_attrs); diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h index deaa012273bc6..aba79892fe0f6 100644 --- a/src/rgw/rgw_op.h +++ b/src/rgw/rgw_op.h @@ -78,15 +78,16 @@ int rgw_op_get_bucket_policy_from_attr(CephContext *cct, rgw::sal::RGWStore *store, RGWBucketInfo& bucket_info, map& bucket_attrs, - RGWAccessControlPolicy *policy); + RGWAccessControlPolicy *policy, + optional_yield y); class RGWHandler { protected: rgw::sal::RGWRadosStore* store{nullptr}; struct req_state *s{nullptr}; - int do_init_permissions(); - int do_read_permissions(RGWOp* op, bool only_bucket); + int do_init_permissions(optional_yield y); + int do_read_permissions(RGWOp* op, bool only_bucket, optional_yield y); public: RGWHandler() {} @@ -96,7 +97,7 @@ public: struct req_state* _s, rgw::io::BasicClient* cio); - virtual int init_permissions(RGWOp*) { + virtual int init_permissions(RGWOp*, optional_yield y) { return 0; } @@ -105,10 +106,10 @@ public: return 0; } - virtual int read_permissions(RGWOp* op) = 0; - virtual int authorize(const DoutPrefixProvider* dpp) = 0; - virtual int postauth_init() = 0; - virtual int error_handler(int err_no, std::string* error_content); + virtual int read_permissions(RGWOp* op, optional_yield y) = 0; + virtual int authorize(const DoutPrefixProvider* dpp, optional_yield y) = 0; + virtual int postauth_init(optional_yield y) = 0; + virtual int error_handler(int err_no, std::string* error_content, optional_yield y); virtual void dump(const string& code, const string& message) const {} virtual bool supports_quota() { @@ -152,7 +153,7 @@ public: int get_ret() const { return op_ret; } - virtual int init_processing() { + virtual int init_processing(optional_yield y) { if (dialect_handler->supports_quota()) { op_ret = init_quota(); if (op_ret < 0) @@ -182,14 +183,14 @@ public: * authentication. The alternative is to duplicate parts of the method- * dispatch logic in RGWHandler::authorize() and pollute it with a lot * of special cases. */ - virtual int verify_requester(const rgw::auth::StrategyRegistry& auth_registry) { + virtual int verify_requester(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y) { /* TODO(rzarzynski): rename RGWHandler::authorize to generic_authenticate. */ - return dialect_handler->authorize(this); + return dialect_handler->authorize(this, y); } - virtual int verify_permission() = 0; + virtual int verify_permission(optional_yield y) = 0; virtual int verify_op_mask(); virtual void pre_exec() {} - virtual void execute() = 0; + virtual void execute(optional_yield y) = 0; virtual void send_response() {} virtual void complete() { send_response(); @@ -199,7 +200,7 @@ public: virtual uint32_t op_mask() { return 0; } - virtual int error_handler(int err_no, string *error_content); + virtual int error_handler(int err_no, string *error_content, optional_yield y); // implements DoutPrefixProvider std::ostream& gen_prefix(std::ostream& out) const override; @@ -336,9 +337,9 @@ public: this->get_data = get_data; } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; int parse_range(); int read_user_manifest_part( rgw::sal::RGWBucket* bucket, @@ -348,13 +349,13 @@ public: const off_t start_ofs, const off_t end_ofs, bool swift_slo); - int handle_user_manifest(const char *prefix); - int handle_slo_manifest(bufferlist& bl); + int handle_user_manifest(const char *prefix, optional_yield y); + int handle_slo_manifest(bufferlist& bl, optional_yield y); int get_data_cb(bufferlist& bl, off_t ofs, off_t len); - virtual int get_params() = 0; - virtual int send_response_data_error() = 0; + virtual int get_params(optional_yield y) = 0; + virtual int send_response_data_error(optional_yield y) = 0; virtual int send_response_data(bufferlist& bl, off_t ofs, off_t len) = 0; const char* name() const override { return "get_obj"; } @@ -388,8 +389,8 @@ class RGWGetObjTags : public RGWOp { bufferlist tags_bl; bool has_tags{false}; public: - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; void pre_exec() override; virtual void send_response_data(bufferlist& bl) = 0; @@ -403,11 +404,11 @@ class RGWPutObjTags : public RGWOp { protected: bufferlist tags_bl; public: - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; virtual void send_response() override = 0; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; const char* name() const override { return "put_obj_tags"; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } RGWOpType get_type() override { return RGW_OP_PUT_OBJ_TAGGING; } @@ -417,8 +418,8 @@ class RGWPutObjTags : public RGWOp { class RGWDeleteObjTags: public RGWOp { public: void pre_exec() override; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; const char* name() const override { return "delete_obj_tags"; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_DELETE; } @@ -430,8 +431,8 @@ protected: bufferlist tags_bl; bool has_tags{false}; public: - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; void pre_exec() override; virtual void send_response_data(bufferlist& bl) = 0; @@ -445,11 +446,11 @@ protected: bufferlist tags_bl; bufferlist in_data; public: - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; virtual void send_response() override = 0; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; const char* name() const override { return "put_bucket_tags"; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } RGWOpType get_type() override { return RGW_OP_PUT_BUCKET_TAGGING; } @@ -458,8 +459,8 @@ public: class RGWDeleteBucketTags : public RGWOp { public: void pre_exec() override; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; const char* name() const override { return "delete_bucket_tags"; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_DELETE; } @@ -470,8 +471,8 @@ struct rgw_sync_policy_group; class RGWGetBucketReplication : public RGWOp { public: - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; void pre_exec() override; virtual void send_response_data() = 0; @@ -485,11 +486,11 @@ protected: bufferlist in_data; std::vector sync_policy_groups; public: - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; virtual void send_response() override = 0; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; const char* name() const override { return "put_bucket_replication"; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } RGWOpType get_type() override { return RGW_OP_PUT_BUCKET_REPLICATION; } @@ -500,8 +501,8 @@ protected: virtual void update_sync_policy(rgw_sync_policy_info *policy) = 0; public: void pre_exec() override; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; const char* name() const override { return "delete_bucket_replication"; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_DELETE; } @@ -553,9 +554,10 @@ public: bool verify_permission(RGWBucketInfo& binfo, map& battrs, - ACLOwner& bucket_owner /* out */); - bool delete_single(const acct_path_t& path); - bool delete_chunk(const std::list& paths); + ACLOwner& bucket_owner /* out */, + optional_yield y); + bool delete_single(const acct_path_t& path, optional_yield y); + bool delete_chunk(const std::list& paths, optional_yield y); }; /* End of Deleter subclass */ @@ -569,9 +571,9 @@ public: : deleter(nullptr) { } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; virtual int get_data(std::list& items, bool * is_truncated) = 0; @@ -627,13 +629,15 @@ protected: bool handle_file_verify_permission(RGWBucketInfo& binfo, const rgw_obj& obj, std::map& battrs, - ACLOwner& bucket_owner /* out */); + ACLOwner& bucket_owner /* out */, + optional_yield y); int handle_file(std::string_view path, size_t size, - AlignedStreamGetter& body); + AlignedStreamGetter& body, + optional_yield y); - int handle_dir_verify_permission(); - int handle_dir(std::string_view path); + int handle_dir_verify_permission(optional_yield y); + int handle_dir(std::string_view path, optional_yield y); public: RGWBulkUploadOp() @@ -644,9 +648,9 @@ public: struct req_state* const s, RGWHandler* const h) override; - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "bulk_upload"; } @@ -752,10 +756,10 @@ public: is_truncated(false) { } - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; virtual void handle_listing_chunk(rgw::sal::RGWBucketList&& buckets) { /* The default implementation, used by e.g. S3, just generates a new * part of listing and sends it client immediately. Swift can behave @@ -793,10 +797,10 @@ public: RGWGetUsage() : sent_data(false), show_log_entries(true), show_log_sum(true){ } - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override {} virtual bool should_get_stats() { return false; } @@ -813,8 +817,8 @@ protected: public: RGWStatAccount() = default; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "stat_account"; } @@ -848,14 +852,14 @@ public: RGWListBucket() : list_versions(false), max(0), default_max(0), is_truncated(false), allow_unordered(false), shard_id(-1) {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void init(rgw::sal::RGWRadosStore *store, struct req_state *s, RGWHandler *h) override { RGWOp::init(store, s, h); } - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "list_bucket"; } RGWOpType get_type() override { return RGW_OP_LIST_BUCKET; } @@ -866,8 +870,8 @@ public: class RGWGetBucketLogging : public RGWOp { public: RGWGetBucketLogging() {} - int verify_permission() override; - void execute() override { } + int verify_permission(optional_yield y) override; + void execute(optional_yield) override { } void send_response() override = 0; const char* name() const override { return "get_bucket_logging"; } @@ -879,8 +883,8 @@ class RGWGetBucketLocation : public RGWOp { public: RGWGetBucketLocation() {} ~RGWGetBucketLocation() override {} - int verify_permission() override; - void execute() override { } + int verify_permission(optional_yield y) override; + void execute(optional_yield) override { } void send_response() override = 0; const char* name() const override { return "get_bucket_location"; } @@ -896,9 +900,9 @@ protected: public: RGWGetBucketVersioning() = default; - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "get_bucket_versioning"; } @@ -922,11 +926,11 @@ protected: public: RGWSetBucketVersioning() : versioning_status(VersioningNotChanged) {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() { return 0; } + virtual int get_params(optional_yield y) { return 0; } void send_response() override = 0; const char* name() const override { return "set_bucket_versioning"; } @@ -938,9 +942,9 @@ class RGWGetBucketWebsite : public RGWOp { public: RGWGetBucketWebsite() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "get_bucket_website"; } @@ -955,11 +959,11 @@ protected: public: RGWSetBucketWebsite() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() { return 0; } + virtual int get_params(optional_yield y) { return 0; } void send_response() override = 0; const char* name() const override { return "set_bucket_website"; } @@ -971,9 +975,9 @@ class RGWDeleteBucketWebsite : public RGWOp { public: RGWDeleteBucketWebsite() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "delete_bucket_website"; } @@ -986,9 +990,9 @@ protected: std::unique_ptr bucket; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "stat_bucket"; } @@ -1022,16 +1026,16 @@ public: attrs.emplace(std::move(key), std::move(bl)); /* key and bl are r-value refs */ } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void init(rgw::sal::RGWRadosStore *store, struct req_state *s, RGWHandler *h) override { RGWOp::init(store, s, h); policy.set_ctx(s->cct); relaxed_region_enforcement = s->cct->_conf.get_val("rgw_relaxed_region_enforcement"); } - virtual int get_params() { return 0; } + virtual int get_params(optional_yield y) { return 0; } void send_response() override = 0; const char* name() const override { return "create_bucket"; } RGWOpType get_type() override { return RGW_OP_CREATE_BUCKET; } @@ -1045,9 +1049,9 @@ protected: public: RGWDeleteBucket() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "delete_bucket"; } @@ -1183,15 +1187,15 @@ public: policy.set_ctx(s->cct); } - virtual int init_processing() override; + virtual int init_processing(optional_yield y) override; void emplace_attr(std::string&& key, buffer::list&& bl) { attrs.emplace(std::move(key), std::move(bl)); /* key and bl are r-value refs */ } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; /* this is for cases when copying data from other object */ virtual int get_decrypt_filter(std::unique_ptr* filter, @@ -1209,7 +1213,7 @@ public: int get_data_cb(bufferlist& bl, off_t bl_ofs, off_t bl_len); int get_data(const off_t fst, const off_t lst, bufferlist& bl); - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; virtual int get_data(bufferlist& bl) = 0; void send_response() override = 0; const char* name() const override { return "put_obj"; } @@ -1255,15 +1259,15 @@ public: policy.set_ctx(s->cct); } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; virtual int get_encrypt_filter(std::unique_ptr *filter, rgw::putobj::DataProcessor *cb) { return 0; } - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; virtual int get_data(ceph::bufferlist& bl, bool& again) = 0; void send_response() override = 0; const char* name() const override { return "post_obj"; } @@ -1295,12 +1299,12 @@ public: RGWOp::init(store, s, h); policy.set_ctx(s->cct); } - int init_processing() override; - int verify_permission() override; + int init_processing(optional_yield y) override; + int verify_permission(optional_yield y) override; void pre_exec() override { } - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; virtual void filter_out_temp_url(map& add_attrs, const set& rmattr_names, @@ -1335,11 +1339,11 @@ public: policy.set_ctx(s->cct); } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "put_bucket_metadata"; } RGWOpType get_type() override { return RGW_OP_PUT_METADATA_BUCKET; } @@ -1361,11 +1365,11 @@ public: RGWOp::init(store, s, h); policy.set_ctx(s->cct); } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "put_obj_metadata"; } RGWOpType get_type() override { return RGW_OP_PUT_METADATA_OBJECT; } @@ -1394,12 +1398,12 @@ public: bypass_governance_mode(false) { } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; - int handle_slo_manifest(bufferlist& bl); + void execute(optional_yield y) override; + int handle_slo_manifest(bufferlist& bl, optional_yield y); - virtual int get_params() { return 0; } + virtual int get_params(optional_yield y) { return 0; } void send_response() override = 0; const char* name() const override { return "delete_obj"; } RGWOpType get_type() override { return RGW_OP_DELETE_OBJ; } @@ -1481,9 +1485,9 @@ public: RGWOp::init(store, s, h); dest_policy.set_ctx(s->cct); } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void progress_cb(off_t ofs); virtual int check_storage_class(const rgw_placement_rule& src_placement) { @@ -1491,7 +1495,7 @@ public: } virtual int init_dest_policy() { return 0; } - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; virtual void send_partial_response(off_t ofs) {} void send_response() override = 0; const char* name() const override { return "copy_obj"; } @@ -1507,9 +1511,9 @@ protected: public: RGWGetACLs() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "get_acls"; } @@ -1526,12 +1530,12 @@ public: RGWPutACLs() {} ~RGWPutACLs() override {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; virtual int get_policy_from_state(rgw::sal::RGWRadosStore *store, struct req_state *s, stringstream& ss) { return 0; } - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "put_acls"; } RGWOpType get_type() override { return RGW_OP_PUT_ACLS; } @@ -1545,9 +1549,9 @@ public: RGWGetLC() { } ~RGWGetLC() override { } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override = 0; + void execute(optional_yield) override = 0; void send_response() override = 0; const char* name() const override { return "get_lifecycle"; } @@ -1576,12 +1580,12 @@ public: cookie = buf; } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; // virtual int get_policy_from_state(RGWRados *store, struct req_state *s, stringstream& ss) { return 0; } - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "put_lifecycle"; } RGWOpType get_type() override { return RGW_OP_PUT_LC; } @@ -1591,9 +1595,9 @@ public: class RGWDeleteLC : public RGWOp { public: RGWDeleteLC() = default; - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "delete_lifecycle"; } @@ -1607,8 +1611,8 @@ protected: public: RGWGetCORS() {} - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "get_cors"; } @@ -1625,10 +1629,10 @@ public: RGWPutCORS() {} ~RGWPutCORS() override {} - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "put_cors"; } RGWOpType get_type() override { return RGW_OP_PUT_CORS; } @@ -1641,8 +1645,8 @@ protected: public: RGWDeleteCORS() {} - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "delete_cors"; } @@ -1660,9 +1664,9 @@ public: req_hdrs(NULL), req_meth(NULL) { } - int verify_permission() override {return 0;} + int verify_permission(optional_yield y) override {return 0;} int validate_cors_request(RGWCORSConfiguration *cc); - void execute() override; + void execute(optional_yield y) override; void get_response_params(string& allowed_hdrs, string& exp_hdrs, unsigned *max_age); void send_response() override = 0; const char* name() const override { return "options_cors"; } @@ -1677,9 +1681,9 @@ protected: public: RGWGetRequestPayment() : requester_pays(0) {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "get_request_payment"; } @@ -1694,11 +1698,11 @@ protected: public: RGWSetRequestPayment() : requester_pays(false) {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() { return 0; } + virtual int get_params(optional_yield y) { return 0; } void send_response() override = 0; const char* name() const override { return "set_request_payment"; } @@ -1719,11 +1723,11 @@ public: RGWOp::init(store, s, h); policy.set_ctx(s->cct); } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "init_multipart"; } RGWOpType get_type() override { return RGW_OP_INIT_MULTIPART; } @@ -1748,7 +1752,7 @@ protected: MPSerializer() : lock("RGWCompleteMultipart"), locked(false) {} - int try_lock(const std::string& oid, utime_t dur); + int try_lock(const std::string& oid, utime_t dur, optional_yield y); int unlock() { return lock.unlock(&ioctx, oid); @@ -1763,12 +1767,12 @@ public: RGWCompleteMultipart() {} ~RGWCompleteMultipart() override {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void complete() override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "complete_multipart"; } RGWOpType get_type() override { return RGW_OP_COMPLETE_MULTIPART; } @@ -1779,9 +1783,9 @@ class RGWAbortMultipart : public RGWOp { public: RGWAbortMultipart() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; void send_response() override = 0; const char* name() const override { return "abort_multipart"; } @@ -1809,11 +1813,11 @@ public: RGWOp::init(store, s, h); policy = RGWAccessControlPolicy(s->cct); } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "list_multipart"; } RGWOpType get_type() override { return RGW_OP_LIST_MULTIPART; } @@ -1857,11 +1861,11 @@ public: max_uploads = default_max; } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "list_bucket_multiparts"; } RGWOpType get_type() override { return RGW_OP_LIST_BUCKET_MULTIPARTS; } @@ -1874,11 +1878,11 @@ public: RGWGetCrossDomainPolicy() = default; ~RGWGetCrossDomainPolicy() override = default; - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } - void execute() override { + void execute(optional_yield) override { op_ret = 0; } @@ -1899,11 +1903,11 @@ public: RGWGetHealthCheck() = default; ~RGWGetHealthCheck() override = default; - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_health_check"; } @@ -1930,11 +1934,11 @@ public: quiet = false; status_dumped = false; } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; virtual void send_status() = 0; virtual void begin_response() = 0; virtual void send_partial_response(rgw_obj_key& key, bool delete_marker, @@ -1950,15 +1954,15 @@ public: RGWInfo() = default; ~RGWInfo() override = default; - int verify_permission() override { return 0; } + int verify_permission(optional_yield) override { return 0; } const char* name() const override { return "get info"; } RGWOpType get_type() override { return RGW_OP_GET_INFO; } uint32_t op_mask() override { return RGW_OP_TYPE_READ; } }; -extern int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* s); +extern int rgw_build_bucket_policies(rgw::sal::RGWRadosStore* store, struct req_state* s, optional_yield y); extern int rgw_build_object_policies(rgw::sal::RGWRadosStore *store, struct req_state *s, - bool prefetch_data); + bool prefetch_data, optional_yield y); extern void rgw_build_iam_environment(rgw::sal::RGWRadosStore* store, struct req_state* s); extern vector get_iam_user_policy_from_attr(CephContext* cct, @@ -1966,9 +1970,9 @@ extern vector get_iam_user_policy_from_attr(CephContext* cct, map& attrs, const string& tenant); -static inline int get_system_versioning_params(req_state *s, - uint64_t *olh_epoch, - string *version_id) +inline int get_system_versioning_params(req_state *s, + uint64_t *olh_epoch, + string *version_id) { if (!s->system_request) { return 0; @@ -2024,10 +2028,10 @@ static inline void format_xattr(std::string &xattr) * On failure returns a negative error code. * */ -static inline int rgw_get_request_metadata(CephContext* const cct, - struct req_info& info, - std::map& attrs, - const bool allow_empty_attrs = true) +inline int rgw_get_request_metadata(CephContext* const cct, + struct req_info& info, + std::map& attrs, + const bool allow_empty_attrs = true) { static const std::set blocklisted_headers = { "x-amz-server-side-encryption-customer-algorithm", @@ -2087,8 +2091,8 @@ static inline int rgw_get_request_metadata(CephContext* const cct, return 0; } /* rgw_get_request_metadata */ -static inline void encode_delete_at_attr(boost::optional delete_at, - map& attrs) +inline void encode_delete_at_attr(boost::optional delete_at, + map& attrs) { if (delete_at == boost::none) { return; @@ -2099,7 +2103,7 @@ static inline void encode_delete_at_attr(boost::optional delete attrs[RGW_ATTR_DELETE_AT] = delatbl; } /* encode_delete_at_attr */ -static inline void encode_obj_tags_attr(RGWObjTags* obj_tags, map& attrs) +inline void encode_obj_tags_attr(RGWObjTags* obj_tags, map& attrs) { if (obj_tags == nullptr){ // we assume the user submitted a tag format which we couldn't parse since @@ -2113,8 +2117,8 @@ static inline void encode_obj_tags_attr(RGWObjTags* obj_tags, map& attrs) +inline int encode_dlo_manifest_attr(const char * const dlo_manifest, + map& attrs) { string dm = dlo_manifest; @@ -2129,7 +2133,7 @@ static inline int encode_dlo_manifest_attr(const char * const dlo_manifest, return 0; } /* encode_dlo_manifest_attr */ -static inline void complete_etag(MD5& hash, string *etag) +inline void complete_etag(MD5& hash, string *etag) { char etag_buf[CEPH_CRYPTO_MD5_DIGESTSIZE]; char etag_buf_str[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 16]; @@ -2153,11 +2157,11 @@ public: attrs.emplace(std::move(key), std::move(bl)); } - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; void send_response() override = 0; const char* name() const override { return "set_attrs"; } RGWOpType get_type() override { return RGW_OP_SET_ATTRS; } @@ -2176,11 +2180,11 @@ public: int check_caps(RGWUserCaps& caps) { return caps.check_cap("admin", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield) override { return check_caps(s->user->get_info().caps); } void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_obj_layout"; } virtual RGWOpType get_type() override { return RGW_OP_GET_OBJ_LAYOUT; } @@ -2194,12 +2198,12 @@ public: ~RGWPutBucketPolicy() { } void send_response() override; - int verify_permission() override; + int verify_permission(optional_yield y) override; uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } - void execute() override; - int get_params(); + void execute(optional_yield y) override; + int get_params(optional_yield y); const char* name() const override { return "put_bucket_policy"; } RGWOpType get_type() override { return RGW_OP_PUT_BUCKET_POLICY; @@ -2211,11 +2215,11 @@ class RGWGetBucketPolicy : public RGWOp { public: RGWGetBucketPolicy() = default; void send_response() override; - int verify_permission() override; + int verify_permission(optional_yield y) override; uint32_t op_mask() override { return RGW_OP_TYPE_READ; } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_bucket_policy"; } RGWOpType get_type() override { return RGW_OP_GET_BUCKET_POLICY; @@ -2226,12 +2230,12 @@ class RGWDeleteBucketPolicy : public RGWOp { public: RGWDeleteBucketPolicy() = default; void send_response() override; - int verify_permission() override; + int verify_permission(optional_yield y) override; uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } - void execute() override; - int get_params(); + void execute(optional_yield y) override; + int get_params(optional_yield y); const char* name() const override { return "delete_bucket_policy"; } RGWOpType get_type() override { return RGW_OP_DELETE_BUCKET_POLICY; @@ -2246,11 +2250,11 @@ protected: public: RGWPutBucketObjectLock() = default; ~RGWPutBucketObjectLock() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; - virtual void send_response() = 0; - virtual int get_params() = 0; + void execute(optional_yield y) override; + virtual void send_response() override = 0; + virtual int get_params(optional_yield y) = 0; const char* name() const override { return "put_bucket_object_lock"; } RGWOpType get_type() override { return RGW_OP_PUT_BUCKET_OBJ_LOCK; } uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } @@ -2258,10 +2262,10 @@ public: class RGWGetBucketObjectLock : public RGWOp { public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; - virtual void send_response() = 0; + void execute(optional_yield y) override; + virtual void send_response() override = 0; const char* name() const override {return "get_bucket_object_lock"; } RGWOpType get_type() override { return RGW_OP_GET_BUCKET_OBJ_LOCK; } uint32_t op_mask() override { return RGW_OP_TYPE_READ; } @@ -2275,11 +2279,11 @@ protected: bool bypass_governance_mode; public: RGWPutObjRetention():bypass_perm(true), bypass_governance_mode(false) {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; virtual void send_response() override = 0; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; const char* name() const override { return "put_obj_retention"; } uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } RGWOpType get_type() override { return RGW_OP_PUT_OBJ_RETENTION; } @@ -2289,10 +2293,10 @@ class RGWGetObjRetention : public RGWOp { protected: RGWObjectRetention obj_retention; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; - virtual void send_response() = 0; + void execute(optional_yield y) override; + virtual void send_response() override = 0; const char* name() const override {return "get_obj_retention"; } RGWOpType get_type() override { return RGW_OP_GET_OBJ_RETENTION; } uint32_t op_mask() override { return RGW_OP_TYPE_READ; } @@ -2303,11 +2307,11 @@ protected: bufferlist data; RGWObjectLegalHold obj_legal_hold; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; virtual void send_response() override = 0; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; const char* name() const override { return "put_obj_legal_hold"; } uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } RGWOpType get_type() override { return RGW_OP_PUT_OBJ_LEGAL_HOLD; } @@ -2317,10 +2321,10 @@ class RGWGetObjLegalHold : public RGWOp { protected: RGWObjectLegalHold obj_legal_hold; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; - virtual void send_response() = 0; + void execute(optional_yield y) override; + virtual void send_response() override = 0; const char* name() const override {return "get_obj_legal_hold"; } RGWOpType get_type() override { return RGW_OP_GET_OBJ_LEGAL_HOLD; } uint32_t op_mask() override { return RGW_OP_TYPE_READ; } @@ -2333,11 +2337,11 @@ protected: public: RGWConfigBucketMetaSearch() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; - virtual int get_params() = 0; + virtual int get_params(optional_yield y) = 0; const char* name() const override { return "config_bucket_meta_search"; } virtual RGWOpType get_type() override { return RGW_OP_CONFIG_BUCKET_META_SEARCH; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } @@ -2347,9 +2351,9 @@ class RGWGetBucketMetaSearch : public RGWOp { public: RGWGetBucketMetaSearch() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override {} + void execute(optional_yield) override {} const char* name() const override { return "get_bucket_meta_search"; } virtual RGWOpType get_type() override { return RGW_OP_GET_BUCKET_META_SEARCH; } @@ -2360,9 +2364,9 @@ class RGWDelBucketMetaSearch : public RGWOp { public: RGWDelBucketMetaSearch() {} - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "delete_bucket_meta_search"; } virtual RGWOpType delete_type() { return RGW_OP_DEL_BUCKET_META_SEARCH; } @@ -2378,10 +2382,10 @@ public: void init(rgw::sal::RGWRadosStore *store, struct req_state *s, RGWHandler *h) override { RGWOp::init(store, s, h); } - int verify_permission() override {return 0;} + int verify_permission(optional_yield) override {return 0;} virtual void send_response() override = 0; - virtual int get_params() = 0; - void execute() override; + virtual int get_params(optional_yield y) = 0; + void execute(optional_yield y) override; const char* name() const override { return "get_cluster_stat"; } dmc::client_id dmclock_client() override { return dmc::client_id::admin; } }; @@ -2390,11 +2394,11 @@ class RGWGetBucketPolicyStatus : public RGWOp { protected: bool isPublic {false}; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; const char* name() const override { return "get_bucket_policy_status"; } virtual RGWOpType get_type() override { return RGW_OP_GET_BUCKET_POLICY_STATUS; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_READ; } - void execute() override; + void execute(optional_yield y) override; dmc::client_id dmclock_client() override { return dmc::client_id::metadata; } }; @@ -2403,12 +2407,12 @@ protected: bufferlist data; PublicAccessBlockConfiguration access_conf; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; const char* name() const override { return "put_bucket_public_access_block";} virtual RGWOpType get_type() override { return RGW_OP_PUT_BUCKET_PUBLIC_ACCESS_BLOCK; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } - int get_params(); - void execute() override; + int get_params(optional_yield y); + void execute(optional_yield y) override; dmc::client_id dmclock_client() override { return dmc::client_id::metadata; } }; @@ -2416,12 +2420,12 @@ class RGWGetBucketPublicAccessBlock : public RGWOp { protected: PublicAccessBlockConfiguration access_conf; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; const char* name() const override { return "get_bucket_public_access_block";} virtual RGWOpType get_type() override { return RGW_OP_GET_BUCKET_PUBLIC_ACCESS_BLOCK; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_READ; } - int get_params(); - void execute() override; + int get_params(optional_yield y); + void execute(optional_yield y) override; dmc::client_id dmclock_client() override { return dmc::client_id::metadata; } }; @@ -2429,17 +2433,17 @@ class RGWDeleteBucketPublicAccessBlock : public RGWOp { protected: PublicAccessBlockConfiguration access_conf; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; const char* name() const override { return "delete_bucket_public_access_block";} virtual RGWOpType get_type() override { return RGW_OP_DELETE_BUCKET_PUBLIC_ACCESS_BLOCK; } virtual uint32_t op_mask() override { return RGW_OP_TYPE_WRITE; } - int get_params(); - void execute() override; + int get_params(optional_yield y); + void execute(optional_yield y) override; void send_response() override; dmc::client_id dmclock_client() override { return dmc::client_id::metadata; } }; -static inline int parse_value_and_bound( +inline int parse_value_and_bound( const string &input, int &output, const long lower_bound, diff --git a/src/rgw/rgw_process.cc b/src/rgw/rgw_process.cc index 61649104921e2..d78053222f277 100644 --- a/src/rgw/rgw_process.cc +++ b/src/rgw/rgw_process.cc @@ -91,10 +91,11 @@ int rgw_process_authenticated(RGWHandler_REST * const handler, RGWOp *& op, RGWRequest * const req, req_state * const s, + optional_yield y, const bool skip_retarget) { ldpp_dout(op, 2) << "init permissions" << dendl; - int ret = handler->init_permissions(op); + int ret = handler->init_permissions(op, y); if (ret < 0) { return ret; } @@ -116,13 +117,13 @@ int rgw_process_authenticated(RGWHandler_REST * const handler, /* If necessary extract object ACL and put them into req_state. */ ldpp_dout(op, 2) << "reading permissions" << dendl; - ret = handler->read_permissions(op); + ret = handler->read_permissions(op, y); if (ret < 0) { return ret; } ldpp_dout(op, 2) << "init op" << dendl; - ret = op->init_processing(); + ret = op->init_processing(y); if (ret < 0) { return ret; } @@ -142,7 +143,7 @@ int rgw_process_authenticated(RGWHandler_REST * const handler, } ldpp_dout(op, 2) << "verifying op permissions" << dendl; - ret = op->verify_permission(); + ret = op->verify_permission(y); if (ret < 0) { if (s->system_request) { dout(2) << "overriding permissions due to system operation" << dendl; @@ -163,7 +164,7 @@ int rgw_process_authenticated(RGWHandler_REST * const handler, op->pre_exec(); ldpp_dout(op, 2) << "executing" << dendl; - op->execute(); + op->execute(y); ldpp_dout(op, 2) << "completing" << dendl; op->complete(); @@ -204,7 +205,7 @@ int process_request(rgw::sal::RGWRadosStore* const store, if (ret < 0) { s->cio = client_io; - abort_early(s, nullptr, ret, nullptr); + abort_early(s, nullptr, ret, nullptr, yield); return ret; } @@ -225,7 +226,7 @@ int process_request(rgw::sal::RGWRadosStore* const store, client_io, &mgr, &init_error); rgw::dmclock::SchedulerCompleter c; if (init_error != 0) { - abort_early(s, nullptr, init_error, nullptr); + abort_early(s, nullptr, init_error, nullptr, yield); goto done; } dout(10) << "handler=" << typeid(*handler).name() << dendl; @@ -235,7 +236,7 @@ int process_request(rgw::sal::RGWRadosStore* const store, ldpp_dout(s, 2) << "getting op " << s->op << dendl; op = handler->get_op(); if (!op) { - abort_early(s, NULL, -ERR_METHOD_NOT_ALLOWED, handler); + abort_early(s, NULL, -ERR_METHOD_NOT_ALLOWED, handler, yield); goto done; } { @@ -258,7 +259,7 @@ int process_request(rgw::sal::RGWRadosStore* const store, ret = -ERR_RATE_LIMITED; } ldpp_dout(op,0) << "Scheduling request failed with " << ret << dendl; - abort_early(s, op, ret, handler); + abort_early(s, op, ret, handler, yield); goto done; } req->op = op; @@ -268,10 +269,10 @@ int process_request(rgw::sal::RGWRadosStore* const store, try { ldpp_dout(op, 2) << "verifying requester" << dendl; - ret = op->verify_requester(auth_registry); + ret = op->verify_requester(auth_registry, yield); if (ret < 0) { dout(10) << "failed to authorize request" << dendl; - abort_early(s, op, ret, handler); + abort_early(s, op, ret, handler, yield); goto done; } @@ -282,27 +283,27 @@ int process_request(rgw::sal::RGWRadosStore* const store, } ldpp_dout(op, 2) << "normalizing buckets and tenants" << dendl; - ret = handler->postauth_init(); + ret = handler->postauth_init(yield); if (ret < 0) { dout(10) << "failed to run post-auth init" << dendl; - abort_early(s, op, ret, handler); + abort_early(s, op, ret, handler, yield); goto done; } if (s->user->get_info().suspended) { dout(10) << "user is suspended, uid=" << s->user->get_id() << dendl; - abort_early(s, op, -ERR_USER_SUSPENDED, handler); + abort_early(s, op, -ERR_USER_SUSPENDED, handler, yield); goto done; } - ret = rgw_process_authenticated(handler, op, req, s); + ret = rgw_process_authenticated(handler, op, req, s, yield); if (ret < 0) { - abort_early(s, op, ret, handler); + abort_early(s, op, ret, handler, yield); goto done; } } catch (const ceph::crypto::DigestException& e) { dout(0) << "authentication failed" << e.what() << dendl; - abort_early(s, op, -ERR_INVALID_SECRET_KEY, handler); + abort_early(s, op, -ERR_INVALID_SECRET_KEY, handler, yield); } done: diff --git a/src/rgw/rgw_process.h b/src/rgw/rgw_process.h index 6d67c33967f1f..9d2e46db42f6e 100644 --- a/src/rgw/rgw_process.h +++ b/src/rgw/rgw_process.h @@ -191,6 +191,7 @@ extern int rgw_process_authenticated(RGWHandler_REST* handler, RGWOp*& op, RGWRequest* req, req_state* s, + optional_yield y, bool skip_retarget = false); #if defined(def_dout_subsys) diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc index 76b56daf453e1..cd7e730d89554 100644 --- a/src/rgw/rgw_rest.cc +++ b/src/rgw/rgw_rest.cc @@ -649,7 +649,7 @@ static void build_redirect_url(req_state *s, const string& redirect_base, string } void abort_early(struct req_state *s, RGWOp* op, int err_no, - RGWHandler* handler) + RGWHandler* handler, optional_yield y) { string error_content(""); if (!s->formatter) { @@ -660,13 +660,13 @@ void abort_early(struct req_state *s, RGWOp* op, int err_no, // op->error_handler is responsible for calling it's handler error_handler if (op != NULL) { int new_err_no; - new_err_no = op->error_handler(err_no, &error_content); + new_err_no = op->error_handler(err_no, &error_content, y); ldout(s->cct, 1) << "op->ERRORHANDLER: err_no=" << err_no << " new_err_no=" << new_err_no << dendl; err_no = new_err_no; } else if (handler != NULL) { int new_err_no; - new_err_no = handler->error_handler(err_no, &error_content); + new_err_no = handler->error_handler(err_no, &error_content, y); ldout(s->cct, 1) << "handler->ERRORHANDLER: err_no=" << err_no << " new_err_no=" << new_err_no << dendl; err_no = new_err_no; @@ -785,7 +785,7 @@ int recv_body(struct req_state* const s, } } -int RGWGetObj_ObjStore::get_params() +int RGWGetObj_ObjStore::get_params(optional_yield y) { range_str = s->info.env->get("HTTP_RANGE"); if_mod = s->info.env->get("HTTP_IF_MODIFIED_SINCE"); @@ -1011,7 +1011,7 @@ int RGWPutObj_ObjStore::verify_params() return 0; } -int RGWPutObj_ObjStore::get_params() +int RGWPutObj_ObjStore::get_params(optional_yield y) { /* start gettorrent */ if (s->cct->_conf->rgw_torrent_flag) @@ -1389,7 +1389,7 @@ int RGWPostObj_ObjStore::verify_params() return 0; } -int RGWPostObj_ObjStore::get_params() +int RGWPostObj_ObjStore::get_params(optional_yield y) { if (s->expect_cont) { /* OK, here it really gets ugly. With POST, the params are embedded in the @@ -1434,7 +1434,7 @@ int RGWPostObj_ObjStore::get_params() } -int RGWPutACLs_ObjStore::get_params() +int RGWPutACLs_ObjStore::get_params(optional_yield y) { const auto max_size = s->cct->_conf->rgw_max_put_param_size; std::tie(op_ret, data) = rgw_rest_read_all_input(s, max_size, false); @@ -1442,21 +1442,21 @@ int RGWPutACLs_ObjStore::get_params() return op_ret; } -int RGWPutLC_ObjStore::get_params() +int RGWPutLC_ObjStore::get_params(optional_yield y) { const auto max_size = s->cct->_conf->rgw_max_put_param_size; std::tie(op_ret, data) = rgw_rest_read_all_input(s, max_size, false); return op_ret; } -int RGWPutBucketObjectLock_ObjStore::get_params() +int RGWPutBucketObjectLock_ObjStore::get_params(optional_yield y) { const auto max_size = s->cct->_conf->rgw_max_put_param_size; std::tie(op_ret, data) = rgw_rest_read_all_input(s, max_size, false); return op_ret; } -int RGWPutObjLegalHold_ObjStore::get_params() +int RGWPutObjLegalHold_ObjStore::get_params(optional_yield y) { const auto max_size = s->cct->_conf->rgw_max_put_param_size; std::tie(op_ret, data) = rgw_rest_read_all_input(s, max_size, false); @@ -1544,7 +1544,7 @@ std::tuple rgw_rest_read_all_input(struct req_state *s, return std::make_tuple(0, std::move(bl)); } -int RGWCompleteMultipart_ObjStore::get_params() +int RGWCompleteMultipart_ObjStore::get_params(optional_yield y) { upload_id = s->info.args.get("uploadId"); @@ -1561,7 +1561,7 @@ int RGWCompleteMultipart_ObjStore::get_params() return 0; } -int RGWListMultipart_ObjStore::get_params() +int RGWListMultipart_ObjStore::get_params(optional_yield y) { upload_id = s->info.args.get("uploadId"); @@ -1588,7 +1588,7 @@ int RGWListMultipart_ObjStore::get_params() return op_ret; } -int RGWListBucketMultiparts_ObjStore::get_params() +int RGWListBucketMultiparts_ObjStore::get_params(optional_yield y) { delimiter = s->info.args.get("delimiter"); prefix = s->info.args.get("prefix"); @@ -1618,7 +1618,7 @@ int RGWListBucketMultiparts_ObjStore::get_params() return 0; } -int RGWDeleteMultiObj_ObjStore::get_params() +int RGWDeleteMultiObj_ObjStore::get_params(optional_yield y) { if (s->bucket_name.empty()) { @@ -1645,7 +1645,7 @@ void RGWRESTOp::send_response() flusher.flush(); } -int RGWRESTOp::verify_permission() +int RGWRESTOp::verify_permission(optional_yield) { return check_caps(s->user->get_info().caps); } @@ -1843,14 +1843,14 @@ static http_op op_from_method(const char *method) return OP_UNKNOWN; } -int RGWHandler_REST::init_permissions(RGWOp* op) +int RGWHandler_REST::init_permissions(RGWOp* op, optional_yield y) { if (op->get_type() == RGW_OP_CREATE_BUCKET) { // We don't need user policies in case of STS token returned by AssumeRole, hence the check for user type if (! s->user->get_id().empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) { try { map uattrs; - if (auto ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &uattrs, null_yield); ! ret) { + if (auto ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &uattrs, y); ! ret) { auto user_policies = get_iam_user_policy_from_attr(s->cct, store, uattrs, s->user->get_tenant()); s->iam_user_policies.insert(s->iam_user_policies.end(), std::make_move_iterator(user_policies.begin()), @@ -1865,10 +1865,10 @@ int RGWHandler_REST::init_permissions(RGWOp* op) return 0; } - return do_init_permissions(); + return do_init_permissions(y); } -int RGWHandler_REST::read_permissions(RGWOp* op_obj) +int RGWHandler_REST::read_permissions(RGWOp* op_obj, optional_yield y) { bool only_bucket = false; @@ -1907,7 +1907,7 @@ int RGWHandler_REST::read_permissions(RGWOp* op_obj) return -EINVAL; } - return do_read_permissions(op_obj, only_bucket); + return do_read_permissions(op_obj, only_bucket, y); } void RGWRESTMgr::register_resource(string resource, RGWRESTMgr *mgr) diff --git a/src/rgw/rgw_rest.h b/src/rgw/rgw_rest.h index 383cd35a2185c..0d6b67bbb41ea 100644 --- a/src/rgw/rgw_rest.h +++ b/src/rgw/rgw_rest.h @@ -28,7 +28,7 @@ std::tuple rgw_rest_read_all_input(struct req_state *s, const uint64_t max_len, const bool allow_chunked=true); -static inline std::string_view rgw_sanitized_hdrval(ceph::buffer::list& raw) +inline std::string_view rgw_sanitized_hdrval(ceph::buffer::list& raw) { /* std::string and thus std::string_view ARE OBLIGED to carry multiple * 0x00 and count them to the length of a string. We need to take that @@ -167,7 +167,7 @@ public: sent_header = false; } - int get_params() override; + int get_params(optional_yield y) override; }; class RGWGetObjTags_ObjStore : public RGWGetObjTags { @@ -261,7 +261,7 @@ public: ~RGWPutObj_ObjStore() override {} int verify_params() override; - int get_params() override; + int get_params(optional_yield y) override; int get_data(bufferlist& bl) override; }; @@ -306,7 +306,7 @@ protected: int read_form_part_header(struct post_form_part *part, bool& done); - int get_params() override; + int get_params(optional_yield y) override; static int parse_part_field(const std::string& line, std::string& field_name, /* out */ @@ -392,7 +392,7 @@ public: RGWPutACLs_ObjStore() {} ~RGWPutACLs_ObjStore() override {} - int get_params() override; + int get_params(optional_yield y) override; }; class RGWGetLC_ObjStore : public RGWGetLC { @@ -406,7 +406,7 @@ public: RGWPutLC_ObjStore() {} ~RGWPutLC_ObjStore() override {} - int get_params() override; + int get_params(optional_yield y) override; }; class RGWDeleteLC_ObjStore : public RGWDeleteLC { @@ -451,7 +451,7 @@ public: RGWCompleteMultipart_ObjStore() {} ~RGWCompleteMultipart_ObjStore() override {} - int get_params() override; + int get_params(optional_yield y) override; }; class RGWAbortMultipart_ObjStore : public RGWAbortMultipart { @@ -465,7 +465,7 @@ public: RGWListMultipart_ObjStore() {} ~RGWListMultipart_ObjStore() override {} - int get_params() override; + int get_params(optional_yield y) override; }; class RGWListBucketMultiparts_ObjStore : public RGWListBucketMultiparts { @@ -473,7 +473,7 @@ public: RGWListBucketMultiparts_ObjStore() {} ~RGWListBucketMultiparts_ObjStore() override {} - int get_params() override; + int get_params(optional_yield y) override; }; class RGWBulkDelete_ObjStore : public RGWBulkDelete { @@ -493,7 +493,7 @@ public: RGWDeleteMultiObj_ObjStore() {} ~RGWDeleteMultiObj_ObjStore() override {} - int get_params() override; + int get_params(optional_yield y) override; }; class RGWInfo_ObjStore : public RGWInfo { @@ -506,7 +506,7 @@ class RGWPutBucketObjectLock_ObjStore : public RGWPutBucketObjectLock { public: RGWPutBucketObjectLock_ObjStore() = default; ~RGWPutBucketObjectLock_ObjStore() = default; - int get_params() override; + int get_params(optional_yield y) override; }; class RGWGetBucketObjectLock_ObjStore : public RGWGetBucketObjectLock { @@ -531,7 +531,7 @@ class RGWPutObjLegalHold_ObjStore : public RGWPutObjLegalHold { public: RGWPutObjLegalHold_ObjStore() = default; ~RGWPutObjLegalHold_ObjStore() override = default; - int get_params() override; + int get_params(optional_yield y) override; }; class RGWGetObjLegalHold_ObjStore : public RGWGetObjLegalHold { @@ -552,7 +552,7 @@ public: void send_response() override; virtual int check_caps(const RGWUserCaps& caps) { return -EPERM; } /* should to be implemented! */ - int verify_permission() override; + int verify_permission(optional_yield y) override; dmc::client_id dmclock_client() override { return dmc::client_id::admin; } }; @@ -582,8 +582,8 @@ public: static int validate_object_name(const string& object); static int reallocate_formatter(struct req_state *s, int type); - int init_permissions(RGWOp* op) override; - int read_permissions(RGWOp* op) override; + int init_permissions(RGWOp* op, optional_yield y) override; + int read_permissions(RGWOp* op, optional_yield y) override; virtual RGWOp* get_op(void); virtual void put_op(RGWOp* op); @@ -741,10 +741,10 @@ extern void dump_header(struct req_state* s, const utime_t& val); template -static inline void dump_header_prefixed(struct req_state* s, - const std::string_view& name_prefix, - const std::string_view& name, - Args&&... args) { +inline void dump_header_prefixed(struct req_state* s, + const std::string_view& name_prefix, + const std::string_view& name, + Args&&... args) { char full_name_buf[name_prefix.size() + name.size() + 1]; const auto len = snprintf(full_name_buf, sizeof(full_name_buf), "%.*s%.*s", static_cast(name_prefix.length()), @@ -756,11 +756,11 @@ static inline void dump_header_prefixed(struct req_state* s, } template -static inline void dump_header_infixed(struct req_state* s, - const std::string_view& prefix, - const std::string_view& infix, - const std::string_view& sufix, - Args&&... args) { +inline void dump_header_infixed(struct req_state* s, + const std::string_view& prefix, + const std::string_view& infix, + const std::string_view& sufix, + Args&&... args) { char full_name_buf[prefix.size() + infix.size() + sufix.size() + 1]; const auto len = snprintf(full_name_buf, sizeof(full_name_buf), "%.*s%.*s%.*s", static_cast(prefix.length()), @@ -774,9 +774,9 @@ static inline void dump_header_infixed(struct req_state* s, } template -static inline void dump_header_quoted(struct req_state* s, - const std::string_view& name, - const std::string_view& val) { +inline void dump_header_quoted(struct req_state* s, + const std::string_view& name, + const std::string_view& val) { /* We need two extra bytes for quotes. */ char qvalbuf[val.size() + 2 + 1]; const auto len = snprintf(qvalbuf, sizeof(qvalbuf), "\"%.*s\"", @@ -785,15 +785,15 @@ static inline void dump_header_quoted(struct req_state* s, } template -static inline void dump_header_if_nonempty(struct req_state* s, - const std::string_view& name, - const ValueT& value) { +inline void dump_header_if_nonempty(struct req_state* s, + const std::string_view& name, + const ValueT& value) { if (name.length() > 0 && value.length() > 0) { return dump_header(s, name, value); } } -static inline std::string compute_domain_uri(const struct req_state *s) { +inline std::string compute_domain_uri(const struct req_state *s) { std::string uri = (!s->info.domain.empty()) ? s->info.domain : [&s]() -> std::string { RGWEnv const &env(*(s->info.env)); @@ -818,7 +818,7 @@ extern void dump_epoch_header(struct req_state *s, const char *name, real_time t extern void dump_time_header(struct req_state *s, const char *name, real_time t); extern void dump_last_modified(struct req_state *s, real_time t); extern void abort_early(struct req_state* s, RGWOp* op, int err, - RGWHandler* handler); + RGWHandler* handler, optional_yield y); extern void dump_range(struct req_state* s, uint64_t ofs, uint64_t end, uint64_t total_size); extern void dump_continue(struct req_state *s); diff --git a/src/rgw/rgw_rest_admin.h b/src/rgw/rgw_rest_admin.h index 0a8ad83c01306..91230af6c6859 100644 --- a/src/rgw/rgw_rest_admin.h +++ b/src/rgw/rgw_rest_admin.h @@ -3,6 +3,7 @@ #pragma once +#include "rgw/rgw_rest.h" class RGWRESTMgr_Admin : public RGWRESTMgr { public: diff --git a/src/rgw/rgw_rest_bucket.cc b/src/rgw/rgw_rest_bucket.cc index cc8cdd1c70ee6..eb805b29890b9 100644 --- a/src/rgw/rgw_rest_bucket.cc +++ b/src/rgw/rgw_rest_bucket.cc @@ -23,12 +23,12 @@ public: return caps.check_cap("buckets", RGW_CAP_READ); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_bucket_info"; } }; -void RGWOp_Bucket_Info::execute() +void RGWOp_Bucket_Info::execute(optional_yield y) { RGWBucketAdminOpState op_state; @@ -48,7 +48,7 @@ void RGWOp_Bucket_Info::execute() op_state.set_bucket_name(bucket); op_state.set_fetch_stats(fetch_stats); - op_ret = RGWBucketAdminOp::info(store, op_state, flusher, null_yield); + op_ret = RGWBucketAdminOp::info(store, op_state, flusher, y); } class RGWOp_Get_Policy : public RGWRESTOp { @@ -60,12 +60,12 @@ public: return caps.check_cap("buckets", RGW_CAP_READ); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_policy"; } }; -void RGWOp_Get_Policy::execute() +void RGWOp_Get_Policy::execute(optional_yield y) { RGWBucketAdminOpState op_state; @@ -90,12 +90,12 @@ public: return caps.check_cap("buckets", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "check_bucket_index"; } }; -void RGWOp_Check_Bucket_Index::execute() +void RGWOp_Check_Bucket_Index::execute(optional_yield y) { std::string bucket; @@ -124,12 +124,12 @@ public: return caps.check_cap("buckets", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "link_bucket"; } }; -void RGWOp_Bucket_Link::execute() +void RGWOp_Bucket_Link::execute(optional_yield y) { std::string uid_str; std::string bucket; @@ -167,12 +167,12 @@ public: return caps.check_cap("buckets", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "unlink_bucket"; } }; -void RGWOp_Bucket_Unlink::execute() +void RGWOp_Bucket_Unlink::execute(optional_yield y) { std::string uid_str; std::string bucket; @@ -205,12 +205,12 @@ public: return caps.check_cap("buckets", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "remove_bucket"; } }; -void RGWOp_Bucket_Remove::execute() +void RGWOp_Bucket_Remove::execute(optional_yield y) { std::string bucket_name; bool delete_children; @@ -237,14 +237,14 @@ public: return caps.check_cap("buckets", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "set_bucket_quota"; } }; #define QUOTA_INPUT_MAX_LEN 1024 -void RGWOp_Set_Bucket_Quota::execute() +void RGWOp_Set_Bucket_Quota::execute(optional_yield y) { bool uid_arg_existed = false; std::string uid_str; @@ -314,12 +314,12 @@ public: return caps.check_cap("buckets", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "sync_bucket"; } }; -void RGWOp_Sync_Bucket::execute() +void RGWOp_Sync_Bucket::execute(optional_yield y) { std::string bucket; std::string tenant; @@ -346,12 +346,12 @@ public: return caps.check_cap("buckets", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "remove_object"; } }; -void RGWOp_Object_Remove::execute() +void RGWOp_Object_Remove::execute(optional_yield y) { std::string bucket; std::string object; diff --git a/src/rgw/rgw_rest_bucket.h b/src/rgw/rgw_rest_bucket.h index 0a7de160c1ef9..5220546be2e42 100644 --- a/src/rgw/rgw_rest_bucket.h +++ b/src/rgw/rgw_rest_bucket.h @@ -17,7 +17,7 @@ public: using RGWHandler_Auth_S3::RGWHandler_Auth_S3; ~RGWHandler_Bucket() override = default; - int read_permissions(RGWOp*) override { + int read_permissions(RGWOp*, optional_yield y) override { return 0; } }; diff --git a/src/rgw/rgw_rest_config.cc b/src/rgw/rgw_rest_config.cc index bb5b0c4dfcd32..60cf80f731f69 100644 --- a/src/rgw/rgw_rest_config.cc +++ b/src/rgw/rgw_rest_config.cc @@ -30,7 +30,7 @@ #define dout_context g_ceph_context #define dout_subsys ceph_subsys_rgw -void RGWOp_ZoneGroupMap_Get::execute() { +void RGWOp_ZoneGroupMap_Get::execute(optional_yield y) { op_ret = zonegroup_map.read(g_ceph_context, store->svc()->sysobj); if (op_ret < 0) { dout(5) << "failed to read zone_group map" << dendl; @@ -50,7 +50,7 @@ void RGWOp_ZoneGroupMap_Get::send_response() { region_map.regions = zonegroup_map.zonegroups; region_map.master_region = zonegroup_map.master_zonegroup; region_map.bucket_quota = zonegroup_map.bucket_quota; - region_map.user_quota = zonegroup_map.user_quota; + region_map.user_quota = zonegroup_map.user_quota; encode_json("region-map", region_map, s->formatter); } else { encode_json("zonegroup-map", zonegroup_map, s->formatter); diff --git a/src/rgw/rgw_rest_config.h b/src/rgw/rgw_rest_config.h index 3fb3e871f4d26..f21101a17765e 100644 --- a/src/rgw/rgw_rest_config.h +++ b/src/rgw/rgw_rest_config.h @@ -15,6 +15,8 @@ #pragma once +#include "rgw_auth_s3.h" +#include "rgw_rest.h" #include "rgw_zone.h" class RGWOp_ZoneGroupMap_Get : public RGWRESTOp { @@ -27,10 +29,10 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { if (old_format) { @@ -49,10 +51,10 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield) override { return check_caps(s->user->get_caps()); } - void execute() override {} /* store already has the info we need, just need to send response */ + void execute(optional_yield) override {} /* store already has the info we need, just need to send response */ void send_response() override ; const char* name() const override { return "get_zone_config"; @@ -63,7 +65,7 @@ class RGWHandler_Config : public RGWHandler_Auth_S3 { protected: RGWOp *op_get() override; - int read_permissions(RGWOp*) override { + int read_permissions(RGWOp*, optional_yield) override { return 0; } public: diff --git a/src/rgw/rgw_rest_iam.cc b/src/rgw/rgw_rest_iam.cc index a6cce4f7191a4..c7250129b84b2 100644 --- a/src/rgw/rgw_rest_iam.cc +++ b/src/rgw/rgw_rest_iam.cc @@ -96,9 +96,9 @@ int RGWHandler_REST_IAM::init(rgw::sal::RGWRadosStore *store, return RGWHandler_REST::init(store, s, cio); } -int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp) +int RGWHandler_REST_IAM::authorize(const DoutPrefixProvider* dpp, optional_yield y) { - return RGW_Auth_S3::authorize(dpp, store, auth_registry, s); + return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y); } int RGWHandler_REST_IAM::init_from_header(struct req_state* s, diff --git a/src/rgw/rgw_rest_iam.h b/src/rgw/rgw_rest_iam.h index 1c6a0e89d3229..6b3518c2dc58b 100644 --- a/src/rgw/rgw_rest_iam.h +++ b/src/rgw/rgw_rest_iam.h @@ -5,6 +5,7 @@ #include "rgw_auth.h" #include "rgw_auth_filters.h" +#include "rgw_rest.h" class RGWHandler_REST_IAM : public RGWHandler_REST { const rgw::auth::StrategyRegistry& auth_registry; @@ -24,8 +25,8 @@ public: int init(rgw::sal::RGWRadosStore *store, struct req_state *s, rgw::io::BasicClient *cio) override; - int authorize(const DoutPrefixProvider* dpp) override; - int postauth_init() override { return 0; } + int authorize(const DoutPrefixProvider* dpp, optional_yield y) override; + int postauth_init(optional_yield y) override { return 0; } }; class RGWRESTMgr_IAM : public RGWRESTMgr { diff --git a/src/rgw/rgw_rest_log.cc b/src/rgw/rgw_rest_log.cc index b38979dbe4c9f..4003e157164f5 100644 --- a/src/rgw/rgw_rest_log.cc +++ b/src/rgw/rgw_rest_log.cc @@ -37,7 +37,7 @@ #define LOG_CLASS_LIST_MAX_ENTRIES (1000) #define dout_subsys ceph_subsys_rgw -void RGWOp_MDLog_List::execute() { +void RGWOp_MDLog_List::execute(optional_yield y) { string period = s->info.args.get("period"); string shard = s->info.args.get("id"); string max_entries_str = s->info.args.get("max-entries"); @@ -117,9 +117,9 @@ void RGWOp_MDLog_List::send_response() { flusher.flush(); } -void RGWOp_MDLog_Info::execute() { +void RGWOp_MDLog_Info::execute(optional_yield y) { num_objects = s->cct->_conf->rgw_md_log_max_shards; - period = store->svc()->mdlog->read_oldest_log_period(null_yield); + period = store->svc()->mdlog->read_oldest_log_period(y); op_ret = period.get_error(); } @@ -138,7 +138,7 @@ void RGWOp_MDLog_Info::send_response() { flusher.flush(); } -void RGWOp_MDLog_ShardInfo::execute() { +void RGWOp_MDLog_ShardInfo::execute(optional_yield y) { string period = s->info.args.get("period"); string shard = s->info.args.get("id"); string err; @@ -174,7 +174,7 @@ void RGWOp_MDLog_ShardInfo::send_response() { flusher.flush(); } -void RGWOp_MDLog_Delete::execute() { +void RGWOp_MDLog_Delete::execute(optional_yield y) { string marker = s->info.args.get("marker"), period = s->info.args.get("period"), shard = s->info.args.get("id"), @@ -231,7 +231,7 @@ void RGWOp_MDLog_Delete::execute() { op_ret = meta_log.trim(shard_id, {}, {}, {}, marker); } -void RGWOp_MDLog_Lock::execute() { +void RGWOp_MDLog_Lock::execute(optional_yield y) { string period, shard_id_str, duration_str, locker_id, zone_id; unsigned shard_id; @@ -280,7 +280,7 @@ void RGWOp_MDLog_Lock::execute() { op_ret = -ERR_LOCKED; } -void RGWOp_MDLog_Unlock::execute() { +void RGWOp_MDLog_Unlock::execute(optional_yield y) { string period, shard_id_str, locker_id, zone_id; unsigned shard_id; @@ -317,7 +317,7 @@ void RGWOp_MDLog_Unlock::execute() { op_ret = meta_log.unlock(shard_id, zone_id, locker_id); } -void RGWOp_MDLog_Notify::execute() { +void RGWOp_MDLog_Notify::execute(optional_yield y) { #define LARGE_ENOUGH_BUF (128 * 1024) int r = 0; @@ -359,7 +359,7 @@ void RGWOp_MDLog_Notify::execute() { op_ret = 0; } -void RGWOp_BILog_List::execute() { +void RGWOp_BILog_List::execute(optional_yield y) { string tenant_name = s->info.args.get("tenant"), bucket_name = s->info.args.get("bucket"), marker = s->info.args.get("marker"), @@ -455,7 +455,7 @@ void RGWOp_BILog_List::send_response_end() { flusher.flush(); } -void RGWOp_BILog_Info::execute() { +void RGWOp_BILog_Info::execute(optional_yield y) { string tenant_name = s->info.args.get("tenant"), bucket_name = s->info.args.get("bucket"), bucket_instance = s->info.args.get("bucket-instance"); @@ -514,7 +514,7 @@ void RGWOp_BILog_Info::send_response() { flusher.flush(); } -void RGWOp_BILog_Delete::execute() { +void RGWOp_BILog_Delete::execute(optional_yield y) { string tenant_name = s->info.args.get("tenant"), bucket_name = s->info.args.get("bucket"), start_marker = s->info.args.get("start-marker"), @@ -559,7 +559,7 @@ void RGWOp_BILog_Delete::execute() { return; } -void RGWOp_DATALog_List::execute() { +void RGWOp_DATALog_List::execute(optional_yield y) { string shard = s->info.args.get("id"); string max_entries_str = s->info.args.get("max-entries"), @@ -630,7 +630,7 @@ void RGWOp_DATALog_List::send_response() { } -void RGWOp_DATALog_Info::execute() { +void RGWOp_DATALog_Info::execute(optional_yield y) { num_objects = s->cct->_conf->rgw_data_log_num_shards; op_ret = 0; } @@ -646,7 +646,7 @@ void RGWOp_DATALog_Info::send_response() { flusher.flush(); } -void RGWOp_DATALog_ShardInfo::execute() { +void RGWOp_DATALog_ShardInfo::execute(optional_yield y) { string shard = s->info.args.get("id"); string err; @@ -669,7 +669,7 @@ void RGWOp_DATALog_ShardInfo::send_response() { flusher.flush(); } -void RGWOp_DATALog_Notify::execute() { +void RGWOp_DATALog_Notify::execute(optional_yield y) { string source_zone = s->info.args.get("source-zone"); #define LARGE_ENOUGH_BUF (128 * 1024) @@ -716,7 +716,7 @@ void RGWOp_DATALog_Notify::execute() { op_ret = 0; } -void RGWOp_DATALog_Delete::execute() { +void RGWOp_DATALog_Delete::execute(optional_yield y) { string marker = s->info.args.get("marker"), shard = s->info.args.get("id"), err; @@ -765,15 +765,15 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "get_metadata_log_status"; } }; -void RGWOp_MDLog_Status::execute() +void RGWOp_MDLog_Status::execute(optional_yield y) { auto sync = store->getRados()->get_meta_sync_manager(); if (sync == nullptr) { @@ -803,15 +803,15 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("bilog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "get_bucket_index_log_status"; } }; -void RGWOp_BILog_Status::execute() +void RGWOp_BILog_Status::execute(optional_yield y) { const auto options = s->info.args.get("options"); bool merge = (options == "merge"); @@ -867,7 +867,7 @@ void RGWOp_BILog_Status::execute() pipe.dest.zone = local_zone_id; pipe.dest.bucket = info.bucket; - ldout(s->cct, 20) << "RGWOp_BILog_Status::execute(): getting sync status for pipe=" << pipe << dendl; + ldout(s->cct, 20) << "RGWOp_BILog_Status::execute(optional_yield y): getting sync status for pipe=" << pipe << dendl; op_ret = rgw_bucket_sync_status(this, store, pipe, info, nullptr, &status); @@ -880,7 +880,7 @@ void RGWOp_BILog_Status::execute() rgw_zone_id source_zone_id(source_zone); RGWBucketSyncPolicyHandlerRef source_handler; - op_ret = store->ctl()->bucket->get_sync_policy_handler(source_zone_id, source_bucket, &source_handler, null_yield); + op_ret = store->ctl()->bucket->get_sync_policy_handler(source_zone_id, source_bucket, &source_handler, y); if (op_ret < 0) { lderr(s->cct) << "could not get bucket sync policy handler (r=" << op_ret << ")" << dendl; return; @@ -892,14 +892,14 @@ void RGWOp_BILog_Status::execute() for (auto& entry : local_dests) { auto pipe = entry.second; - ldout(s->cct, 20) << "RGWOp_BILog_Status::execute(): getting sync status for pipe=" << pipe << dendl; + ldout(s->cct, 20) << "RGWOp_BILog_Status::execute(optional_yield y): getting sync status for pipe=" << pipe << dendl; RGWBucketInfo *pinfo = &info; std::optional opt_dest_info; if (!pipe.dest.bucket) { /* Uh oh, something went wrong */ - ldout(s->cct, 20) << "ERROR: RGWOp_BILog_Status::execute(): BUG: pipe.dest.bucket was not initialized" << pipe << dendl; + ldout(s->cct, 20) << "ERROR: RGWOp_BILog_Status::execute(optional_yield y): BUG: pipe.dest.bucket was not initialized" << pipe << dendl; op_ret = -EIO; return; } @@ -969,15 +969,15 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } - void execute() override ; + void execute(optional_yield y) override ; void send_response() override; const char* name() const override { return "get_data_changes_log_status"; } }; -void RGWOp_DATALog_Status::execute() +void RGWOp_DATALog_Status::execute(optional_yield y) { const auto source_zone = s->info.args.get("source-zone"); auto sync = store->getRados()->get_data_sync_manager(source_zone); diff --git a/src/rgw/rgw_rest_log.h b/src/rgw/rgw_rest_log.h index 39c3846ea0395..ad6abfd73845c 100644 --- a/src/rgw/rgw_rest_log.h +++ b/src/rgw/rgw_rest_log.h @@ -30,13 +30,13 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("bilog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } void send_response() override; virtual void send_response(list& entries, string& marker); virtual void send_response_end(); - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "list_bucket_index_log"; } @@ -54,11 +54,11 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("bilog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } void send_response() override; - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "bucket_index_log_info"; } @@ -72,7 +72,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("bilog", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "trim_bucket_index_log"; } @@ -89,10 +89,10 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "list_metadata_log"; @@ -109,10 +109,10 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "get_metadata_log_info"; @@ -128,10 +128,10 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "get_metadata_log_shard_info"; @@ -146,7 +146,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "lock_mdlog_object"; } @@ -160,7 +160,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "unlock_mdlog_object"; } @@ -174,7 +174,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "mdlog_notify"; } @@ -188,7 +188,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("mdlog", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "trim_metadata_log"; } @@ -206,10 +206,10 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "list_data_changes_log"; @@ -225,10 +225,10 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "get_data_changes_log_info"; @@ -244,10 +244,10 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield y) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "get_data_changes_log_shard_info"; @@ -262,7 +262,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "datalog_notify"; } @@ -276,7 +276,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("datalog", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "trim_data_changes_log"; } @@ -288,7 +288,7 @@ protected: RGWOp *op_delete() override; RGWOp *op_post() override; - int read_permissions(RGWOp*) override { + int read_permissions(RGWOp*, optional_yield) override { return 0; } public: diff --git a/src/rgw/rgw_rest_metadata.cc b/src/rgw/rgw_rest_metadata.cc index 95cb0204494ff..9f6392202853e 100644 --- a/src/rgw/rgw_rest_metadata.cc +++ b/src/rgw/rgw_rest_metadata.cc @@ -49,7 +49,7 @@ static inline void frame_metadata_key(req_state *s, string& out) { } } -void RGWOp_Metadata_Get::execute() { +void RGWOp_Metadata_Get::execute(optional_yield y) { string metadata_key; frame_metadata_key(s, metadata_key); @@ -66,16 +66,16 @@ void RGWOp_Metadata_Get::execute() { op_ret = 0; } -void RGWOp_Metadata_Get_Myself::execute() { +void RGWOp_Metadata_Get_Myself::execute(optional_yield y) { string owner_id; owner_id = s->owner.get_id().to_str(); s->info.args.append("key", owner_id); - return RGWOp_Metadata_Get::execute(); + return RGWOp_Metadata_Get::execute(y); } -void RGWOp_Metadata_List::execute() { +void RGWOp_Metadata_List::execute(optional_yield y) { string marker; ldout(s->cct, 16) << __func__ << " raw marker " << s->info.args.get("marker") @@ -234,7 +234,7 @@ static bool string_to_sync_type(const string& sync_string, return true; } -void RGWOp_Metadata_Put::execute() { +void RGWOp_Metadata_Put::execute(optional_yield y) { bufferlist bl; string metadata_key; @@ -247,7 +247,7 @@ void RGWOp_Metadata_Put::execute() { if (op_ret < 0) { return; } - + frame_metadata_key(s, metadata_key); RGWMDLogSyncType sync_type = RGWMDLogSyncType::APPLY_ALWAYS; @@ -264,7 +264,7 @@ void RGWOp_Metadata_Put::execute() { } op_ret = store->ctl()->meta.mgr->put(metadata_key, bl, s->yield, sync_type, - &ondisk_version); + &ondisk_version); if (op_ret < 0) { dout(5) << "ERROR: can't put key: " << cpp_strerror(op_ret) << dendl; return; @@ -290,7 +290,7 @@ void RGWOp_Metadata_Put::send_response() { end_header(s); } -void RGWOp_Metadata_Delete::execute() { +void RGWOp_Metadata_Delete::execute(optional_yield y) { string metadata_key; frame_metadata_key(s, metadata_key); diff --git a/src/rgw/rgw_rest_metadata.h b/src/rgw/rgw_rest_metadata.h index 78aabb63fa8d5..234ca5c303639 100644 --- a/src/rgw/rgw_rest_metadata.h +++ b/src/rgw/rgw_rest_metadata.h @@ -15,6 +15,9 @@ #pragma once +#include "rgw/rgw_rest.h" +#include "rgw/rgw_auth_s3.h" + class RGWOp_Metadata_List : public RGWRESTOp { public: RGWOp_Metadata_List() {} @@ -23,7 +26,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("metadata", RGW_CAP_READ); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "list_metadata"; } }; @@ -35,7 +38,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("metadata", RGW_CAP_READ); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_metadata"; } }; @@ -44,7 +47,7 @@ public: RGWOp_Metadata_Get_Myself() {} ~RGWOp_Metadata_Get_Myself() override {} - void execute() override; + void execute(optional_yield y) override; }; class RGWOp_Metadata_Put : public RGWRESTOp { @@ -58,7 +61,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("metadata", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "set_metadata"; } RGWOpType get_type() override { return RGW_OP_ADMIN_SET_METADATA; } @@ -72,7 +75,7 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("metadata", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "remove_metadata"; } }; @@ -82,7 +85,7 @@ protected: RGWOp *op_put() override; RGWOp *op_delete() override; - int read_permissions(RGWOp*) override { + int read_permissions(RGWOp*, optional_yield y) override { return 0; } public: diff --git a/src/rgw/rgw_rest_oidc_provider.cc b/src/rgw/rgw_rest_oidc_provider.cc index 3dbaeae786f2d..4ab5c420c2bb2 100644 --- a/src/rgw/rgw_rest_oidc_provider.cc +++ b/src/rgw/rgw_rest_oidc_provider.cc @@ -20,7 +20,7 @@ #define dout_subsys ceph_subsys_rgw -int RGWRestOIDCProvider::verify_permission() +int RGWRestOIDCProvider::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -69,7 +69,7 @@ int RGWRestOIDCProviderWrite::check_caps(const RGWUserCaps& caps) return caps.check_cap("oidc-provider", RGW_CAP_WRITE); } -int RGWCreateOIDCProvider::verify_permission() +int RGWCreateOIDCProvider::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -114,7 +114,7 @@ int RGWCreateOIDCProvider::get_params() return 0; } -void RGWCreateOIDCProvider::execute() +void RGWCreateOIDCProvider::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -138,7 +138,7 @@ void RGWCreateOIDCProvider::execute() } -void RGWDeleteOIDCProvider::execute() +void RGWDeleteOIDCProvider::execute(optional_yield y) { RGWOIDCProvider provider(s->cct, store->getRados()->pctl, provider_arn, s->user->get_tenant()); op_ret = provider.delete_obj(); @@ -156,7 +156,7 @@ void RGWDeleteOIDCProvider::execute() } } -void RGWGetOIDCProvider::execute() +void RGWGetOIDCProvider::execute(optional_yield y) { RGWOIDCProvider provider(s->cct, store->getRados()->pctl, provider_arn, s->user->get_tenant()); op_ret = provider.get(); @@ -177,7 +177,7 @@ void RGWGetOIDCProvider::execute() } } -int RGWListOIDCProviders::verify_permission() +int RGWListOIDCProviders::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -197,7 +197,7 @@ int RGWListOIDCProviders::verify_permission() return 0; } -void RGWListOIDCProviders::execute() +void RGWListOIDCProviders::execute(optional_yield y) { vector result; op_ret = RGWOIDCProvider::get_providers(store->getRados(), s->user->get_tenant(), result); diff --git a/src/rgw/rgw_rest_oidc_provider.h b/src/rgw/rgw_rest_oidc_provider.h index bcebf95480ca1..b75dcc799f66d 100644 --- a/src/rgw/rgw_rest_oidc_provider.h +++ b/src/rgw/rgw_rest_oidc_provider.h @@ -3,6 +3,7 @@ #pragma once +#include "rgw_rest.h" #include "rgw_oidc_provider.h" class RGWRestOIDCProvider : public RGWRESTOp { @@ -12,7 +13,7 @@ protected: string provider_url; //'iss' field in JWT string provider_arn; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void send_response() override; virtual uint64_t get_op() = 0; }; @@ -32,39 +33,39 @@ public: class RGWCreateOIDCProvider : public RGWRestOIDCProviderWrite { public: RGWCreateOIDCProvider() = default; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "create_oidc_provider"; } RGWOpType get_type() override { return RGW_OP_CREATE_OIDC_PROVIDER; } - uint64_t get_op() { return rgw::IAM::iamCreateOIDCProvider; } + uint64_t get_op() override { return rgw::IAM::iamCreateOIDCProvider; } }; class RGWDeleteOIDCProvider : public RGWRestOIDCProviderWrite { public: RGWDeleteOIDCProvider() = default; - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "delete_oidc_provider"; } RGWOpType get_type() override { return RGW_OP_DELETE_OIDC_PROVIDER; } - uint64_t get_op() { return rgw::IAM::iamDeleteOIDCProvider; } + uint64_t get_op() override { return rgw::IAM::iamDeleteOIDCProvider; } }; class RGWGetOIDCProvider : public RGWRestOIDCProviderRead { public: RGWGetOIDCProvider() = default; - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_oidc_provider"; } RGWOpType get_type() override { return RGW_OP_GET_OIDC_PROVIDER; } - uint64_t get_op() { return rgw::IAM::iamGetOIDCProvider; } + uint64_t get_op() override { return rgw::IAM::iamGetOIDCProvider; } }; class RGWListOIDCProviders : public RGWRestOIDCProviderRead { public: RGWListOIDCProviders() = default; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "list_oidc_providers"; } RGWOpType get_type() override { return RGW_OP_LIST_OIDC_PROVIDERS; } - uint64_t get_op() { return rgw::IAM::iamListOIDCProviders; } + uint64_t get_op() override { return rgw::IAM::iamListOIDCProviders; } }; diff --git a/src/rgw/rgw_rest_pubsub.cc b/src/rgw/rgw_rest_pubsub.cc index 9853934c6977c..58d2d8452b152 100644 --- a/src/rgw/rgw_rest_pubsub.cc +++ b/src/rgw/rgw_rest_pubsub.cc @@ -349,12 +349,12 @@ RGWOp* RGWHandler_REST_PSTopic_AWS::op_post() { return nullptr; } -int RGWHandler_REST_PSTopic_AWS::authorize(const DoutPrefixProvider* dpp) { +int RGWHandler_REST_PSTopic_AWS::authorize(const DoutPrefixProvider* dpp, optional_yield y) { /*if (s->info.args.exists("Action") && s->info.args.get("Action").find("Topic") != std::string::npos) { // TODO: some topic specific authorization return 0; }*/ - return RGW_Auth_S3::authorize(dpp, store, auth_registry, s); + return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y); } @@ -443,10 +443,10 @@ class RGWPSCreateNotif_ObjStore_S3 : public RGWPSCreateNotifOp { public: const char* name() const override { return "pubsub_notification_create_s3"; } - void execute() override; + void execute(optional_yield) override; }; -void RGWPSCreateNotif_ObjStore_S3::execute() { +void RGWPSCreateNotif_ObjStore_S3::execute(optional_yield y) { op_ret = get_params_from_body(); if (op_ret < 0) { return; @@ -585,11 +585,11 @@ private: } public: - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_notification_delete_s3"; } }; -void RGWPSDeleteNotif_ObjStore_S3::execute() { +void RGWPSDeleteNotif_ObjStore_S3::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -676,7 +676,7 @@ private: } public: - void execute() override; + void execute(optional_yield y) override; void send_response() override { if (op_ret) { set_req_state_err(s, op_ret); @@ -693,7 +693,7 @@ public: const char* name() const override { return "pubsub_notifications_get_s3"; } }; -void RGWPSListNotifs_ObjStore_S3::execute() { +void RGWPSListNotifs_ObjStore_S3::execute(optional_yield y) { ups.emplace(store, s->owner.get_id()); auto b = ups->get_bucket(bucket_info.bucket); ceph_assert(b); diff --git a/src/rgw/rgw_rest_pubsub.h b/src/rgw/rgw_rest_pubsub.h index f2f63356048b1..7e31642b3f4fa 100644 --- a/src/rgw/rgw_rest_pubsub.h +++ b/src/rgw/rgw_rest_pubsub.h @@ -7,8 +7,8 @@ // s3 compliant notification handler factory class RGWHandler_REST_PSNotifs_S3 : public RGWHandler_REST_S3 { protected: - int init_permissions(RGWOp* op) override {return 0;} - int read_permissions(RGWOp* op) override {return 0;} + int init_permissions(RGWOp* op, optional_yield y) override {return 0;} + int read_permissions(RGWOp* op, optional_yield y) override {return 0;} bool supports_quota() override {return false;} RGWOp* op_get() override; RGWOp* op_put() override; @@ -35,7 +35,6 @@ public: auth_registry(_auth_registry), post_body(_post_body) {} virtual ~RGWHandler_REST_PSTopic_AWS() = default; - int postauth_init() override { return 0; } - int authorize(const DoutPrefixProvider* dpp) override; + int postauth_init(optional_yield) override { return 0; } + int authorize(const DoutPrefixProvider* dpp, optional_yield y) override; }; - diff --git a/src/rgw/rgw_rest_pubsub_common.cc b/src/rgw/rgw_rest_pubsub_common.cc index 9145eafa8d81a..93f208c2bab3b 100644 --- a/src/rgw/rgw_rest_pubsub_common.cc +++ b/src/rgw/rgw_rest_pubsub_common.cc @@ -46,7 +46,7 @@ bool topics_has_endpoint_secret(const rgw_pubsub_user_topics& topics) { } return false; } -void RGWPSCreateTopicOp::execute() { +void RGWPSCreateTopicOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -61,7 +61,7 @@ void RGWPSCreateTopicOp::execute() { ldout(s->cct, 20) << "successfully created topic '" << topic_name << "'" << dendl; } -void RGWPSListTopicsOp::execute() { +void RGWPSListTopicsOp::execute(optional_yield y) { ups.emplace(store, s->owner.get_id()); op_ret = ups->get_user_topics(&result); // if there are no topics it is not considered an error @@ -78,7 +78,7 @@ void RGWPSListTopicsOp::execute() { ldout(s->cct, 20) << "successfully got topics" << dendl; } -void RGWPSGetTopicOp::execute() { +void RGWPSGetTopicOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -97,7 +97,7 @@ void RGWPSGetTopicOp::execute() { ldout(s->cct, 1) << "successfully got topic '" << topic_name << "'" << dendl; } -void RGWPSDeleteTopicOp::execute() { +void RGWPSDeleteTopicOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -111,7 +111,7 @@ void RGWPSDeleteTopicOp::execute() { ldout(s->cct, 1) << "successfully removed topic '" << topic_name << "'" << dendl; } -void RGWPSCreateSubOp::execute() { +void RGWPSCreateSubOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -126,7 +126,7 @@ void RGWPSCreateSubOp::execute() { ldout(s->cct, 20) << "successfully created subscription '" << sub_name << "'" << dendl; } -void RGWPSGetSubOp::execute() { +void RGWPSGetSubOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -146,7 +146,7 @@ void RGWPSGetSubOp::execute() { ldout(s->cct, 20) << "successfully got subscription '" << sub_name << "'" << dendl; } -void RGWPSDeleteSubOp::execute() { +void RGWPSDeleteSubOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -161,7 +161,7 @@ void RGWPSDeleteSubOp::execute() { ldout(s->cct, 20) << "successfully removed subscription '" << sub_name << "'" << dendl; } -void RGWPSAckSubEventOp::execute() { +void RGWPSAckSubEventOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -176,7 +176,7 @@ void RGWPSAckSubEventOp::execute() { ldout(s->cct, 20) << "successfully acked event on subscription '" << sub_name << "'" << dendl; } -void RGWPSPullSubEventsOp::execute() { +void RGWPSPullSubEventsOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -197,7 +197,7 @@ void RGWPSPullSubEventsOp::execute() { } -int RGWPSCreateNotifOp::verify_permission() { +int RGWPSCreateNotifOp::verify_permission(optional_yield y) { int ret = get_params(); if (ret < 0) { return ret; @@ -206,7 +206,7 @@ int RGWPSCreateNotifOp::verify_permission() { const auto& id = s->owner.get_id(); ret = store->getRados()->get_bucket_info(store->svc(), id.tenant, bucket_name, - bucket_info, nullptr, null_yield, nullptr); + bucket_info, nullptr, y, nullptr); if (ret < 0) { ldout(s->cct, 1) << "failed to get bucket info, cannot verify ownership" << dendl; return ret; @@ -219,14 +219,14 @@ int RGWPSCreateNotifOp::verify_permission() { return 0; } -int RGWPSDeleteNotifOp::verify_permission() { +int RGWPSDeleteNotifOp::verify_permission(optional_yield y) { int ret = get_params(); if (ret < 0) { return ret; } ret = store->getRados()->get_bucket_info(store->svc(), s->owner.get_id().tenant, bucket_name, - bucket_info, nullptr, null_yield, nullptr); + bucket_info, nullptr, y, nullptr); if (ret < 0) { return ret; } @@ -238,14 +238,14 @@ int RGWPSDeleteNotifOp::verify_permission() { return 0; } -int RGWPSListNotifsOp::verify_permission() { +int RGWPSListNotifsOp::verify_permission(optional_yield y) { int ret = get_params(); if (ret < 0) { return ret; } ret = store->getRados()->get_bucket_info(store->svc(), s->owner.get_id().tenant, bucket_name, - bucket_info, nullptr, null_yield, nullptr); + bucket_info, nullptr, y, nullptr); if (ret < 0) { return ret; } diff --git a/src/rgw/rgw_rest_pubsub_common.h b/src/rgw/rgw_rest_pubsub_common.h index d472fa4076d98..0abb27c5ccffa 100644 --- a/src/rgw/rgw_rest_pubsub_common.h +++ b/src/rgw/rgw_rest_pubsub_common.h @@ -23,13 +23,13 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield) override; const char* name() const override { return "pubsub_topic_create"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_TOPIC_CREATE; } @@ -43,13 +43,13 @@ protected: rgw_pubsub_user_topics result; public: - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield) override; const char* name() const override { return "pubsub_topics_list"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_TOPICS_LIST; } @@ -66,13 +66,13 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override { + int verify_permission(optional_yield y) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_topic_get"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_TOPIC_GET; } @@ -88,13 +88,13 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_topic_delete"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_TOPIC_DELETE; } @@ -112,13 +112,13 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_subscription_create"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_SUB_CREATE; } @@ -135,13 +135,13 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_subscription_get"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_SUB_GET; } @@ -158,13 +158,13 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_subscription_delete"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_SUB_DELETE; } @@ -183,13 +183,13 @@ protected: public: RGWPSAckSubEventOp() {} - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_subscription_ack"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_SUB_ACK; } @@ -212,13 +212,13 @@ protected: public: RGWPSPullSubEventsOp() {} - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } void pre_exec() override { rgw_bucket_object_pre_exec(s); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_subscription_pull"; } RGWOpType get_type() override { return RGW_OP_PUBSUB_SUB_PULL; } @@ -235,7 +235,7 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override { rgw_bucket_object_pre_exec(s); @@ -255,7 +255,7 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override { rgw_bucket_object_pre_exec(s); @@ -275,7 +275,7 @@ protected: virtual int get_params() = 0; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void pre_exec() override { rgw_bucket_object_pre_exec(s); @@ -284,4 +284,3 @@ public: RGWOpType get_type() override { return RGW_OP_PUBSUB_NOTIF_LIST; } uint32_t op_mask() override { return RGW_OP_TYPE_READ; } }; - diff --git a/src/rgw/rgw_rest_realm.cc b/src/rgw/rgw_rest_realm.cc index 215663f5937f6..17b0cd961211d 100644 --- a/src/rgw/rgw_rest_realm.cc +++ b/src/rgw/rgw_rest_realm.cc @@ -24,7 +24,7 @@ class RGWOp_Period_Base : public RGWRESTOp { RGWPeriod period; std::ostringstream error_stream; public: - int verify_permission() override { return 0; } + int verify_permission(optional_yield) override { return 0; } void send_response() override; }; @@ -51,17 +51,17 @@ void RGWOp_Period_Base::send_response() // GET /admin/realm/period class RGWOp_Period_Get : public RGWOp_Period_Base { public: - void execute() override; + void execute(optional_yield y) override; int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield) override { return check_caps(s->user->get_caps()); } const char* name() const override { return "get_period"; } }; -void RGWOp_Period_Get::execute() +void RGWOp_Period_Get::execute(optional_yield y) { string realm_id, realm_name, period_id; epoch_t epoch = 0; @@ -81,17 +81,17 @@ void RGWOp_Period_Get::execute() // POST /admin/realm/period class RGWOp_Period_Post : public RGWOp_Period_Base { public: - void execute() override; + void execute(optional_yield y) override; int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_WRITE); } - int verify_permission() override { + int verify_permission(optional_yield) override { return check_caps(s->user->get_caps()); } const char* name() const override { return "post_period"; } }; -void RGWOp_Period_Post::execute() +void RGWOp_Period_Post::execute(optional_yield y) { auto cct = store->ctx(); @@ -263,15 +263,15 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "get_realm"; } }; -void RGWOp_Realm_Get::execute() +void RGWOp_Realm_Get::execute(optional_yield y) { string id; RESTArgs::get_string(s, "id", id, &id); @@ -309,15 +309,15 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("zone", RGW_CAP_READ); } - int verify_permission() override { + int verify_permission(optional_yield) override { return check_caps(s->user->get_caps()); } - void execute() override; + void execute(optional_yield y) override; void send_response() override; const char* name() const override { return "list_realms"; } }; -void RGWOp_Realm_List::execute() +void RGWOp_Realm_List::execute(optional_yield y) { { // read default realm diff --git a/src/rgw/rgw_rest_role.cc b/src/rgw/rgw_rest_role.cc index a5812f174a81a..6f6df30225bc3 100644 --- a/src/rgw/rgw_rest_role.cc +++ b/src/rgw/rgw_rest_role.cc @@ -19,7 +19,7 @@ #define dout_subsys ceph_subsys_rgw -int RGWRestRole::verify_permission() +int RGWRestRole::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -74,7 +74,7 @@ int RGWRoleWrite::check_caps(const RGWUserCaps& caps) return caps.check_cap("roles", RGW_CAP_WRITE); } -int RGWCreateRole::verify_permission() +int RGWCreateRole::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -124,7 +124,7 @@ int RGWCreateRole::get_params() return 0; } -void RGWCreateRole::execute() +void RGWCreateRole::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -164,7 +164,7 @@ int RGWDeleteRole::get_params() return 0; } -void RGWDeleteRole::execute() +void RGWDeleteRole::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -184,7 +184,7 @@ void RGWDeleteRole::execute() s->formatter->close_section(); } -int RGWGetRole::verify_permission() +int RGWGetRole::verify_permission(optional_yield y) { return 0; } @@ -223,7 +223,7 @@ int RGWGetRole::get_params() return 0; } -void RGWGetRole::execute() +void RGWGetRole::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -271,7 +271,7 @@ int RGWModifyRole::get_params() return 0; } -void RGWModifyRole::execute() +void RGWModifyRole::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -288,7 +288,7 @@ void RGWModifyRole::execute() s->formatter->close_section(); } -int RGWListRoles::verify_permission() +int RGWListRoles::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -315,7 +315,7 @@ int RGWListRoles::get_params() return 0; } -void RGWListRoles::execute() +void RGWListRoles::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -363,7 +363,7 @@ int RGWPutRolePolicy::get_params() return 0; } -void RGWPutRolePolicy::execute() +void RGWPutRolePolicy::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -394,7 +394,7 @@ int RGWGetRolePolicy::get_params() return 0; } -void RGWGetRolePolicy::execute() +void RGWGetRolePolicy::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -432,7 +432,7 @@ int RGWListRolePolicies::get_params() return 0; } -void RGWListRolePolicies::execute() +void RGWListRolePolicies::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -466,7 +466,7 @@ int RGWDeleteRolePolicy::get_params() return 0; } -void RGWDeleteRolePolicy::execute() +void RGWDeleteRolePolicy::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { diff --git a/src/rgw/rgw_rest_role.h b/src/rgw/rgw_rest_role.h index ff2069fa152ab..09f556b6cf6ee 100644 --- a/src/rgw/rgw_rest_role.h +++ b/src/rgw/rgw_rest_role.h @@ -3,7 +3,10 @@ #pragma once +#include "common/async/yield_context.h" + #include "rgw_role.h" +#include "rgw_rest.h" class RGWRestRole : public RGWRESTOp { protected: @@ -16,7 +19,7 @@ protected: string max_session_duration; RGWRole _role; public: - int verify_permission() override; + int verify_permission(optional_yield y) override; void send_response() override; virtual uint64_t get_op() = 0; }; @@ -36,93 +39,93 @@ public: class RGWCreateRole : public RGWRoleWrite { public: RGWCreateRole() = default; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "create_role"; } RGWOpType get_type() override { return RGW_OP_CREATE_ROLE; } - uint64_t get_op() { return rgw::IAM::iamCreateRole; } + uint64_t get_op() override { return rgw::IAM::iamCreateRole; } }; class RGWDeleteRole : public RGWRoleWrite { public: RGWDeleteRole() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "delete_role"; } RGWOpType get_type() override { return RGW_OP_DELETE_ROLE; } - uint64_t get_op() { return rgw::IAM::iamDeleteRole; } + uint64_t get_op() override { return rgw::IAM::iamDeleteRole; } }; class RGWGetRole : public RGWRoleRead { int _verify_permission(const RGWRole& role); public: RGWGetRole() = default; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "get_role"; } RGWOpType get_type() override { return RGW_OP_GET_ROLE; } - uint64_t get_op() { return rgw::IAM::iamGetRole; } + uint64_t get_op() override { return rgw::IAM::iamGetRole; } }; class RGWModifyRole : public RGWRoleWrite { public: RGWModifyRole() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "modify_role"; } RGWOpType get_type() override { return RGW_OP_MODIFY_ROLE; } - uint64_t get_op() { return rgw::IAM::iamModifyRole; } + uint64_t get_op() override { return rgw::IAM::iamModifyRole; } }; class RGWListRoles : public RGWRoleRead { public: RGWListRoles() = default; - int verify_permission() override; - void execute() override; + int verify_permission(optional_yield y) override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "list_roles"; } RGWOpType get_type() override { return RGW_OP_LIST_ROLES; } - uint64_t get_op() { return rgw::IAM::iamListRoles; } + uint64_t get_op() override { return rgw::IAM::iamListRoles; } }; class RGWPutRolePolicy : public RGWRoleWrite { public: RGWPutRolePolicy() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "put_role_policy"; } RGWOpType get_type() override { return RGW_OP_PUT_ROLE_POLICY; } - uint64_t get_op() { return rgw::IAM::iamPutRolePolicy; } + uint64_t get_op() override { return rgw::IAM::iamPutRolePolicy; } }; class RGWGetRolePolicy : public RGWRoleRead { public: RGWGetRolePolicy() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "get_role_policy"; } RGWOpType get_type() override { return RGW_OP_GET_ROLE_POLICY; } - uint64_t get_op() { return rgw::IAM::iamGetRolePolicy; } + uint64_t get_op() override { return rgw::IAM::iamGetRolePolicy; } }; class RGWListRolePolicies : public RGWRoleRead { public: RGWListRolePolicies() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "list_role_policies"; } RGWOpType get_type() override { return RGW_OP_LIST_ROLE_POLICIES; } - uint64_t get_op() { return rgw::IAM::iamListRolePolicies; } + uint64_t get_op() override { return rgw::IAM::iamListRolePolicies; } }; class RGWDeleteRolePolicy : public RGWRoleWrite { public: RGWDeleteRolePolicy() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "delete_role_policy"; } RGWOpType get_type() override { return RGW_OP_DELETE_ROLE_POLICY; } - uint64_t get_op() { return rgw::IAM::iamDeleteRolePolicy; } + uint64_t get_op() override { return rgw::IAM::iamDeleteRolePolicy; } }; diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 0722e8fffad28..4888d297324a5 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -154,12 +154,12 @@ int RGWGetObj_ObjStore_S3Website::send_response_data(bufferlist& bl, off_t bl_of } } -int RGWGetObj_ObjStore_S3Website::send_response_data_error() +int RGWGetObj_ObjStore_S3Website::send_response_data_error(optional_yield y) { - return RGWGetObj_ObjStore_S3::send_response_data_error(); + return RGWGetObj_ObjStore_S3::send_response_data_error(y); } -int RGWGetObj_ObjStore_S3::get_params() +int RGWGetObj_ObjStore_S3::get_params(optional_yield y) { // for multisite sync requests, only read the slo manifest itself, rather than // all of the data from its parts. the parts will sync as separate objects @@ -171,10 +171,10 @@ int RGWGetObj_ObjStore_S3::get_params() skip_decrypt = s->info.args.exists(RGW_SYS_PARAM_PREFIX "skip-decrypt"); } - return RGWGetObj_ObjStore::get_params(); + return RGWGetObj_ObjStore::get_params(y); } -int RGWGetObj_ObjStore_S3::send_response_data_error() +int RGWGetObj_ObjStore_S3::send_response_data_error(optional_yield y) { bufferlist bl; return send_response_data(bl, 0 , 0); @@ -458,15 +458,16 @@ int RGWGetObj_ObjStore_S3::get_decrypt_filter(std::unique_ptr } return res; } -int RGWGetObj_ObjStore_S3::verify_requester(const rgw::auth::StrategyRegistry& auth_registry) +int RGWGetObj_ObjStore_S3::verify_requester(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y) { int ret = -EINVAL; - ret = RGWOp::verify_requester(auth_registry); + ret = RGWOp::verify_requester(auth_registry, y); if(!s->user->get_caps().check_cap("amz-cache", RGW_CAP_READ) && !ret && s->info.env->exists("HTTP_X_AMZ_CACHE")) - ret = override_range_hdr(auth_registry); + ret = override_range_hdr(auth_registry, y); return ret; } -int RGWGetObj_ObjStore_S3::override_range_hdr(const rgw::auth::StrategyRegistry& auth_registry) + +int RGWGetObj_ObjStore_S3::override_range_hdr(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y) { int ret = -EINVAL; ldpp_dout(this, 10) << "cache override headers" << dendl; @@ -488,7 +489,7 @@ int RGWGetObj_ObjStore_S3::override_range_hdr(const rgw::auth::StrategyRegistry& rgw_env->set(std::move(key), std::string(*v)); ldpp_dout(this, 10) << "after splitting cache kv key: " << key << " " << rgw_env->get(key.c_str()) << dendl; } - ret = RGWOp::verify_requester(auth_registry); + ret = RGWOp::verify_requester(auth_registry, y); if(!ret && backup_range) { rgw_env->set("HTTP_RANGE",backup_range); } else { @@ -524,7 +525,7 @@ void RGWGetObjTags_ObjStore_S3::send_response_data(bufferlist& bl) } -int RGWPutObjTags_ObjStore_S3::get_params() +int RGWPutObjTags_ObjStore_S3::get_params(optional_yield y) { RGWXMLParser parser; @@ -617,7 +618,7 @@ void RGWGetBucketTags_ObjStore_S3::send_response_data(bufferlist& bl) } } -int RGWPutBucketTags_ObjStore_S3::get_params() +int RGWPutBucketTags_ObjStore_S3::get_params(optional_yield y) { RGWXMLParser parser; @@ -1185,7 +1186,7 @@ void RGWGetBucketReplication_ObjStore_S3::send_response_data() } } -int RGWPutBucketReplication_ObjStore_S3::get_params() +int RGWPutBucketReplication_ObjStore_S3::get_params(optional_yield y) { RGWXMLParser parser; @@ -1294,7 +1295,7 @@ void RGWListBuckets_ObjStore_S3::send_response_end() } } -int RGWGetUsage_ObjStore_S3::get_params() +int RGWGetUsage_ObjStore_S3::get_params(optional_yield y) { start_date = s->info.args.get("start-date"); end_date = s->info.args.get("end-date"); @@ -1467,7 +1468,7 @@ int RGWListBucket_ObjStore_S3::get_common_params() return 0; } -int RGWListBucket_ObjStore_S3::get_params() +int RGWListBucket_ObjStore_S3::get_params(optional_yield y) { int ret = get_common_params(); if (ret < 0) { @@ -1482,7 +1483,7 @@ int RGWListBucket_ObjStore_S3::get_params() return 0; } -int RGWListBucket_ObjStore_S3v2::get_params() +int RGWListBucket_ObjStore_S3v2::get_params(optional_yield y) { int ret = get_common_params(); if (ret < 0) { @@ -1952,7 +1953,7 @@ struct ver_config_status { } }; -int RGWSetBucketVersioning_ObjStore_S3::get_params() +int RGWSetBucketVersioning_ObjStore_S3::get_params(optional_yield y) { int r = 0; bufferlist data; @@ -2007,7 +2008,7 @@ int RGWSetBucketVersioning_ObjStore_S3::get_params() mfa_status = true; break; default: - ldpp_dout(this, 0) << "ERROR: RGWSetBucketVersioning_ObjStore_S3::get_params(): unexpected switch case mfa_status=" << status_conf.mfa_status << dendl; + ldpp_dout(this, 0) << "ERROR: RGWSetBucketVersioning_ObjStore_S3::get_params(optional_yield y): unexpected switch case mfa_status=" << status_conf.mfa_status << dendl; r = -EIO; } } else if (status_conf.retcode < 0) { @@ -2024,7 +2025,7 @@ void RGWSetBucketVersioning_ObjStore_S3::send_response() end_header(s, this, "application/xml"); } -int RGWSetBucketWebsite_ObjStore_S3::get_params() +int RGWSetBucketWebsite_ObjStore_S3::get_params(optional_yield y) { const auto max_size = s->cct->_conf->rgw_max_put_param_size; @@ -2218,7 +2219,7 @@ public: } }; -int RGWCreateBucket_ObjStore_S3::get_params() +int RGWCreateBucket_ObjStore_S3::get_params(optional_yield y) { RGWAccessControlPolicy_S3 s3policy(s->cct); bool relaxed_names = s->cct->_conf->rgw_relaxed_s3_bucket_names; @@ -2340,7 +2341,7 @@ static inline void map_qs_metadata(struct req_state* s) } } -int RGWPutObj_ObjStore_S3::get_params() +int RGWPutObj_ObjStore_S3::get_params(optional_yield y) { if (!s->length) return -ERR_LENGTH_REQUIRED; @@ -2438,7 +2439,7 @@ int RGWPutObj_ObjStore_S3::get_params() position = uint64_t(pos_tmp); } - return RGWPutObj_ObjStore::get_params(); + return RGWPutObj_ObjStore::get_params(y); } int RGWPutObj_ObjStore_S3::get_data(bufferlist& bl) @@ -2630,9 +2631,9 @@ std::string RGWPostObj_ObjStore_S3::get_current_content_type() const return content_type; } -int RGWPostObj_ObjStore_S3::get_params() +int RGWPostObj_ObjStore_S3::get_params(optional_yield y) { - op_ret = RGWPostObj_ObjStore::get_params(); + op_ret = RGWPostObj_ObjStore::get_params(y); if (op_ret < 0) { return op_ret; } @@ -2765,7 +2766,7 @@ int RGWPostObj_ObjStore_S3::get_params() attrs[attr_name] = attr_bl; } - int r = get_policy(); + int r = get_policy(y); if (r < 0) return r; @@ -2822,7 +2823,7 @@ int RGWPostObj_ObjStore_S3::get_tags() return 0; } -int RGWPostObj_ObjStore_S3::get_policy() +int RGWPostObj_ObjStore_S3::get_policy(optional_yield y) { if (part_bl(parts, "policy", &s->auth.s3_postobj_creds.encoded_policy)) { bool aws4_auth = false; @@ -2892,7 +2893,7 @@ int RGWPostObj_ObjStore_S3::get_policy() /* FIXME: this is a makeshift solution. The browser upload authentication will be * handled by an instance of rgw::auth::Completer spawned in Handler's authorize() * method. */ - const int ret = rgw::auth::Strategy::apply(this, auth_registry_ptr->get_s3_post(), s); + const int ret = rgw::auth::Strategy::apply(this, auth_registry_ptr->get_s3_post(), s, y); if (ret != 0) { return -EACCES; } else { @@ -3138,7 +3139,7 @@ int RGWPostObj_ObjStore_S3::get_encrypt_filter( return res; } -int RGWDeleteObj_ObjStore_S3::get_params() +int RGWDeleteObj_ObjStore_S3::get_params(optional_yield y) { const char *if_unmod = s->info.env->get("HTTP_X_AMZ_DELETE_IF_UNMODIFIED_SINCE"); @@ -3197,7 +3198,7 @@ int RGWCopyObj_ObjStore_S3::init_dest_policy() return 0; } -int RGWCopyObj_ObjStore_S3::get_params() +int RGWCopyObj_ObjStore_S3::get_params(optional_yield y) { if_mod = s->info.env->get("HTTP_X_AMZ_COPY_IF_MODIFIED_SINCE"); if_unmod = s->info.env->get("HTTP_X_AMZ_COPY_IF_UNMODIFIED_SINCE"); @@ -3308,9 +3309,9 @@ void RGWGetACLs_ObjStore_S3::send_response() dump_body(s, acls); } -int RGWPutACLs_ObjStore_S3::get_params() +int RGWPutACLs_ObjStore_S3::get_params(optional_yield y) { - int ret = RGWPutACLs_ObjStore::get_params(); + int ret = RGWPutACLs_ObjStore::get_params(y); if (ret >= 0) { const int ret_auth = do_aws4_auth_completion(); if (ret_auth < 0) { @@ -3359,7 +3360,7 @@ void RGWPutACLs_ObjStore_S3::send_response() dump_start(s); } -void RGWGetLC_ObjStore_S3::execute() +void RGWGetLC_ObjStore_S3::execute(optional_yield y) { config.set_ctx(s->cct); @@ -3443,7 +3444,7 @@ void RGWGetCORS_ObjStore_S3::send_response() } } -int RGWPutCORS_ObjStore_S3::get_params() +int RGWPutCORS_ObjStore_S3::get_params(optional_yield y) { RGWCORSXMLParser_S3 parser(s->cct); RGWCORSConfiguration_S3 *cors_config; @@ -3600,7 +3601,7 @@ public: } }; -int RGWSetRequestPayment_ObjStore_S3::get_params() +int RGWSetRequestPayment_ObjStore_S3::get_params(optional_yield y) { const auto max_size = s->cct->_conf->rgw_max_put_param_size; @@ -3636,7 +3637,7 @@ void RGWSetRequestPayment_ObjStore_S3::send_response() end_header(s); } -int RGWInitMultipart_ObjStore_S3::get_params() +int RGWInitMultipart_ObjStore_S3::get_params(optional_yield y) { RGWAccessControlPolicy_S3 s3policy(s->cct); op_ret = create_s3_policy(s, store, s3policy, s->owner); @@ -3683,9 +3684,9 @@ int RGWInitMultipart_ObjStore_S3::prepare_encryption(map& at return res; } -int RGWCompleteMultipart_ObjStore_S3::get_params() +int RGWCompleteMultipart_ObjStore_S3::get_params(optional_yield y) { - int ret = RGWCompleteMultipart_ObjStore::get_params(); + int ret = RGWCompleteMultipart_ObjStore::get_params(y); if (ret < 0) { return ret; } @@ -3862,9 +3863,9 @@ void RGWListBucketMultiparts_ObjStore_S3::send_response() rgw_flush_formatter_and_reset(s, s->formatter); } -int RGWDeleteMultiObj_ObjStore_S3::get_params() +int RGWDeleteMultiObj_ObjStore_S3::get_params(optional_yield y) { - int ret = RGWDeleteMultiObj_ObjStore::get_params(); + int ret = RGWDeleteMultiObj_ObjStore::get_params(y); if (ret < 0) { return ret; } @@ -3979,7 +3980,7 @@ void RGWGetObjLayout_ObjStore_S3::send_response() rgw_flush_formatter(s, &f); } -int RGWConfigBucketMetaSearch_ObjStore_S3::get_params() +int RGWConfigBucketMetaSearch_ObjStore_S3::get_params(optional_yield y) { auto iter = s->info.x_meta_map.find("x-amz-meta-search"); if (iter == s->info.x_meta_map.end()) { @@ -4113,7 +4114,7 @@ void RGWGetBucketObjectLock_ObjStore_S3::send_response() } -int RGWPutObjRetention_ObjStore_S3::get_params() +int RGWPutObjRetention_ObjStore_S3::get_params(optional_yield y) { const char *bypass_gov_header = s->info.env->get("HTTP_X_AMZ_BYPASS_GOVERNANCE_RETENTION"); if (bypass_gov_header) { @@ -4616,7 +4617,8 @@ int RGWHandler_REST_S3::init_from_header(rgw::sal::RGWRadosStore *store, return 0; } -static int verify_mfa(rgw::sal::RGWRadosStore *store, RGWUserInfo *user, const string& mfa_str, bool *verified, const DoutPrefixProvider *dpp) +static int verify_mfa(rgw::sal::RGWRadosStore *store, RGWUserInfo *user, + const string& mfa_str, bool *verified, const DoutPrefixProvider *dpp, optional_yield y) { vector params; get_str_vec(mfa_str, " ", params); @@ -4635,7 +4637,7 @@ static int verify_mfa(rgw::sal::RGWRadosStore *store, RGWUserInfo *user, const s return -EACCES; } - int ret = store->svc()->cls->mfa.check_mfa(user->user_id, serial, pin, null_yield); + int ret = store->svc()->cls->mfa.check_mfa(user->user_id, serial, pin, y); if (ret < 0) { ldpp_dout(dpp, 20) << "NOTICE: failed to check MFA, serial=" << serial << dendl; return -EACCES; @@ -4646,7 +4648,7 @@ static int verify_mfa(rgw::sal::RGWRadosStore *store, RGWUserInfo *user, const s return 0; } -int RGWHandler_REST_S3::postauth_init() +int RGWHandler_REST_S3::postauth_init(optional_yield y) { struct req_init_state *t = &s->init_state; @@ -4680,7 +4682,7 @@ int RGWHandler_REST_S3::postauth_init() const char *mfa = s->info.env->get("HTTP_X_AMZ_MFA"); if (mfa) { - ret = verify_mfa(store, &s->user->get_info(), string(mfa), &s->mfa_verified, s); + ret = verify_mfa(store, &s->user->get_info(), string(mfa), &s->mfa_verified, s, y); } return 0; @@ -4732,12 +4734,12 @@ int RGWHandler_REST_S3::init(rgw::sal::RGWRadosStore *store, struct req_state *s return RGWHandler_REST::init(store, s, cio); } -int RGWHandler_REST_S3::authorize(const DoutPrefixProvider *dpp) +int RGWHandler_REST_S3::authorize(const DoutPrefixProvider *dpp, optional_yield y) { if (s->info.args.exists("Action") && s->info.args.get("Action") == "AssumeRoleWithWebIdentity") { - return RGW_Auth_STS::authorize(dpp, store, auth_registry, s); + return RGW_Auth_STS::authorize(dpp, store, auth_registry, s, y); } - return RGW_Auth_S3::authorize(dpp, store, auth_registry, s); + return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y); } enum class AwsVersion { @@ -4797,7 +4799,7 @@ discover_aws_flavour(const req_info& info) int RGW_Auth_S3::authorize(const DoutPrefixProvider *dpp, rgw::sal::RGWRadosStore* const store, const rgw::auth::StrategyRegistry& auth_registry, - struct req_state* const s) + struct req_state* const s, optional_yield y) { /* neither keystone and rados enabled; warn and exit! */ @@ -4808,7 +4810,7 @@ int RGW_Auth_S3::authorize(const DoutPrefixProvider *dpp, return -EPERM; } - const auto ret = rgw::auth::Strategy::apply(dpp, auth_registry.get_s3_main(), s); + const auto ret = rgw::auth::Strategy::apply(dpp, auth_registry.get_s3_main(), s, y); if (ret == 0) { /* Populate the owner info. */ s->owner.set_id(s->user->get_id()); @@ -4984,7 +4986,7 @@ RGWOp* RGWHandler_REST_S3Website::op_head() return get_obj_op(false); } -int RGWHandler_REST_S3Website::serve_errordoc(int http_ret, const string& errordoc_key) { +int RGWHandler_REST_S3Website::serve_errordoc(int http_ret, const string& errordoc_key, optional_yield y) { int ret = 0; s->formatter->reset(); /* Try to throw it all away */ @@ -5000,13 +5002,13 @@ int RGWHandler_REST_S3Website::serve_errordoc(int http_ret, const string& errord getop->if_nomatch = NULL; s->object = store->get_object(errordoc_key); - ret = init_permissions(getop.get()); + ret = init_permissions(getop.get(), y); if (ret < 0) { ldpp_dout(s, 20) << "serve_errordoc failed, init_permissions ret=" << ret << dendl; return -1; // Trigger double error handler } - ret = read_permissions(getop.get()); + ret = read_permissions(getop.get(), y); if (ret < 0) { ldpp_dout(s, 20) << "serve_errordoc failed, read_permissions ret=" << ret << dendl; return -1; // Trigger double error handler @@ -5016,7 +5018,7 @@ int RGWHandler_REST_S3Website::serve_errordoc(int http_ret, const string& errord getop->set_custom_http_response(http_ret); } - ret = getop->init_processing(); + ret = getop->init_processing(y); if (ret < 0) { ldpp_dout(s, 20) << "serve_errordoc failed, init_processing ret=" << ret << dendl; return -1; // Trigger double error handler @@ -5028,7 +5030,7 @@ int RGWHandler_REST_S3Website::serve_errordoc(int http_ret, const string& errord return -1; // Trigger double error handler } - ret = getop->verify_permission(); + ret = getop->verify_permission(y); if (ret < 0) { ldpp_dout(s, 20) << "serve_errordoc failed, verify_permission ret=" << ret << dendl; return -1; // Trigger double error handler @@ -5049,14 +5051,14 @@ int RGWHandler_REST_S3Website::serve_errordoc(int http_ret, const string& errord * x-amz-error-message: The specified key does not exist. * x-amz-error-detail-Key: foo */ - getop->execute(); + getop->execute(y); getop->complete(); return 0; - } int RGWHandler_REST_S3Website::error_handler(int err_no, - string* error_content) { + string* error_content, + optional_yield y) { int new_err_no = -1; rgw_http_errors::const_iterator r = rgw_http_s3_errors.find(err_no > 0 ? err_no : -err_no); int http_error_code = -1; @@ -5097,7 +5099,7 @@ int RGWHandler_REST_S3Website::error_handler(int err_no, On success, it will return zero, and no further content should be sent to the socket On failure, we need the double-error handler */ - new_err_no = RGWHandler_REST_S3Website::serve_errordoc(http_error_code, s->bucket->get_info().website_conf.error_doc); + new_err_no = RGWHandler_REST_S3Website::serve_errordoc(http_error_code, s->bucket->get_info().website_conf.error_doc, y); if (new_err_no && new_err_no != -1) { err_no = new_err_no; } @@ -5552,7 +5554,7 @@ AWSBrowserUploadAbstractor::get_auth_data(const req_state* const s) const } AWSEngine::result_t -AWSEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const +AWSEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s, optional_yield y) const { /* Small reminder: an ver_abstractor is allowed to throw! */ const auto auth_data = ver_abstractor.get_auth_data(s); @@ -5946,7 +5948,7 @@ RGWSelectObj_ObjStore_S3::~RGWSelectObj_ObjStore_S3() { } -int RGWSelectObj_ObjStore_S3::get_params() +int RGWSelectObj_ObjStore_S3::get_params(optional_yield y) { //retrieve s3-select query from payload @@ -5974,7 +5976,7 @@ int RGWSelectObj_ObjStore_S3::get_params() return status; } - return RGWGetObj_ObjStore_S3::get_params(); + return RGWGetObj_ObjStore_S3::get_params(y); } void RGWSelectObj_ObjStore_S3::encode_short(char* buff, uint16_t s, int& i) diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h index 1e03134f6c5cf..8657d4c084bca 100644 --- a/src/rgw/rgw_rest_s3.h +++ b/src/rgw/rgw_rest_s3.h @@ -43,14 +43,14 @@ protected: // just the status line altered. int custom_http_ret = 0; std::map crypt_http_responses; - int override_range_hdr(const rgw::auth::StrategyRegistry& auth_registry); + int override_range_hdr(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y); public: RGWGetObj_ObjStore_S3() {} ~RGWGetObj_ObjStore_S3() override {} - int verify_requester(const rgw::auth::StrategyRegistry& auth_registry) override; - int get_params() override; - int send_response_data_error() override; + int verify_requester(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y) override; + int get_params(optional_yield y) override; + int send_response_data_error(optional_yield y) override; int send_response_data(bufferlist& bl, off_t ofs, off_t len) override; void set_custom_http_response(int http_ret) { custom_http_ret = http_ret; } int get_decrypt_filter(std::unique_ptr* filter, @@ -73,7 +73,7 @@ public: RGWPutObjTags_ObjStore_S3() {} ~RGWPutObjTags_ObjStore_S3() {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -94,7 +94,7 @@ public: class RGWPutBucketTags_ObjStore_S3 : public RGWPutBucketTags_ObjStore { public: - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -113,7 +113,7 @@ public: class RGWPutBucketReplication_ObjStore_S3 : public RGWPutBucketReplication_ObjStore { public: - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -130,7 +130,7 @@ public: RGWListBuckets_ObjStore_S3() {} ~RGWListBuckets_ObjStore_S3() override {} - int get_params() override { + int get_params(optional_yield y) override { limit = -1; /* no limit */ return 0; } @@ -144,7 +144,7 @@ public: RGWGetUsage_ObjStore_S3() {} ~RGWGetUsage_ObjStore_S3() override {} - int get_params() override ; + int get_params(optional_yield y) override ; void send_response() override; }; @@ -161,7 +161,7 @@ protected: } ~RGWListBucket_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; void send_versioned_response(); }; @@ -177,7 +177,7 @@ public: } ~RGWListBucket_ObjStore_S3v2() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; void send_versioned_response(); }; @@ -211,7 +211,7 @@ public: RGWSetBucketVersioning_ObjStore_S3() {} ~RGWSetBucketVersioning_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -228,7 +228,7 @@ public: RGWSetBucketWebsite_ObjStore_S3() {} ~RGWSetBucketWebsite_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -253,7 +253,7 @@ public: RGWCreateBucket_ObjStore_S3() {} ~RGWCreateBucket_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -273,7 +273,7 @@ public: RGWPutObj_ObjStore_S3() {} ~RGWPutObj_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; int get_data(bufferlist& bl) override; void send_response() override; @@ -295,7 +295,7 @@ class RGWPostObj_ObjStore_S3 : public RGWPostObj_ObjStore { const rgw::auth::StrategyRegistry* auth_registry_ptr = nullptr; - int get_policy(); + int get_policy(optional_yield y); int get_tags(); void rebuild_key(rgw::sal::RGWObject* obj); @@ -306,12 +306,12 @@ public: RGWPostObj_ObjStore_S3() {} ~RGWPostObj_ObjStore_S3() override {} - int verify_requester(const rgw::auth::StrategyRegistry& auth_registry) override { + int verify_requester(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y) override { auth_registry_ptr = &auth_registry; - return RGWPostObj_ObjStore::verify_requester(auth_registry); + return RGWPostObj_ObjStore::verify_requester(auth_registry, y); } - int get_params() override; + int get_params(optional_yield y) override; int complete_get_params(); void send_response() override; @@ -325,7 +325,7 @@ public: RGWDeleteObj_ObjStore_S3() {} ~RGWDeleteObj_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -336,8 +336,8 @@ public: ~RGWCopyObj_ObjStore_S3() override {} int init_dest_policy() override; - int get_params() override; - int check_storage_class(const rgw_placement_rule& src_placement); + int get_params(optional_yield y) override; + int check_storage_class(const rgw_placement_rule& src_placement) override; void send_partial_response(off_t ofs) override; void send_response() override; }; @@ -357,7 +357,7 @@ public: int get_policy_from_state(rgw::sal::RGWRadosStore *store, struct req_state *s, stringstream& ss) override; void send_response() override; - int get_params() override; + int get_params(optional_yield y) override; }; class RGWGetLC_ObjStore_S3 : public RGWGetLC_ObjStore { @@ -366,7 +366,7 @@ protected: public: RGWGetLC_ObjStore_S3() {} ~RGWGetLC_ObjStore_S3() override {} - void execute() override; + void execute(optional_yield y) override; void send_response() override; }; @@ -375,7 +375,7 @@ class RGWPutLC_ObjStore_S3 : public RGWPutLC_ObjStore { public: RGWPutLC_ObjStore_S3() {} ~RGWPutLC_ObjStore_S3() override {} - + void send_response() override; }; @@ -383,7 +383,7 @@ class RGWDeleteLC_ObjStore_S3 : public RGWDeleteLC_ObjStore { public: RGWDeleteLC_ObjStore_S3() {} ~RGWDeleteLC_ObjStore_S3() override {} - + void send_response() override; }; @@ -400,7 +400,7 @@ public: RGWPutCORS_ObjStore_S3() {} ~RGWPutCORS_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -433,7 +433,7 @@ public: RGWSetRequestPayment_ObjStore_S3() {} ~RGWSetRequestPayment_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -444,7 +444,7 @@ public: RGWInitMultipart_ObjStore_S3() {} ~RGWInitMultipart_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; int prepare_encryption(map& attrs) override; }; @@ -454,7 +454,7 @@ public: RGWCompleteMultipart_ObjStore_S3() {} ~RGWCompleteMultipart_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -489,7 +489,7 @@ public: RGWDeleteMultiObj_ObjStore_S3() {} ~RGWDeleteMultiObj_ObjStore_S3() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_status() override; void begin_response() override; void send_partial_response(rgw_obj_key& key, bool delete_marker, @@ -515,7 +515,7 @@ class RGWPutObjRetention_ObjStore_S3 : public RGWPutObjRetention_ObjStore { public: RGWPutObjRetention_ObjStore_S3() {} ~RGWPutObjRetention_ObjStore_S3() {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -553,7 +553,7 @@ public: RGWConfigBucketMetaSearch_ObjStore_S3() {} ~RGWConfigBucketMetaSearch_ObjStore_S3() {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -593,7 +593,7 @@ public: static int authorize(const DoutPrefixProvider *dpp, rgw::sal::RGWRadosStore *store, const rgw::auth::StrategyRegistry& auth_registry, - struct req_state *s); + struct req_state *s, optional_yield y); }; class RGWHandler_Auth_S3 : public RGWHandler_REST { @@ -614,10 +614,10 @@ public: int init(rgw::sal::RGWRadosStore *store, struct req_state *s, rgw::io::BasicClient *cio) override; - int authorize(const DoutPrefixProvider *dpp) override { - return RGW_Auth_S3::authorize(dpp, store, auth_registry, s); + int authorize(const DoutPrefixProvider *dpp, optional_yield y) override { + return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y); } - int postauth_init() override { return 0; } + int postauth_init(optional_yield) override { return 0; } }; class RGWHandler_REST_S3 : public RGWHandler_REST { @@ -636,8 +636,8 @@ public: int init(rgw::sal::RGWRadosStore *store, struct req_state *s, rgw::io::BasicClient *cio) override; - int authorize(const DoutPrefixProvider *dpp) override; - int postauth_init() override; + int authorize(const DoutPrefixProvider *dpp, optional_yield y) override; + int postauth_init(optional_yield y) override; }; class RGWHandler_REST_Service_S3 : public RGWHandler_REST_S3 { @@ -800,7 +800,7 @@ static inline bool looks_like_ip_address(const char *bucket) return (num_periods == 3); } -static inline int valid_s3_object_name(const string& name) { +inline int valid_s3_object_name(const string& name) { if (name.size() > 1024) { return -ERR_INVALID_OBJECT_NAME; } @@ -810,7 +810,7 @@ static inline int valid_s3_object_name(const string& name) { return 0; } -static inline int valid_s3_bucket_name(const string& name, bool relaxed=false) +inline int valid_s3_bucket_name(const string& name, bool relaxed=false) { // This function enforces Amazon's spec for bucket names. // (The requirements, not the recommendations.) @@ -928,7 +928,7 @@ public: virtual int send_response_data(bufferlist& bl, off_t ofs, off_t len) override; - virtual int get_params() override; + virtual int get_params(optional_yield y) override; private: void encode_short(char* buff, uint16_t s, int& i); @@ -1028,7 +1028,8 @@ protected: const req_state* s) const = 0; public: - result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const final; + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s, + optional_yield y) const final; }; diff --git a/src/rgw/rgw_rest_s3website.h b/src/rgw/rgw_rest_s3website.h index c2c4517bc1163..db302fb89c4d7 100644 --- a/src/rgw/rgw_rest_s3website.h +++ b/src/rgw/rgw_rest_s3website.h @@ -35,13 +35,13 @@ protected: RGWOp *op_copy() override { return NULL; } RGWOp *op_options() override { return NULL; } - int serve_errordoc(int http_ret, const string &errordoc_key); + int serve_errordoc(int http_ret, const string &errordoc_key, optional_yield y); public: using RGWHandler_REST_S3::RGWHandler_REST_S3; ~RGWHandler_REST_S3Website() override = default; int init(rgw::sal::RGWRadosStore *store, req_state *s, rgw::io::BasicClient* cio) override; - int error_handler(int err_no, string *error_content) override; + int error_handler(int err_no, string *error_content, optional_yield y) override; }; class RGWHandler_REST_Service_S3Website : public RGWHandler_REST_S3Website { @@ -81,11 +81,11 @@ public: RGWGetObj_ObjStore_S3Website() : is_errordoc_request(false) {} explicit RGWGetObj_ObjStore_S3Website(bool is_errordoc_request) : is_errordoc_request(false) { this->is_errordoc_request = is_errordoc_request; } ~RGWGetObj_ObjStore_S3Website() override {} - int send_response_data_error() override; + int send_response_data_error(optional_yield y) override; int send_response_data(bufferlist& bl, off_t ofs, off_t len) override; // We override RGWGetObj_ObjStore::get_params here, to allow ignoring all // conditional params for error pages. - int get_params() override { + int get_params(optional_yield y) override { if (is_errordoc_request) { range_str = NULL; if_mod = NULL; @@ -94,7 +94,7 @@ public: if_nomatch = NULL; return 0; } else { - return RGWGetObj_ObjStore_S3::get_params(); + return RGWGetObj_ObjStore_S3::get_params(y); } } }; diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc index 92a49bd508d37..b0de5ddc447bf 100644 --- a/src/rgw/rgw_rest_sts.cc +++ b/src/rgw/rgw_rest_sts.cc @@ -174,7 +174,7 @@ WebTokenEngine::get_from_jwt(const DoutPrefixProvider* dpp, const std::string& t if (decoded.has_algorithm()) { auto& algorithm = decoded.get_algorithm(); try { - validate_signature(dpp, decoded, algorithm, t.iss, thumbprints); + validate_signature(dpp, decoded, algorithm, t.iss, thumbprints, null_yield); } catch (...) { throw -EACCES; } @@ -196,7 +196,7 @@ WebTokenEngine::get_from_jwt(const DoutPrefixProvider* dpp, const std::string& t } void -WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::decoded_jwt& decoded, const string& algorithm, const string& iss, const vector& thumbprints) const +WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::decoded_jwt& decoded, const string& algorithm, const string& iss, const vector& thumbprints, optional_yield y) const { if (algorithm != "HS256" && algorithm != "HS384" && algorithm != "HS512") { // Get certificate @@ -206,7 +206,7 @@ WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::dec //Headers cert_req.append_header("Content-Type", "application/x-www-form-urlencoded"); - int res = cert_req.process(null_yield); + int res = cert_req.process(y); if (res < 0) { ldpp_dout(dpp, 10) << "HTTP request res: " << res << dendl; throw -EINVAL; @@ -324,7 +324,8 @@ WebTokenEngine::validate_signature(const DoutPrefixProvider* dpp, const jwt::dec WebTokenEngine::result_t WebTokenEngine::authenticate( const DoutPrefixProvider* dpp, const std::string& token, - const req_state* const s) const + const req_state* const s, + optional_yield y) const { boost::optional t; @@ -355,7 +356,7 @@ WebTokenEngine::authenticate( const DoutPrefixProvider* dpp, } // namespace rgw::auth::sts -int RGWREST_STS::verify_permission() +int RGWREST_STS::verify_permission(optional_yield y) { STS::STSService _sts(s->cct, store, s->user->get_id(), s->auth.identity.get()); sts = std::move(_sts); @@ -402,7 +403,7 @@ void RGWREST_STS::send_response() end_header(s); } -int RGWSTSGetSessionToken::verify_permission() +int RGWSTSGetSessionToken::verify_permission(optional_yield y) { rgw::Partition partition = rgw::Partition::aws; rgw::Service service = rgw::Service::s3; @@ -440,7 +441,7 @@ int RGWSTSGetSessionToken::get_params() return 0; } -void RGWSTSGetSessionToken::execute() +void RGWSTSGetSessionToken::execute(optional_yield y) { if (op_ret = get_params(); op_ret < 0) { return; @@ -493,7 +494,7 @@ int RGWSTSAssumeRoleWithWebIdentity::get_params() return 0; } -void RGWSTSAssumeRoleWithWebIdentity::execute() +void RGWSTSAssumeRoleWithWebIdentity::execute(optional_yield y) { if (op_ret = get_params(); op_ret < 0) { return; @@ -552,7 +553,7 @@ int RGWSTSAssumeRole::get_params() return 0; } -void RGWSTSAssumeRole::execute() +void RGWSTSAssumeRole::execute(optional_yield y) { if (op_ret = get_params(); op_ret < 0) { return; @@ -581,9 +582,9 @@ void RGWSTSAssumeRole::execute() int RGW_Auth_STS::authorize(const DoutPrefixProvider *dpp, rgw::sal::RGWRadosStore *store, const rgw::auth::StrategyRegistry& auth_registry, - struct req_state *s) + struct req_state *s, optional_yield y) { - return rgw::auth::Strategy::apply(dpp, auth_registry.get_sts(), s); + return rgw::auth::Strategy::apply(dpp, auth_registry.get_sts(), s, y); } void RGWHandler_REST_STS::rgw_sts_parse_input() @@ -639,12 +640,12 @@ int RGWHandler_REST_STS::init(rgw::sal::RGWRadosStore *store, return RGWHandler_REST::init(store, s, cio); } -int RGWHandler_REST_STS::authorize(const DoutPrefixProvider* dpp) +int RGWHandler_REST_STS::authorize(const DoutPrefixProvider* dpp, optional_yield y) { if (s->info.args.exists("Action") && s->info.args.get("Action") == "AssumeRoleWithWebIdentity") { - return RGW_Auth_STS::authorize(dpp, store, auth_registry, s); + return RGW_Auth_STS::authorize(dpp, store, auth_registry, s, y); } - return RGW_Auth_S3::authorize(dpp, store, auth_registry, s); + return RGW_Auth_S3::authorize(dpp, store, auth_registry, s, y); } int RGWHandler_REST_STS::init_from_header(struct req_state* s, diff --git a/src/rgw/rgw_rest_sts.h b/src/rgw/rgw_rest_sts.h index faf9bcd6062f8..45c9ed000bc47 100644 --- a/src/rgw/rgw_rest_sts.h +++ b/src/rgw/rgw_rest_sts.h @@ -5,6 +5,7 @@ #include "rgw_auth.h" #include "rgw_auth_filters.h" +#include "rgw_rest.h" #include "rgw_sts.h" #include "rgw_web_idp.h" #include "jwt-cpp/jwt.h" @@ -35,11 +36,11 @@ class WebTokenEngine : public rgw::auth::Engine { boost::optional get_from_jwt(const DoutPrefixProvider* dpp, const std::string& token, const req_state* const s) const; - void validate_signature (const DoutPrefixProvider* dpp, const jwt::decoded_jwt& decoded, const string& algorithm, const string& iss, const vector& thumbprints) const; + void validate_signature (const DoutPrefixProvider* dpp, const jwt::decoded_jwt& decoded, const string& algorithm, const string& iss, const vector& thumbprints, optional_yield y) const; result_t authenticate(const DoutPrefixProvider* dpp, const std::string& token, - const req_state* s) const; + const req_state* s, optional_yield y) const; public: WebTokenEngine(CephContext* const cct, @@ -56,8 +57,8 @@ public: return "rgw::auth::sts::WebTokenEngine"; } - result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override { - return authenticate(dpp, extractor->get_token(s), s); + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s, optional_yield y) const override { + return authenticate(dpp, extractor->get_token(s), s, y); } }; /* class WebTokenEngine */ @@ -114,7 +115,7 @@ protected: STS::STSService sts; public: RGWREST_STS() = default; - int verify_permission() override; + int verify_permission(optional_yield y) override; void send_response() override; }; @@ -130,7 +131,7 @@ protected: string iss; public: RGWSTSAssumeRoleWithWebIdentity() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "assume_role_web_identity"; } RGWOpType get_type() override { return RGW_STS_ASSUME_ROLE_WEB_IDENTITY; } @@ -147,7 +148,7 @@ protected: string tokenCode; public: RGWSTSAssumeRole() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "assume_role"; } RGWOpType get_type() override { return RGW_STS_ASSUME_ROLE; } @@ -160,8 +161,8 @@ protected: string tokenCode; public: RGWSTSGetSessionToken() = default; - void execute() override; - int verify_permission() override; + void execute(optional_yield y) override; + int verify_permission(optional_yield y) override; int get_params(); const char* name() const override { return "get_session_token"; } RGWOpType get_type() override { return RGW_STS_GET_SESSION_TOKEN; } @@ -172,7 +173,7 @@ public: static int authorize(const DoutPrefixProvider *dpp, rgw::sal::RGWRadosStore *store, const rgw::auth::StrategyRegistry& auth_registry, - struct req_state *s); + struct req_state *s, optional_yield y); }; class RGWHandler_REST_STS : public RGWHandler_REST { @@ -193,8 +194,8 @@ public: int init(rgw::sal::RGWRadosStore *store, struct req_state *s, rgw::io::BasicClient *cio) override; - int authorize(const DoutPrefixProvider* dpp) override; - int postauth_init() override { return 0; } + int authorize(const DoutPrefixProvider* dpp, optional_yield y) override; + int postauth_init(optional_yield y) override { return 0; } }; class RGWRESTMgr_STS : public RGWRESTMgr { diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc index f78008de3a95f..48e824e90a4b3 100644 --- a/src/rgw/rgw_rest_swift.cc +++ b/src/rgw/rgw_rest_swift.cc @@ -39,7 +39,7 @@ #define dout_context g_ceph_context #define dout_subsys ceph_subsys_rgw -int RGWListBuckets_ObjStore_SWIFT::get_params() +int RGWListBuckets_ObjStore_SWIFT::get_params(optional_yield y) { prefix = s->info.args.get("prefix"); marker = s->info.args.get("marker"); @@ -293,7 +293,7 @@ void RGWListBuckets_ObjStore_SWIFT::send_response_end() } } -int RGWListBucket_ObjStore_SWIFT::get_params() +int RGWListBucket_ObjStore_SWIFT::get_params(optional_yield y) { prefix = s->info.args.get("prefix"); marker = s->info.args.get("marker"); @@ -542,9 +542,9 @@ static void dump_container_metadata(struct req_state *s, dump_last_modified(s, s->bucket_mtime); } -void RGWStatAccount_ObjStore_SWIFT::execute() +void RGWStatAccount_ObjStore_SWIFT::execute(optional_yield y) { - RGWStatAccount_ObjStore::execute(); + RGWStatAccount_ObjStore::execute(y); op_ret = store->ctl()->user->get_attrs_by_uid(s->user->get_id(), &attrs, s->yield); } @@ -696,7 +696,7 @@ static int get_swift_versioning_settings( return 0; } -int RGWCreateBucket_ObjStore_SWIFT::get_params() +int RGWCreateBucket_ObjStore_SWIFT::get_params(optional_yield y) { bool has_policy; uint32_t policy_rw_mask = 0; @@ -810,9 +810,9 @@ static int get_delete_at_param(req_state *s, boost::optional &delete_ return 0; } -int RGWPutObj_ObjStore_SWIFT::verify_permission() +int RGWPutObj_ObjStore_SWIFT::verify_permission(optional_yield y) { - op_ret = RGWPutObj_ObjStore::verify_permission(); + op_ret = RGWPutObj_ObjStore::verify_permission(y); /* We have to differentiate error codes depending on whether user is * anonymous (401 Unauthorized) or he doesn't have necessary permissions @@ -910,7 +910,7 @@ int RGWPutObj_ObjStore_SWIFT::update_slo_segment_size(rgw_slo_entry& entry) { return 0; } /* RGWPutObj_ObjStore_SWIFT::update_slo_segment_sizes */ -int RGWPutObj_ObjStore_SWIFT::get_params() +int RGWPutObj_ObjStore_SWIFT::get_params(optional_yield y) { if (s->has_bad_meta) { return -EINVAL; @@ -1014,7 +1014,7 @@ int RGWPutObj_ObjStore_SWIFT::get_params() ofs = slo_info->raw_data.length(); } - return RGWPutObj_ObjStore::get_params(); + return RGWPutObj_ObjStore::get_params(y); } void RGWPutObj_ObjStore_SWIFT::send_response() @@ -1075,7 +1075,7 @@ static int get_swift_account_settings(req_state * const s, return 0; } -int RGWPutMetadataAccount_ObjStore_SWIFT::get_params() +int RGWPutMetadataAccount_ObjStore_SWIFT::get_params(optional_yield y) { if (s->has_bad_meta) { return -EINVAL; @@ -1113,7 +1113,7 @@ void RGWPutMetadataAccount_ObjStore_SWIFT::send_response() rgw_flush_formatter_and_reset(s, s->formatter); } -int RGWPutMetadataBucket_ObjStore_SWIFT::get_params() +int RGWPutMetadataBucket_ObjStore_SWIFT::get_params(optional_yield y) { if (s->has_bad_meta) { return -EINVAL; @@ -1149,7 +1149,7 @@ void RGWPutMetadataBucket_ObjStore_SWIFT::send_response() rgw_flush_formatter_and_reset(s, s->formatter); } -int RGWPutMetadataObject_ObjStore_SWIFT::get_params() +int RGWPutMetadataObject_ObjStore_SWIFT::get_params(optional_yield y) { if (s->has_bad_meta) { return -EINVAL; @@ -1243,9 +1243,9 @@ static void bulkdelete_respond(const unsigned num_deleted, formatter.close_section(); } -int RGWDeleteObj_ObjStore_SWIFT::verify_permission() +int RGWDeleteObj_ObjStore_SWIFT::verify_permission(optional_yield y) { - op_ret = RGWDeleteObj_ObjStore::verify_permission(); + op_ret = RGWDeleteObj_ObjStore::verify_permission(y); /* We have to differentiate error codes depending on whether user is * anonymous (401 Unauthorized) or he doesn't have necessary permissions @@ -1257,12 +1257,12 @@ int RGWDeleteObj_ObjStore_SWIFT::verify_permission() } } -int RGWDeleteObj_ObjStore_SWIFT::get_params() +int RGWDeleteObj_ObjStore_SWIFT::get_params(optional_yield y) { const string& mm = s->info.args.get("multipart-manifest"); multipart_delete = (mm.compare("delete") == 0); - return RGWDeleteObj_ObjStore::get_params(); + return RGWDeleteObj_ObjStore::get_params(y); } void RGWDeleteObj_ObjStore_SWIFT::send_response() @@ -1381,7 +1381,7 @@ int RGWCopyObj_ObjStore_SWIFT::init_dest_policy() return 0; } -int RGWCopyObj_ObjStore_SWIFT::get_params() +int RGWCopyObj_ObjStore_SWIFT::get_params(optional_yield y) { if_mod = s->info.env->get("HTTP_IF_MODIFIED_SINCE"); if_unmod = s->info.env->get("HTTP_IF_UNMODIFIED_SINCE"); @@ -1468,9 +1468,9 @@ void RGWCopyObj_ObjStore_SWIFT::send_response() } } -int RGWGetObj_ObjStore_SWIFT::verify_permission() +int RGWGetObj_ObjStore_SWIFT::verify_permission(optional_yield y) { - op_ret = RGWGetObj_ObjStore::verify_permission(); + op_ret = RGWGetObj_ObjStore::verify_permission(y); /* We have to differentiate error codes depending on whether user is * anonymous (401 Unauthorized) or he doesn't have necessary permissions @@ -1482,18 +1482,18 @@ int RGWGetObj_ObjStore_SWIFT::verify_permission() } } -int RGWGetObj_ObjStore_SWIFT::get_params() +int RGWGetObj_ObjStore_SWIFT::get_params(optional_yield y) { const string& mm = s->info.args.get("multipart-manifest"); skip_manifest = (mm.compare("get") == 0); - return RGWGetObj_ObjStore::get_params(); + return RGWGetObj_ObjStore::get_params(y); } -int RGWGetObj_ObjStore_SWIFT::send_response_data_error() +int RGWGetObj_ObjStore_SWIFT::send_response_data_error(optional_yield y) { std::string error_content; - op_ret = error_handler(op_ret, &error_content); + op_ret = error_handler(op_ret, &error_content, y); if (! op_ret) { /* The error handler has taken care of the error. */ return 0; @@ -1834,7 +1834,7 @@ const vector> RGWInfo_ObjStore_SWIFT: {"tempauth", {false, RGWInfo_ObjStore_SWIFT::list_tempauth_data}}, }; -void RGWInfo_ObjStore_SWIFT::execute() +void RGWInfo_ObjStore_SWIFT::execute(optional_yield y) { bool is_admin_info_enabled = false; @@ -2124,10 +2124,10 @@ void RGWFormPost::get_owner_info(const req_state* const s, } } -int RGWFormPost::get_params() +int RGWFormPost::get_params(optional_yield y) { /* The parentt class extracts boundary info from the Content-Type. */ - int ret = RGWPostObj_ObjStore::get_params(); + int ret = RGWPostObj_ObjStore::get_params(y); if (ret < 0) { return ret; } @@ -2275,7 +2275,7 @@ int RGWFormPost::get_data(ceph::bufferlist& bl, bool& again) return r; } - /* Tell RGWPostObj::execute() that it has some data to put. */ + /* Tell RGWPostObj::execute(optional_yield y) that it has some data to put. */ again = !boundary; return bl.length(); @@ -2345,7 +2345,8 @@ RGWOp *RGWHandler_REST_Service_SWIFT::op_delete() } int RGWSwiftWebsiteHandler::serve_errordoc(const int http_ret, - const std::string error_doc) + const std::string error_doc, + optional_yield y) { /* Try to throw it all away. */ s->formatter->reset(); @@ -2364,7 +2365,7 @@ int RGWSwiftWebsiteHandler::serve_errordoc(const int http_ret, } int error_handler(const int err_no, - std::string* const error_content) override { + std::string* const error_content, optional_yield y) override { /* Enforce that any error generated while getting the error page will * not be send to a client. This allows us to recover from the double * fault situation by sending the original message. */ @@ -2380,11 +2381,12 @@ int RGWSwiftWebsiteHandler::serve_errordoc(const int http_ret, RGWOp* newop = &get_errpage_op; RGWRequest req(0); - return rgw_process_authenticated(handler, newop, &req, s, true); + return rgw_process_authenticated(handler, newop, &req, s, y, true); } int RGWSwiftWebsiteHandler::error_handler(const int err_no, - std::string* const error_content) + std::string* const error_content, + optional_yield y) { if (!s->bucket.get()) { /* No bucket, default no-op handler */ @@ -2395,7 +2397,7 @@ int RGWSwiftWebsiteHandler::error_handler(const int err_no, if (can_be_website_req() && ! ws_conf.error_doc.empty()) { set_req_state_err(s, err_no); - return serve_errordoc(s->err.http_ret, ws_conf.error_doc); + return serve_errordoc(s->err.http_ret, ws_conf.error_doc, y); } /* Let's go to the default, no-op handler. */ @@ -2441,11 +2443,11 @@ RGWOp* RGWSwiftWebsiteHandler::get_ws_redirect_op() : location(location) { } - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } - void execute() override { + void execute(optional_yield) override { op_ret = -ERR_PERMANENT_REDIRECT; return; } @@ -2487,7 +2489,7 @@ RGWOp* RGWSwiftWebsiteHandler::get_ws_listing_op() class RGWWebsiteListing : public RGWListBucket_ObjStore_SWIFT { const std::string prefix_override; - int get_params() override { + int get_params(optional_yield) override { prefix = prefix_override; max = default_max; delimiter = "/"; @@ -2793,12 +2795,12 @@ RGWOp *RGWHandler_REST_Obj_SWIFT::op_options() } -int RGWHandler_REST_SWIFT::authorize(const DoutPrefixProvider *dpp) +int RGWHandler_REST_SWIFT::authorize(const DoutPrefixProvider *dpp, optional_yield y) { - return rgw::auth::Strategy::apply(dpp, auth_strategy, s); + return rgw::auth::Strategy::apply(dpp, auth_strategy, s, y); } -int RGWHandler_REST_SWIFT::postauth_init() +int RGWHandler_REST_SWIFT::postauth_init(optional_yield y) { struct req_init_state* t = &s->init_state; diff --git a/src/rgw/rgw_rest_swift.h b/src/rgw/rgw_rest_swift.h index 1ed664d02a3c3..bc94375d98370 100644 --- a/src/rgw/rgw_rest_swift.h +++ b/src/rgw/rgw_rest_swift.h @@ -21,9 +21,9 @@ public: RGWGetObj_ObjStore_SWIFT() {} ~RGWGetObj_ObjStore_SWIFT() override {} - int verify_permission() override; - int get_params() override; - int send_response_data_error() override; + int verify_permission(optional_yield y) override; + int get_params(optional_yield y) override; + int send_response_data_error(optional_yield y) override; int send_response_data(bufferlist& bl, off_t ofs, off_t len) override; void set_custom_http_response(const int http_ret) { @@ -52,7 +52,7 @@ public: } ~RGWListBuckets_ObjStore_SWIFT() override {} - int get_params() override; + int get_params(optional_yield y) override; void handle_listing_chunk(rgw::sal::RGWBucketList&& buckets) override; void send_response_begin(bool has_buckets) override; void send_response_data(rgw::sal::RGWBucketList& buckets) override; @@ -72,7 +72,7 @@ public: } ~RGWListBucket_ObjStore_SWIFT() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; bool need_container_stats() override { return true; } }; @@ -84,7 +84,7 @@ public: } ~RGWStatAccount_ObjStore_SWIFT() override {} - void execute() override; + void execute(optional_yield y) override; void send_response() override; }; @@ -103,7 +103,7 @@ public: RGWCreateBucket_ObjStore_SWIFT() {} ~RGWCreateBucket_ObjStore_SWIFT() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -123,8 +123,8 @@ public: int update_slo_segment_size(rgw_slo_entry& entry); - int verify_permission() override; - int get_params() override; + int verify_permission(optional_yield y) override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -133,7 +133,7 @@ public: RGWPutMetadataAccount_ObjStore_SWIFT() {} ~RGWPutMetadataAccount_ObjStore_SWIFT() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -142,7 +142,7 @@ public: RGWPutMetadataBucket_ObjStore_SWIFT() {} ~RGWPutMetadataBucket_ObjStore_SWIFT() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; }; @@ -151,7 +151,7 @@ public: RGWPutMetadataObject_ObjStore_SWIFT() {} ~RGWPutMetadataObject_ObjStore_SWIFT() override {} - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; bool need_object_expiration() override { return true; } }; @@ -161,8 +161,8 @@ public: RGWDeleteObj_ObjStore_SWIFT() {} ~RGWDeleteObj_ObjStore_SWIFT() override {} - int verify_permission() override; - int get_params() override; + int verify_permission(optional_yield y) override; + int get_params(optional_yield y) override; bool need_object_expiration() override { return true; } void send_response() override; }; @@ -176,7 +176,7 @@ public: ~RGWCopyObj_ObjStore_SWIFT() override {} int init_dest_policy() override; - int get_params() override; + int get_params(optional_yield y) override; void send_response() override; void send_partial_response(off_t ofs) override; }; @@ -243,7 +243,7 @@ public: RGWInfo_ObjStore_SWIFT() {} ~RGWInfo_ObjStore_SWIFT() override {} - void execute() override; + void execute(optional_yield y) override; void send_response() override; static void list_swift_data(Formatter& formatter, const ConfigProxy& config, RGWRados& store); static void list_tempauth_data(Formatter& formatter, const ConfigProxy& config, RGWRados& store); @@ -277,7 +277,7 @@ public: req_state* s, RGWHandler* dialect_handler) override; - int get_params() override; + int get_params(optional_yield y) override; int get_data(ceph::bufferlist& bl, bool& again) override; void send_response() override; @@ -353,7 +353,7 @@ class RGWSwiftWebsiteHandler { bool is_web_dir() const; bool is_index_present(const std::string& index) const; - int serve_errordoc(int http_ret, std::string error_doc); + int serve_errordoc(int http_ret, std::string error_doc, optional_yield y); RGWOp* get_ws_redirect_op(); RGWOp* get_ws_index_op(); @@ -368,7 +368,8 @@ public: } int error_handler(const int err_no, - std::string* const error_content); + std::string* const error_content, + optional_yield y); int retarget_bucket(RGWOp* op, RGWOp** new_op); int retarget_object(RGWOp* op, RGWOp** new_op); }; @@ -395,8 +396,8 @@ public: int validate_bucket_name(const string& bucket); int init(rgw::sal::RGWRadosStore *store, struct req_state *s, rgw::io::BasicClient *cio) override; - int authorize(const DoutPrefixProvider *dpp) override; - int postauth_init() override; + int authorize(const DoutPrefixProvider *dpp, optional_yield y) override; + int postauth_init(optional_yield y) override; RGWAccessControlPolicy *alloc_policy() { return nullptr; /* return new RGWAccessControlPolicy_SWIFT; */ } void free_policy(RGWAccessControlPolicy *policy) { delete policy; } @@ -434,8 +435,8 @@ public: using RGWHandler_REST_SWIFT::RGWHandler_REST_SWIFT; ~RGWHandler_REST_Bucket_SWIFT() override = default; - int error_handler(int err_no, std::string *error_content) override { - return website_handler->error_handler(err_no, error_content); + int error_handler(int err_no, std::string *error_content, optional_yield y) override { + return website_handler->error_handler(err_no, error_content, y); } int retarget(RGWOp* op, RGWOp** new_op) override { @@ -472,8 +473,9 @@ public: using RGWHandler_REST_SWIFT::RGWHandler_REST_SWIFT; ~RGWHandler_REST_Obj_SWIFT() override = default; - int error_handler(int err_no, std::string *error_content) override { - return website_handler->error_handler(err_no, error_content); + int error_handler(int err_no, std::string *error_content, + optional_yield y) override { + return website_handler->error_handler(err_no, error_content, y); } int retarget(RGWOp* op, RGWOp** new_op) override { @@ -544,15 +546,15 @@ public: return RGWHandler::init(store, state, cio); } - int authorize(const DoutPrefixProvider *dpp) override { + int authorize(const DoutPrefixProvider *dpp, optional_yield) override { return 0; } - int postauth_init() override { + int postauth_init(optional_yield) override { return 0; } - int read_permissions(RGWOp *) override { + int read_permissions(RGWOp *, optional_yield y) override { return 0; } @@ -601,15 +603,15 @@ public: return RGWHandler::init(store, state, cio); } - int authorize(const DoutPrefixProvider *dpp) override { + int authorize(const DoutPrefixProvider *dpp, optional_yield y) override { return 0; } - int postauth_init() override { + int postauth_init(optional_yield) override { return 0; } - int read_permissions(RGWOp *) override { + int read_permissions(RGWOp *, optional_yield y) override { return 0; } @@ -658,15 +660,15 @@ public: return RGWHandler::init(store, state, cio); } - int authorize(const DoutPrefixProvider *dpp) override { + int authorize(const DoutPrefixProvider *dpp, optional_yield) override { return 0; } - int postauth_init() override { + int postauth_init(optional_yield) override { return 0; } - int read_permissions(RGWOp *) override { + int read_permissions(RGWOp *, optional_yield y) override { return 0; } }; diff --git a/src/rgw/rgw_rest_usage.cc b/src/rgw/rgw_rest_usage.cc index 7444e80a28c99..e550a412227af 100644 --- a/src/rgw/rgw_rest_usage.cc +++ b/src/rgw/rgw_rest_usage.cc @@ -18,12 +18,12 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("usage", RGW_CAP_READ); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_usage"; } }; -void RGWOp_Usage_Get::execute() { +void RGWOp_Usage_Get::execute(optional_yield y) { map categories; string uid_str; @@ -64,12 +64,12 @@ public: int check_caps(const RGWUserCaps& caps) override { return caps.check_cap("usage", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "trim_usage"; } }; -void RGWOp_Usage_Delete::execute() { +void RGWOp_Usage_Delete::execute(optional_yield y) { string uid_str; string bucket_name; uint64_t start, end; diff --git a/src/rgw/rgw_rest_usage.h b/src/rgw/rgw_rest_usage.h index 741ca87ca4a96..5952fb076218b 100644 --- a/src/rgw/rgw_rest_usage.h +++ b/src/rgw/rgw_rest_usage.h @@ -15,7 +15,7 @@ public: using RGWHandler_Auth_S3::RGWHandler_Auth_S3; ~RGWHandler_Usage() override = default; - int read_permissions(RGWOp*) override { + int read_permissions(RGWOp*, optional_yield) override { return 0; } }; diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc index 7f3621d376870..215efcfce1b0f 100644 --- a/src/rgw/rgw_rest_user.cc +++ b/src/rgw/rgw_rest_user.cc @@ -26,12 +26,12 @@ public: return caps.check_cap("users", RGW_CAP_READ); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "list_user"; } }; -void RGWOp_User_List::execute() +void RGWOp_User_List::execute(optional_yield y) { RGWUserAdminOpState op_state; @@ -54,12 +54,12 @@ public: return caps.check_cap("users", RGW_CAP_READ); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_user_info"; } }; -void RGWOp_User_Info::execute() +void RGWOp_User_Info::execute(optional_yield y) { RGWUserAdminOpState op_state; @@ -89,7 +89,7 @@ void RGWOp_User_Info::execute() op_state.set_fetch_stats(fetch_stats); op_state.set_sync_stats(sync_stats); - op_ret = RGWUserAdminOp_User::info(store, op_state, flusher, null_yield); + op_ret = RGWUserAdminOp_User::info(store, op_state, flusher, y); } class RGWOp_User_Create : public RGWRESTOp { @@ -101,12 +101,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "create_user"; } }; -void RGWOp_User_Create::execute() +void RGWOp_User_Create::execute(optional_yield y) { std::string uid_str; std::string display_name; @@ -242,12 +242,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "modify_user"; } }; -void RGWOp_User_Modify::execute() +void RGWOp_User_Modify::execute(optional_yield y) { std::string uid_str; std::string display_name; @@ -372,7 +372,7 @@ void RGWOp_User_Modify::execute() ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl; return; } - op_ret = RGWUserAdminOp_User::modify(store, op_state, flusher, null_yield); + op_ret = RGWUserAdminOp_User::modify(store, op_state, flusher, y); } class RGWOp_User_Remove : public RGWRESTOp { @@ -384,12 +384,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "remove_user"; } }; -void RGWOp_User_Remove::execute() +void RGWOp_User_Remove::execute(optional_yield y) { std::string uid_str; bool purge_data; @@ -425,12 +425,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "create_subuser"; } }; -void RGWOp_Subuser_Create::execute() +void RGWOp_Subuser_Create::execute(optional_yield y) { std::string uid_str; std::string subuser; @@ -501,12 +501,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "modify_subuser"; } }; -void RGWOp_Subuser_Modify::execute() +void RGWOp_Subuser_Modify::execute(optional_yield y) { std::string uid_str; std::string subuser; @@ -556,7 +556,7 @@ void RGWOp_Subuser_Modify::execute() ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl; return; } - op_ret = RGWUserAdminOp_Subuser::modify(store, op_state, flusher, null_yield); + op_ret = RGWUserAdminOp_Subuser::modify(store, op_state, flusher, y); } class RGWOp_Subuser_Remove : public RGWRESTOp { @@ -568,12 +568,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "remove_subuser"; } }; -void RGWOp_Subuser_Remove::execute() +void RGWOp_Subuser_Remove::execute(optional_yield y) { std::string uid_str; std::string subuser; @@ -611,12 +611,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "create_access_key"; } }; -void RGWOp_Key_Create::execute() +void RGWOp_Key_Create::execute(optional_yield y) { std::string uid_str; std::string subuser; @@ -667,12 +667,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "remove_access_key"; } }; -void RGWOp_Key_Remove::execute() +void RGWOp_Key_Remove::execute(optional_yield y) { std::string uid_str; std::string subuser; @@ -714,12 +714,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "add_user_caps"; } }; -void RGWOp_Caps_Add::execute() +void RGWOp_Caps_Add::execute(optional_yield y) { std::string uid_str; std::string caps; @@ -752,12 +752,12 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "remove_user_caps"; } }; -void RGWOp_Caps_Remove::execute() +void RGWOp_Caps_Remove::execute(optional_yield y) { std::string uid_str; std::string caps; @@ -809,13 +809,13 @@ public: return caps.check_cap("users", RGW_CAP_READ); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "get_quota_info"; } }; -void RGWOp_Quota_Info::execute() +void RGWOp_Quota_Info::execute(optional_yield y) { RGWUserAdminOpState op_state; @@ -881,7 +881,7 @@ public: return caps.check_cap("users", RGW_CAP_WRITE); } - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "set_quota_info"; } }; @@ -934,7 +934,7 @@ public: * */ -void RGWOp_Quota_Set::execute() +void RGWOp_Quota_Set::execute(optional_yield y) { RGWUserAdminOpState op_state; @@ -1051,7 +1051,7 @@ void RGWOp_Quota_Set::execute() } string err; - op_ret = user.modify(op_state, null_yield, &err); + op_ret = user.modify(op_state, y, &err); if (op_ret < 0) { ldout(store->ctx(), 20) << "failed updating user info: " << op_ret << ": " << err << dendl; return; diff --git a/src/rgw/rgw_rest_user.h b/src/rgw/rgw_rest_user.h index a8b86101e47b8..f0a1b65770014 100644 --- a/src/rgw/rgw_rest_user.h +++ b/src/rgw/rgw_rest_user.h @@ -17,7 +17,7 @@ public: using RGWHandler_Auth_S3::RGWHandler_Auth_S3; ~RGWHandler_User() override = default; - int read_permissions(RGWOp*) override { + int read_permissions(RGWOp*, optional_yield) override { return 0; } }; diff --git a/src/rgw/rgw_rest_user_policy.cc b/src/rgw/rgw_rest_user_policy.cc index 0926db984b53d..953220c04e2e8 100644 --- a/src/rgw/rgw_rest_user_policy.cc +++ b/src/rgw/rgw_rest_user_policy.cc @@ -38,7 +38,7 @@ void RGWRestUserPolicy::send_response() end_header(s); } -int RGWRestUserPolicy::verify_permission() +int RGWRestUserPolicy::verify_permission(optional_yield y) { if (s->auth.identity->is_anonymous()) { return -EACCES; @@ -109,7 +109,7 @@ int RGWPutUserPolicy::get_params() return 0; } -void RGWPutUserPolicy::execute() +void RGWPutUserPolicy::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -193,7 +193,7 @@ int RGWGetUserPolicy::get_params() return 0; } -void RGWGetUserPolicy::execute() +void RGWGetUserPolicy::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -257,7 +257,7 @@ int RGWListUserPolicies::get_params() return 0; } -void RGWListUserPolicies::execute() +void RGWListUserPolicies::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { @@ -319,7 +319,7 @@ int RGWDeleteUserPolicy::get_params() return 0; } -void RGWDeleteUserPolicy::execute() +void RGWDeleteUserPolicy::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { diff --git a/src/rgw/rgw_rest_user_policy.h b/src/rgw/rgw_rest_user_policy.h index bdc8d24b33c14..b8627f335c2b1 100644 --- a/src/rgw/rgw_rest_user_policy.h +++ b/src/rgw/rgw_rest_user_policy.h @@ -2,6 +2,7 @@ // vim: ts=8 sw=2 smarttab ft=cpp #pragma once +#include "rgw_rest.h" class RGWRestUserPolicy : public RGWRESTOp { protected: @@ -13,7 +14,7 @@ protected: bool validate_input(); public: - int verify_permission() override; + int verify_permission(optional_yield y) override; virtual uint64_t get_op() = 0; void send_response() override; void dump(Formatter *f) const; @@ -34,7 +35,7 @@ public: class RGWPutUserPolicy : public RGWUserPolicyWrite { public: RGWPutUserPolicy() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "put_user-policy"; } uint64_t get_op() override; @@ -44,7 +45,7 @@ public: class RGWGetUserPolicy : public RGWUserPolicyRead { public: RGWGetUserPolicy() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "get_user_policy"; } uint64_t get_op() override; @@ -54,7 +55,7 @@ public: class RGWListUserPolicies : public RGWUserPolicyRead { public: RGWListUserPolicies() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "list_user_policies"; } uint64_t get_op() override; @@ -64,7 +65,7 @@ public: class RGWDeleteUserPolicy : public RGWUserPolicyWrite { public: RGWDeleteUserPolicy() = default; - void execute() override; + void execute(optional_yield y) override; int get_params(); const char* name() const override { return "delete_user_policy"; } uint64_t get_op() override; diff --git a/src/rgw/rgw_role.h b/src/rgw/rgw_role.h index fceb4fb635474..41484f0d4e10c 100644 --- a/src/rgw/rgw_role.h +++ b/src/rgw/rgw_role.h @@ -6,6 +6,7 @@ #include +#include "common/ceph_json.h" #include "common/ceph_context.h" class RGWCtl; diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc index bf0e03f5306f4..136f9df0556c9 100644 --- a/src/rgw/rgw_swift_auth.cc +++ b/src/rgw/rgw_swift_auth.cc @@ -68,7 +68,7 @@ bool TempURLEngine::is_applicable(const req_state* const s) const noexcept } void TempURLEngine::get_owner_info(const DoutPrefixProvider* dpp, const req_state* const s, - RGWUserInfo& owner_info) const + RGWUserInfo& owner_info, optional_yield y) const { /* We cannot use req_state::bucket_name because it isn't available * now. It will be initialized in RGWHandler_REST_SWIFT::postauth_init(). */ @@ -113,8 +113,7 @@ void TempURLEngine::get_owner_info(const DoutPrefixProvider* dpp, const req_stat /* Need to get user info of bucket owner. */ RGWBucketInfo bucket_info; RGWSI_MetaBackend_CtxParams bectx_params = RGWSI_MetaBackend_CtxParams_SObj(s->sysobj_ctx); - int ret = ctl->bucket->read_bucket_info(b, &bucket_info, null_yield, RGWBucketCtl::BucketInstance::GetParams() - .set_bectx_params(bectx_params)); + int ret = ctl->bucket->read_bucket_info(b, &bucket_info, y, RGWBucketCtl::BucketInstance::GetParams().set_bectx_params(bectx_params)); if (ret < 0) { throw ret; } @@ -276,7 +275,7 @@ public: }; /* TempURLEngine::PrefixableSignatureHelper */ TempURLEngine::result_t -TempURLEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const +TempURLEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s, optional_yield y) const { if (! is_applicable(s)) { return result_t::deny(); @@ -301,7 +300,7 @@ TempURLEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* cons RGWUserInfo owner_info; try { - get_owner_info(dpp, s, owner_info); + get_owner_info(dpp, s, owner_info, y); } catch (...) { ldpp_dout(dpp, 5) << "cannot get user_info of account's owner" << dendl; return result_t::reject(); @@ -403,7 +402,7 @@ bool ExternalTokenEngine::is_applicable(const std::string& token) const noexcept ExternalTokenEngine::result_t ExternalTokenEngine::authenticate(const DoutPrefixProvider* dpp, const std::string& token, - const req_state* const s) const + const req_state* const s, optional_yield y) const { if (! is_applicable(token)) { return result_t::deny(); @@ -422,7 +421,7 @@ ExternalTokenEngine::authenticate(const DoutPrefixProvider* dpp, ldpp_dout(dpp, 10) << "rgw_swift_validate_token url=" << url_buf << dendl; - int ret = validator.process(null_yield); + int ret = validator.process(y); if (ret < 0) { throw ret; } @@ -621,7 +620,7 @@ SignedTokenEngine::authenticate(const DoutPrefixProvider* dpp, } /* namespace rgw */ -void RGW_SWIFT_Auth_Get::execute() +void RGW_SWIFT_Auth_Get::execute(optional_yield y) { int ret = -EPERM; @@ -752,7 +751,7 @@ int RGWHandler_SWIFT_Auth::init(rgw::sal::RGWRadosStore *store, struct req_state return RGWHandler::init(store, state, cio); } -int RGWHandler_SWIFT_Auth::authorize(const DoutPrefixProvider *dpp) +int RGWHandler_SWIFT_Auth::authorize(const DoutPrefixProvider *dpp, optional_yield) { return 0; } diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h index 2059ed9f11da3..ba319405bfd47 100644 --- a/src/rgw/rgw_swift_auth.h +++ b/src/rgw/rgw_swift_auth.h @@ -48,7 +48,8 @@ class TempURLEngine : public rgw::auth::Engine { /* Helper methods. */ void get_owner_info(const DoutPrefixProvider* dpp, const req_state* s, - RGWUserInfo& owner_info) const; + RGWUserInfo& owner_info, + optional_yield y) const; std::string convert_from_iso8601(std::string expires) const; bool is_applicable(const req_state* s) const noexcept; bool is_expired(const std::string& expires) const; @@ -71,7 +72,7 @@ public: return "rgw::auth::swift::TempURLEngine"; } - result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override; + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s, optional_yield y) const override; }; @@ -85,6 +86,7 @@ class SignedTokenEngine : public rgw::auth::Engine { const rgw::auth::LocalApplier::Factory* const apl_factory; bool is_applicable(const std::string& token) const noexcept; + using rgw::auth::Engine::authenticate; result_t authenticate(const DoutPrefixProvider* dpp, const std::string& token, const req_state* s) const; @@ -104,7 +106,8 @@ public: return "rgw::auth::swift::SignedTokenEngine"; } - result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override { + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s, + optional_yield y) const override { return authenticate(dpp, extractor->get_token(s), s); } }; @@ -122,7 +125,7 @@ class ExternalTokenEngine : public rgw::auth::Engine { bool is_applicable(const std::string& token) const noexcept; result_t authenticate(const DoutPrefixProvider* dpp, const std::string& token, - const req_state* s) const; + const req_state* s, optional_yield y) const; public: ExternalTokenEngine(CephContext* const cct, @@ -139,8 +142,9 @@ public: return "rgw::auth::swift::ExternalTokenEngine"; } - result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override { - return authenticate(dpp, extractor->get_token(s), s); + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s, + optional_yield y) const override { + return authenticate(dpp, extractor->get_token(s), s, y); } }; @@ -299,8 +303,8 @@ public: RGW_SWIFT_Auth_Get() {} ~RGW_SWIFT_Auth_Get() override {} - int verify_permission() override { return 0; } - void execute() override; + int verify_permission(optional_yield) override { return 0; } + void execute(optional_yield y) override; const char* name() const override { return "swift_auth_get"; } dmc::client_id dmclock_client() override { return dmc::client_id::auth; } }; @@ -312,9 +316,9 @@ public: RGWOp *op_get() override; int init(rgw::sal::RGWRadosStore *store, struct req_state *state, rgw::io::BasicClient *cio) override; - int authorize(const DoutPrefixProvider *dpp) override; - int postauth_init() override { return 0; } - int read_permissions(RGWOp *op) override { return 0; } + int authorize(const DoutPrefixProvider *dpp, optional_yield y) override; + int postauth_init(optional_yield) override { return 0; } + int read_permissions(RGWOp *op, optional_yield) override { return 0; } virtual RGWAccessControlPolicy *alloc_policy() { return NULL; } virtual void free_policy(RGWAccessControlPolicy *policy) {} diff --git a/src/rgw/rgw_sync_module_es_rest.cc b/src/rgw/rgw_sync_module_es_rest.cc index bad8d6a212811..d78fc895dc208 100644 --- a/src/rgw/rgw_sync_module_es_rest.cc +++ b/src/rgw/rgw_sync_module_es_rest.cc @@ -141,12 +141,12 @@ public: es_module = static_cast(sync_module_ref.get()); } - int verify_permission() override { + int verify_permission(optional_yield) override { return 0; } virtual int get_params() = 0; void pre_exec() override; - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "metadata_search"; } virtual RGWOpType get_type() override { return RGW_OP_METADATA_SEARCH; } @@ -158,7 +158,7 @@ void RGWMetadataSearchOp::pre_exec() rgw_bucket_object_pre_exec(s); } -void RGWMetadataSearchOp::execute() +void RGWMetadataSearchOp::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) @@ -248,7 +248,7 @@ void RGWMetadataSearchOp::execute() ldout(s->cct, 20) << "sending request to elasticsearch, payload=" << string(in.c_str(), in.length()) << dendl; auto& extra_headers = es_module->get_request_headers(); op_ret = conn->get_resource(resource, ¶ms, &extra_headers, - out, &in, nullptr, null_yield); + out, &in, nullptr, y); if (op_ret < 0) { ldout(s->cct, 0) << "ERROR: failed to fetch resource (r=" << resource << ", ret=" << op_ret << ")" << dendl; return; diff --git a/src/rgw/rgw_sync_module_pubsub_rest.cc b/src/rgw/rgw_sync_module_pubsub_rest.cc index 0c24414be511b..01182d211be23 100644 --- a/src/rgw/rgw_sync_module_pubsub_rest.cc +++ b/src/rgw/rgw_sync_module_pubsub_rest.cc @@ -120,11 +120,11 @@ public: // ceph specifc topics handler factory class RGWHandler_REST_PSTopic : public RGWHandler_REST_S3 { protected: - int init_permissions(RGWOp* op) override { + int init_permissions(RGWOp* op, optional_yield) override { return 0; } - int read_permissions(RGWOp* op) override { + int read_permissions(RGWOp* op, optional_yield) override { return 0; } @@ -273,11 +273,11 @@ public: // subscriptions handler factory class RGWHandler_REST_PSSub : public RGWHandler_REST_S3 { protected: - int init_permissions(RGWOp* op) override { + int init_permissions(RGWOp* op, optional_yield) override { return 0; } - int read_permissions(RGWOp* op) override { + int read_permissions(RGWOp* op, optional_yield) override { return 0; } bool supports_quota() override { @@ -369,10 +369,10 @@ private: public: const char* name() const override { return "pubsub_notification_create"; } - void execute() override; + void execute(optional_yield y) override; }; -void RGWPSCreateNotif_ObjStore::execute() +void RGWPSCreateNotif_ObjStore::execute(optional_yield y) { ups.emplace(store, s->owner.get_id()); @@ -401,11 +401,11 @@ private: } public: - void execute() override; + void execute(optional_yield y) override; const char* name() const override { return "pubsub_notification_delete"; } }; -void RGWPSDeleteNotif_ObjStore::execute() { +void RGWPSDeleteNotif_ObjStore::execute(optional_yield y) { op_ret = get_params(); if (op_ret < 0) { return; @@ -431,7 +431,7 @@ private: } public: - void execute() override; + void execute(optional_yield y) override; void send_response() override { if (op_ret) { set_req_state_err(s, op_ret); @@ -448,7 +448,7 @@ public: const char* name() const override { return "pubsub_notifications_list"; } }; -void RGWPSListNotifs_ObjStore::execute() +void RGWPSListNotifs_ObjStore::execute(optional_yield y) { ups.emplace(store, s->owner.get_id()); auto b = ups->get_bucket(bucket_info.bucket); @@ -462,11 +462,11 @@ void RGWPSListNotifs_ObjStore::execute() // ceph specific notification handler factory class RGWHandler_REST_PSNotifs : public RGWHandler_REST_S3 { protected: - int init_permissions(RGWOp* op) override { + int init_permissions(RGWOp* op, optional_yield) override { return 0; } - int read_permissions(RGWOp* op) override { + int read_permissions(RGWOp* op, optional_yield) override { return 0; } bool supports_quota() override { -- 2.39.5