From 3353abb54972b9bb65aec30ec052fec45bea076b Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Thu, 16 Nov 2023 16:38:31 -0500 Subject: [PATCH] rgw/acl/s3: create_policy_from_headers() as free function Signed-off-by: Casey Bodley --- src/rgw/rgw_acl_s3.cc | 95 +++++++++++++++--------------------------- src/rgw/rgw_acl_s3.h | 12 +++--- src/rgw/rgw_common.cc | 4 +- src/rgw/rgw_common.h | 4 +- src/rgw/rgw_rest_s3.cc | 5 ++- 5 files changed, 48 insertions(+), 72 deletions(-) diff --git a/src/rgw/rgw_acl_s3.cc b/src/rgw/rgw_acl_s3.cc index f593b5cee5289..f2150dda79bd7 100644 --- a/src/rgw/rgw_acl_s3.cc +++ b/src/rgw/rgw_acl_s3.cc @@ -7,6 +7,7 @@ #include #include "include/types.h" +#include "common/split.h" #include "rgw_acl_s3.h" #include "rgw_user.h" @@ -285,16 +286,11 @@ struct s3_acl_header { const char *http_header; }; -static const char *get_acl_header(const RGWEnv *env, - const struct s3_acl_header *perm) -{ - const char *header = perm->http_header; - - return env->get(header, NULL); -} - -static int parse_grantee_str(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, string& grantee_str, - const struct s3_acl_header *perm, ACLGrant& grant) +static int parse_grantee_str(const DoutPrefixProvider* dpp, + rgw::sal::Driver* driver, + const std::string& grantee_str, + const s3_acl_header* perm, + ACLGrant& grant) { string id_type, id_val_quoted; int rgw_perm = perm->rgw_perm; @@ -333,27 +329,22 @@ static int parse_grantee_str(const DoutPrefixProvider *dpp, rgw::sal::Driver* dr return 0; } -static int parse_acl_header(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, - const RGWEnv *env, const struct s3_acl_header *perm, - std::list& _grants) +static int parse_acl_header(const DoutPrefixProvider* dpp, rgw::sal::Driver* driver, + const RGWEnv& env, const s3_acl_header* perm, + RGWAccessControlList& acl) { - std::list grantees; - std::string hacl_str; - - const char *hacl = get_acl_header(env, perm); - if (hacl == NULL) + const char* hacl = env.get(perm->http_header, nullptr); + if (hacl == nullptr) { return 0; + } - hacl_str = hacl; - get_str_list(hacl_str, ",", grantees); - - for (list::iterator it = grantees.begin(); it != grantees.end(); ++it) { + for (std::string_view grantee : ceph::split(hacl, ",")) { ACLGrant grant; - int ret = parse_grantee_str(dpp, driver, *it, perm, grant); + int ret = parse_grantee_str(dpp, driver, std::string{grantee}, perm, grant); if (ret < 0) return ret; - _grants.push_back(grant); + acl.add_grant(grant); } return 0; @@ -409,21 +400,6 @@ static int create_canned(const ACLOwner& owner, const ACLOwner& bucket_owner, return 0; } -int RGWAccessControlList_S3::create_from_grants(std::list& grants) -{ - if (grants.empty()) - return -EINVAL; - - acl_user_map.clear(); - grant_map.clear(); - - for (const auto& g : grants) { - add_grant(g); - } - - return 0; -} - bool RGWAccessControlPolicy_S3::xml_end(const char *el) { RGWAccessControlList_S3 *s3acl = static_cast(find_first("AccessControlList")); @@ -457,28 +433,6 @@ static const s3_acl_header acl_header_perms[] = { {0, NULL} }; -int RGWAccessControlPolicy_S3::create_from_headers(const DoutPrefixProvider *dpp, - rgw::sal::Driver* driver, - const RGWEnv *env, ACLOwner& _owner) -{ - std::list grants; - int r = 0; - - for (const struct s3_acl_header *p = acl_header_perms; p->rgw_perm; p++) { - r = parse_acl_header(dpp, driver, env, p, grants); - if (r < 0) { - return r; - } - } - - RGWAccessControlList_S3& _acl = static_cast(acl); - r = _acl.create_from_grants(grants); - - owner = _owner; - - return r; -} - /* can only be called on object that was parsed */ @@ -644,4 +598,23 @@ int create_canned_acl(const ACLOwner& owner, return create_canned(owner, bucket_owner, canned_acl, policy.get_acl()); } +int create_policy_from_headers(const DoutPrefixProvider* dpp, + rgw::sal::Driver* driver, + const ACLOwner& owner, + const RGWEnv& env, + RGWAccessControlPolicy& policy) +{ + policy.set_owner(owner); + auto& acl = policy.get_acl(); + + for (const s3_acl_header* p = acl_header_perms; p->rgw_perm; p++) { + int r = parse_acl_header(dpp, driver, env, p, acl); + if (r < 0) { + return r; + } + } + + return 0; +} + } // namespace rgw::s3 diff --git a/src/rgw/rgw_acl_s3.h b/src/rgw/rgw_acl_s3.h index 740cbf35f82cd..9753dd55b70ed 100644 --- a/src/rgw/rgw_acl_s3.h +++ b/src/rgw/rgw_acl_s3.h @@ -54,8 +54,6 @@ class RGWAccessControlList_S3 : public RGWAccessControlList, public XMLObj public: bool xml_end(const char *el) override; void to_xml(const DoutPrefixProvider* dpp, std::ostream& out); - - int create_from_grants(std::list& grants); }; class ACLOwner_S3 : public ACLOwner, public XMLObj @@ -78,9 +76,6 @@ public: void to_xml(const DoutPrefixProvider* dpp, std::ostream& out); int rebuild(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, ACLOwner *owner, RGWAccessControlPolicy& dest, std::string &err_msg); - - int create_from_headers(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, - const RGWEnv *env, ACLOwner& _owner); }; /** @@ -104,4 +99,11 @@ int create_canned_acl(const ACLOwner& owner, const std::string& canned_acl, RGWAccessControlPolicy& policy); +/// Construct a policy from x-amz-grant-* request headers. +int create_policy_from_headers(const DoutPrefixProvider* dpp, + rgw::sal::Driver* driver, + const ACLOwner& owner, + const RGWEnv& env, + RGWAccessControlPolicy& policy); + } // namespace rgw::s3 diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index 6ec10f2cc2f47..3ab882d35bbce 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -639,7 +639,7 @@ bool parse_iso8601(const char *s, struct tm *t, uint32_t *pns, bool extended_for return true; } -int parse_key_value(string& in_str, const char *delim, string& key, string& val) +int parse_key_value(const string& in_str, const char *delim, string& key, string& val) { if (delim == NULL) return -EINVAL; @@ -654,7 +654,7 @@ int parse_key_value(string& in_str, const char *delim, string& key, string& val) return 0; } -int parse_key_value(string& in_str, string& key, string& val) +int parse_key_value(const string& in_str, string& key, string& val) { return parse_key_value(in_str, "=", key,val); } diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 85d5ab2c155be..15d2e800fdee6 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -1490,8 +1490,8 @@ bool rgw_set_amz_meta_header( extern std::string rgw_string_unquote(const std::string& s); extern void parse_csv_string(const std::string& ival, std::vector& ovals); -extern int parse_key_value(std::string& in_str, std::string& key, std::string& val); -extern int parse_key_value(std::string& in_str, const char *delim, std::string& key, std::string& val); +extern int parse_key_value(const std::string& in_str, std::string& key, std::string& val); +extern int parse_key_value(const std::string& in_str, const char *delim, std::string& key, std::string& val); extern boost::optional> parse_key_value(const std::string_view& in_str, diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 0e557a13415a6..a5956def0d25f 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -2384,13 +2384,14 @@ void RGWStatBucket_ObjStore_S3::send_response() static int create_s3_policy(req_state *s, rgw::sal::Driver* driver, RGWAccessControlPolicy_S3& s3policy, - ACLOwner& owner) + const ACLOwner& owner) { if (s->has_acl_header) { if (!s->canned_acl.empty()) return -ERR_INVALID_REQUEST; - return s3policy.create_from_headers(s, driver, s->info.env, owner); + return rgw::s3::create_policy_from_headers(s, driver, owner, + *s->info.env, s3policy); } return rgw::s3::create_canned_acl(owner, s->bucket_owner, -- 2.39.5