]> git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/librgw.cc
projects / ceph.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
import ceph 16.2.7
[ceph.git] / ceph / src / rgw / librgw.cc
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
3
4 /*
5 * Ceph - scalable distributed file system
6 *
7 * Copyright (C) 2011 New Dream Network
8 *
9 * This is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License version 2.1, as published by the Free Software
12 * Foundation. See file COPYING.
13 *
14 */
15
16 #include "include/compat.h"
17 #include <sys/types.h>
18 #include <string.h>
19 #include <chrono>
20
21 #include "include/types.h"
22 #include "include/rados/librgw.h"
23 #include "rgw/rgw_acl_s3.h"
24 #include "rgw_acl.h"
25
26 #include "include/str_list.h"
27 #include "include/stringify.h"
28 #include "global/global_init.h"
29 #include "global/signal_handler.h"
30 #include "common/config.h"
31 #include "common/errno.h"
32 #include "common/Timer.h"
33 #include "common/Throttle.h"
34 #include "common/WorkQueue.h"
35 #include "common/ceph_argparse.h"
36 #include "common/ceph_context.h"
37 #include "common/common_init.h"
38 #include "common/dout.h"
39
40 #include "rgw_resolve.h"
41 #include "rgw_op.h"
42 #include "rgw_rest.h"
43 #include "rgw_frontend.h"
44 #include "rgw_request.h"
45 #include "rgw_process.h"
46 #include "rgw_rest_user.h"
47 #include "rgw_rest_s3.h"
48 #include "rgw_os_lib.h"
49 #include "rgw_auth.h"
50 #include "rgw_auth_s3.h"
51 #include "rgw_lib.h"
52 #include "rgw_lib_frontend.h"
53 #include "rgw_http_client.h"
54 #include "rgw_http_client_curl.h"
55 #include "rgw_perf_counters.h"
56 #ifdef WITH_RADOSGW_AMQP_ENDPOINT
57 #include "rgw_amqp.h"
58 #endif
59 #ifdef WITH_RADOSGW_KAFKA_ENDPOINT
60 #include "rgw_kafka.h"
61 #endif
62
63 #include "services/svc_zone.h"
64
65 #include <errno.h>
66 #include <thread>
67 #include <string>
68 #include <mutex>
69
70 #define dout_subsys ceph_subsys_rgw
71
72 bool global_stop = false;
73
74 static void handle_sigterm(int signum)
75 {
76 dout(20) << __func__ << " SIGUSR1 ignored" << dendl;
77 }
78
79 namespace rgw {
80
81 using std::string;
82
83 static std::mutex librgw_mtx;
84
85 RGWLib rgwlib;
86
87 class C_InitTimeout : public Context {
88 public:
89 C_InitTimeout() {}
90 void finish(int r) override {
91 derr << "Initialization timeout, failed to initialize" << dendl;
92 exit(1);
93 }
94 };
95
96 void RGWLibProcess::checkpoint()
97 {
98 m_tp.drain(&req_wq);
99 }
100
101 #define MIN_EXPIRE_S 120
102
103 void RGWLibProcess::run()
104 {
105 /* write completion interval */
106 RGWLibFS::write_completion_interval_s =
107 cct->_conf->rgw_nfs_write_completion_interval_s;
108
109 /* start write timer */
110 RGWLibFS::write_timer.resume();
111
112 /* gc loop */
113 while (! shutdown) {
114 lsubdout(cct, rgw, 5) << "RGWLibProcess GC" << dendl;
115
116 /* dirent invalidate timeout--basically, the upper-bound on
117 * inconsistency with the S3 namespace */
118 auto expire_s = cct->_conf->rgw_nfs_namespace_expire_secs;
119
120 /* delay between gc cycles */
121 auto delay_s = std::max(int64_t(1), std::min(int64_t(MIN_EXPIRE_S), expire_s/2));
122
123 unique_lock uniq(mtx);
124 restart:
125 int cur_gen = gen;
126 for (auto iter = mounted_fs.begin(); iter != mounted_fs.end();
127 ++iter) {
128 RGWLibFS* fs = iter->first->ref();
129 uniq.unlock();
130 fs->gc();
131 const DoutPrefix dp(cct, dout_subsys, "librgw: ");
132 fs->update_user(&dp);
133 fs->rele();
134 uniq.lock();
135 if (cur_gen != gen)
136 goto restart; /* invalidated */
137 }
138 cv.wait_for(uniq, std::chrono::seconds(delay_s));
139 uniq.unlock();
140 }
141 }
142
143 void RGWLibProcess::handle_request(const DoutPrefixProvider *dpp, RGWRequest* r)
144 {
145 /*
146 * invariant: valid requests are derived from RGWLibRequst
147 */
148 RGWLibRequest* req = static_cast<RGWLibRequest*>(r);
149
150 // XXX move RGWLibIO and timing setup into process_request
151
152 #if 0 /* XXX */
153 utime_t tm = ceph_clock_now();
154 #endif
155
156 RGWLibIO io_ctx;
157
158 int ret = process_request(req, &io_ctx);
159 if (ret < 0) {
160 /* we don't really care about return code */
161 dout(20) << "process_request() returned " << ret << dendl;
162
163 }
164 delete req;
165 } /* handle_request */
166
167 int RGWLibProcess::process_request(RGWLibRequest* req)
168 {
169 // XXX move RGWLibIO and timing setup into process_request
170
171 #if 0 /* XXX */
172 utime_t tm = ceph_clock_now();
173 #endif
174
175 RGWLibIO io_ctx;
176
177 int ret = process_request(req, &io_ctx);
178 if (ret < 0) {
179 /* we don't really care about return code */
180 dout(20) << "process_request() returned " << ret << dendl;
181 }
182 return ret;
183 } /* process_request */
184
185 static inline void abort_req(struct req_state *s, RGWOp *op, int err_no)
186 {
187 if (!s)
188 return;
189
190 /* XXX the dump_errno and dump_bucket_from_state behaviors in
191 * the abort_early (rgw_rest.cc) might be valuable, but aren't
192 * safe to call presently as they return HTTP data */
193
194 perfcounter->inc(l_rgw_failed_req);
195 } /* abort_req */
196
197 int RGWLibProcess::process_request(RGWLibRequest* req, RGWLibIO* io)
198 {
199 int ret = 0;
200 bool should_log = true; // XXX
201
202 dout(1) << "====== " << __func__
203 << " starting new request req=" << hex << req << dec
204 << " ======" << dendl;
205
206 /*
207 * invariant: valid requests are derived from RGWOp--well-formed
208 * requests should have assigned RGWRequest::op in their descendant
209 * constructor--if not, the compiler can find it, at the cost of
210 * a runtime check
211 */
212 RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
213 if (! op) {
214 ldpp_dout(op, 1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
215 return -EINVAL;
216 }
217
218 io->init(req->cct);
219
220 perfcounter->inc(l_rgw_req);
221
222 RGWEnv& rgw_env = io->get_env();
223
224 /* XXX
225 * until major refactoring of req_state and req_info, we need
226 * to build their RGWEnv boilerplate from the RGWLibRequest,
227 * pre-staging any strings (HTTP_HOST) that provoke a crash when
228 * not found
229 */
230
231 /* XXX for now, use ""; could be a legit hostname, or, in future,
232 * perhaps a tenant (Yehuda) */
233 rgw_env.set("HTTP_HOST", "");
234
235 /* XXX and -then- bloat up req_state with string copies from it */
236 struct req_state rstate(req->cct, &rgw_env, req->id);
237 struct req_state *s = &rstate;
238
239 // XXX fix this
240 s->cio = io;
241
242 RGWObjectCtx rados_ctx(store, s); // XXX holds std::map
243
244 auto sysobj_ctx = store->svc()->sysobj->init_obj_ctx();
245 s->sysobj_ctx = &sysobj_ctx;
246
247 /* XXX and -then- stash req_state pointers everywhere they are needed */
248 ret = req->init(rgw_env, &rados_ctx, io, s);
249 if (ret < 0) {
250 ldpp_dout(op, 10) << "failed to initialize request" << dendl;
251 abort_req(s, op, ret);
252 goto done;
253 }
254
255 /* req is-a RGWOp, currently initialized separately */
256 ret = req->op_init();
257 if (ret < 0) {
258 dout(10) << "failed to initialize RGWOp" << dendl;
259 abort_req(s, op, ret);
260 goto done;
261 }
262
263 /* now expected by rgw_log_op() */
264 rgw_env.set("REQUEST_METHOD", s->info.method);
265 rgw_env.set("REQUEST_URI", s->info.request_uri);
266 rgw_env.set("QUERY_STRING", "");
267
268 try {
269 /* XXX authorize does less here then in the REST path, e.g.,
270 * the user's info is cached, but still incomplete */
271 ldpp_dout(s, 2) << "authorizing" << dendl;
272 ret = req->authorize(op, null_yield);
273 if (ret < 0) {
274 dout(10) << "failed to authorize request" << dendl;
275 abort_req(s, op, ret);
276 goto done;
277 }
278
279 /* FIXME: remove this after switching all handlers to the new
280 * authentication infrastructure. */
281 if (! s->auth.identity) {
282 s->auth.identity = rgw::auth::transform_old_authinfo(s);
283 }
284
285 ldpp_dout(s, 2) << "reading op permissions" << dendl;
286 ret = req->read_permissions(op, null_yield);
287 if (ret < 0) {
288 abort_req(s, op, ret);
289 goto done;
290 }
291
292 ldpp_dout(s, 2) << "init op" << dendl;
293 ret = op->init_processing(null_yield);
294 if (ret < 0) {
295 abort_req(s, op, ret);
296 goto done;
297 }
298
299 ldpp_dout(s, 2) << "verifying op mask" << dendl;
300 ret = op->verify_op_mask();
301 if (ret < 0) {
302 abort_req(s, op, ret);
303 goto done;
304 }
305
306 ldpp_dout(s, 2) << "verifying op permissions" << dendl;
307 ret = op->verify_permission(null_yield);
308 if (ret < 0) {
309 if (s->system_request) {
310 ldpp_dout(op, 2) << "overriding permissions due to system operation" << dendl;
311 } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
312 ldpp_dout(op, 2) << "overriding permissions due to admin operation" << dendl;
313 } else {
314 abort_req(s, op, ret);
315 goto done;
316 }
317 }
318
319 ldpp_dout(s, 2) << "verifying op params" << dendl;
320 ret = op->verify_params();
321 if (ret < 0) {
322 abort_req(s, op, ret);
323 goto done;
324 }
325
326 ldpp_dout(s, 2) << "executing" << dendl;
327 op->pre_exec();
328 op->execute(null_yield);
329 op->complete();
330
331 } catch (const ceph::crypto::DigestException& e) {
332 dout(0) << "authentication failed" << e.what() << dendl;
333 abort_req(s, op, -ERR_INVALID_SECRET_KEY);
334 }
335
336 done:
337 try {
338 io->complete_request();
339 } catch (rgw::io::Exception& e) {
340 dout(0) << "ERROR: io->complete_request() returned "
341 << e.what() << dendl;
342 }
343 if (should_log) {
344 rgw_log_op(nullptr /* !rest */, s, (op ? op->name() : "unknown"), olog);
345 }
346
347 int http_ret = s->err.http_ret;
348
349 ldpp_dout(s, 2) << "http status=" << http_ret << dendl;
350
351 ldpp_dout(op, 1) << "====== " << __func__
352 << " req done req=" << hex << req << dec << " http_status="
353 << http_ret
354 << " ======" << dendl;
355
356 return (ret < 0 ? ret : s->err.ret);
357 } /* process_request */
358
359 int RGWLibProcess::start_request(RGWLibContinuedReq* req)
360 {
361
362 dout(1) << "====== " << __func__
363 << " starting new continued request req=" << hex << req << dec
364 << " ======" << dendl;
365
366 /*
367 * invariant: valid requests are derived from RGWOp--well-formed
368 * requests should have assigned RGWRequest::op in their descendant
369 * constructor--if not, the compiler can find it, at the cost of
370 * a runtime check
371 */
372 RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
373 if (! op) {
374 ldpp_dout(op, 1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
375 return -EINVAL;
376 }
377
378 struct req_state* s = req->get_state();
379 RGWLibIO& io_ctx = req->get_io();
380 RGWEnv& rgw_env = io_ctx.get_env();
381 RGWObjectCtx& rados_ctx = req->get_octx();
382
383 rgw_env.set("HTTP_HOST", "");
384
385 int ret = req->init(rgw_env, &rados_ctx, &io_ctx, s);
386 if (ret < 0) {
387 ldpp_dout(op, 10) << "failed to initialize request" << dendl;
388 abort_req(s, op, ret);
389 goto done;
390 }
391
392 /* req is-a RGWOp, currently initialized separately */
393 ret = req->op_init();
394 if (ret < 0) {
395 dout(10) << "failed to initialize RGWOp" << dendl;
396 abort_req(s, op, ret);
397 goto done;
398 }
399
400 /* XXX authorize does less here then in the REST path, e.g.,
401 * the user's info is cached, but still incomplete */
402 ldpp_dout(s, 2) << "authorizing" << dendl;
403 ret = req->authorize(op, null_yield);
404 if (ret < 0) {
405 dout(10) << "failed to authorize request" << dendl;
406 abort_req(s, op, ret);
407 goto done;
408 }
409
410 /* FIXME: remove this after switching all handlers to the new authentication
411 * infrastructure. */
412 if (! s->auth.identity) {
413 s->auth.identity = rgw::auth::transform_old_authinfo(s);
414 }
415
416 ldpp_dout(s, 2) << "reading op permissions" << dendl;
417 ret = req->read_permissions(op, null_yield);
418 if (ret < 0) {
419 abort_req(s, op, ret);
420 goto done;
421 }
422
423 ldpp_dout(s, 2) << "init op" << dendl;
424 ret = op->init_processing(null_yield);
425 if (ret < 0) {
426 abort_req(s, op, ret);
427 goto done;
428 }
429
430 ldpp_dout(s, 2) << "verifying op mask" << dendl;
431 ret = op->verify_op_mask();
432 if (ret < 0) {
433 abort_req(s, op, ret);
434 goto done;
435 }
436
437 ldpp_dout(s, 2) << "verifying op permissions" << dendl;
438 ret = op->verify_permission(null_yield);
439 if (ret < 0) {
440 if (s->system_request) {
441 ldpp_dout(op, 2) << "overriding permissions due to system operation" << dendl;
442 } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
443 ldpp_dout(op, 2) << "overriding permissions due to admin operation" << dendl;
444 } else {
445 abort_req(s, op, ret);
446 goto done;
447 }
448 }
449
450 ldpp_dout(s, 2) << "verifying op params" << dendl;
451 ret = op->verify_params();
452 if (ret < 0) {
453 abort_req(s, op, ret);
454 goto done;
455 }
456
457 op->pre_exec();
458 req->exec_start();
459
460 done:
461 return (ret < 0 ? ret : s->err.ret);
462 }
463
464 int RGWLibProcess::finish_request(RGWLibContinuedReq* req)
465 {
466 RGWOp *op = (req->op) ? req->op : dynamic_cast<RGWOp*>(req);
467 if (! op) {
468 ldpp_dout(op, 1) << "failed to derive cognate RGWOp (invalid op?)" << dendl;
469 return -EINVAL;
470 }
471
472 int ret = req->exec_finish();
473 int op_ret = op->get_ret();
474
475 ldpp_dout(op, 1) << "====== " << __func__
476 << " finishing continued request req=" << hex << req << dec
477 << " op status=" << op_ret
478 << " ======" << dendl;
479
480 perfcounter->inc(l_rgw_req);
481
482 return ret;
483 }
484
485 int RGWLibFrontend::init()
486 {
487 pprocess = new RGWLibProcess(g_ceph_context, &env,
488 g_conf()->rgw_thread_pool_size, conf);
489 return 0;
490 }
491
492 int RGWLib::init()
493 {
494 vector<const char*> args;
495 return init(args);
496 }
497
498 int RGWLib::init(vector<const char*>& args)
499 {
500 int r = 0;
501
502 /* alternative default for module */
503 map<string,string> defaults = {
504 { "debug_rgw", "1/5" },
505 { "keyring", "$rgw_data/keyring" },
506 { "log_file", "/var/log/radosgw/$cluster-$name.log" }
507 };
508
509 cct = global_init(&defaults, args,
510 CEPH_ENTITY_TYPE_CLIENT,
511 CODE_ENVIRONMENT_DAEMON,
512 CINIT_FLAG_UNPRIVILEGED_DAEMON_DEFAULTS);
513
514 ceph::mutex mutex = ceph::make_mutex("main");
515 SafeTimer init_timer(g_ceph_context, mutex);
516 init_timer.init();
517 mutex.lock();
518 init_timer.add_event_after(g_conf()->rgw_init_timeout, new C_InitTimeout);
519 mutex.unlock();
520
521 common_init_finish(g_ceph_context);
522
523 rgw_tools_init(g_ceph_context);
524
525 rgw_init_resolver();
526 rgw::curl::setup_curl(boost::none);
527 rgw_http_client_init(g_ceph_context);
528
529 auto run_gc =
530 g_conf()->rgw_enable_gc_threads &&
531 g_conf()->rgw_nfs_run_gc_threads;
532
533 auto run_lc =
534 g_conf()->rgw_enable_lc_threads &&
535 g_conf()->rgw_nfs_run_lc_threads;
536
537 auto run_quota =
538 g_conf()->rgw_enable_quota_threads &&
539 g_conf()->rgw_nfs_run_quota_threads;
540
541 auto run_sync =
542 g_conf()->rgw_run_sync_thread &&
543 g_conf()->rgw_nfs_run_sync_thread;
544
545 store = RGWStoreManager::get_storage(this, g_ceph_context,
546 run_gc,
547 run_lc,
548 run_quota,
549 run_sync,
550 g_conf().get_val<bool>("rgw_dynamic_resharding"));
551
552 if (!store) {
553 mutex.lock();
554 init_timer.cancel_all_events();
555 init_timer.shutdown();
556 mutex.unlock();
557
558 derr << "Couldn't init storage provider (RADOS)" << dendl;
559 return -EIO;
560 }
561
562 r = rgw_perf_start(g_ceph_context);
563
564 rgw_rest_init(g_ceph_context, store->svc()->zone->get_zonegroup());
565
566 mutex.lock();
567 init_timer.cancel_all_events();
568 init_timer.shutdown();
569 mutex.unlock();
570
571 if (r)
572 return -EIO;
573
574 const string& ldap_uri = store->ctx()->_conf->rgw_ldap_uri;
575 const string& ldap_binddn = store->ctx()->_conf->rgw_ldap_binddn;
576 const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
577 const string& ldap_searchfilter = store->ctx()->_conf->rgw_ldap_searchfilter;
578 const string& ldap_dnattr =
579 store->ctx()->_conf->rgw_ldap_dnattr;
580 std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
581
582 ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(),
583 ldap_searchdn, ldap_searchfilter, ldap_dnattr);
584 ldh->init();
585 ldh->bind();
586
587 rgw_log_usage_init(g_ceph_context, store->getRados());
588
589 // XXX ex-RGWRESTMgr_lib, mgr->set_logging(true)
590
591 OpsLogManifold* olog_manifold = new OpsLogManifold();
592 if (!g_conf()->rgw_ops_log_socket_path.empty()) {
593 OpsLogSocket* olog_socket = new OpsLogSocket(g_ceph_context, g_conf()->rgw_ops_log_data_backlog);
594 olog_socket->init(g_conf()->rgw_ops_log_socket_path);
595 olog_manifold->add_sink(olog_socket);
596 }
597 OpsLogFile* ops_log_file;
598 if (!g_conf()->rgw_ops_log_file_path.empty()) {
599 ops_log_file = new OpsLogFile(g_ceph_context, g_conf()->rgw_ops_log_file_path, g_conf()->rgw_ops_log_data_backlog);
600 ops_log_file->start();
601 olog_manifold->add_sink(ops_log_file);
602 }
603 olog_manifold->add_sink(new OpsLogRados(store->getRados()));
604 olog = olog_manifold;
605
606 int port = 80;
607 RGWProcessEnv env = { store, &rest, olog, port };
608
609 string fe_count{"0"};
610 fec = new RGWFrontendConfig("rgwlib");
611 fe = new RGWLibFrontend(env, fec);
612
613 init_async_signal_handler();
614 register_async_signal_handler(SIGUSR1, handle_sigterm);
615
616 map<string, string> service_map_meta;
617 service_map_meta["pid"] = stringify(getpid());
618 service_map_meta["frontend_type#" + fe_count] = "rgw-nfs";
619 service_map_meta["frontend_config#" + fe_count] = fec->get_config();
620
621 fe->init();
622 if (r < 0) {
623 derr << "ERROR: failed initializing frontend" << dendl;
624 return r;
625 }
626
627 fe->run();
628
629 r = store->getRados()->register_to_service_map("rgw-nfs", service_map_meta);
630 if (r < 0) {
631 derr << "ERROR: failed to register to service map: " << cpp_strerror(-r) << dendl;
632 /* ignore error */
633 }
634
635 #ifdef WITH_RADOSGW_AMQP_ENDPOINT
636 if (!rgw::amqp::init(cct.get())) {
637 derr << "ERROR: failed to initialize AMQP manager" << dendl;
638 }
639 #endif
640 #ifdef WITH_RADOSGW_KAFKA_ENDPOINT
641 if (!rgw::kafka::init(cct.get())) {
642 derr << "ERROR: failed to initialize Kafka manager" << dendl;
643 }
644 #endif
645
646 return 0;
647 } /* RGWLib::init() */
648
649 int RGWLib::stop()
650 {
651 derr << "shutting down" << dendl;
652
653 fe->stop();
654
655 fe->join();
656
657 delete fe;
658 delete fec;
659 delete ldh;
660
661 unregister_async_signal_handler(SIGUSR1, handle_sigterm);
662 shutdown_async_signal_handler();
663
664 rgw_log_usage_finalize();
665
666 delete olog;
667
668 RGWStoreManager::close_storage(store);
669
670 rgw_tools_cleanup();
671 rgw_shutdown_resolver();
672 rgw_http_client_cleanup();
673 rgw::curl::cleanup_curl();
674 #ifdef WITH_RADOSGW_AMQP_ENDPOINT
675 rgw::amqp::shutdown();
676 #endif
677 #ifdef WITH_RADOSGW_KAFKA_ENDPOINT
678 rgw::kafka::shutdown();
679 #endif
680
681 rgw_perf_stop(g_ceph_context);
682
683 dout(1) << "final shutdown" << dendl;
684 cct.reset();
685
686 return 0;
687 } /* RGWLib::stop() */
688
689 int RGWLibIO::set_uid(rgw::sal::RGWRadosStore *store, const rgw_user& uid)
690 {
691 const DoutPrefix dp(store->ctx(), dout_subsys, "librgw: ");
692 int ret = store->ctl()->user->get_info_by_uid(&dp, uid, &user_info, null_yield);
693 if (ret < 0) {
694 derr << "ERROR: failed reading user info: uid=" << uid << " ret="
695 << ret << dendl;
696 }
697 return ret;
698 }
699
700 int RGWLibRequest::read_permissions(RGWOp* op, optional_yield y) {
701 /* bucket and object ops */
702 int ret =
703 rgw_build_bucket_policies(op, rgwlib.get_store(), get_state(), y);
704 if (ret < 0) {
705 ldpp_dout(op, 10) << "read_permissions (bucket policy) on "
706 << get_state()->bucket << ":"
707 << get_state()->object
708 << " only_bucket=" << only_bucket()
709 << " ret=" << ret << dendl;
710 if (ret == -ENODATA)
711 ret = -EACCES;
712 } else if (! only_bucket()) {
713 /* object ops */
714 ret = rgw_build_object_policies(op, rgwlib.get_store(), get_state(),
715 op->prefetch_data(), y);
716 if (ret < 0) {
717 ldpp_dout(op, 10) << "read_permissions (object policy) on"
718 << get_state()->bucket << ":"
719 << get_state()->object
720 << " ret=" << ret << dendl;
721 if (ret == -ENODATA)
722 ret = -EACCES;
723 }
724 }
725 return ret;
726 } /* RGWLibRequest::read_permissions */
727
728 int RGWHandler_Lib::authorize(const DoutPrefixProvider *dpp, optional_yield y)
729 {
730 /* TODO: handle
731 * 1. subusers
732 * 2. anonymous access
733 * 3. system access
734 * 4. ?
735 *
736 * Much or all of this depends on handling the cached authorization
737 * correctly (e.g., dealing with keystone) at mount time.
738 */
739 s->perm_mask = RGW_PERM_FULL_CONTROL;
740
741 // populate the owner info
742 s->owner.set_id(s->user->get_id());
743 s->owner.set_name(s->user->get_display_name());
744
745 return 0;
746 } /* RGWHandler_Lib::authorize */
747
748 } /* namespace rgw */
749
750 extern "C" {
751
752 int librgw_create(librgw_t* rgw, int argc, char **argv)
753 {
754 using namespace rgw;
755
756 int rc = -EINVAL;
757
758 if (! g_ceph_context) {
759 std::lock_guard<std::mutex> lg(librgw_mtx);
760 if (! g_ceph_context) {
761 vector<const char*> args;
762 std::vector<std::string> spl_args;
763 // last non-0 argument will be split and consumed
764 if (argc > 1) {
765 const std::string spl_arg{argv[(--argc)]};
766 get_str_vec(spl_arg, " \t", spl_args);
767 }
768 argv_to_vec(argc, const_cast<const char**>(argv), args);
769 // append split args, if any
770 for (const auto& elt : spl_args) {
771 args.push_back(elt.c_str());
772 }
773 rc = rgwlib.init(args);
774 }
775 }
776
777 *rgw = g_ceph_context->get();
778
779 return rc;
780 }
781
782 void librgw_shutdown(librgw_t rgw)
783 {
784 using namespace rgw;
785
786 CephContext* cct = static_cast<CephContext*>(rgw);
787 rgwlib.stop();
788 cct->put();
789 }
790
791 } /* extern "C" */
Ceph