From 56bf5073cf384d40b8e8f4348a48f7a727f7023e Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Thu, 17 Oct 2024 19:25:57 -0400 Subject: [PATCH] rgw: GetObjAttrs calls rgw_s3_prepare_decrypt() RGWGetObj::execute() relies on the virtual get_decrypt_filter() which is overridden by RGWGetObj_ObjStore_S3 but when called from RGWGetObjAttrs_ObjStore_S3, there is no override. add one that just calls rgw_s3_prepare_decrypt() Signed-off-by: Casey Bodley --- src/rgw/rgw_op.cc | 3 +-- src/rgw/rgw_rest_s3.cc | 15 +++++++++++++++ src/rgw/rgw_rest_s3.h | 3 +++ 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 866b959e3ac..62fc6a285a7 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -2375,8 +2375,7 @@ void RGWGetObj::execute(optional_yield y) goto done_err; /* STAT ops don't need data, and do no i/o */ - if ((get_type() == RGW_OP_STAT_OBJ) || - (get_type() == RGW_OP_GET_OBJ_ATTRS)) { + if (get_type() == RGW_OP_STAT_OBJ) { return; } if (s->info.env->exists("HTTP_X_RGW_AUTH")) { diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 234c26abbda..698917f95f8 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -3858,6 +3858,21 @@ int RGWGetObjAttrs_ObjStore_S3::get_params(optional_yield y) return 0; } /* RGWGetObjAttrs_ObjStore_S3::get_params(...) */ +int RGWGetObjAttrs_ObjStore_S3::get_decrypt_filter( + std::unique_ptr *filter, + RGWGetObj_Filter* cb, bufferlist* manifest_bl) +{ + // we aren't actually decrypting the data, but for objects encrypted with + // SSE-C we do need to verify that required headers are present and valid + // + // in the SSE-KMS and SSE-S3 cases, this unfortunately causes us to fetch + // decryption keys which we don't need :( + std::unique_ptr block_crypt; // ignored + std::map crypt_http_responses; // ignored + return rgw_s3_prepare_decrypt(s, s->yield, attrs, &block_crypt, + crypt_http_responses); +} + void RGWGetObjAttrs_ObjStore_S3::send_response() { if (op_ret) diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h index 37dbf90f203..e8fdc69751c 100644 --- a/src/rgw/rgw_rest_s3.h +++ b/src/rgw/rgw_rest_s3.h @@ -380,6 +380,9 @@ public: ~RGWGetObjAttrs_ObjStore_S3() override {} int get_params(optional_yield y) override; + int get_decrypt_filter(std::unique_ptr* filter, + RGWGetObj_Filter* cb, + bufferlist* manifest_bl) override; void send_response() override; }; -- 2.39.5