From 949aa83ae5a7934714d17848eace118b14a1fca0 Mon Sep 17 00:00:00 2001 From: Abhishek Lekshmanan Date: Wed, 29 Jan 2020 19:18:24 +0100 Subject: [PATCH] rgw: move public access conf to perm_state_base Signed-off-by: Abhishek Lekshmanan --- src/rgw/rgw_common.cc | 12 +++++++----- src/rgw/rgw_common.h | 10 ++++++++-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index 350de785bd965..f440bb2261227 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -1006,7 +1006,9 @@ struct perm_state_from_req_state : public perm_state_base { _s->auth.identity.get(), _s->bucket_info, _s->perm_mask, - _s->defer_to_bucket_acls), s(_s) {} + _s->defer_to_bucket_acls, + _s->bucket_access_conf), + s(_s) {} std::optional get_request_payer() const override { const char *request_payer = s->info.env->get("HTTP_X_AMZ_REQUEST_PAYER"); if (!request_payer) { @@ -1198,8 +1200,8 @@ bool verify_bucket_permission_no_policy(const DoutPrefixProvider* dpp, struct pe if ((perm & (int)s->perm_mask) != perm) return false; - if (bucket_acl->verify_permission(dpp, *s->auth.identity, perm, perm, - s->info.env->get("HTTP_REFERER"), + if (bucket_acl->verify_permission(dpp, *s->identity, perm, perm, + s->get_referer(), s->bucket_access_conf && s->bucket_access_conf->ignore_public_acls())) return true; @@ -1334,7 +1336,7 @@ bool verify_object_permission(const DoutPrefixProvider* dpp, struct perm_state_b return false; } - bool ret = object_acl->verify_permission(dpp, *s->auth.identity, s->perm_mask, perm, + bool ret = object_acl->verify_permission(dpp, *s->identity, s->perm_mask, perm, nullptr, /* http_referrer */ s->bucket_access_conf && s->bucket_access_conf->ignore_public_acls()); @@ -1401,7 +1403,7 @@ bool verify_object_permission_no_policy(const DoutPrefixProvider* dpp, return false; } - bool ret = object_acl->verify_permission(dpp, *s->auth.identity, s->perm_mask, perm, + bool ret = object_acl->verify_permission(dpp, *s->identity, s->perm_mask, perm, nullptr, /* http referrer */ s->bucket_access_conf && s->bucket_access_conf->ignore_public_acls()); diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 1eb40997d1bc5..c7677b83991f3 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -2122,18 +2122,24 @@ struct perm_state_base { const RGWBucketInfo& bucket_info; int perm_mask; bool defer_to_bucket_acls; + boost::optional bucket_access_conf; perm_state_base(CephContext *_cct, const rgw::IAM::Environment& _env, rgw::auth::Identity *_identity, const RGWBucketInfo& _bucket_info, int _perm_mask, - bool _defer_to_bucket_acls) : cct(_cct), + bool _defer_to_bucket_acls, + boost::optional _bucket_acess_conf = boost::none) : + cct(_cct), env(_env), identity(_identity), bucket_info(_bucket_info), perm_mask(_perm_mask), - defer_to_bucket_acls(_defer_to_bucket_acls) {} + defer_to_bucket_acls(_defer_to_bucket_acls), + bucket_access_conf(_bucket_acess_conf) + {} + virtual ~perm_state_base() {} virtual const char *get_referer() const = 0; -- 2.39.5