From d7c24978bd4f2e193f9a15557b4c02f2978903ad Mon Sep 17 00:00:00 2001 From: Ali Maredia Date: Thu, 4 Oct 2018 16:51:02 -0400 Subject: [PATCH] rgw: refactor logging in auth engines P1 pass DPP into authenticate functions for auth engines and change any of the logging inside of them. Next up is passing DPP and changing the douts in the helper functions called in authenticate. Signed-off-by: Ali Maredia --- src/rgw/rgw_auth.cc | 16 ++++++++-------- src/rgw/rgw_auth.h | 6 +++--- src/rgw/rgw_auth_keystone.cc | 20 +++++++++++--------- src/rgw/rgw_auth_keystone.h | 10 ++++++---- src/rgw/rgw_rest_s3.cc | 23 +++++++++++++---------- src/rgw/rgw_rest_s3.h | 11 +++++++---- src/rgw/rgw_swift_auth.cc | 36 +++++++++++++++++++----------------- src/rgw/rgw_swift_auth.h | 16 +++++++++------- 8 files changed, 76 insertions(+), 62 deletions(-) diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc index 70c0434038805..4c855b5315801 100644 --- a/src/rgw/rgw_auth.cc +++ b/src/rgw/rgw_auth.cc @@ -207,7 +207,7 @@ strategy_handle_granted(rgw::auth::Engine::result_t&& engine_result, } rgw::auth::Engine::result_t -rgw::auth::Strategy::authenticate(const req_state* const s) const +rgw::auth::Strategy::authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const { result_t strategy_result = result_t::deny(); @@ -215,11 +215,11 @@ rgw::auth::Strategy::authenticate(const req_state* const s) const const rgw::auth::Engine& engine = kv.first; const auto& policy = kv.second; - dout(20) << get_name() << ": trying " << engine.get_name() << dendl; + ldpp_dout(dpp, 20) << get_name() << ": trying " << engine.get_name() << dendl; result_t engine_result = result_t::deny(); try { - engine_result = engine.authenticate(s); + engine_result = engine.authenticate(dpp, s); } catch (const int err) { engine_result = result_t::deny(err); } @@ -227,7 +227,7 @@ rgw::auth::Strategy::authenticate(const req_state* const s) const bool try_next = true; switch (engine_result.get_status()) { case result_t::Status::REJECTED: { - dout(20) << engine.get_name() << " rejected with reason=" + ldpp_dout(dpp, 20) << engine.get_name() << " rejected with reason=" << engine_result.get_reason() << dendl; std::tie(try_next, strategy_result) = \ @@ -236,7 +236,7 @@ rgw::auth::Strategy::authenticate(const req_state* const s) const break; } case result_t::Status::DENIED: { - dout(20) << engine.get_name() << " denied with reason=" + ldpp_dout(dpp, 20) << engine.get_name() << " denied with reason=" << engine_result.get_reason() << dendl; std::tie(try_next, strategy_result) = \ @@ -245,7 +245,7 @@ rgw::auth::Strategy::authenticate(const req_state* const s) const break; } case result_t::Status::GRANTED: { - dout(20) << engine.get_name() << " granted access" << dendl; + ldpp_dout(dpp, 20) << engine.get_name() << " granted access" << dendl; std::tie(try_next, strategy_result) = \ strategy_handle_granted(std::move(engine_result), policy, @@ -270,7 +270,7 @@ rgw::auth::Strategy::apply(const DoutPrefixProvider *dpp, const rgw::auth::Strat req_state* const s) noexcept { try { - auto result = auth_strategy.authenticate(s); + auto result = auth_strategy.authenticate(dpp, s); if (result.get_status() != decltype(result)::Status::GRANTED) { /* Access denied is acknowledged by returning a std::unique_ptr with * nullptr inside. */ @@ -550,7 +550,7 @@ void rgw::auth::LocalApplier::modify_request_state(req_state* s) const } rgw::auth::Engine::result_t -rgw::auth::AnonymousEngine::authenticate(const req_state* const s) const +rgw::auth::AnonymousEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const { if (! is_applicable(s)) { return result_t::deny(-EPERM); diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h index 3d702cacd5718..0a7896774a7bc 100644 --- a/src/rgw/rgw_auth.h +++ b/src/rgw/rgw_auth.h @@ -280,7 +280,7 @@ public: * interface. * * On error throws rgw::auth::Exception containing the reason. */ - virtual result_t authenticate(const req_state* s) const = 0; + virtual result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s) const = 0; }; @@ -323,7 +323,7 @@ public: FALLBACK, }; - Engine::result_t authenticate(const req_state* s) const override final; + Engine::result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s) const override final; bool is_empty() const { return auth_stack.empty(); @@ -526,7 +526,7 @@ public: return "rgw::auth::AnonymousEngine"; } - Engine::result_t authenticate(const req_state* s) const override final; + Engine::result_t authenticate(const DoutPrefixProvider* dpp, const req_state* s) const override final; protected: virtual bool is_applicable(const req_state*) const noexcept { diff --git a/src/rgw/rgw_auth_keystone.cc b/src/rgw/rgw_auth_keystone.cc index 03a39610eecae..ac62d85fe2686 100644 --- a/src/rgw/rgw_auth_keystone.cc +++ b/src/rgw/rgw_auth_keystone.cc @@ -205,7 +205,8 @@ TokenEngine::get_acl_strategy(const TokenEngine::token_envelope_t& token) const } TokenEngine::result_t -TokenEngine::authenticate(const std::string& token, +TokenEngine::authenticate(const DoutPrefixProvider* dpp, + const std::string& token, const req_state* const s) const { boost::optional t; @@ -232,12 +233,12 @@ TokenEngine::authenticate(const std::string& token, /* Token ID is a concept that makes dealing with PKI tokens more effective. * Instead of storing several kilobytes, a short hash can be burried. */ const auto& token_id = rgw_get_token_id(token); - ldout(cct, 20) << "token_id=" << token_id << dendl; + ldpp_dout(dpp, 20) << "token_id=" << token_id << dendl; /* Check cache first. */ t = token_cache.find(token_id); if (t) { - ldout(cct, 20) << "cached token.project.id=" << t->get_project_id() + ldpp_dout(dpp, 20) << "cached token.project.id=" << t->get_project_id() << dendl; auto apl = apl_factory->create_apl_remote(cct, s, get_acl_strategy(*t), get_creds_info(*t, roles.admin)); @@ -263,7 +264,7 @@ TokenEngine::authenticate(const std::string& token, /* Verify expiration. */ if (t->expired()) { - ldout(cct, 0) << "got expired token: " << t->get_project_name() + ldpp_dout(dpp, 0) << "got expired token: " << t->get_project_name() << ":" << t->get_user_name() << " expired: " << t->get_expires() << dendl; return result_t::deny(-EPERM); @@ -272,7 +273,7 @@ TokenEngine::authenticate(const std::string& token, /* Check for necessary roles. */ for (const auto& role : roles.plain) { if (t->has_role(role) == true) { - ldout(cct, 0) << "validated token: " << t->get_project_name() + ldpp_dout(dpp, 0) << "validated token: " << t->get_project_name() << ":" << t->get_user_name() << " expires: " << t->get_expires() << dendl; token_cache.add(token_id, *t); @@ -282,7 +283,7 @@ TokenEngine::authenticate(const std::string& token, } } - ldout(cct, 0) << "user does not hold a matching role; required roles: " + ldpp_dout(dpp, 0) << "user does not hold a matching role; required roles: " << g_conf()->rgw_keystone_accepted_roles << dendl; return result_t::deny(-EPERM); @@ -418,6 +419,7 @@ EC2Engine::get_creds_info(const EC2Engine::token_envelope_t& token, } rgw::auth::Engine::result_t EC2Engine::authenticate( + const DoutPrefixProvider* dpp, const boost::string_view& access_key_id, const boost::string_view& signature, const boost::string_view& session_token, @@ -452,7 +454,7 @@ rgw::auth::Engine::result_t EC2Engine::authenticate( /* Verify expiration. */ if (t->expired()) { - ldout(cct, 0) << "got expired token: " << t->get_project_name() + ldpp_dout(dpp, 0) << "got expired token: " << t->get_project_name() << ":" << t->get_user_name() << " expired: " << t->get_expires() << dendl; return result_t::deny(); @@ -468,13 +470,13 @@ rgw::auth::Engine::result_t EC2Engine::authenticate( } if (! found) { - ldout(cct, 5) << "s3 keystone: user does not hold a matching role;" + ldpp_dout(dpp, 5) << "s3 keystone: user does not hold a matching role;" " required roles: " << cct->_conf->rgw_keystone_accepted_roles << dendl; return result_t::deny(); } else { /* everything seems fine, continue with this user */ - ldout(cct, 5) << "s3 keystone: validated token: " << t->get_project_name() + ldpp_dout(dpp, 5) << "s3 keystone: validated token: " << t->get_project_name() << ":" << t->get_user_name() << " expires: " << t->get_expires() << dendl; diff --git a/src/rgw/rgw_auth_keystone.h b/src/rgw/rgw_auth_keystone.h index b5cab7361bdc6..0861cc74fb394 100644 --- a/src/rgw/rgw_auth_keystone.h +++ b/src/rgw/rgw_auth_keystone.h @@ -46,7 +46,8 @@ class TokenEngine : public rgw::auth::Engine { auth_info_t get_creds_info(const token_envelope_t& token, const std::vector& admin_roles ) const noexcept; - result_t authenticate(const std::string& token, + result_t authenticate(const DoutPrefixProvider* dpp, + const std::string& token, const req_state* s) const; public: @@ -66,8 +67,8 @@ public: return "rgw::auth::keystone::TokenEngine"; } - result_t authenticate(const req_state* const s) const override { - return authenticate(extractor->get_token(s), s); + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override { + return authenticate(dpp, extractor->get_token(s), s); } }; /* class TokenEngine */ @@ -91,7 +92,8 @@ class EC2Engine : public rgw::auth::s3::AWSEngine { get_from_keystone(const boost::string_view& access_key_id, const std::string& string_to_sign, const boost::string_view& signature) const; - result_t authenticate(const boost::string_view& access_key_id, + result_t authenticate(const DoutPrefixProvider* dpp, + const boost::string_view& access_key_id, const boost::string_view& signature, const boost::string_view& session_token, const string_to_sign_t& string_to_sign, diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index c42f21b95eecd..5875ef5ecb7eb 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -4165,7 +4165,7 @@ AWSBrowserUploadAbstractor::get_auth_data(const req_state* const s) const } AWSEngine::result_t -AWSEngine::authenticate(const req_state* const s) const +AWSEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const { /* Small reminder: an ver_abstractor is allowed to throw! */ const auto auth_data = ver_abstractor.get_auth_data(s); @@ -4173,7 +4173,8 @@ AWSEngine::authenticate(const req_state* const s) const if (auth_data.access_key_id.empty() || auth_data.client_signature.empty()) { return result_t::deny(-EINVAL); } else { - return authenticate(auth_data.access_key_id, + return authenticate(dpp, + auth_data.access_key_id, auth_data.client_signature, auth_data.session_token, auth_data.string_to_sign, @@ -4238,6 +4239,7 @@ rgw::auth::s3::LDAPEngine::get_creds_info(const rgw::RGWToken& token) const noex rgw::auth::Engine::result_t rgw::auth::s3::LDAPEngine::authenticate( + const DoutPrefixProvider* dpp, const boost::string_view& access_key_id, const boost::string_view& signature, const boost::string_view& session_token, @@ -4265,7 +4267,7 @@ rgw::auth::s3::LDAPEngine::authenticate( user_info.user_id = base64_token.id; if (rgw_get_user_info_by_uid(store, user_info.user_id, user_info) >= 0) { if (user_info.type != TYPE_LDAP) { - ldout(cct, 10) << "ERROR: User id of type: " << user_info.type << " is already present" << dendl; + ldpp_dout(dpp, 10) << "ERROR: User id of type: " << user_info.type << " is already present" << dendl; return nullptr; } }*/ @@ -4289,6 +4291,7 @@ void rgw::auth::s3::LDAPEngine::shutdown() { /* LocalEngine */ rgw::auth::Engine::result_t rgw::auth::s3::LocalEngine::authenticate( + const DoutPrefixProvider* dpp, const boost::string_view& _access_key_id, const boost::string_view& signature, const boost::string_view& session_token, @@ -4302,14 +4305,14 @@ rgw::auth::s3::LocalEngine::authenticate( /* TODO(rzarzynski): we need to have string-view taking variant. */ const std::string access_key_id = _access_key_id.to_string(); if (rgw_get_user_info_by_access_key(store, access_key_id, user_info) < 0) { - ldpp_dout(s, 5) << "error reading user info, uid=" << access_key_id + ldpp_dout(dpp, 5) << "error reading user info, uid=" << access_key_id << " can't authenticate" << dendl; return result_t::deny(-ERR_INVALID_ACCESS_KEY); } //TODO: Uncomment, when we have a migration plan in place. /*else { if (s->user->type != TYPE_RGW) { - ldout(cct, 10) << "ERROR: User id of type: " << s->user->type + ldpp_dout(dpp, 10) << "ERROR: User id of type: " << s->user->type << " is present" << dendl; throw -EPERM; } @@ -4317,7 +4320,7 @@ rgw::auth::s3::LocalEngine::authenticate( const auto iter = user_info.access_keys.find(access_key_id); if (iter == std::end(user_info.access_keys)) { - ldpp_dout(s, 0) << "ERROR: access key not encoded in user info" << dendl; + ldpp_dout(dpp, 0) << "ERROR: access key not encoded in user info" << dendl; return result_t::deny(-EPERM); } const RGWAccessKey& k = iter->second; @@ -4326,12 +4329,12 @@ rgw::auth::s3::LocalEngine::authenticate( signature_factory(cct, k.key, string_to_sign); auto compare = signature.compare(server_signature); - ldout(cct, 15) << "string_to_sign=" + ldpp_dout(dpp, 15) << "string_to_sign=" << rgw::crypt_sanitize::log_content{string_to_sign} << dendl; - ldout(cct, 15) << "server signature=" << server_signature << dendl; - ldout(cct, 15) << "client signature=" << signature << dendl; - ldout(cct, 15) << "compare=" << compare << dendl; + ldpp_dout(dpp, 15) << "server signature=" << server_signature << dendl; + ldpp_dout(dpp, 15) << "client signature=" << signature << dendl; + ldpp_dout(dpp, 15) << "compare=" << compare << dendl; if (compare != 0) { return result_t::deny(-ERR_SIGNATURE_NO_MATCH); diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h index 18a6a5684b86e..8d0bc9e9ea59b 100644 --- a/src/rgw/rgw_rest_s3.h +++ b/src/rgw/rgw_rest_s3.h @@ -754,7 +754,8 @@ protected: /* TODO(rzarzynski): clean up. We've too many input parameter hee. Also * the signature get_auth_data() of VersionAbstractor is too complicated. * Replace these thing with a simple, dedicated structure. */ - virtual result_t authenticate(const boost::string_view& access_key_id, + virtual result_t authenticate(const DoutPrefixProvider* dpp, + const boost::string_view& access_key_id, const boost::string_view& signature, const boost::string_view& session_token, const string_to_sign_t& string_to_sign, @@ -763,7 +764,7 @@ protected: const req_state* s) const = 0; public: - result_t authenticate(const req_state* const s) const final; + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const final; }; @@ -830,7 +831,8 @@ protected: acl_strategy_t get_acl_strategy() const; auth_info_t get_creds_info(const rgw::RGWToken& token) const noexcept; - result_t authenticate(const boost::string_view& access_key_id, + result_t authenticate(const DoutPrefixProvider* dpp, + const boost::string_view& access_key_id, const boost::string_view& signature, const boost::string_view& session_token, const string_to_sign_t& string_to_sign, @@ -861,7 +863,8 @@ class LocalEngine : public AWSEngine { RGWRados* const store; const rgw::auth::LocalApplier::Factory* const apl_factory; - result_t authenticate(const boost::string_view& access_key_id, + result_t authenticate(const DoutPrefixProvider* dpp, + const boost::string_view& access_key_id, const boost::string_view& signature, const boost::string_view& session_token, const string_to_sign_t& string_to_sign, diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc index 5c4371da908ea..61a447c6181c5 100644 --- a/src/rgw/rgw_swift_auth.cc +++ b/src/rgw/rgw_swift_auth.cc @@ -244,7 +244,7 @@ public: }; /* TempURLEngine::PrefixableSignatureHelper */ TempURLEngine::result_t -TempURLEngine::authenticate(const req_state* const s) const +TempURLEngine::authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const { if (! is_applicable(s)) { return result_t::deny(); @@ -270,17 +270,17 @@ TempURLEngine::authenticate(const req_state* const s) const try { get_owner_info(s, owner_info); } catch (...) { - ldout(cct, 5) << "cannot get user_info of account's owner" << dendl; + ldpp_dout(dpp, 5) << "cannot get user_info of account's owner" << dendl; return result_t::reject(); } if (owner_info.temp_url_keys.empty()) { - ldout(cct, 5) << "user does not have temp url key set, aborting" << dendl; + ldpp_dout(dpp, 5) << "user does not have temp url key set, aborting" << dendl; return result_t::reject(); } if (is_expired(temp_url_expires)) { - ldout(cct, 5) << "temp url link expired" << dendl; + ldpp_dout(dpp, 5) << "temp url link expired" << dendl; return result_t::reject(-EPERM); } @@ -331,7 +331,7 @@ TempURLEngine::authenticate(const req_state* const s) const const char* const local_sig = sig_helper.calc(temp_url_key, method, path, temp_url_expires); - ldout(s->cct, 20) << "temp url signature [" << temp_url_key_num + ldpp_dout(dpp, 20) << "temp url signature [" << temp_url_key_num << "] (calculated): " << local_sig << dendl; @@ -339,7 +339,7 @@ TempURLEngine::authenticate(const req_state* const s) const auto apl = apl_factory->create_apl_turl(cct, s, owner_info); return result_t::grant(std::move(apl)); } else { - ldout(s->cct, 5) << "temp url signature mismatch: " << local_sig + ldpp_dout(dpp, 5) << "temp url signature mismatch: " << local_sig << " != " << temp_url_sig << dendl; } } @@ -363,7 +363,8 @@ bool ExternalTokenEngine::is_applicable(const std::string& token) const noexcept } ExternalTokenEngine::result_t -ExternalTokenEngine::authenticate(const std::string& token, +ExternalTokenEngine::authenticate(const DoutPrefixProvider* dpp, + const std::string& token, const req_state* const s) const { if (! is_applicable(token)) { @@ -381,7 +382,7 @@ ExternalTokenEngine::authenticate(const std::string& token, RGWHTTPHeadersCollector validator(cct, "GET", url_buf, { "X-Auth-Groups", "X-Auth-Ttl" }); - ldout(cct, 10) << "rgw_swift_validate_token url=" << url_buf << dendl; + ldpp_dout(dpp, 10) << "rgw_swift_validate_token url=" << url_buf << dendl; int ret = validator.process(); if (ret < 0) { @@ -408,12 +409,12 @@ ExternalTokenEngine::authenticate(const std::string& token, return result_t::deny(-EPERM); } - ldout(cct, 10) << "swift user=" << swift_user << dendl; + ldpp_dout(dpp, 10) << "swift user=" << swift_user << dendl; RGWUserInfo tmp_uinfo; ret = rgw_get_user_info_by_swift(store, swift_user, tmp_uinfo); if (ret < 0) { - ldout(cct, 0) << "NOTICE: couldn't map swift user" << dendl; + ldpp_dout(dpp, 0) << "NOTICE: couldn't map swift user" << dendl; throw ret; } @@ -477,7 +478,8 @@ bool SignedTokenEngine::is_applicable(const std::string& token) const noexcept } SignedTokenEngine::result_t -SignedTokenEngine::authenticate(const std::string& token, +SignedTokenEngine::authenticate(const DoutPrefixProvider* dpp, + const std::string& token, const req_state* const s) const { if (! is_applicable(token)) { @@ -489,7 +491,7 @@ SignedTokenEngine::authenticate(const std::string& token, const size_t etoken_len = etoken.length(); if (etoken_len & 1) { - ldout(cct, 0) << "NOTICE: failed to verify token: odd token length=" + ldpp_dout(dpp, 0) << "NOTICE: failed to verify token: odd token length=" << etoken_len << dendl; throw -EINVAL; } @@ -515,13 +517,13 @@ SignedTokenEngine::authenticate(const std::string& token, decode(nonce, iter); decode(expiration, iter); } catch (buffer::error& err) { - ldout(cct, 0) << "NOTICE: failed to decode token" << dendl; + ldpp_dout(dpp, 0) << "NOTICE: failed to decode token" << dendl; throw -EINVAL; } const utime_t now = ceph_clock_now(); if (expiration < now) { - ldout(cct, 0) << "NOTICE: old timed out token was used now=" << now + ldpp_dout(dpp, 0) << "NOTICE: old timed out token was used now=" << now << " token.expiration=" << expiration << dendl; return result_t::deny(-EPERM); @@ -533,7 +535,7 @@ SignedTokenEngine::authenticate(const std::string& token, throw ret; } - ldout(cct, 10) << "swift_user=" << swift_user << dendl; + ldpp_dout(dpp, 10) << "swift_user=" << swift_user << dendl; const auto siter = user_info.swift_keys.find(swift_user); if (siter == std::end(user_info.swift_keys)) { @@ -549,7 +551,7 @@ SignedTokenEngine::authenticate(const std::string& token, } if (local_tok_bl.length() != tok_bl.length()) { - ldout(cct, 0) << "NOTICE: tokens length mismatch:" + ldpp_dout(dpp, 0) << "NOTICE: tokens length mismatch:" << " tok_bl.length()=" << tok_bl.length() << " local_tok_bl.length()=" << local_tok_bl.length() << dendl; @@ -563,7 +565,7 @@ SignedTokenEngine::authenticate(const std::string& token, buf_to_hex(reinterpret_cast(local_tok_bl.c_str()), local_tok_bl.length(), buf); - ldout(cct, 0) << "NOTICE: tokens mismatch tok=" << buf << dendl; + ldpp_dout(dpp, 0) << "NOTICE: tokens mismatch tok=" << buf << dendl; return result_t::deny(-EPERM); } diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h index 2677c4c853a80..394d9b2bab400 100644 --- a/src/rgw/rgw_swift_auth.h +++ b/src/rgw/rgw_swift_auth.h @@ -65,7 +65,7 @@ public: return "rgw::auth::swift::TempURLEngine"; } - result_t authenticate(const req_state* const s) const override; + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override; }; @@ -79,7 +79,8 @@ class SignedTokenEngine : public rgw::auth::Engine { const rgw::auth::LocalApplier::Factory* const apl_factory; bool is_applicable(const std::string& token) const noexcept; - result_t authenticate(const std::string& token, + result_t authenticate(const DoutPrefixProvider* dpp, + const std::string& token, const req_state* s) const; public: @@ -97,8 +98,8 @@ public: return "rgw::auth::swift::SignedTokenEngine"; } - result_t authenticate(const req_state* const s) const override { - return authenticate(extractor->get_token(s), s); + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override { + return authenticate(dpp, extractor->get_token(s), s); } }; @@ -113,7 +114,8 @@ class ExternalTokenEngine : public rgw::auth::Engine { const rgw::auth::LocalApplier::Factory* const apl_factory; bool is_applicable(const std::string& token) const noexcept; - result_t authenticate(const std::string& token, + result_t authenticate(const DoutPrefixProvider* dpp, + const std::string& token, const req_state* s) const; public: @@ -131,8 +133,8 @@ public: return "rgw::auth::swift::ExternalTokenEngine"; } - result_t authenticate(const req_state* const s) const override { - return authenticate(extractor->get_token(s), s); + result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s) const override { + return authenticate(dpp, extractor->get_token(s), s); } }; -- 2.39.5