From 5bf8d71001bf929813fd5e3bb101c60630ab6c5d Mon Sep 17 00:00:00 2001
From: John Gibson <jgibson@mitre.org>
Date: Tue, 19 Sep 2017 09:17:22 -0400
Subject: [PATCH] rgw: Policies now properly evaluate the X-Forwarded-For
 header.

Signed-off-by: John Gibson <jgibson@mitre.org>
(cherry picked from commit 5f7d9c4ff6c78f65d074dbdf8a181cb9ae09851e)
---
 src/rgw/rgw_op.cc | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 4127d3254d4e..65dd6db31843 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -610,7 +610,16 @@ rgw::IAM::Environment rgw_build_iam_environment(RGWRados* store,
     i = m.find("REMOTE_ADDR");
   }
   if (i != m.end()) {
-    e.emplace("aws:SourceIp", i->second);
+    const string* ip = &(i->second);
+    string temp;
+    if (remote_addr_param == "HTTP_X_FORWARDED_FOR") {
+      const auto comma = ip->find(',');
+      if (comma != string::npos) {
+	temp.assign(*ip, 0, comma);
+	ip = &temp;
+      }
+    }
+    e.emplace("aws:SourceIp", *ip);
   }
 
   i = m.find("HTTP_USER_AGENT"); {
-- 
2.47.3