From c7dae89016138aeb02529b5d9af1fdd1e3325a1a Mon Sep 17 00:00:00 2001 From: Pritha Srivastava Date: Fri, 5 Aug 2016 21:43:33 +0530 Subject: [PATCH] rgw: Fix for incorrect access key id reworked ldap auth code. The reworked ldap code does not use the correct access key id in get_policy. Signed-off-by: Pritha Srivastava --- src/rgw/rgw_rest_s3.cc | 2 +- src/rgw/rgw_rest_s3.h | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index fac111809cc1..c36dda391b73 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -1714,7 +1714,7 @@ int RGWPostObj_ObjStore_S3::get_policy() op_ret = rgw_get_user_info_by_access_key(store, s3_access_key, user_info); if (op_ret < 0) { S3AuthFactory aplfact(store, s->account_name); - RGWLDAPTokenExtractor token_extr(s); + RGWGetPolicyLDAPTokenExtractor token_extr(s3_access_key); RGWLDAPAuthEngine ldap(s->cct, store, token_extr, &aplfact); // try external authenticators if (store->ctx()->_conf->rgw_s3_auth_use_keystone && diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h index 0d0a2cd469d6..80e58f2892f1 100644 --- a/src/rgw/rgw_rest_s3.h +++ b/src/rgw/rgw_rest_s3.h @@ -689,6 +689,18 @@ public: std::string get_token() const override; }; +class RGWGetPolicyLDAPTokenExtractor : public RGWTokenBasedAuthEngine::Extractor { + std::string access_key_id; +public: + RGWGetPolicyLDAPTokenExtractor(std::string access_key_id) { + access_key_id = std::move(access_key_id); + } + + std::string get_token() const { + return access_key_id; + } +}; + class S3AuthFactory : public RGWRemoteAuthApplier::Factory { typedef RGWAuthApplier::aplptr_t aplptr_t; RGWRados * const store; -- 2.47.3