]> git.proxmox.com Git - ceph.git/blame - ceph/src/rgw/rgw_acl_s3.cc
projects / ceph.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
import quincy beta 17.1.0
[ceph.git] / ceph / src / rgw / rgw_acl_s3.cc
CommitLineData
7c673cae 1// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
9f95a23c 2// vim: ts=8 sw=2 smarttab ft=cpp
7c673cae
FG		 3
4#include <string.h>
5
6#include <iostream>
7#include <map>
8
9#include "include/types.h"
10
11#include "rgw_acl_s3.h"
12#include "rgw_user.h"
20effc67 13#include "rgw_sal.h"
7c673cae
FG		 14
15#define dout_subsys ceph_subsys_rgw
16
7c673cae
FG		 17
18
19#define RGW_URI_ALL_USERS "http://acs.amazonaws.com/groups/global/AllUsers"
20#define RGW_URI_AUTH_USERS "http://acs.amazonaws.com/groups/global/AuthenticatedUsers"
21
20effc67
TL		 22using namespace std;
23
7c673cae
FG		 24static string rgw_uri_all_users = RGW_URI_ALL_USERS;
25static string rgw_uri_auth_users = RGW_URI_AUTH_USERS;
26
27void ACLPermission_S3::to_xml(ostream& out)
28{
29 if ((flags & RGW_PERM_FULL_CONTROL) == RGW_PERM_FULL_CONTROL) {
30 out << "<Permission>FULL_CONTROL</Permission>";
31 } else {
32 if (flags & RGW_PERM_READ)
33 out << "<Permission>READ</Permission>";
34 if (flags & RGW_PERM_WRITE)
35 out << "<Permission>WRITE</Permission>";
36 if (flags & RGW_PERM_READ_ACP)
37 out << "<Permission>READ_ACP</Permission>";
38 if (flags & RGW_PERM_WRITE_ACP)
39 out << "<Permission>WRITE_ACP</Permission>";
40 }
41}
42
43bool ACLPermission_S3::
44xml_end(const char *el)
45{
46 const char *s = data.c_str();
47 if (strcasecmp(s, "READ") == 0) {
48 flags |= RGW_PERM_READ;
49 return true;
50 } else if (strcasecmp(s, "WRITE") == 0) {
51 flags |= RGW_PERM_WRITE;
52 return true;
53 } else if (strcasecmp(s, "READ_ACP") == 0) {
54 flags |= RGW_PERM_READ_ACP;
55 return true;
56 } else if (strcasecmp(s, "WRITE_ACP") == 0) {
57 flags |= RGW_PERM_WRITE_ACP;
58 return true;
59 } else if (strcasecmp(s, "FULL_CONTROL") == 0) {
60 flags |= RGW_PERM_FULL_CONTROL;
61 return true;
62 }
63 return false;
64}
65
66
67class ACLGranteeType_S3 {
68public:
69 static const char *to_string(ACLGranteeType& type) {
70 switch (type.get_type()) {
71 case ACL_TYPE_CANON_USER:
72 return "CanonicalUser";
73 case ACL_TYPE_EMAIL_USER:
74 return "AmazonCustomerByEmail";
75 case ACL_TYPE_GROUP:
76 return "Group";
77 default:
78 return "unknown";
79 }
80 }
81
82 static void set(const char *s, ACLGranteeType& type) {
83 if (!s) {
84 type.set(ACL_TYPE_UNKNOWN);
85 return;
86 }
87 if (strcmp(s, "CanonicalUser") == 0)
88 type.set(ACL_TYPE_CANON_USER);
89 else if (strcmp(s, "AmazonCustomerByEmail") == 0)
90 type.set(ACL_TYPE_EMAIL_USER);
91 else if (strcmp(s, "Group") == 0)
92 type.set(ACL_TYPE_GROUP);
93 else
94 type.set(ACL_TYPE_UNKNOWN);
95 }
96};
97
98class ACLID_S3 : public XMLObj
99{
100public:
101 ACLID_S3() {}
102 ~ACLID_S3() override {}
103 string& to_str() { return data; }
104};
105
106class ACLURI_S3 : public XMLObj
107{
108public:
109 ACLURI_S3() {}
110 ~ACLURI_S3() override {}
111};
112
113class ACLEmail_S3 : public XMLObj
114{
115public:
116 ACLEmail_S3() {}
117 ~ACLEmail_S3() override {}
118};
119
120class ACLDisplayName_S3 : public XMLObj
121{
122public:
123 ACLDisplayName_S3() {}
124 ~ACLDisplayName_S3() override {}
125};
126
127bool ACLOwner_S3::xml_end(const char *el) {
128 ACLID_S3 *acl_id = static_cast<ACLID_S3 *>(find_first("ID"));
129 ACLID_S3 *acl_name = static_cast<ACLID_S3 *>(find_first("DisplayName"));
130
131 // ID is mandatory
132 if (!acl_id)
133 return false;
134 id = acl_id->get_data();
135
136 // DisplayName is optional
137 if (acl_name)
138 display_name = acl_name->get_data();
139 else
140 display_name = "";
141
142 return true;
143}
144
145void ACLOwner_S3::to_xml(ostream& out) {
146 string s;
147 id.to_str(s);
148 if (s.empty())
149 return;
150 out << "<Owner>" << "<ID>" << s << "</ID>";
151 if (!display_name.empty())
152 out << "<DisplayName>" << display_name << "</DisplayName>";
153 out << "</Owner>";
154}
155
156bool ACLGrant_S3::xml_end(const char *el) {
157 ACLGrantee_S3 *acl_grantee;
158 ACLID_S3 *acl_id;
159 ACLURI_S3 *acl_uri;
160 ACLEmail_S3 *acl_email;
161 ACLPermission_S3 *acl_permission;
162 ACLDisplayName_S3 *acl_name;
163 string uri;
164
165 acl_grantee = static_cast<ACLGrantee_S3 *>(find_first("Grantee"));
166 if (!acl_grantee)
167 return false;
168 string type_str;
169 if (!acl_grantee->get_attr("xsi:type", type_str))
170 return false;
171 ACLGranteeType_S3::set(type_str.c_str(), type);
172
173 acl_permission = static_cast<ACLPermission_S3 *>(find_first("Permission"));
174 if (!acl_permission)
175 return false;
176
177 permission = *acl_permission;
178
179 id.clear();
180 name.clear();
181 email.clear();
182
183 switch (type.get_type()) {
184 case ACL_TYPE_CANON_USER:
185 acl_id = static_cast<ACLID_S3 *>(acl_grantee->find_first("ID"));
186 if (!acl_id)
187 return false;
188 id = acl_id->to_str();
189 acl_name = static_cast<ACLDisplayName_S3 *>(acl_grantee->find_first("DisplayName"));
190 if (acl_name)
191 name = acl_name->get_data();
192 break;
193 case ACL_TYPE_GROUP:
194 acl_uri = static_cast<ACLURI_S3 *>(acl_grantee->find_first("URI"));
195 if (!acl_uri)
196 return false;
197 uri = acl_uri->get_data();
198 group = uri_to_group(uri);
199 break;
200 case ACL_TYPE_EMAIL_USER:
201 acl_email = static_cast<ACLEmail_S3 *>(acl_grantee->find_first("EmailAddress"));
202 if (!acl_email)
203 return false;
204 email = acl_email->get_data();
205 break;
206 default:
207 // unknown user type
208 return false;
209 };
210 return true;
211}
212
213void ACLGrant_S3::to_xml(CephContext *cct, ostream& out) {
214 ACLPermission_S3& perm = static_cast<ACLPermission_S3 &>(permission);
215
216 /* only show s3 compatible permissions */
217 if (!(perm.get_permissions() & RGW_PERM_ALL_S3))
218 return;
219
220 string uri;
221
222 out << "<Grant>" <<
223 "<Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"" << ACLGranteeType_S3::to_string(type) << "\">";
224 switch (type.get_type()) {
225 case ACL_TYPE_CANON_USER:
226 out << "<ID>" << id << "</ID>";
227 if (name.size()) {
228 out << "<DisplayName>" << name << "</DisplayName>";
229 }
230 break;
231 case ACL_TYPE_EMAIL_USER:
232 out << "<EmailAddress>" << email << "</EmailAddress>";
233 break;
234 case ACL_TYPE_GROUP:
235 if (!group_to_uri(group, uri)) {
236 ldout(cct, 0) << "ERROR: group_to_uri failed with group=" << (int)group << dendl;
237 break;
238 }
239 out << "<URI>" << uri << "</URI>";
240 break;
241 default:
242 break;
243 }
244 out << "</Grantee>";
245 perm.to_xml(out);
246 out << "</Grant>";
247}
248
249bool ACLGrant_S3::group_to_uri(ACLGroupTypeEnum group, string& uri)
250{
251 switch (group) {
252 case ACL_GROUP_ALL_USERS:
253 uri = rgw_uri_all_users;
254 return true;
255 case ACL_GROUP_AUTHENTICATED_USERS:
256 uri = rgw_uri_auth_users;
257 return true;
258 default:
259 return false;
260 }
261}
262
263bool RGWAccessControlList_S3::xml_end(const char *el) {
264 XMLObjIter iter = find("Grant");
265 ACLGrant_S3 *grant = static_cast<ACLGrant_S3 *>(iter.get_next());
266 while (grant) {
267 add_grant(grant);
268 grant = static_cast<ACLGrant_S3 *>(iter.get_next());
269 }
270 return true;
271}
272
273void RGWAccessControlList_S3::to_xml(ostream& out) {
274 multimap<string, ACLGrant>::iterator iter;
275 out << "<AccessControlList>";
276 for (iter = grant_map.begin(); iter != grant_map.end(); ++iter) {
277 ACLGrant_S3& grant = static_cast<ACLGrant_S3 &>(iter->second);
278 grant.to_xml(cct, out);
279 }
280 out << "</AccessControlList>";
281}
282
283struct s3_acl_header {
284 int rgw_perm;
285 const char *http_header;
286};
287
31f18b77 288static const char *get_acl_header(const RGWEnv *env,
7c673cae
FG		 289 const struct s3_acl_header *perm)
290{
291 const char *header = perm->http_header;
292
293 return env->get(header, NULL);
294}
295
20effc67 296static int parse_grantee_str(const DoutPrefixProvider *dpp, rgw::sal::Store* store, string& grantee_str,
7c673cae
FG		 297 const struct s3_acl_header *perm, ACLGrant& grant)
298{
299 string id_type, id_val_quoted;
300 int rgw_perm = perm->rgw_perm;
301 int ret;
302
7c673cae
FG		 303 ret = parse_key_value(grantee_str, id_type, id_val_quoted);
304 if (ret < 0)
305 return ret;
306
307 string id_val = rgw_trim_quotes(id_val_quoted);
308
309 if (strcasecmp(id_type.c_str(), "emailAddress") == 0) {
20effc67
TL		 310 std::unique_ptr<rgw::sal::User> user;
311 ret = store->get_user_by_email(dpp, id_val, null_yield, &user);
7c673cae
FG		 312 if (ret < 0)
313 return ret;
314
20effc67 315 grant.set_canon(user->get_id(), user->get_display_name(), rgw_perm);
7c673cae 316 } else if (strcasecmp(id_type.c_str(), "id") == 0) {
20effc67
TL		 317 std::unique_ptr<rgw::sal::User> user = store->get_user(rgw_user(id_val));
318 ret = user->load_user(dpp, null_yield);
7c673cae
FG		 319 if (ret < 0)
320 return ret;
321
20effc67 322 grant.set_canon(user->get_id(), user->get_display_name(), rgw_perm);
7c673cae
FG		 323 } else if (strcasecmp(id_type.c_str(), "uri") == 0) {
324 ACLGroupTypeEnum gid = grant.uri_to_group(id_val);
325 if (gid == ACL_GROUP_NONE)
326 return -EINVAL;
327
328 grant.set_group(gid, rgw_perm);
329 } else {
330 return -EINVAL;
331 }
332
333 return 0;
334}
335
20effc67
TL		 336static int parse_acl_header(const DoutPrefixProvider *dpp, rgw::sal::Store* store,
337 const RGWEnv *env, const struct s3_acl_header *perm,
338 std::list<ACLGrant>& _grants)
7c673cae
FG		 339{
340 std::list<string> grantees;
341 std::string hacl_str;
342
343 const char *hacl = get_acl_header(env, perm);
344 if (hacl == NULL)
345 return 0;
346
347 hacl_str = hacl;
348 get_str_list(hacl_str, ",", grantees);
349
350 for (list<string>::iterator it = grantees.begin(); it != grantees.end(); ++it) {
351 ACLGrant grant;
20effc67 352 int ret = parse_grantee_str(dpp, store, *it, perm, grant);
7c673cae
FG		 353 if (ret < 0)
354 return ret;
355
356 _grants.push_back(grant);
357 }
358
359 return 0;
360}
361
362int RGWAccessControlList_S3::create_canned(ACLOwner& owner, ACLOwner& bucket_owner, const string& canned_acl)
363{
364 acl_user_map.clear();
365 grant_map.clear();
366
367 ACLGrant owner_grant;
368
369 rgw_user bid = bucket_owner.get_id();
370 string bname = bucket_owner.get_display_name();
371
372 /* owner gets full control */
373 owner_grant.set_canon(owner.get_id(), owner.get_display_name(), RGW_PERM_FULL_CONTROL);
374 add_grant(&owner_grant);
375
376 if (canned_acl.size() == 0 || canned_acl.compare("private") == 0) {
377 return 0;
378 }
379
380 ACLGrant bucket_owner_grant;
381 ACLGrant group_grant;
382 if (canned_acl.compare("public-read") == 0) {
383 group_grant.set_group(ACL_GROUP_ALL_USERS, RGW_PERM_READ);
384 add_grant(&group_grant);
385 } else if (canned_acl.compare("public-read-write") == 0) {
386 group_grant.set_group(ACL_GROUP_ALL_USERS, RGW_PERM_READ);
387 add_grant(&group_grant);
388 group_grant.set_group(ACL_GROUP_ALL_USERS, RGW_PERM_WRITE);
389 add_grant(&group_grant);
390 } else if (canned_acl.compare("authenticated-read") == 0) {
391 group_grant.set_group(ACL_GROUP_AUTHENTICATED_USERS, RGW_PERM_READ);
392 add_grant(&group_grant);
393 } else if (canned_acl.compare("bucket-owner-read") == 0) {
394 bucket_owner_grant.set_canon(bid, bname, RGW_PERM_READ);
395 if (bid.compare(owner.get_id()) != 0)
396 add_grant(&bucket_owner_grant);
397 } else if (canned_acl.compare("bucket-owner-full-control") == 0) {
398 bucket_owner_grant.set_canon(bid, bname, RGW_PERM_FULL_CONTROL);
399 if (bid.compare(owner.get_id()) != 0)
400 add_grant(&bucket_owner_grant);
401 } else {
402 return -EINVAL;
403 }
404
405 return 0;
406}
407
408int RGWAccessControlList_S3::create_from_grants(std::list<ACLGrant>& grants)
409{
410 if (grants.empty())
411 return -EINVAL;
412
413 acl_user_map.clear();
414 grant_map.clear();
415
416 for (std::list<ACLGrant>::iterator it = grants.begin(); it != grants.end(); ++it) {
417 ACLGrant g = *it;
418 add_grant(&g);
419 }
420
421 return 0;
422}
423
424bool RGWAccessControlPolicy_S3::xml_end(const char *el) {
425 RGWAccessControlList_S3 *s3acl =
426 static_cast<RGWAccessControlList_S3 *>(find_first("AccessControlList"));
427 if (!s3acl)
428 return false;
429
430 acl = *s3acl;
431
432 ACLOwner *owner_p = static_cast<ACLOwner_S3 *>(find_first("Owner"));
433 if (!owner_p)
434 return false;
435 owner = *owner_p;
436 return true;
437}
438
439void RGWAccessControlPolicy_S3::to_xml(ostream& out) {
440 out << "<AccessControlPolicy xmlns=\"" << XMLNS_AWS_S3 << "\">";
441 ACLOwner_S3& _owner = static_cast<ACLOwner_S3 &>(owner);
442 RGWAccessControlList_S3& _acl = static_cast<RGWAccessControlList_S3 &>(acl);
443 _owner.to_xml(out);
444 _acl.to_xml(out);
445 out << "</AccessControlPolicy>";
446}
447
448static const s3_acl_header acl_header_perms[] = {
449 {RGW_PERM_READ, "HTTP_X_AMZ_GRANT_READ"},
450 {RGW_PERM_WRITE, "HTTP_X_AMZ_GRANT_WRITE"},
451 {RGW_PERM_READ_ACP,"HTTP_X_AMZ_GRANT_READ_ACP"},
452 {RGW_PERM_WRITE_ACP, "HTTP_X_AMZ_GRANT_WRITE_ACP"},
453 {RGW_PERM_FULL_CONTROL, "HTTP_X_AMZ_GRANT_FULL_CONTROL"},
454 {0, NULL}
455};
456
20effc67
TL		 457int RGWAccessControlPolicy_S3::create_from_headers(const DoutPrefixProvider *dpp,
458 rgw::sal::Store* store,
459 const RGWEnv *env, ACLOwner& _owner)
7c673cae
FG		 460{
461 std::list<ACLGrant> grants;
11fdf7f2 462 int r = 0;
7c673cae
FG		 463
464 for (const struct s3_acl_header *p = acl_header_perms; p->rgw_perm; p++) {
20effc67 465 r = parse_acl_header(dpp, store, env, p, grants);
11fdf7f2
TL		 466 if (r < 0) {
467 return r;
468 }
7c673cae
FG		 469 }
470
471 RGWAccessControlList_S3& _acl = static_cast<RGWAccessControlList_S3 &>(acl);
11fdf7f2 472 r = _acl.create_from_grants(grants);
7c673cae
FG		 473
474 owner = _owner;
475
476 return r;
477}
478
479/*
480 can only be called on object that was parsed
481 */
20effc67
TL		 482int RGWAccessControlPolicy_S3::rebuild(const DoutPrefixProvider *dpp,
483 rgw::sal::Store* store, ACLOwner *owner,
484 RGWAccessControlPolicy& dest, std::string &err_msg)
7c673cae
FG		 485{
486 if (!owner)
487 return -EINVAL;
488
489 ACLOwner *requested_owner = static_cast<ACLOwner_S3 *>(find_first("Owner"));
490 if (requested_owner) {
491 rgw_user& requested_id = requested_owner->get_id();
492 if (!requested_id.empty() && requested_id.compare(owner->get_id()) != 0)
493 return -EPERM;
494 }
495
20effc67
TL		 496 std::unique_ptr<rgw::sal::User> user = store->get_user(owner->get_id());
497 if (user->load_user(dpp, null_yield) < 0) {
b3b6e05e 498 ldpp_dout(dpp, 10) << "owner info does not exist" << dendl;
9f95a23c 499 err_msg = "Invalid id";
7c673cae
FG		 500 return -EINVAL;
501 }
502 ACLOwner& dest_owner = dest.get_owner();
503 dest_owner.set_id(owner->get_id());
20effc67 504 dest_owner.set_name(user->get_display_name());
7c673cae 505
b3b6e05e
TL		 506 ldpp_dout(dpp, 20) << "owner id=" << owner->get_id() << dendl;
507 ldpp_dout(dpp, 20) << "dest owner id=" << dest.get_owner().get_id() << dendl;
7c673cae
FG		 508
509 RGWAccessControlList& dst_acl = dest.get_acl();
510
511 multimap<string, ACLGrant>& grant_map = acl.get_grant_map();
512 multimap<string, ACLGrant>::iterator iter;
513 for (iter = grant_map.begin(); iter != grant_map.end(); ++iter) {
514 ACLGrant& src_grant = iter->second;
515 ACLGranteeType& type = src_grant.get_type();
516 ACLGrant new_grant;
517 bool grant_ok = false;
518 rgw_user uid;
519 RGWUserInfo grant_user;
520 switch (type.get_type()) {
521 case ACL_TYPE_EMAIL_USER:
522 {
523 string email;
524 rgw_user u;
525 if (!src_grant.get_id(u)) {
b3b6e05e 526 ldpp_dout(dpp, 0) << "ERROR: src_grant.get_id() failed" << dendl;
7c673cae
FG		 527 return -EINVAL;
528 }
529 email = u.id;
b3b6e05e 530 ldpp_dout(dpp, 10) << "grant user email=" << email << dendl;
20effc67 531 if (store->get_user_by_email(dpp, email, null_yield, &user) < 0) {
b3b6e05e 532 ldpp_dout(dpp, 10) << "grant user email not found or other error" << dendl;
9f95a23c 533 err_msg = "The e-mail address you provided does not match any account on record.";
7c673cae
FG		 534 return -ERR_UNRESOLVABLE_EMAIL;
535 }
20effc67 536 grant_user = user->get_info();
7c673cae
FG		 537 uid = grant_user.user_id;
538 }
539 case ACL_TYPE_CANON_USER:
540 {
541 if (type.get_type() == ACL_TYPE_CANON_USER) {
542 if (!src_grant.get_id(uid)) {
b3b6e05e 543 ldpp_dout(dpp, 0) << "ERROR: src_grant.get_id() failed" << dendl;
9f95a23c 544 err_msg = "Invalid id";
7c673cae
FG		 545 return -EINVAL;
546 }
547 }
548
20effc67
TL		 549 if (grant_user.user_id.empty()) {
550 user = store->get_user(uid);
551 if (user->load_user(dpp, null_yield) < 0) {
552 ldpp_dout(dpp, 10) << "grant user does not exist:" << uid << dendl;
553 err_msg = "Invalid id";
554 return -EINVAL;
555 } else {
556 grant_user = user->get_info();
557 }
7c673cae 558 }
20effc67
TL		 559 ACLPermission& perm = src_grant.get_permission();
560 new_grant.set_canon(uid, grant_user.display_name, perm.get_permissions());
561 grant_ok = true;
562 rgw_user new_id;
563 new_grant.get_id(new_id);
564 ldpp_dout(dpp, 10) << "new grant: " << new_id << ":" << grant_user.display_name << dendl;
7c673cae
FG		 565 }
566 break;
567 case ACL_TYPE_GROUP:
568 {
569 string uri;
570 if (ACLGrant_S3::group_to_uri(src_grant.get_group(), uri)) {
571 new_grant = src_grant;
572 grant_ok = true;
b3b6e05e 573 ldpp_dout(dpp, 10) << "new grant: " << uri << dendl;
7c673cae 574 } else {
b3b6e05e 575 ldpp_dout(dpp, 10) << "bad grant group:" << (int)src_grant.get_group() << dendl;
9f95a23c 576 err_msg = "Invalid group uri";
7c673cae
FG		 577 return -EINVAL;
578 }
579 }
580 default:
581 break;
582 }
583 if (grant_ok) {
584 dst_acl.add_grant(&new_grant);
585 }
586 }
587
588 return 0;
589}
590
591bool RGWAccessControlPolicy_S3::compare_group_name(string& id, ACLGroupTypeEnum group)
592{
593 switch (group) {
594 case ACL_GROUP_ALL_USERS:
595 return (id.compare(RGW_USER_ANON_ID) == 0);
596 case ACL_GROUP_AUTHENTICATED_USERS:
597 return (id.compare(rgw_uri_auth_users) == 0);
598 default:
599 return id.empty();
600 }
601
602 // shouldn't get here
603 return false;
604}
605
606XMLObj *RGWACLXMLParser_S3::alloc_obj(const char *el)
607{
608 XMLObj * obj = NULL;
609 if (strcmp(el, "AccessControlPolicy") == 0) {
610 obj = new RGWAccessControlPolicy_S3(cct);
611 } else if (strcmp(el, "Owner") == 0) {
612 obj = new ACLOwner_S3();
613 } else if (strcmp(el, "AccessControlList") == 0) {
614 obj = new RGWAccessControlList_S3(cct);
615 } else if (strcmp(el, "ID") == 0) {
616 obj = new ACLID_S3();
617 } else if (strcmp(el, "DisplayName") == 0) {
618 obj = new ACLDisplayName_S3();
619 } else if (strcmp(el, "Grant") == 0) {
620 obj = new ACLGrant_S3();
621 } else if (strcmp(el, "Grantee") == 0) {
622 obj = new ACLGrantee_S3();
623 } else if (strcmp(el, "Permission") == 0) {
624 obj = new ACLPermission_S3();
625 } else if (strcmp(el, "URI") == 0) {
626 obj = new ACLURI_S3();
627 } else if (strcmp(el, "EmailAddress") == 0) {
628 obj = new ACLEmail_S3();
629 }
630
631 return obj;
632}
633
20effc67
TL		 634ACLGroupTypeEnum ACLGrant_S3::uri_to_group(string& uri)
635{
636 if (uri.compare(rgw_uri_all_users) == 0)
637 return ACL_GROUP_ALL_USERS;
638 else if (uri.compare(rgw_uri_auth_users) == 0)
639 return ACL_GROUP_AUTHENTICATED_USERS;
640
641 return ACL_GROUP_NONE;
642}
643
Ceph