[ceph.git] / ceph / src / rgw / rgw_auth_filters.h

// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab ft=cpp

#ifndef CEPH_RGW_AUTH_FILTERS_H
#define CEPH_RGW_AUTH_FILTERS_H

#include <type_traits>

#include <boost/logic/tribool.hpp>
#include <boost/optional.hpp>

#include "rgw_common.h"
#include "rgw_auth.h"

namespace rgw {
namespace auth {

/* Abstract decorator over any implementation of rgw::auth::IdentityApplier
 * which could be provided both as a pointer-to-object or the object itself. */
template <typename DecorateeT>
class DecoratedApplier : public rgw::auth::IdentityApplier {
  typedef typename std::remove_pointer<DecorateeT>::type DerefedDecorateeT;

  static_assert(std::is_base_of<rgw::auth::IdentityApplier,
                                DerefedDecorateeT>::value,
                "DecorateeT must be a subclass of rgw::auth::IdentityApplier");

  DecorateeT decoratee;

  /* There is an indirection layer over accessing decoratee to share the same
   * code base between dynamic and static decorators. The difference is about
   * what we store internally: pointer to a decorated object versus the whole
   * object itself. Googling for "SFINAE" can help to understand the code. */
  template <typename T = void,
            typename std::enable_if<
    std::is_pointer<DecorateeT>::value, T>::type* = nullptr>
  DerefedDecorateeT& get_decoratee() {
    return *decoratee;
  }

  template <typename T = void,
            typename std::enable_if<
    ! std::is_pointer<DecorateeT>::value, T>::type* = nullptr>
  DerefedDecorateeT& get_decoratee() {
    return decoratee;
  }

  template <typename T = void,
            typename std::enable_if<
    std::is_pointer<DecorateeT>::value, T>::type* = nullptr>
  const DerefedDecorateeT& get_decoratee() const {
    return *decoratee;
  }

  template <typename T = void,
            typename std::enable_if<
    ! std::is_pointer<DecorateeT>::value, T>::type* = nullptr>
  const DerefedDecorateeT& get_decoratee() const {
    return decoratee;
  }

public:
  explicit DecoratedApplier(DecorateeT&& decoratee)
    : decoratee(std::forward<DecorateeT>(decoratee)) {
  }

  uint32_t get_perms_from_aclspec(const DoutPrefixProvider* dpp, const aclspec_t& aclspec) const override {
    return get_decoratee().get_perms_from_aclspec(dpp, aclspec);
  }

  bool is_admin_of(const rgw_user& uid) const override {
    return get_decoratee().is_admin_of(uid);
  }

  bool is_owner_of(const rgw_user& uid) const override {
    return get_decoratee().is_owner_of(uid);
  }

  uint32_t get_perm_mask() const override {
    return get_decoratee().get_perm_mask();
  }

  uint32_t get_identity_type() const override {
    return get_decoratee().get_identity_type();
  }

  string get_acct_name() const override {
    return get_decoratee().get_acct_name();
  }

  bool is_identity(
    const boost::container::flat_set<Principal>& ids) const override {
    return get_decoratee().is_identity(ids);
  }

  void to_str(std::ostream& out) const override {
    get_decoratee().to_str(out);
  }

  void load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const override {  /* out */
    return get_decoratee().load_acct_info(dpp, user_info);
  }

  void modify_request_state(const DoutPrefixProvider* dpp, req_state * s) const override {     /* in/out */
    return get_decoratee().modify_request_state(dpp, s);
  }
};


template <typename T>
class ThirdPartyAccountApplier : public DecoratedApplier<T> {
  /* const */RGWCtl* const ctl;
  const rgw_user acct_user_override;

public:
  /* A value representing situations where there is no requested account
   * override. In other words, acct_user_override will be equal to this
   * constant where the request isn't a cross-tenant one. */
  static const rgw_user UNKNOWN_ACCT;

  template <typename U>
  ThirdPartyAccountApplier(RGWCtl* const ctl,
                           const rgw_user &acct_user_override,
                           U&& decoratee)
    : DecoratedApplier<T>(std::move(decoratee)),
      ctl(ctl),
      acct_user_override(acct_user_override) {
  }

  void to_str(std::ostream& out) const override;
  void load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const override;   /* out */
};

/* static declaration: UNKNOWN_ACCT will be an empty rgw_user that is a result
 * of the default construction. */
template <typename T>
const rgw_user ThirdPartyAccountApplier<T>::UNKNOWN_ACCT;

template <typename T>
void ThirdPartyAccountApplier<T>::to_str(std::ostream& out) const
{
  out << "rgw::auth::ThirdPartyAccountApplier(" + acct_user_override.to_str() + ")"
      <<   " -> ";
  DecoratedApplier<T>::to_str(out);
}

template <typename T>
void ThirdPartyAccountApplier<T>::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const
{
  if (UNKNOWN_ACCT == acct_user_override) {
    /* There is no override specified by the upper layer. This means that we'll
     * load the account owned by the authenticated identity (aka auth_user). */
    DecoratedApplier<T>::load_acct_info(dpp, user_info);
  } else if (DecoratedApplier<T>::is_owner_of(acct_user_override)) {
    /* The override has been specified but the account belongs to the authenticated
     * identity. We may safely forward the call to a next stage. */
    DecoratedApplier<T>::load_acct_info(dpp, user_info);
  } else {
    /* Compatibility mechanism for multi-tenancy. For more details refer to
     * load_acct_info method of rgw::auth::RemoteApplier. */
    if (acct_user_override.tenant.empty()) {
      const rgw_user tenanted_uid(acct_user_override.id, acct_user_override.id);

      if (ctl->user->get_info_by_uid(tenanted_uid, &user_info, null_yield) >= 0) {
        /* Succeeded. */
        return;
      }
    }

    const int ret = ctl->user->get_info_by_uid(acct_user_override, &user_info, null_yield);
    if (ret < 0) {
      /* We aren't trying to recover from ENOENT here. It's supposed that creating
       * someone else's account isn't a thing we want to support in this filter. */
      if (ret == -ENOENT) {
        throw -EACCES;
      } else {
        throw ret;
      }
    }

  }
}

template <typename T> static inline
ThirdPartyAccountApplier<T> add_3rdparty(RGWCtl* const ctl,
                                         const rgw_user &acct_user_override,
                                         T&& t) {
  return ThirdPartyAccountApplier<T>(ctl, acct_user_override,
                                     std::forward<T>(t));
}


template <typename T>
class SysReqApplier : public DecoratedApplier<T> {
  CephContext* const cct;
  /*const*/ RGWCtl* const ctl;
  const RGWHTTPArgs& args;
  mutable boost::tribool is_system;

public:
  template <typename U>
  SysReqApplier(CephContext* const cct,
                /*const*/ RGWCtl* const ctl,
                const req_state* const s,
                U&& decoratee)
    : DecoratedApplier<T>(std::forward<T>(decoratee)),
      cct(cct),
      ctl(ctl),
      args(s->info.args),
      is_system(boost::logic::indeterminate) {
  }

  void to_str(std::ostream& out) const override;
  void load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const override;   /* out */
  void modify_request_state(const DoutPrefixProvider* dpp, req_state* s) const override;       /* in/out */
};

template <typename T>
void SysReqApplier<T>::to_str(std::ostream& out) const
{
  out << "rgw::auth::SysReqApplier" << " -> ";
  DecoratedApplier<T>::to_str(out);
}

template <typename T>
void SysReqApplier<T>::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const
{
  DecoratedApplier<T>::load_acct_info(dpp, user_info);
  is_system = user_info.system;

  if (is_system) {
    //ldpp_dout(dpp, 20) << "system request" << dendl;

    rgw_user effective_uid(args.sys_get(RGW_SYS_PARAM_PREFIX "uid"));
    if (! effective_uid.empty()) {
      /* We aren't writing directly to user_info for consistency and security
       * reasons. rgw_get_user_info_by_uid doesn't trigger the operator=() but
       * calls ::decode instead. */
      RGWUserInfo euser_info;
      if (ctl->user->get_info_by_uid(effective_uid, &euser_info, null_yield) < 0) {
        //ldpp_dout(dpp, 0) << "User lookup failed!" << dendl;
        throw -EACCES;
      }
      user_info = euser_info;
    }
  }
}

template <typename T>
void SysReqApplier<T>::modify_request_state(const DoutPrefixProvider* dpp, req_state* const s) const
{
  if (boost::logic::indeterminate(is_system)) {
    RGWUserInfo unused_info;
    load_acct_info(dpp, unused_info);
  }

  if (is_system) {
    s->info.args.set_system();
    s->system_request = true;
  }
  DecoratedApplier<T>::modify_request_state(dpp, s);
}

template <typename T> static inline
SysReqApplier<T> add_sysreq(CephContext* const cct,
                            /* const */ RGWCtl* const ctl,
                            const req_state* const s,
                            T&& t) {
  return SysReqApplier<T>(cct, ctl, s, std::forward<T>(t));
}

} /* namespace auth */
} /* namespace rgw */

#endif /* CEPH_RGW_AUTH_FILTERS_H */
Commit	Line	Data
7c673cae	1	// -- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t --
9f95a23c	2	// vim: ts=8 sw=2 smarttab ft=cpp
7c673cae FG	3
	4	#ifndef CEPH_RGW_AUTH_FILTERS_H
	5	#define CEPH_RGW_AUTH_FILTERS_H
	6
	7	#include <type_traits>
	8
	9	#include <boost/logic/tribool.hpp>
	10	#include <boost/optional.hpp>
	11
	12	#include "rgw_common.h"
	13	#include "rgw_auth.h"
	14
	15	namespace rgw {
	16	namespace auth {
	17
	18	/* Abstract decorator over any implementation of rgw::auth::IdentityApplier
	19	* which could be provided both as a pointer-to-object or the object itself. */
	20	template <typename DecorateeT>
	21	class DecoratedApplier : public rgw::auth::IdentityApplier {
	22	typedef typename std::remove_pointer<DecorateeT>::type DerefedDecorateeT;
	23
	24	static_assert(std::is_base_of<rgw::auth::IdentityApplier,
	25	DerefedDecorateeT>::value,
	26	"DecorateeT must be a subclass of rgw::auth::IdentityApplier");
	27
	28	DecorateeT decoratee;
	29
	30	/* There is an indirection layer over accessing decoratee to share the same
	31	* code base between dynamic and static decorators. The difference is about
	32	* what we store internally: pointer to a decorated object versus the whole
	33	* object itself. Googling for "SFINAE" can help to understand the code. */
	34	template <typename T = void,
	35	typename std::enable_if<
	36	std::is_pointer<DecorateeT>::value, T>::type* = nullptr>
	37	DerefedDecorateeT& get_decoratee() {
	38	return *decoratee;
	39	}
	40
	41	template <typename T = void,
	42	typename std::enable_if<
	43	! std::is_pointer<DecorateeT>::value, T>::type* = nullptr>
	44	DerefedDecorateeT& get_decoratee() {
	45	return decoratee;
	46	}
	47
	48	template <typename T = void,
	49	typename std::enable_if<
	50	std::is_pointer<DecorateeT>::value, T>::type* = nullptr>
	51	const DerefedDecorateeT& get_decoratee() const {
	52	return *decoratee;
	53	}
	54
	55	template <typename T = void,
	56	typename std::enable_if<
	57	! std::is_pointer<DecorateeT>::value, T>::type* = nullptr>
	58	const DerefedDecorateeT& get_decoratee() const {
	59	return decoratee;
	60	}
	61
	62	public:
11fdf7f2	63	explicit DecoratedApplier(DecorateeT&& decoratee)
7c673cae FG	64	: decoratee(std::forward<DecorateeT>(decoratee)) {
	65	}
	66
11fdf7f2 TL	67	uint32_t get_perms_from_aclspec(const DoutPrefixProvider* dpp, const aclspec_t& aclspec) const override {
11fdf7f2 TL	68	return get_decoratee().get_perms_from_aclspec(dpp, aclspec);
7c673cae FG	69	}
	70
	71	bool is_admin_of(const rgw_user& uid) const override {
	72	return get_decoratee().is_admin_of(uid);
	73	}
	74
	75	bool is_owner_of(const rgw_user& uid) const override {
	76	return get_decoratee().is_owner_of(uid);
	77	}
	78
	79	uint32_t get_perm_mask() const override {
	80	return get_decoratee().get_perm_mask();
	81	}
	82
11fdf7f2 TL	83	uint32_t get_identity_type() const override {
	84	return get_decoratee().get_identity_type();
	85	}
	86
	87	string get_acct_name() const override {
	88	return get_decoratee().get_acct_name();
	89	}
	90
31f18b77 FG	91	bool is_identity(
	92	const boost::container::flat_set<Principal>& ids) const override {
	93	return get_decoratee().is_identity(ids);
	94	}
	95
7c673cae FG	96	void to_str(std::ostream& out) const override {
	97	get_decoratee().to_str(out);
	98	}
	99
11fdf7f2 TL	100	void load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const override { /* out */
11fdf7f2 TL	101	return get_decoratee().load_acct_info(dpp, user_info);
7c673cae FG	102	}
7c673cae FG	103
11fdf7f2 TL	104	void modify_request_state(const DoutPrefixProvider* dpp, req_state * s) const override { /* in/out */
11fdf7f2 TL	105	return get_decoratee().modify_request_state(dpp, s);
7c673cae FG	106	}
	107	};
	108
	109
	110	template <typename T>
	111	class ThirdPartyAccountApplier : public DecoratedApplier<T> {
9f95a23c	112	/* const /RGWCtl const ctl;
7c673cae FG	113	const rgw_user acct_user_override;
	114
	115	public:
	116	/* A value representing situations where there is no requested account
	117	* override. In other words, acct_user_override will be equal to this
	118	* constant where the request isn't a cross-tenant one. */
	119	static const rgw_user UNKNOWN_ACCT;
	120
	121	template <typename U>
9f95a23c	122	ThirdPartyAccountApplier(RGWCtl* const ctl,
11fdf7f2	123	const rgw_user &acct_user_override,
7c673cae FG	124	U&& decoratee)
7c673cae FG	125	: DecoratedApplier<T>(std::move(decoratee)),
9f95a23c	126	ctl(ctl),
7c673cae FG	127	acct_user_override(acct_user_override) {
	128	}
	129
	130	void to_str(std::ostream& out) const override;
11fdf7f2	131	void load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const override; /* out */
7c673cae FG	132	};
	133
	134	/* static declaration: UNKNOWN_ACCT will be an empty rgw_user that is a result
	135	* of the default construction. */
	136	template <typename T>
	137	const rgw_user ThirdPartyAccountApplier<T>::UNKNOWN_ACCT;
	138
	139	template <typename T>
	140	void ThirdPartyAccountApplier<T>::to_str(std::ostream& out) const
	141	{
	142	out << "rgw::auth::ThirdPartyAccountApplier(" + acct_user_override.to_str() + ")"
	143	<< " -> ";
	144	DecoratedApplier<T>::to_str(out);
	145	}
	146
	147	template <typename T>
11fdf7f2	148	void ThirdPartyAccountApplier<T>::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const
7c673cae FG	149	{
	150	if (UNKNOWN_ACCT == acct_user_override) {
	151	/* There is no override specified by the upper layer. This means that we'll
	152	* load the account owned by the authenticated identity (aka auth_user). */
11fdf7f2	153	DecoratedApplier<T>::load_acct_info(dpp, user_info);
7c673cae FG	154	} else if (DecoratedApplier<T>::is_owner_of(acct_user_override)) {
	155	/* The override has been specified but the account belongs to the authenticated
	156	* identity. We may safely forward the call to a next stage. */
11fdf7f2	157	DecoratedApplier<T>::load_acct_info(dpp, user_info);
7c673cae FG	158	} else {
	159	/* Compatibility mechanism for multi-tenancy. For more details refer to
	160	* load_acct_info method of rgw::auth::RemoteApplier. */
	161	if (acct_user_override.tenant.empty()) {
	162	const rgw_user tenanted_uid(acct_user_override.id, acct_user_override.id);
	163
9f95a23c	164	if (ctl->user->get_info_by_uid(tenanted_uid, &user_info, null_yield) >= 0) {
7c673cae FG	165	/* Succeeded. */
	166	return;
	167	}
	168	}
	169
9f95a23c	170	const int ret = ctl->user->get_info_by_uid(acct_user_override, &user_info, null_yield);
7c673cae FG	171	if (ret < 0) {
	172	/* We aren't trying to recover from ENOENT here. It's supposed that creating
	173	* someone else's account isn't a thing we want to support in this filter. */
	174	if (ret == -ENOENT) {
	175	throw -EACCES;
	176	} else {
	177	throw ret;
	178	}
	179	}
	180
	181	}
	182	}
	183
	184	template <typename T> static inline
9f95a23c	185	ThirdPartyAccountApplier<T> add_3rdparty(RGWCtl* const ctl,
11fdf7f2	186	const rgw_user &acct_user_override,
7c673cae	187	T&& t) {
9f95a23c	188	return ThirdPartyAccountApplier<T>(ctl, acct_user_override,
7c673cae FG	189	std::forward<T>(t));
	190	}
	191
	192
	193	template <typename T>
	194	class SysReqApplier : public DecoratedApplier<T> {
	195	CephContext* const cct;
9f95a23c	196	/const/ RGWCtl* const ctl;
7c673cae FG	197	const RGWHTTPArgs& args;
	198	mutable boost::tribool is_system;
	199
	200	public:
	201	template <typename U>
	202	SysReqApplier(CephContext* const cct,
9f95a23c	203	/const/ RGWCtl* const ctl,
7c673cae FG	204	const req_state* const s,
	205	U&& decoratee)
	206	: DecoratedApplier<T>(std::forward<T>(decoratee)),
	207	cct(cct),
9f95a23c	208	ctl(ctl),
7c673cae FG	209	args(s->info.args),
	210	is_system(boost::logic::indeterminate) {
	211	}
	212
	213	void to_str(std::ostream& out) const override;
11fdf7f2 TL	214	void load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const override; /* out */
11fdf7f2 TL	215	void modify_request_state(const DoutPrefixProvider* dpp, req_state* s) const override; /* in/out */
7c673cae FG	216	};
	217
	218	template <typename T>
	219	void SysReqApplier<T>::to_str(std::ostream& out) const
	220	{
	221	out << "rgw::auth::SysReqApplier" << " -> ";
	222	DecoratedApplier<T>::to_str(out);
	223	}
	224
	225	template <typename T>
11fdf7f2	226	void SysReqApplier<T>::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo& user_info) const
7c673cae	227	{
11fdf7f2	228	DecoratedApplier<T>::load_acct_info(dpp, user_info);
7c673cae FG	229	is_system = user_info.system;
	230
	231	if (is_system) {
11fdf7f2	232	//ldpp_dout(dpp, 20) << "system request" << dendl;
7c673cae FG	233
	234	rgw_user effective_uid(args.sys_get(RGW_SYS_PARAM_PREFIX "uid"));
	235	if (! effective_uid.empty()) {
	236	/* We aren't writing directly to user_info for consistency and security
	237	* reasons. rgw_get_user_info_by_uid doesn't trigger the operator=() but
	238	* calls ::decode instead. */
	239	RGWUserInfo euser_info;
9f95a23c	240	if (ctl->user->get_info_by_uid(effective_uid, &euser_info, null_yield) < 0) {
11fdf7f2	241	//ldpp_dout(dpp, 0) << "User lookup failed!" << dendl;
7c673cae FG	242	throw -EACCES;
	243	}
	244	user_info = euser_info;
	245	}
	246	}
	247	}
	248
	249	template <typename T>
11fdf7f2	250	void SysReqApplier<T>::modify_request_state(const DoutPrefixProvider* dpp, req_state* const s) const
7c673cae FG	251	{
	252	if (boost::logic::indeterminate(is_system)) {
	253	RGWUserInfo unused_info;
11fdf7f2	254	load_acct_info(dpp, unused_info);
7c673cae FG	255	}
	256
	257	if (is_system) {
	258	s->info.args.set_system();
	259	s->system_request = true;
	260	}
11fdf7f2	261	DecoratedApplier<T>::modify_request_state(dpp, s);
7c673cae FG	262	}
	263
	264	template <typename T> static inline
	265	SysReqApplier<T> add_sysreq(CephContext* const cct,
9f95a23c	266	/* const / RGWCtl const ctl,
7c673cae FG	267	const req_state* const s,
7c673cae FG	268	T&& t) {
9f95a23c	269	return SysReqApplier<T>(cct, ctl, s, std::forward<T>(t));
7c673cae FG	270	}
	271
	272	} /* namespace auth */
	273	} /* namespace rgw */
	274
	275	#endif /* CEPH_RGW_AUTH_FILTERS_H */