From 030a6fc9c5541278c6e0d8aa348b7f57bf64f733 Mon Sep 17 00:00:00 2001
From: Radoslaw Zarzynski <rzarzynski@mirantis.com>
Date: Fri, 17 Mar 2017 23:29:54 +0100
Subject: [PATCH] rgw: implement SwiftAnonymousEngine.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
---
 src/rgw/rgw_auth.cc      |  2 +-
 src/rgw/rgw_auth.h       |  2 +-
 src/rgw/rgw_swift_auth.h | 27 +++++++++++++++++++++++++--
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index 111c81692974f..6311d4b16ab32 100644
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -421,7 +421,7 @@ void rgw::auth::LocalApplier::load_acct_info(RGWUserInfo& user_info) const /* ou
 rgw::auth::Engine::result_t
 rgw::auth::AnonymousEngine::authenticate(const req_state* const s) const
 {
-  if (! is_applicable()) {
+  if (! is_applicable(s)) {
     return result_t::deny();
   } else {
     RGWUserInfo user_info;
diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h
index 0eed707484113..fb72c5c5351cb 100644
--- a/src/rgw/rgw_auth.h
+++ b/src/rgw/rgw_auth.h
@@ -470,7 +470,7 @@ public:
   Engine::result_t authenticate(const req_state* s) const override final;
 
 protected:
-  virtual bool is_applicable() const noexcept {
+  virtual bool is_applicable(const req_state*) const noexcept {
     return true;
   }
 };
diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h
index 3b5397f43b535..d4ed3c2915593 100644
--- a/src/rgw/rgw_swift_auth.h
+++ b/src/rgw/rgw_swift_auth.h
@@ -135,6 +135,28 @@ public:
   }
 };
 
+
+class SwiftAnonymousEngine : public rgw::auth::AnonymousEngine {
+  const rgw::auth::TokenExtractor* const extractor;
+
+  bool is_applicable(const req_state* s) const noexcept override {
+    return extractor->get_token(s).empty();
+  }
+
+public:
+  SwiftAnonymousEngine(CephContext* const cct,
+                       const rgw::auth::LocalApplier::Factory* const apl_factory,
+                       const rgw::auth::TokenExtractor* const extractor)
+    : AnonymousEngine(cct, apl_factory),
+      extractor(extractor) {
+  }
+
+  const char* get_name() const noexcept override {
+    return "rgw::auth::swift::SwiftAnonymousEngine";
+  }
+};
+
+
 class DefaultStrategy : public rgw::auth::Strategy,
                         public rgw::auth::TokenExtractor,
                         public rgw::auth::RemoteApplier::Factory,
@@ -147,7 +169,7 @@ class DefaultStrategy : public rgw::auth::Strategy,
   const rgw::auth::swift::SignedTokenEngine signed_engine;
   const rgw::auth::keystone::TokenEngine keystone_engine;
   const rgw::auth::swift::ExternalTokenEngine external_engine;
-  const rgw::auth::AnonymousEngine anon_engine;
+  const rgw::auth::swift::SwiftAnonymousEngine anon_engine;
 
   using keystone_config_t = rgw::keystone::CephCtxConfig;
   using keystone_cache_t = rgw::keystone::TokenCache;
@@ -216,7 +238,8 @@ public:
                       static_cast<rgw::auth::TokenExtractor*>(this),
                       static_cast<rgw::auth::LocalApplier::Factory*>(this)),
       anon_engine(cct,
-                  static_cast<rgw::auth::LocalApplier::Factory*>(this)) {
+                  static_cast<rgw::auth::LocalApplier::Factory*>(this),
+                  static_cast<rgw::auth::TokenExtractor*>(this)) {
     /* When the constructor's body is being executed, all member engines
      * should be initialized. Thus, we can safely add them. */
     using Control = rgw::auth::Strategy::Control;
-- 
2.39.5