1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
5 * Ceph - scalable distributed file system
7 * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
8 * Copyright (C) 2015 Yehuda Sadeh <yehuda@redhat.com>
10 * This is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License version 2.1, as published by the Free Software
13 * Foundation. See file COPYING.
20 #include <string_view>
22 #include <unordered_map>
24 #include "common/ceph_crypto.h"
25 #include "common/random_string.h"
27 #include "rgw_bucket_layout.h"
29 #include "rgw_iam_policy.h"
30 #include "rgw_quota.h"
31 #include "rgw_string.h"
32 #include "common/async/yield_context.h"
33 #include "rgw_website.h"
34 #include "rgw_object_lock.h"
36 #include "rgw_op_type.h"
37 #include "rgw_sync_policy.h"
38 #include "cls/version/cls_version_types.h"
39 #include "cls/user/cls_user_types.h"
40 #include "cls/rgw/cls_rgw_types.h"
41 #include "include/rados/librados.hpp"
42 #include "rgw_public_access.h"
43 #include "common/tracer.h"
53 using Attrs
= std::map
<std::string
, ceph::buffer::list
>;
56 using ceph::crypto::MD5
;
58 #define RGW_ATTR_PREFIX "user.rgw."
60 #define RGW_HTTP_RGWX_ATTR_PREFIX "RGWX_ATTR_"
61 #define RGW_HTTP_RGWX_ATTR_PREFIX_OUT "Rgwx-Attr-"
63 #define RGW_AMZ_PREFIX "x-amz-"
64 #define RGW_AMZ_META_PREFIX RGW_AMZ_PREFIX "meta-"
65 #define RGW_AMZ_WEBSITE_REDIRECT_LOCATION RGW_AMZ_PREFIX "website-redirect-location"
66 #define RGW_AMZ_TAG_COUNT RGW_AMZ_PREFIX "tagging-count"
68 #define RGW_SYS_PARAM_PREFIX "rgwx-"
70 #define RGW_ATTR_ACL RGW_ATTR_PREFIX "acl"
71 #define RGW_ATTR_RATELIMIT RGW_ATTR_PREFIX "ratelimit"
72 #define RGW_ATTR_LC RGW_ATTR_PREFIX "lc"
73 #define RGW_ATTR_CORS RGW_ATTR_PREFIX "cors"
74 #define RGW_ATTR_ETAG RGW_ATTR_PREFIX "etag"
75 #define RGW_ATTR_BUCKETS RGW_ATTR_PREFIX "buckets"
76 #define RGW_ATTR_META_PREFIX RGW_ATTR_PREFIX RGW_AMZ_META_PREFIX
77 #define RGW_ATTR_CONTENT_TYPE RGW_ATTR_PREFIX "content_type"
78 #define RGW_ATTR_CACHE_CONTROL RGW_ATTR_PREFIX "cache_control"
79 #define RGW_ATTR_CONTENT_DISP RGW_ATTR_PREFIX "content_disposition"
80 #define RGW_ATTR_CONTENT_ENC RGW_ATTR_PREFIX "content_encoding"
81 #define RGW_ATTR_CONTENT_LANG RGW_ATTR_PREFIX "content_language"
82 #define RGW_ATTR_EXPIRES RGW_ATTR_PREFIX "expires"
83 #define RGW_ATTR_DELETE_AT RGW_ATTR_PREFIX "delete_at"
84 #define RGW_ATTR_ID_TAG RGW_ATTR_PREFIX "idtag"
85 #define RGW_ATTR_TAIL_TAG RGW_ATTR_PREFIX "tail_tag"
86 #define RGW_ATTR_SHADOW_OBJ RGW_ATTR_PREFIX "shadow_name"
87 #define RGW_ATTR_MANIFEST RGW_ATTR_PREFIX "manifest"
88 #define RGW_ATTR_USER_MANIFEST RGW_ATTR_PREFIX "user_manifest"
89 #define RGW_ATTR_AMZ_WEBSITE_REDIRECT_LOCATION RGW_ATTR_PREFIX RGW_AMZ_WEBSITE_REDIRECT_LOCATION
90 #define RGW_ATTR_SLO_MANIFEST RGW_ATTR_PREFIX "slo_manifest"
91 /* Information whether an object is SLO or not must be exposed to
92 * user through custom HTTP header named X-Static-Large-Object. */
93 #define RGW_ATTR_SLO_UINDICATOR RGW_ATTR_META_PREFIX "static-large-object"
94 #define RGW_ATTR_X_ROBOTS_TAG RGW_ATTR_PREFIX "x-robots-tag"
95 #define RGW_ATTR_STORAGE_CLASS RGW_ATTR_PREFIX "storage_class"
98 #define RGW_ATTR_OBJECT_LOCK RGW_ATTR_PREFIX "object-lock"
99 #define RGW_ATTR_OBJECT_RETENTION RGW_ATTR_PREFIX "object-retention"
100 #define RGW_ATTR_OBJECT_LEGAL_HOLD RGW_ATTR_PREFIX "object-legal-hold"
103 #define RGW_ATTR_PG_VER RGW_ATTR_PREFIX "pg_ver"
104 #define RGW_ATTR_SOURCE_ZONE RGW_ATTR_PREFIX "source_zone"
105 #define RGW_ATTR_TAGS RGW_ATTR_PREFIX RGW_AMZ_PREFIX "tagging"
107 #define RGW_ATTR_TEMPURL_KEY1 RGW_ATTR_META_PREFIX "temp-url-key"
108 #define RGW_ATTR_TEMPURL_KEY2 RGW_ATTR_META_PREFIX "temp-url-key-2"
110 /* Account/container quota of the Swift API. */
111 #define RGW_ATTR_QUOTA_NOBJS RGW_ATTR_META_PREFIX "quota-count"
112 #define RGW_ATTR_QUOTA_MSIZE RGW_ATTR_META_PREFIX "quota-bytes"
114 /* Static Web Site of Swift API. */
115 #define RGW_ATTR_WEB_INDEX RGW_ATTR_META_PREFIX "web-index"
116 #define RGW_ATTR_WEB_ERROR RGW_ATTR_META_PREFIX "web-error"
117 #define RGW_ATTR_WEB_LISTINGS RGW_ATTR_META_PREFIX "web-listings"
118 #define RGW_ATTR_WEB_LIST_CSS RGW_ATTR_META_PREFIX "web-listings-css"
119 #define RGW_ATTR_SUBDIR_MARKER RGW_ATTR_META_PREFIX "web-directory-type"
121 #define RGW_ATTR_OLH_PREFIX RGW_ATTR_PREFIX "olh."
123 #define RGW_ATTR_OLH_INFO RGW_ATTR_OLH_PREFIX "info"
124 #define RGW_ATTR_OLH_VER RGW_ATTR_OLH_PREFIX "ver"
125 #define RGW_ATTR_OLH_ID_TAG RGW_ATTR_OLH_PREFIX "idtag"
126 #define RGW_ATTR_OLH_PENDING_PREFIX RGW_ATTR_OLH_PREFIX "pending."
128 #define RGW_ATTR_COMPRESSION RGW_ATTR_PREFIX "compression"
130 #define RGW_ATTR_APPEND_PART_NUM RGW_ATTR_PREFIX "append_part_num"
133 #define RGW_ATTR_IAM_POLICY RGW_ATTR_PREFIX "iam-policy"
134 #define RGW_ATTR_USER_POLICY RGW_ATTR_PREFIX "user-policy"
135 #define RGW_ATTR_PUBLIC_ACCESS RGW_ATTR_PREFIX "public-access"
137 /* RGW File Attributes */
138 #define RGW_ATTR_UNIX_KEY1 RGW_ATTR_PREFIX "unix-key1"
139 #define RGW_ATTR_UNIX1 RGW_ATTR_PREFIX "unix1"
141 #define RGW_ATTR_CRYPT_PREFIX RGW_ATTR_PREFIX "crypt."
142 #define RGW_ATTR_CRYPT_MODE RGW_ATTR_CRYPT_PREFIX "mode"
143 #define RGW_ATTR_CRYPT_KEYMD5 RGW_ATTR_CRYPT_PREFIX "keymd5"
144 #define RGW_ATTR_CRYPT_KEYID RGW_ATTR_CRYPT_PREFIX "keyid"
145 #define RGW_ATTR_CRYPT_KEYSEL RGW_ATTR_CRYPT_PREFIX "keysel"
146 #define RGW_ATTR_CRYPT_CONTEXT RGW_ATTR_CRYPT_PREFIX "context"
147 #define RGW_ATTR_CRYPT_DATAKEY RGW_ATTR_CRYPT_PREFIX "datakey"
149 /* SSE-S3 Encryption Attributes */
150 #define RGW_ATTR_BUCKET_ENCRYPTION_PREFIX RGW_ATTR_PREFIX "sse-s3."
151 #define RGW_ATTR_BUCKET_ENCRYPTION_POLICY RGW_ATTR_BUCKET_ENCRYPTION_PREFIX "policy"
152 #define RGW_ATTR_BUCKET_ENCRYPTION_KEY_ID RGW_ATTR_BUCKET_ENCRYPTION_PREFIX "key-id"
154 #define RGW_ATTR_TRACE RGW_ATTR_PREFIX "trace"
156 #define RGW_FORMAT_PLAIN 0
157 #define RGW_FORMAT_XML 1
158 #define RGW_FORMAT_JSON 2
159 #define RGW_FORMAT_HTML 3
161 #define RGW_CAP_READ 0x1
162 #define RGW_CAP_WRITE 0x2
163 #define RGW_CAP_ALL (RGW_CAP_READ | RGW_CAP_WRITE)
165 #define RGW_REST_SWIFT 0x1
166 #define RGW_REST_SWIFT_AUTH 0x2
167 #define RGW_REST_S3 0x4
168 #define RGW_REST_WEBSITE 0x8
169 #define RGW_REST_STS 0x10
170 #define RGW_REST_IAM 0x20
172 #define RGW_SUSPENDED_USER_AUID (uint64_t)-2
174 #define RGW_OP_TYPE_READ 0x01
175 #define RGW_OP_TYPE_WRITE 0x02
176 #define RGW_OP_TYPE_DELETE 0x04
178 #define RGW_OP_TYPE_MODIFY (RGW_OP_TYPE_WRITE | RGW_OP_TYPE_DELETE)
179 #define RGW_OP_TYPE_ALL (RGW_OP_TYPE_READ | RGW_OP_TYPE_WRITE | RGW_OP_TYPE_DELETE)
181 #define RGW_DEFAULT_MAX_BUCKETS 1000
183 #define RGW_DEFER_TO_BUCKET_ACLS_RECURSE 1
184 #define RGW_DEFER_TO_BUCKET_ACLS_FULL_CONTROL 2
186 #define STATUS_CREATED 1900
187 #define STATUS_ACCEPTED 1901
188 #define STATUS_NO_CONTENT 1902
189 #define STATUS_PARTIAL_CONTENT 1903
190 #define STATUS_REDIRECT 1904
191 #define STATUS_NO_APPLY 1905
192 #define STATUS_APPLIED 1906
194 #define ERR_INVALID_BUCKET_NAME 2000
195 #define ERR_INVALID_OBJECT_NAME 2001
196 #define ERR_NO_SUCH_BUCKET 2002
197 #define ERR_METHOD_NOT_ALLOWED 2003
198 #define ERR_INVALID_DIGEST 2004
199 #define ERR_BAD_DIGEST 2005
200 #define ERR_UNRESOLVABLE_EMAIL 2006
201 #define ERR_INVALID_PART 2007
202 #define ERR_INVALID_PART_ORDER 2008
203 #define ERR_NO_SUCH_UPLOAD 2009
204 #define ERR_REQUEST_TIMEOUT 2010
205 #define ERR_LENGTH_REQUIRED 2011
206 #define ERR_REQUEST_TIME_SKEWED 2012
207 #define ERR_BUCKET_EXISTS 2013
208 #define ERR_BAD_URL 2014
209 #define ERR_PRECONDITION_FAILED 2015
210 #define ERR_NOT_MODIFIED 2016
211 #define ERR_INVALID_UTF8 2017
212 #define ERR_UNPROCESSABLE_ENTITY 2018
213 #define ERR_TOO_LARGE 2019
214 #define ERR_TOO_MANY_BUCKETS 2020
215 #define ERR_INVALID_REQUEST 2021
216 #define ERR_TOO_SMALL 2022
217 #define ERR_NOT_FOUND 2023
218 #define ERR_PERMANENT_REDIRECT 2024
219 #define ERR_LOCKED 2025
220 #define ERR_QUOTA_EXCEEDED 2026
221 #define ERR_SIGNATURE_NO_MATCH 2027
222 #define ERR_INVALID_ACCESS_KEY 2028
223 #define ERR_MALFORMED_XML 2029
224 #define ERR_USER_EXIST 2030
225 #define ERR_NOT_SLO_MANIFEST 2031
226 #define ERR_EMAIL_EXIST 2032
227 #define ERR_KEY_EXIST 2033
228 #define ERR_INVALID_SECRET_KEY 2034
229 #define ERR_INVALID_KEY_TYPE 2035
230 #define ERR_INVALID_CAP 2036
231 #define ERR_INVALID_TENANT_NAME 2037
232 #define ERR_WEBSITE_REDIRECT 2038
233 #define ERR_NO_SUCH_WEBSITE_CONFIGURATION 2039
234 #define ERR_AMZ_CONTENT_SHA256_MISMATCH 2040
235 #define ERR_NO_SUCH_LC 2041
236 #define ERR_NO_SUCH_USER 2042
237 #define ERR_NO_SUCH_SUBUSER 2043
238 #define ERR_MFA_REQUIRED 2044
239 #define ERR_NO_SUCH_CORS_CONFIGURATION 2045
240 #define ERR_NO_SUCH_OBJECT_LOCK_CONFIGURATION 2046
241 #define ERR_INVALID_RETENTION_PERIOD 2047
242 #define ERR_NO_SUCH_BUCKET_ENCRYPTION_CONFIGURATION 2048
243 #define ERR_USER_SUSPENDED 2100
244 #define ERR_INTERNAL_ERROR 2200
245 #define ERR_NOT_IMPLEMENTED 2201
246 #define ERR_SERVICE_UNAVAILABLE 2202
247 #define ERR_ROLE_EXISTS 2203
248 #define ERR_MALFORMED_DOC 2204
249 #define ERR_NO_ROLE_FOUND 2205
250 #define ERR_DELETE_CONFLICT 2206
251 #define ERR_NO_SUCH_BUCKET_POLICY 2207
252 #define ERR_INVALID_LOCATION_CONSTRAINT 2208
253 #define ERR_TAG_CONFLICT 2209
254 #define ERR_INVALID_TAG 2210
255 #define ERR_ZERO_IN_URL 2211
256 #define ERR_MALFORMED_ACL_ERROR 2212
257 #define ERR_ZONEGROUP_DEFAULT_PLACEMENT_MISCONFIGURATION 2213
258 #define ERR_INVALID_ENCRYPTION_ALGORITHM 2214
259 #define ERR_INVALID_CORS_RULES_ERROR 2215
260 #define ERR_NO_CORS_FOUND 2216
261 #define ERR_INVALID_WEBSITE_ROUTING_RULES_ERROR 2217
262 #define ERR_RATE_LIMITED 2218
263 #define ERR_POSITION_NOT_EQUAL_TO_LENGTH 2219
264 #define ERR_OBJECT_NOT_APPENDABLE 2220
265 #define ERR_INVALID_BUCKET_STATE 2221
266 #define ERR_INVALID_OBJECT_STATE 2222
268 #define ERR_BUSY_RESHARDING 2300
269 #define ERR_NO_SUCH_ENTITY 2301
270 #define ERR_LIMIT_EXCEEDED 2302
273 #define ERR_PACKED_POLICY_TOO_LARGE 2400
274 #define ERR_INVALID_IDENTITY_TOKEN 2401
276 #define ERR_NO_SUCH_TAG_SET 2402
279 #define UINT32_MAX (0xffffffffu)
284 typedef void *RGWAccessHandle
;
286 enum RGWIntentEvent
{
296 /** Store error returns for output at a different point in the program */
300 bool is_clear() const;
302 friend std::ostream
& operator<<(std::ostream
& oss
, const rgw_err
&err
);
306 std::string err_code
;
311 /* Helper class used for RGWHTTPArgs parsing */
314 const std::string str
;
318 explicit NameVal(const std::string
& nv
) : str(nv
) {}
322 std::string
& get_name() { return name
; }
323 std::string
& get_val() { return val
; }
326 /** Stores the XML arguments associated with the HTTP request in req_state*/
328 std::string str
, empty_str
;
329 std::map
<std::string
, std::string
> val_map
;
330 std::map
<std::string
, std::string
> sys_val_map
;
331 std::map
<std::string
, std::string
> sub_resources
;
332 bool has_resp_modifier
= false;
333 bool admin_subresource_added
= false;
335 RGWHTTPArgs() = default;
336 explicit RGWHTTPArgs(const std::string
& s
, const DoutPrefixProvider
*dpp
) {
341 /** Set the arguments; as received */
342 void set(const std::string
& s
) {
343 has_resp_modifier
= false;
345 sub_resources
.clear();
348 /** parse the received arguments */
349 int parse(const DoutPrefixProvider
*dpp
);
350 void append(const std::string
& name
, const std::string
& val
);
351 void remove(const std::string
& name
);
352 /** Get the value for a specific argument parameter */
353 const std::string
& get(const std::string
& name
, bool *exists
= NULL
) const;
354 boost::optional
<const std::string
&>
355 get_optional(const std::string
& name
) const;
356 int get_bool(const std::string
& name
, bool *val
, bool *exists
) const;
357 int get_bool(const char *name
, bool *val
, bool *exists
) const;
358 void get_bool(const char *name
, bool *val
, bool def_val
) const;
359 int get_int(const char *name
, int *val
, int def_val
) const;
361 /** Get the value for specific system argument parameter */
362 std::string
sys_get(const std::string
& name
, bool *exists
= nullptr) const;
364 /** see if a parameter is contained in this RGWHTTPArgs */
365 bool exists(const char *name
) const {
366 return (val_map
.find(name
) != std::end(val_map
));
368 bool sub_resource_exists(const char *name
) const {
369 return (sub_resources
.find(name
) != std::end(sub_resources
));
371 bool exist_obj_excl_sub_resource() const {
372 const char* const obj_sub_resource
[] = {"append", "torrent", "uploadId",
373 "partNumber", "versionId"};
374 for (unsigned i
= 0; i
!= std::size(obj_sub_resource
); i
++) {
375 if (sub_resource_exists(obj_sub_resource
[i
])) return true;
380 std::map
<std::string
, std::string
>& get_params() {
383 const std::map
<std::string
, std::string
>& get_params() const {
386 std::map
<std::string
, std::string
>& get_sys_params() {
389 const std::map
<std::string
, std::string
>& get_sys_params() const {
392 const std::map
<std::string
, std::string
>& get_sub_resources() const {
393 return sub_resources
;
395 unsigned get_num_params() const {
396 return val_map
.size();
398 bool has_response_modifier() const {
399 return has_resp_modifier
;
401 void set_system() { /* make all system params visible */
402 std::map
<std::string
, std::string
>::iterator iter
;
403 for (iter
= sys_val_map
.begin(); iter
!= sys_val_map
.end(); ++iter
) {
404 val_map
[iter
->first
] = iter
->second
;
407 const std::string
& get_str() {
412 const char *rgw_conf_get(const std::map
<std::string
, std::string
, ltstr_nocase
>& conf_map
, const char *name
, const char *def_val
);
413 int rgw_conf_get_int(const std::map
<std::string
, std::string
, ltstr_nocase
>& conf_map
, const char *name
, int def_val
);
414 bool rgw_conf_get_bool(const std::map
<std::string
, std::string
, ltstr_nocase
>& conf_map
, const char *name
, bool def_val
);
421 int enable_usage_log
;
422 uint8_t defer_to_bucket_acls
;
423 void init(CephContext
*cct
);
428 defer_to_bucket_acls(0) {
433 std::map
<std::string
, std::string
, ltstr_nocase
> env_map
;
436 void init(CephContext
*cct
);
437 void init(CephContext
*cct
, char **envp
);
438 void set(std::string name
, std::string val
);
439 const char *get(const char *name
, const char *def_val
= nullptr) const;
440 int get_int(const char *name
, int def_val
= 0) const;
441 bool get_bool(const char *name
, bool def_val
= 0);
442 size_t get_size(const char *name
, size_t def_val
= 0) const;
443 bool exists(const char *name
) const;
444 bool exists_prefix(const char *prefix
) const;
445 void remove(const char *name
);
446 const std::map
<std::string
, std::string
, ltstr_nocase
>& get_map() const { return env_map
; }
447 int get_enable_ops_log() const {
448 return conf
.enable_ops_log
;
451 int get_enable_usage_log() const {
452 return conf
.enable_usage_log
;
455 int get_defer_to_bucket_acls() const {
456 return conf
.defer_to_bucket_acls
;
460 // return true if the connection is secure. this either means that the
461 // connection arrived via ssl, or was forwarded as https by a trusted proxy
462 bool rgw_transport_is_secure(CephContext
*cct
, const RGWEnv
& env
);
475 class RGWAccessControlPolicy
;
478 struct RGWAccessKey
{
479 std::string id
; // AccessKey
480 std::string key
; // SecretKey
484 RGWAccessKey(std::string _id
, std::string _key
)
485 : id(std::move(_id
)), key(std::move(_key
)) {}
487 void encode(bufferlist
& bl
) const {
488 ENCODE_START(2, 2, bl
);
495 void decode(bufferlist::const_iterator
& bl
) {
496 DECODE_START_LEGACY_COMPAT_LEN_32(2, 2, 2, bl
);
502 void dump(Formatter
*f
) const;
503 void dump_plain(Formatter
*f
) const;
504 void dump(Formatter
*f
, const std::string
& user
, bool swift
) const;
505 static void generate_test_instances(std::list
<RGWAccessKey
*>& o
);
507 void decode_json(JSONObj
*obj
);
508 void decode_json(JSONObj
*obj
, bool swift
);
510 WRITE_CLASS_ENCODER(RGWAccessKey
)
516 RGWSubUser() : perm_mask(0) {}
517 void encode(bufferlist
& bl
) const {
518 ENCODE_START(2, 2, bl
);
520 encode(perm_mask
, bl
);
524 void decode(bufferlist::const_iterator
& bl
) {
525 DECODE_START_LEGACY_COMPAT_LEN_32(2, 2, 2, bl
);
527 decode(perm_mask
, bl
);
530 void dump(Formatter
*f
) const;
531 void dump(Formatter
*f
, const std::string
& user
) const;
532 static void generate_test_instances(std::list
<RGWSubUser
*>& o
);
534 void decode_json(JSONObj
*obj
);
536 WRITE_CLASS_ENCODER(RGWSubUser
)
540 std::map
<std::string
, uint32_t> caps
;
542 int get_cap(const std::string
& cap
, std::string
& type
, uint32_t *perm
);
543 int add_cap(const std::string
& cap
);
544 int remove_cap(const std::string
& cap
);
546 static int parse_cap_perm(const std::string
& str
, uint32_t *perm
);
547 int add_from_string(const std::string
& str
);
548 int remove_from_string(const std::string
& str
);
550 void encode(bufferlist
& bl
) const {
551 ENCODE_START(1, 1, bl
);
555 void decode(bufferlist::const_iterator
& bl
) {
560 int check_cap(const std::string
& cap
, uint32_t perm
) const;
561 bool is_valid_cap_type(const std::string
& tp
);
562 void dump(Formatter
*f
) const;
563 void dump(Formatter
*f
, const char *name
) const;
565 void decode_json(JSONObj
*obj
);
567 WRITE_CLASS_ENCODER(RGWUserCaps
)
569 void encode_json(const char *name
, const obj_version
& v
, Formatter
*f
);
570 void encode_json(const char *name
, const RGWUserCaps
& val
, Formatter
*f
);
572 void decode_json_obj(obj_version
& v
, JSONObj
*obj
);
586 static std::string RGW_STORAGE_CLASS_STANDARD
= "STANDARD";
588 struct rgw_placement_rule
{
590 std::string storage_class
;
592 rgw_placement_rule() {}
593 rgw_placement_rule(const std::string
& _n
, const std::string
& _sc
) : name(_n
), storage_class(_sc
) {}
594 rgw_placement_rule(const rgw_placement_rule
& _r
, const std::string
& _sc
) : name(_r
.name
) {
598 storage_class
= _r
.storage_class
;
603 return name
.empty() && storage_class
.empty();
606 void inherit_from(const rgw_placement_rule
& r
) {
610 if (storage_class
.empty()) {
611 storage_class
= r
.storage_class
;
617 storage_class
.clear();
620 void init(const std::string
& n
, const std::string
& c
) {
625 static const std::string
& get_canonical_storage_class(const std::string
& storage_class
) {
626 if (storage_class
.empty()) {
627 return RGW_STORAGE_CLASS_STANDARD
;
629 return storage_class
;
632 const std::string
& get_storage_class() const {
633 return get_canonical_storage_class(storage_class
);
636 int compare(const rgw_placement_rule
& r
) const {
637 int c
= name
.compare(r
.name
);
641 return get_storage_class().compare(r
.get_storage_class());
644 bool operator==(const rgw_placement_rule
& r
) const {
645 return (name
== r
.name
&&
646 get_storage_class() == r
.get_storage_class());
649 bool operator!=(const rgw_placement_rule
& r
) const {
650 return !(*this == r
);
653 void encode(bufferlist
& bl
) const {
654 /* no ENCODE_START/END due to backward compatibility */
655 std::string s
= to_str();
659 void decode(bufferlist::const_iterator
& bl
) {
665 std::string
to_str() const {
666 if (standard_storage_class()) {
669 return to_str_explicit();
672 std::string
to_str_explicit() const {
673 return name
+ "/" + storage_class
;
676 void from_str(const std::string
& s
) {
677 size_t pos
= s
.find("/");
678 if (pos
== std::string::npos
) {
680 storage_class
.clear();
683 name
= s
.substr(0, pos
);
684 storage_class
= s
.substr(pos
+ 1);
687 bool standard_storage_class() const {
688 return storage_class
.empty() || storage_class
== RGW_STORAGE_CLASS_STANDARD
;
691 WRITE_CLASS_ENCODER(rgw_placement_rule
)
693 void encode_json(const char *name
, const rgw_placement_rule
& val
, ceph::Formatter
*f
);
694 void decode_json_obj(rgw_placement_rule
& v
, JSONObj
*obj
);
696 inline std::ostream
& operator<<(std::ostream
& out
, const rgw_placement_rule
& rule
) {
697 return out
<< rule
.to_str();
701 struct RGWRateLimitInfo
{
702 int64_t max_write_ops
;
703 int64_t max_read_ops
;
704 int64_t max_write_bytes
;
705 int64_t max_read_bytes
;
706 bool enabled
= false;
708 : max_write_ops(0), max_read_ops(0), max_write_bytes(0), max_read_bytes(0) {}
710 void encode(bufferlist
& bl
) const {
711 ENCODE_START(1, 1, bl
);
712 encode(max_write_ops
, bl
);
713 encode(max_read_ops
, bl
);
714 encode(max_write_bytes
, bl
);
715 encode(max_read_bytes
, bl
);
719 void decode(bufferlist::const_iterator
& bl
) {
721 decode(max_write_ops
,bl
);
722 decode(max_read_ops
, bl
);
723 decode(max_write_bytes
,bl
);
724 decode(max_read_bytes
, bl
);
729 void dump(Formatter
*f
) const;
731 void decode_json(JSONObj
*obj
);
734 WRITE_CLASS_ENCODER(RGWRateLimitInfo
)
739 std::string display_name
;
740 std::string user_email
;
741 std::map
<std::string
, RGWAccessKey
> access_keys
;
742 std::map
<std::string
, RGWAccessKey
> swift_keys
;
743 std::map
<std::string
, RGWSubUser
> subusers
;
750 rgw_placement_rule default_placement
;
751 std::list
<std::string
> placement_tags
;
752 RGWQuotaInfo bucket_quota
;
753 std::map
<int, std::string
> temp_url_keys
;
754 RGWQuotaInfo user_quota
;
756 std::set
<std::string
> mfa_ids
;
757 std::string assumed_role_arn
;
761 max_buckets(RGW_DEFAULT_MAX_BUCKETS
),
762 op_mask(RGW_OP_TYPE_ALL
),
768 RGWAccessKey
* get_key(const std::string
& access_key
) {
769 if (access_keys
.empty())
772 auto k
= access_keys
.find(access_key
);
773 if (k
== access_keys
.end())
779 void encode(bufferlist
& bl
) const {
780 ENCODE_START(22, 9, bl
);
781 encode((uint64_t)0, bl
); // old auid
782 std::string access_key
;
783 std::string secret_key
;
784 if (!access_keys
.empty()) {
785 std::map
<std::string
, RGWAccessKey
>::const_iterator iter
= access_keys
.begin();
786 const RGWAccessKey
& k
= iter
->second
;
790 encode(access_key
, bl
);
791 encode(secret_key
, bl
);
792 encode(display_name
, bl
);
793 encode(user_email
, bl
);
794 std::string swift_name
;
795 std::string swift_key
;
796 if (!swift_keys
.empty()) {
797 std::map
<std::string
, RGWAccessKey
>::const_iterator iter
= swift_keys
.begin();
798 const RGWAccessKey
& k
= iter
->second
;
802 encode(swift_name
, bl
);
803 encode(swift_key
, bl
);
804 encode(user_id
.id
, bl
);
805 encode(access_keys
, bl
);
806 encode(subusers
, bl
);
807 encode(suspended
, bl
);
808 encode(swift_keys
, bl
);
809 encode(max_buckets
, bl
);
813 encode(default_placement
, bl
);
814 encode(placement_tags
, bl
);
815 encode(bucket_quota
, bl
);
816 encode(temp_url_keys
, bl
);
817 encode(user_quota
, bl
);
818 encode(user_id
.tenant
, bl
);
822 encode(assumed_role_arn
, bl
);
823 encode(user_id
.ns
, bl
);
826 void decode(bufferlist::const_iterator
& bl
) {
827 DECODE_START_LEGACY_COMPAT_LEN_32(22, 9, 9, bl
);
830 decode(old_auid
, bl
);
832 std::string access_key
;
833 std::string secret_key
;
834 decode(access_key
, bl
);
835 decode(secret_key
, bl
);
840 access_keys
[access_key
] = k
;
842 decode(display_name
, bl
);
843 decode(user_email
, bl
);
844 /* We populate swift_keys map later nowadays, but we have to decode. */
845 std::string swift_name
;
846 std::string swift_key
;
847 if (struct_v
>= 3) decode(swift_name
, bl
);
848 if (struct_v
>= 4) decode(swift_key
, bl
);
850 decode(user_id
.id
, bl
);
852 user_id
.id
= access_key
;
854 decode(access_keys
, bl
);
855 decode(subusers
, bl
);
859 decode(suspended
, bl
);
862 decode(swift_keys
, bl
);
864 if (struct_v
>= 10) {
865 decode(max_buckets
, bl
);
867 max_buckets
= RGW_DEFAULT_MAX_BUCKETS
;
869 if (struct_v
>= 11) {
872 if (struct_v
>= 12) {
875 op_mask
= RGW_OP_TYPE_ALL
;
877 if (struct_v
>= 13) {
879 decode(default_placement
, bl
);
880 decode(placement_tags
, bl
); /* tags of allowed placement rules */
882 if (struct_v
>= 14) {
883 decode(bucket_quota
, bl
);
885 if (struct_v
>= 15) {
886 decode(temp_url_keys
, bl
);
888 if (struct_v
>= 16) {
889 decode(user_quota
, bl
);
891 if (struct_v
>= 17) {
892 decode(user_id
.tenant
, bl
);
894 user_id
.tenant
.clear();
896 if (struct_v
>= 18) {
899 if (struct_v
>= 19) {
902 if (struct_v
>= 20) {
905 if (struct_v
>= 21) {
906 decode(assumed_role_arn
, bl
);
908 if (struct_v
>= 22) {
909 decode(user_id
.ns
, bl
);
915 void dump(Formatter
*f
) const;
916 static void generate_test_instances(std::list
<RGWUserInfo
*>& o
);
918 void decode_json(JSONObj
*obj
);
920 WRITE_CLASS_ENCODER(RGWUserInfo
)
928 rgw_raw_obj(const rgw_pool
& _pool
, const std::string
& _oid
) {
931 rgw_raw_obj(const rgw_pool
& _pool
, const std::string
& _oid
, const std::string
& _loc
) : loc(_loc
) {
935 void init(const rgw_pool
& _pool
, const std::string
& _oid
) {
944 void encode(bufferlist
& bl
) const {
945 ENCODE_START(6, 6, bl
);
952 void decode_from_rgw_obj(bufferlist::const_iterator
& bl
);
954 void decode(bufferlist::const_iterator
& bl
) {
955 unsigned ofs
= bl
.get_off();
959 * this object was encoded as rgw_obj, prior to rgw_raw_obj been split out of it,
960 * let's decode it as rgw_obj and convert it
963 decode_from_rgw_obj(bl
);
972 bool operator<(const rgw_raw_obj
& o
) const {
973 int r
= pool
.compare(o
.pool
);
975 r
= oid
.compare(o
.oid
);
977 r
= loc
.compare(o
.loc
);
983 bool operator==(const rgw_raw_obj
& o
) const {
984 return (pool
== o
.pool
&& oid
== o
.oid
&& loc
== o
.loc
);
987 void dump(Formatter
*f
) const;
988 void decode_json(JSONObj
*obj
);
990 WRITE_CLASS_ENCODER(rgw_raw_obj
)
992 inline std::ostream
& operator<<(std::ostream
& out
, const rgw_raw_obj
& o
) {
993 out
<< o
.pool
<< ":" << o
.oid
;
997 struct rgw_bucket_placement
{
998 rgw_placement_rule placement_rule
;
1001 void dump(Formatter
*f
) const;
1004 struct RGWObjVersionTracker
{
1005 obj_version read_version
;
1006 obj_version write_version
;
1008 obj_version
*version_for_read() {
1009 return &read_version
;
1012 obj_version
*version_for_write() {
1013 if (write_version
.ver
== 0)
1016 return &write_version
;
1019 obj_version
*version_for_check() {
1020 if (read_version
.ver
== 0)
1023 return &read_version
;
1026 void prepare_op_for_read(librados::ObjectReadOperation
*op
);
1027 void prepare_op_for_write(librados::ObjectWriteOperation
*op
);
1032 read_version
= obj_version();
1033 write_version
= obj_version();
1036 void generate_new_write_ver(CephContext
*cct
);
1039 inline std::ostream
& operator<<(std::ostream
& out
, const obj_version
&v
)
1041 out
<< v
.tag
<< ":" << v
.ver
;
1045 inline std::ostream
& operator<<(std::ostream
& out
, const RGWObjVersionTracker
&ot
)
1047 out
<< "{r=" << ot
.read_version
<< ",w=" << ot
.write_version
<< "}";
1051 enum RGWBucketFlags
{
1052 BUCKET_SUSPENDED
= 0x1,
1053 BUCKET_VERSIONED
= 0x2,
1054 BUCKET_VERSIONS_SUSPENDED
= 0x4,
1055 BUCKET_DATASYNC_DISABLED
= 0X8,
1056 BUCKET_MFA_ENABLED
= 0X10,
1057 BUCKET_OBJ_LOCK_ENABLED
= 0X20,
1062 struct RGWBucketInfo
{
1066 std::string zonegroup
;
1067 ceph::real_time creation_time
;
1068 rgw_placement_rule placement_rule
;
1069 bool has_instance_obj
{false};
1070 RGWObjVersionTracker objv_tracker
; /* we don't need to serialize this, for runtime tracking */
1073 // layout of bucket index objects
1074 rgw::BucketLayout layout
;
1076 // Represents the number of bucket index object shards:
1077 // - value of 0 indicates there is no sharding (this is by default
1078 // before this feature is implemented).
1079 // - value of UINT32_T::MAX indicates this is a blind bucket.
1081 // Represents the shard number for blind bucket.
1082 const static uint32_t NUM_SHARDS_BLIND_BUCKET
;
1084 bool requester_pays
{false};
1086 bool has_website
{false};
1087 RGWBucketWebsiteConf website_conf
;
1089 bool swift_versioning
{false};
1090 std::string swift_ver_location
;
1092 std::map
<std::string
, uint32_t> mdsearch_config
;
1095 cls_rgw_reshard_status reshard_status
{cls_rgw_reshard_status::NOT_RESHARDING
};
1096 std::string new_bucket_instance_id
;
1098 RGWObjectLock obj_lock
;
1100 std::optional
<rgw_sync_policy_info
> sync_policy
;
1102 void encode(bufferlist
& bl
) const;
1103 void decode(bufferlist::const_iterator
& bl
);
1105 void dump(Formatter
*f
) const;
1106 static void generate_test_instances(std::list
<RGWBucketInfo
*>& o
);
1108 void decode_json(JSONObj
*obj
);
1110 bool versioned() const { return (flags
& BUCKET_VERSIONED
) != 0; }
1111 int versioning_status() const { return flags
& (BUCKET_VERSIONED
| BUCKET_VERSIONS_SUSPENDED
| BUCKET_MFA_ENABLED
); }
1112 bool versioning_enabled() const { return (versioning_status() & (BUCKET_VERSIONED
| BUCKET_VERSIONS_SUSPENDED
)) == BUCKET_VERSIONED
; }
1113 bool mfa_enabled() const { return (versioning_status() & BUCKET_MFA_ENABLED
) != 0; }
1114 bool datasync_flag_enabled() const { return (flags
& BUCKET_DATASYNC_DISABLED
) == 0; }
1115 bool obj_lock_enabled() const { return (flags
& BUCKET_OBJ_LOCK_ENABLED
) != 0; }
1117 bool has_swift_versioning() const {
1118 /* A bucket may be versioned through one mechanism only. */
1119 return swift_versioning
&& !versioned();
1122 void set_sync_policy(rgw_sync_policy_info
&& policy
);
1124 bool empty_sync_policy() const;
1129 WRITE_CLASS_ENCODER(RGWBucketInfo
)
1131 struct RGWBucketEntryPoint
1135 ceph::real_time creation_time
;
1138 bool has_bucket_info
;
1139 RGWBucketInfo old_bucket_info
;
1141 RGWBucketEntryPoint() : linked(false), has_bucket_info(false) {}
1143 void encode(bufferlist
& bl
) const {
1144 ENCODE_START(10, 8, bl
);
1146 encode(owner
.id
, bl
);
1148 uint64_t ctime
= (uint64_t)real_clock::to_time_t(creation_time
);
1151 encode(creation_time
, bl
);
1154 void decode(bufferlist::const_iterator
& bl
) {
1155 auto orig_iter
= bl
;
1156 DECODE_START_LEGACY_COMPAT_LEN_32(10, 4, 4, bl
);
1158 /* ouch, old entry, contains the bucket info itself */
1159 old_bucket_info
.decode(orig_iter
);
1160 has_bucket_info
= true;
1163 has_bucket_info
= false;
1165 decode(owner
.id
, bl
);
1169 if (struct_v
< 10) {
1170 creation_time
= real_clock::from_time_t((time_t)ctime
);
1172 if (struct_v
>= 9) {
1175 if (struct_v
>= 10) {
1176 decode(creation_time
, bl
);
1181 void dump(Formatter
*f
) const;
1182 void decode_json(JSONObj
*obj
);
1183 static void generate_test_instances(std::list
<RGWBucketEntryPoint
*>& o
);
1185 WRITE_CLASS_ENCODER(RGWBucketEntryPoint
)
1187 struct RGWStorageStats
1189 RGWObjCategory category
;
1191 uint64_t size_rounded
;
1192 uint64_t num_objects
;
1193 uint64_t size_utilized
{0}; //< size after compression, encryption
1194 bool dump_utilized
; // whether dump should include utilized values
1196 RGWStorageStats(bool _dump_utilized
=true)
1197 : category(RGWObjCategory::None
),
1201 dump_utilized(_dump_utilized
)
1204 void dump(Formatter
*f
) const;
1205 }; // RGWStorageStats
1209 /* Namespaced forward declarations. */
1213 class AWSBrowserUploadAbstractor
;
1223 using meta_map_t
= boost::container::flat_map
<std::string
, std::string
>;
1228 meta_map_t x_meta_map
;
1229 meta_map_t crypt_attribute_map
;
1233 std::string script_uri
;
1234 std::string request_uri
;
1235 std::string request_uri_aws4
;
1236 std::string effective_uri
;
1237 std::string request_params
;
1239 std::string storage_class
;
1241 req_info(CephContext
*cct
, const RGWEnv
*env
);
1242 void rebuild_from(req_info
& src
);
1243 void init_meta_info(const DoutPrefixProvider
*dpp
, bool *found_bad_meta
);
1246 typedef cls_rgw_obj_key rgw_obj_index_key
;
1248 struct rgw_obj_key
{
1250 std::string instance
;
1254 // cppcheck-suppress noExplicitConstructor
1255 rgw_obj_key(const std::string
& n
) : name(n
) {}
1256 rgw_obj_key(const std::string
& n
, const std::string
& i
) : name(n
), instance(i
) {}
1257 rgw_obj_key(const std::string
& n
, const std::string
& i
, const std::string
& _ns
) : name(n
), instance(i
), ns(_ns
) {}
1259 rgw_obj_key(const rgw_obj_index_key
& k
) {
1260 parse_index_key(k
.name
, &name
, &ns
);
1261 instance
= k
.instance
;
1264 static void parse_index_key(const std::string
& key
, std::string
*name
, std::string
*ns
) {
1265 if (key
[0] != '_') {
1270 if (key
[1] == '_') {
1271 *name
= key
.substr(1);
1275 ssize_t pos
= key
.find('_', 1);
1277 /* shouldn't happen, just use key */
1283 *name
= key
.substr(pos
+ 1);
1284 *ns
= key
.substr(1, pos
-1);
1287 void set(const std::string
& n
) {
1293 void set(const std::string
& n
, const std::string
& i
) {
1299 void set(const std::string
& n
, const std::string
& i
, const std::string
& _ns
) {
1305 bool set(const rgw_obj_index_key
& index_key
) {
1306 if (!parse_raw_oid(index_key
.name
, this)) {
1309 instance
= index_key
.instance
;
1313 void set_instance(const std::string
& i
) {
1317 const std::string
& get_instance() const {
1321 void set_ns(const std::string
& _ns
) {
1325 const std::string
& get_ns() const {
1329 std::string
get_index_key_name() const {
1331 if (name
.size() < 1 || name
[0] != '_') {
1334 return std::string("_") + name
;
1337 char buf
[ns
.size() + 16];
1338 snprintf(buf
, sizeof(buf
), "_%s_", ns
.c_str());
1339 return std::string(buf
) + name
;
1342 void get_index_key(rgw_obj_index_key
*key
) const {
1343 key
->name
= get_index_key_name();
1344 key
->instance
= instance
;
1347 std::string
get_loc() const {
1349 * For backward compatibility. Older versions used to have object locator on all objects,
1350 * however, the name was the effective object locator. This had the same effect as not
1351 * having object locator at all for most objects but the ones that started with underscore as
1352 * these were escaped.
1354 if (name
[0] == '_' && ns
.empty()) {
1361 bool empty() const {
1362 return name
.empty();
1365 bool have_null_instance() const {
1366 return instance
== "null";
1369 bool have_instance() const {
1370 return !instance
.empty();
1373 bool need_to_encode_instance() const {
1374 return have_instance() && !have_null_instance();
1377 std::string
get_oid() const {
1378 if (ns
.empty() && !need_to_encode_instance()) {
1379 if (name
.size() < 1 || name
[0] != '_') {
1382 return std::string("_") + name
;
1385 std::string oid
= "_";
1387 if (need_to_encode_instance()) {
1388 oid
.append(std::string(":") + instance
);
1395 bool operator==(const rgw_obj_key
& k
) const {
1396 return (name
.compare(k
.name
) == 0) &&
1397 (instance
.compare(k
.instance
) == 0);
1400 bool operator<(const rgw_obj_key
& k
) const {
1401 int r
= name
.compare(k
.name
);
1403 r
= instance
.compare(k
.instance
);
1408 bool operator<=(const rgw_obj_key
& k
) const {
1409 return !(k
< *this);
1412 static void parse_ns_field(std::string
& ns
, std::string
& instance
) {
1413 int pos
= ns
.find(':');
1415 instance
= ns
.substr(pos
+ 1);
1416 ns
= ns
.substr(0, pos
);
1422 // takes an oid and parses out the namespace (ns), name, and
1424 static bool parse_raw_oid(const std::string
& oid
, rgw_obj_key
*key
) {
1425 key
->instance
.clear();
1427 if (oid
[0] != '_') {
1432 if (oid
.size() >= 2 && oid
[1] == '_') {
1433 key
->name
= oid
.substr(1);
1437 if (oid
.size() < 3) // for namespace, min size would be 3: _x_
1440 size_t pos
= oid
.find('_', 2); // oid must match ^_[^_].+$
1441 if (pos
== std::string::npos
)
1444 key
->ns
= oid
.substr(1, pos
- 1);
1445 parse_ns_field(key
->ns
, key
->instance
);
1447 key
->name
= oid
.substr(pos
+ 1);
1452 * Translate a namespace-mangled object name to the user-facing name
1453 * existing in the given namespace.
1455 * If the object is part of the given namespace, it returns true
1456 * and cuts down the name to the unmangled version. If it is not
1457 * part of the given namespace, it returns false.
1459 static bool oid_to_key_in_ns(const std::string
& oid
, rgw_obj_key
*key
, const std::string
& ns
) {
1460 bool ret
= parse_raw_oid(oid
, key
);
1465 return (ns
== key
->ns
);
1469 * Given a mangled object name and an empty namespace std::string, this
1470 * function extracts the namespace into the std::string and sets the object
1471 * name to be the unmangled version.
1473 * It returns true after successfully doing so, or
1474 * false if it fails.
1476 static bool strip_namespace_from_name(std::string
& name
, std::string
& ns
, std::string
& instance
) {
1479 if (name
[0] != '_') {
1483 size_t pos
= name
.find('_', 1);
1484 if (pos
== std::string::npos
) {
1488 if (name
[1] == '_') {
1489 name
= name
.substr(1);
1493 size_t period_pos
= name
.find('.');
1494 if (period_pos
< pos
) {
1498 ns
= name
.substr(1, pos
-1);
1499 name
= name
.substr(pos
+1, std::string::npos
);
1501 parse_ns_field(ns
, instance
);
1505 void encode(bufferlist
& bl
) const {
1506 ENCODE_START(2, 1, bl
);
1508 encode(instance
, bl
);
1512 void decode(bufferlist::const_iterator
& bl
) {
1513 DECODE_START(2, bl
);
1515 decode(instance
, bl
);
1516 if (struct_v
>= 2) {
1521 void dump(Formatter
*f
) const;
1522 void decode_json(JSONObj
*obj
);
1524 std::string
to_str() const {
1525 if (instance
.empty()) {
1528 char buf
[name
.size() + instance
.size() + 16];
1529 snprintf(buf
, sizeof(buf
), "%s[%s]", name
.c_str(), instance
.c_str());
1533 WRITE_CLASS_ENCODER(rgw_obj_key
)
1535 inline std::ostream
& operator<<(std::ostream
& out
, const rgw_obj_key
&o
) {
1536 return out
<< o
.to_str();
1539 struct req_init_state
{
1540 /* Keeps [[tenant]:]bucket until we parse the token. */
1541 std::string url_bucket
;
1542 std::string src_bucket
;
1545 #include "rgw_auth.h"
1548 class RGWSysObjectCtx
;
1550 /** Store all the state necessary to complete and respond to an HTTP request*/
1551 struct req_state
: DoutPrefixProvider
{
1553 rgw::io::BasicClient
*cio
{nullptr};
1554 http_op op
{OP_UNKNOWN
};
1555 RGWOpType op_type
{};
1556 std::shared_ptr
<RateLimiter
> ratelimit_data
;
1557 RGWRateLimitInfo user_ratelimit
;
1558 RGWRateLimitInfo bucket_ratelimit
;
1559 std::string ratelimit_bucket_marker
;
1560 std::string ratelimit_user_name
;
1561 bool content_started
{false};
1563 ceph::Formatter
*formatter
{nullptr};
1564 std::string decoded_uri
;
1565 std::string relative_uri
;
1566 const char *length
{nullptr};
1567 int64_t content_length
{0};
1568 std::map
<std::string
, std::string
> generic_attrs
;
1570 bool expect_cont
{false};
1571 uint64_t obj_size
{0};
1572 bool enable_ops_log
;
1573 bool enable_usage_log
;
1574 uint8_t defer_to_bucket_acls
;
1575 uint32_t perm_mask
{0};
1577 /* Set once when url_bucket is parsed and not violated thereafter. */
1578 std::string account_name
;
1580 std::string bucket_tenant
;
1581 std::string bucket_name
;
1583 /* bucket is only created in rgw_build_bucket_policies() and should never be
1585 std::unique_ptr
<rgw::sal::Bucket
> bucket
;
1586 std::unique_ptr
<rgw::sal::Object
> object
;
1587 std::string src_tenant_name
;
1588 std::string src_bucket_name
;
1589 std::unique_ptr
<rgw::sal::Object
> src_object
;
1590 ACLOwner bucket_owner
;
1593 std::string zonegroup_name
;
1594 std::string zonegroup_endpoint
;
1595 std::string bucket_instance_id
;
1596 int bucket_instance_shard_id
{-1};
1597 std::string redirect_zone_endpoint
;
1599 std::string redirect
;
1601 real_time bucket_mtime
;
1602 std::map
<std::string
, ceph::bufferlist
> bucket_attrs
;
1603 bool bucket_exists
{false};
1604 rgw_placement_rule dest_placement
;
1606 bool has_bad_meta
{false};
1608 std::unique_ptr
<rgw::sal::User
> user
;
1611 /* TODO(rzarzynski): switch out to the static_ptr for both members. */
1613 /* Object having the knowledge about an authenticated identity and allowing
1614 * to apply it during the authorization phase (verify_permission() methods
1615 * of a given RGWOp). Thus, it bounds authentication and authorization steps
1616 * through a well-defined interface. For more details, see rgw_auth.h. */
1617 std::unique_ptr
<rgw::auth::Identity
> identity
;
1619 std::shared_ptr
<rgw::auth::Completer
> completer
;
1621 /* A container for credentials of the S3's browser upload. It's necessary
1622 * because: 1) the ::authenticate() method of auth engines and strategies
1623 * take req_state only; 2) auth strategies live much longer than RGWOps -
1624 * there is no way to pass additional data dependencies through ctors. */
1627 friend class RGWPostObj_ObjStore_S3
;
1629 friend class rgw::auth::s3::AWSBrowserUploadAbstractor
;
1630 friend class rgw::auth::s3::STSEngine
;
1632 std::string access_key
;
1633 std::string signature
;
1634 std::string x_amz_algorithm
;
1635 std::string x_amz_credential
;
1636 std::string x_amz_date
;
1637 std::string x_amz_security_token
;
1638 ceph::bufferlist encoded_policy
;
1642 std::unique_ptr
<RGWAccessControlPolicy
> user_acl
;
1643 std::unique_ptr
<RGWAccessControlPolicy
> bucket_acl
;
1644 std::unique_ptr
<RGWAccessControlPolicy
> object_acl
;
1646 rgw::IAM::Environment env
;
1647 boost::optional
<rgw::IAM::Policy
> iam_policy
;
1648 boost::optional
<PublicAccessBlockConfiguration
> bucket_access_conf
;
1649 std::vector
<rgw::IAM::Policy
> iam_user_policies
;
1651 /* Is the request made by an user marked as a system one?
1652 * Being system user means we also have the admin status. */
1653 bool system_request
{false};
1655 std::string canned_acl
;
1656 bool has_acl_header
{false};
1657 bool local_source
{false}; /* source is local */
1661 /* Content-Disposition override for TempURL of Swift API. */
1663 std::string override
;
1664 std::string fallback
;
1667 std::string host_id
;
1670 req_init_state init_state
;
1672 using Clock
= ceph::coarse_real_clock
;
1673 Clock::time_point time
;
1675 Clock::duration
time_elapsed() const { return Clock::now() - time
; }
1677 RGWObjectCtx
*obj_ctx
{nullptr};
1678 std::string dialect
;
1680 std::string trans_id
;
1685 bool mfa_verified
{false};
1687 /// optional coroutine context
1688 optional_yield yield
{null_yield
};
1690 //token claims from STS token for ops log (can be used for Keystone token also)
1691 std::vector
<std::string
> token_claims
;
1693 std::vector
<rgw::IAM::Policy
> session_policies
;
1697 //Principal tags that come in as part of AssumeRoleWithWebIdentity
1698 std::vector
<std::pair
<std::string
, std::string
>> principal_tags
;
1700 req_state(CephContext
* _cct
, RGWEnv
* e
, uint64_t id
);
1704 void set_user(std::unique_ptr
<rgw::sal::User
>& u
) { user
.swap(u
); }
1705 bool is_err() const { return err
.is_err(); }
1707 // implements DoutPrefixProvider
1708 std::ostream
& gen_prefix(std::ostream
& out
) const override
;
1709 CephContext
* get_cct() const override
{ return cct
; }
1710 unsigned get_subsys() const override
{ return ceph_subsys_rgw
; }
1713 void set_req_state_err(struct req_state
*, int);
1714 void set_req_state_err(struct req_state
*, int, const std::string
&);
1715 void set_req_state_err(struct rgw_err
&, int, const int);
1716 void dump(struct req_state
*);
1718 /** Store basic data on bucket */
1719 struct RGWBucketEnt
{
1722 size_t size_rounded
;
1723 ceph::real_time creation_time
;
1726 /* The placement_rule is necessary to calculate per-storage-policy statics
1727 * of the Swift API. Although the info available in RGWBucketInfo, we need
1728 * to duplicate it here to not affect the performance of buckets listing. */
1729 rgw_placement_rule placement_rule
;
1736 RGWBucketEnt(const RGWBucketEnt
&) = default;
1737 RGWBucketEnt(RGWBucketEnt
&&) = default;
1738 explicit RGWBucketEnt(const rgw_user
& u
, cls_user_bucket_entry
&& e
)
1739 : bucket(u
, std::move(e
.bucket
)),
1741 size_rounded(e
.size_rounded
),
1742 creation_time(e
.creation_time
),
1746 RGWBucketEnt
& operator=(const RGWBucketEnt
&) = default;
1748 void convert(cls_user_bucket_entry
*b
) const {
1749 bucket
.convert(&b
->bucket
);
1751 b
->size_rounded
= size_rounded
;
1752 b
->creation_time
= creation_time
;
1756 void encode(bufferlist
& bl
) const {
1757 ENCODE_START(7, 5, bl
);
1759 __u32 mt
= ceph::real_clock::to_time_t(creation_time
);
1760 std::string empty_str
; // originally had the bucket name here, but we encode bucket later
1761 encode(empty_str
, bl
);
1768 encode(creation_time
, bl
);
1769 encode(placement_rule
, bl
);
1772 void decode(bufferlist::const_iterator
& bl
) {
1773 DECODE_START_LEGACY_COMPAT_LEN(7, 5, 5, bl
);
1776 std::string empty_str
; // backward compatibility
1777 decode(empty_str
, bl
);
1782 creation_time
= ceph::real_clock::from_time_t(mt
);
1792 decode(creation_time
, bl
);
1794 decode(placement_rule
, bl
);
1797 void dump(Formatter
*f
) const;
1798 static void generate_test_instances(std::list
<RGWBucketEnt
*>& o
);
1800 WRITE_CLASS_ENCODER(RGWBucketEnt
)
1806 bool in_extra_data
{false}; /* in-memory only member, does not serialize */
1808 // Represents the hash index source for this object once it is set (non-empty)
1809 std::string index_hash_source
;
1812 rgw_obj(const rgw_bucket
& b
, const std::string
& name
) : bucket(b
), key(name
) {}
1813 rgw_obj(const rgw_bucket
& b
, const rgw_obj_key
& k
) : bucket(b
), key(k
) {}
1814 rgw_obj(const rgw_bucket
& b
, const rgw_obj_index_key
& k
) : bucket(b
), key(k
) {}
1816 void init(const rgw_bucket
& b
, const std::string
& name
) {
1820 void init(const rgw_bucket
& b
, const std::string
& name
, const std::string
& i
, const std::string
& n
) {
1822 key
.set(name
, i
, n
);
1824 void init_ns(const rgw_bucket
& b
, const std::string
& name
, const std::string
& n
) {
1827 key
.instance
.clear();
1831 bool empty() const {
1835 void set_key(const rgw_obj_key
& k
) {
1839 std::string
get_oid() const {
1840 return key
.get_oid();
1843 const std::string
& get_hash_object() const {
1844 return index_hash_source
.empty() ? key
.name
: index_hash_source
;
1847 void set_in_extra_data(bool val
) {
1848 in_extra_data
= val
;
1851 bool is_in_extra_data() const {
1852 return in_extra_data
;
1855 void encode(bufferlist
& bl
) const {
1856 ENCODE_START(6, 6, bl
);
1859 encode(key
.name
, bl
);
1860 encode(key
.instance
, bl
);
1861 // encode(placement_id, bl);
1864 void decode(bufferlist::const_iterator
& bl
) {
1865 DECODE_START_LEGACY_COMPAT_LEN(6, 3, 3, bl
);
1868 decode(bucket
.name
, bl
); /* bucket.name */
1869 decode(s
, bl
); /* loc */
1871 decode(key
.name
, bl
);
1875 decode(key
.instance
, bl
);
1876 if (key
.ns
.empty() && key
.instance
.empty()) {
1877 if (key
.name
[0] == '_') {
1878 key
.name
= key
.name
.substr(1);
1881 if (struct_v
>= 5) {
1882 decode(key
.name
, bl
);
1884 ssize_t pos
= key
.name
.find('_', 1);
1886 throw buffer::malformed_input();
1888 key
.name
= key
.name
.substr(pos
+ 1);
1894 decode(key
.name
, bl
);
1895 decode(key
.instance
, bl
);
1896 // decode(placement_id, bl);
1900 void dump(Formatter
*f
) const;
1901 static void generate_test_instances(std::list
<rgw_obj
*>& o
);
1903 bool operator==(const rgw_obj
& o
) const {
1904 return (key
== o
.key
) &&
1905 (bucket
== o
.bucket
);
1907 bool operator<(const rgw_obj
& o
) const {
1908 int r
= key
.name
.compare(o
.key
.name
);
1910 r
= bucket
.bucket_id
.compare(o
.bucket
.bucket_id
); /* not comparing bucket.name, if bucket_id is equal so will be bucket.name */
1912 r
= key
.ns
.compare(o
.key
.ns
);
1914 r
= key
.instance
.compare(o
.key
.instance
);
1922 const rgw_pool
& get_explicit_data_pool() {
1923 if (!in_extra_data
|| bucket
.explicit_placement
.data_extra_pool
.empty()) {
1924 return bucket
.explicit_placement
.data_pool
;
1926 return bucket
.explicit_placement
.data_extra_pool
;
1929 WRITE_CLASS_ENCODER(rgw_obj
)
1931 struct rgw_cache_entry_info
{
1932 std::string cache_locator
;
1935 rgw_cache_entry_info() : gen(0) {}
1938 inline std::ostream
& operator<<(std::ostream
& out
, const rgw_obj
&o
) {
1939 return out
<< o
.bucket
.name
<< ":" << o
.get_oid();
1942 struct multipart_upload_info
1944 rgw_placement_rule dest_placement
;
1946 void encode(bufferlist
& bl
) const {
1947 ENCODE_START(1, 1, bl
);
1948 encode(dest_placement
, bl
);
1952 void decode(bufferlist::const_iterator
& bl
) {
1953 DECODE_START(1, bl
);
1954 decode(dest_placement
, bl
);
1958 WRITE_CLASS_ENCODER(multipart_upload_info
)
1960 static inline void buf_to_hex(const unsigned char* const buf
,
1965 for (size_t i
= 0; i
< len
; i
++) {
1966 ::sprintf(&str
[i
*2], "%02x", static_cast<int>(buf
[i
]));
1970 template<size_t N
> static inline std::array
<char, N
* 2 + 1>
1971 buf_to_hex(const std::array
<unsigned char, N
>& buf
)
1973 static_assert(N
> 0, "The input array must be at least one element long");
1975 std::array
<char, N
* 2 + 1> hex_dest
;
1976 buf_to_hex(buf
.data(), N
, hex_dest
.data());
1980 static inline int hexdigit(char c
)
1982 if (c
>= '0' && c
<= '9')
1985 if (c
>= 'A' && c
<= 'F')
1986 return c
- 'A' + 0xa;
1990 static inline int hex_to_buf(const char *hex
, char *buf
, int len
)
1993 const char *p
= hex
;
1998 int d
= hexdigit(*p
);
2015 static inline int rgw_str_to_bool(const char *s
, int def_val
)
2020 return (strcasecmp(s
, "true") == 0 ||
2021 strcasecmp(s
, "on") == 0 ||
2022 strcasecmp(s
, "yes") == 0 ||
2023 strcasecmp(s
, "1") == 0);
2026 static inline void append_rand_alpha(CephContext
*cct
, const std::string
& src
, std::string
& dest
, int len
)
2030 gen_rand_alphanumeric(cct
, buf
, len
);
2035 static inline uint64_t rgw_rounded_kb(uint64_t bytes
)
2037 return (bytes
+ 1023) / 1024;
2040 static inline uint64_t rgw_rounded_objsize(uint64_t bytes
)
2042 return ((bytes
+ 4095) & ~4095);
2045 static inline uint64_t rgw_rounded_objsize_kb(uint64_t bytes
)
2047 return ((bytes
+ 4095) & ~4095) / 1024;
2050 /* implement combining step, S3 header canonicalization; k is a
2051 * valid header and in lc form */
2052 void rgw_add_amz_meta_header(
2053 meta_map_t
& x_meta_map
,
2054 const std::string
& k
,
2055 const std::string
& v
);
2057 enum rgw_set_action_if_set
{
2058 DISCARD
=0, OVERWRITE
, APPEND
2061 bool rgw_set_amz_meta_header(
2062 meta_map_t
& x_meta_map
,
2063 const std::string
& k
,
2064 const std::string
& v
, rgw_set_action_if_set f
);
2066 extern std::string
rgw_string_unquote(const std::string
& s
);
2067 extern void parse_csv_string(const std::string
& ival
, std::vector
<std::string
>& ovals
);
2068 extern int parse_key_value(std::string
& in_str
, std::string
& key
, std::string
& val
);
2069 extern int parse_key_value(std::string
& in_str
, const char *delim
, std::string
& key
, std::string
& val
);
2071 extern boost::optional
<std::pair
<std::string_view
,std::string_view
>>
2072 parse_key_value(const std::string_view
& in_str
,
2073 const std::string_view
& delim
);
2074 extern boost::optional
<std::pair
<std::string_view
,std::string_view
>>
2075 parse_key_value(const std::string_view
& in_str
);
2079 extern int parse_time(const char *time_str
, real_time
*time
);
2080 extern bool parse_rfc2616(const char *s
, struct tm
*t
);
2081 extern bool parse_iso8601(const char *s
, struct tm
*t
, uint32_t *pns
= NULL
, bool extended_format
= true);
2082 extern std::string
rgw_trim_whitespace(const std::string
& src
);
2083 extern std::string_view
rgw_trim_whitespace(const std::string_view
& src
);
2084 extern std::string
rgw_trim_quotes(const std::string
& val
);
2086 extern void rgw_to_iso8601(const real_time
& t
, char *dest
, int buf_size
);
2087 extern void rgw_to_iso8601(const real_time
& t
, std::string
*dest
);
2088 extern std::string
rgw_to_asctime(const utime_t
& t
);
2090 struct perm_state_base
{
2092 const rgw::IAM::Environment
& env
;
2093 rgw::auth::Identity
*identity
;
2094 const RGWBucketInfo bucket_info
;
2096 bool defer_to_bucket_acls
;
2097 boost::optional
<PublicAccessBlockConfiguration
> bucket_access_conf
;
2099 perm_state_base(CephContext
*_cct
,
2100 const rgw::IAM::Environment
& _env
,
2101 rgw::auth::Identity
*_identity
,
2102 const RGWBucketInfo
& _bucket_info
,
2104 bool _defer_to_bucket_acls
,
2105 boost::optional
<PublicAccessBlockConfiguration
> _bucket_acess_conf
= boost::none
) :
2108 identity(_identity
),
2109 bucket_info(_bucket_info
),
2110 perm_mask(_perm_mask
),
2111 defer_to_bucket_acls(_defer_to_bucket_acls
),
2112 bucket_access_conf(_bucket_acess_conf
)
2115 virtual ~perm_state_base() {}
2117 virtual const char *get_referer() const = 0;
2118 virtual std::optional
<bool> get_request_payer() const = 0; /*
2119 * empty state means that request_payer param was not passed in
2124 struct perm_state
: public perm_state_base
{
2125 const char *referer
;
2128 perm_state(CephContext
*_cct
,
2129 const rgw::IAM::Environment
& _env
,
2130 rgw::auth::Identity
*_identity
,
2131 const RGWBucketInfo
& _bucket_info
,
2133 bool _defer_to_bucket_acls
,
2134 const char *_referer
,
2135 bool _request_payer
) : perm_state_base(_cct
,
2140 _defer_to_bucket_acls
),
2142 request_payer(_request_payer
) {}
2144 const char *get_referer() const override
{
2148 std::optional
<bool> get_request_payer() const override
{
2149 return request_payer
;
2153 /** Check if the req_state's user has the necessary permissions
2154 * to do the requested action */
2155 bool verify_bucket_permission_no_policy(
2156 const DoutPrefixProvider
* dpp
,
2157 struct perm_state_base
* const s
,
2158 RGWAccessControlPolicy
* const user_acl
,
2159 RGWAccessControlPolicy
* const bucket_acl
,
2162 bool verify_user_permission_no_policy(const DoutPrefixProvider
* dpp
,
2163 struct perm_state_base
* const s
,
2164 RGWAccessControlPolicy
* const user_acl
,
2167 bool verify_object_permission_no_policy(const DoutPrefixProvider
* dpp
,
2168 struct perm_state_base
* const s
,
2169 RGWAccessControlPolicy
* const user_acl
,
2170 RGWAccessControlPolicy
* const bucket_acl
,
2171 RGWAccessControlPolicy
* const object_acl
,
2174 /** Check if the req_state's user has the necessary permissions
2175 * to do the requested action */
2176 rgw::IAM::Effect
eval_identity_or_session_policies(const std::vector
<rgw::IAM::Policy
>& user_policies
,
2177 const rgw::IAM::Environment
& env
,
2179 const rgw::ARN
& arn
);
2180 bool verify_user_permission(const DoutPrefixProvider
* dpp
,
2181 struct req_state
* const s
,
2182 RGWAccessControlPolicy
* const user_acl
,
2183 const std::vector
<rgw::IAM::Policy
>& user_policies
,
2184 const std::vector
<rgw::IAM::Policy
>& session_policies
,
2185 const rgw::ARN
& res
,
2187 bool verify_user_permission_no_policy(const DoutPrefixProvider
* dpp
,
2188 struct req_state
* const s
,
2189 RGWAccessControlPolicy
* const user_acl
,
2191 bool verify_user_permission(const DoutPrefixProvider
* dpp
,
2192 struct req_state
* const s
,
2193 const rgw::ARN
& res
,
2195 bool verify_user_permission_no_policy(const DoutPrefixProvider
* dpp
,
2196 struct req_state
* const s
,
2198 bool verify_bucket_permission(
2199 const DoutPrefixProvider
* dpp
,
2200 struct req_state
* const s
,
2201 const rgw_bucket
& bucket
,
2202 RGWAccessControlPolicy
* const user_acl
,
2203 RGWAccessControlPolicy
* const bucket_acl
,
2204 const boost::optional
<rgw::IAM::Policy
>& bucket_policy
,
2205 const std::vector
<rgw::IAM::Policy
>& identity_policies
,
2206 const std::vector
<rgw::IAM::Policy
>& session_policies
,
2208 bool verify_bucket_permission(const DoutPrefixProvider
* dpp
, struct req_state
* const s
, const uint64_t op
);
2209 bool verify_bucket_permission_no_policy(
2210 const DoutPrefixProvider
* dpp
,
2211 struct req_state
* const s
,
2212 RGWAccessControlPolicy
* const user_acl
,
2213 RGWAccessControlPolicy
* const bucket_acl
,
2215 bool verify_bucket_permission_no_policy(const DoutPrefixProvider
* dpp
,
2216 struct req_state
* const s
,
2218 int verify_bucket_owner_or_policy(struct req_state
* const s
,
2220 extern bool verify_object_permission(
2221 const DoutPrefixProvider
* dpp
,
2222 struct req_state
* const s
,
2224 RGWAccessControlPolicy
* const user_acl
,
2225 RGWAccessControlPolicy
* const bucket_acl
,
2226 RGWAccessControlPolicy
* const object_acl
,
2227 const boost::optional
<rgw::IAM::Policy
>& bucket_policy
,
2228 const std::vector
<rgw::IAM::Policy
>& identity_policies
,
2229 const std::vector
<rgw::IAM::Policy
>& session_policies
,
2231 extern bool verify_object_permission(const DoutPrefixProvider
* dpp
, struct req_state
*s
, uint64_t op
);
2232 extern bool verify_object_permission_no_policy(
2233 const DoutPrefixProvider
* dpp
,
2234 struct req_state
* const s
,
2235 RGWAccessControlPolicy
* const user_acl
,
2236 RGWAccessControlPolicy
* const bucket_acl
,
2237 RGWAccessControlPolicy
* const object_acl
,
2239 extern bool verify_object_permission_no_policy(const DoutPrefixProvider
* dpp
, struct req_state
*s
,
2241 extern int verify_object_lock(
2242 const DoutPrefixProvider
* dpp
,
2243 const rgw::sal::Attrs
& attrs
,
2244 const bool bypass_perm
,
2245 const bool bypass_governance_mode
);
2247 /** Convert an input URL into a sane object name
2248 * by converting %-escaped std::strings into characters, etc*/
2249 extern void rgw_uri_escape_char(char c
, std::string
& dst
);
2250 extern std::string
url_decode(const std::string_view
& src_str
,
2251 bool in_query
= false);
2252 extern void url_encode(const std::string
& src
, std::string
& dst
,
2253 bool encode_slash
= true);
2254 extern std::string
url_encode(const std::string
& src
, bool encode_slash
= true);
2255 extern std::string
url_remove_prefix(const std::string
& url
); // Removes hhtp, https and www from url
2256 /* destination should be CEPH_CRYPTO_HMACSHA1_DIGESTSIZE bytes long */
2257 extern void calc_hmac_sha1(const char *key
, int key_len
,
2258 const char *msg
, int msg_len
, char *dest
);
2260 static inline sha1_digest_t
2261 calc_hmac_sha1(const std::string_view
& key
, const std::string_view
& msg
) {
2263 calc_hmac_sha1(key
.data(), key
.size(), msg
.data(), msg
.size(),
2264 reinterpret_cast<char*>(dest
.v
));
2268 /* destination should be CEPH_CRYPTO_HMACSHA256_DIGESTSIZE bytes long */
2269 extern void calc_hmac_sha256(const char *key
, int key_len
,
2270 const char *msg
, int msg_len
,
2273 static inline sha256_digest_t
2274 calc_hmac_sha256(const char *key
, const int key_len
,
2275 const char *msg
, const int msg_len
) {
2276 sha256_digest_t dest
;
2277 calc_hmac_sha256(key
, key_len
, msg
, msg_len
,
2278 reinterpret_cast<char*>(dest
.v
));
2282 static inline sha256_digest_t
2283 calc_hmac_sha256(const std::string_view
& key
, const std::string_view
& msg
) {
2284 sha256_digest_t dest
;
2285 calc_hmac_sha256(key
.data(), key
.size(),
2286 msg
.data(), msg
.size(),
2287 reinterpret_cast<char*>(dest
.v
));
2291 static inline sha256_digest_t
2292 calc_hmac_sha256(const sha256_digest_t
&key
,
2293 const std::string_view
& msg
) {
2294 sha256_digest_t dest
;
2295 calc_hmac_sha256(reinterpret_cast<const char*>(key
.v
), sha256_digest_t::SIZE
,
2296 msg
.data(), msg
.size(),
2297 reinterpret_cast<char*>(dest
.v
));
2301 static inline sha256_digest_t
2302 calc_hmac_sha256(const std::vector
<unsigned char>& key
,
2303 const std::string_view
& msg
) {
2304 sha256_digest_t dest
;
2305 calc_hmac_sha256(reinterpret_cast<const char*>(key
.data()), key
.size(),
2306 msg
.data(), msg
.size(),
2307 reinterpret_cast<char*>(dest
.v
));
2311 template<size_t KeyLenN
>
2312 static inline sha256_digest_t
2313 calc_hmac_sha256(const std::array
<unsigned char, KeyLenN
>& key
,
2314 const std::string_view
& msg
) {
2315 sha256_digest_t dest
;
2316 calc_hmac_sha256(reinterpret_cast<const char*>(key
.data()), key
.size(),
2317 msg
.data(), msg
.size(),
2318 reinterpret_cast<char*>(dest
.v
));
2322 extern sha256_digest_t
calc_hash_sha256(const std::string_view
& msg
);
2324 extern ceph::crypto::SHA256
* calc_hash_sha256_open_stream();
2325 extern void calc_hash_sha256_update_stream(ceph::crypto::SHA256
* hash
,
2328 extern std::string
calc_hash_sha256_close_stream(ceph::crypto::SHA256
** phash
);
2329 extern std::string
calc_hash_sha256_restart_stream(ceph::crypto::SHA256
** phash
);
2331 extern int rgw_parse_op_type_list(const std::string
& str
, uint32_t *perm
);
2333 static constexpr uint32_t MATCH_POLICY_ACTION
= 0x01;
2334 static constexpr uint32_t MATCH_POLICY_RESOURCE
= 0x02;
2335 static constexpr uint32_t MATCH_POLICY_ARN
= 0x04;
2336 static constexpr uint32_t MATCH_POLICY_STRING
= 0x08;
2338 extern bool match_policy(std::string_view pattern
, std::string_view input
,
2341 extern std::string
camelcase_dash_http_attr(const std::string
& orig
);
2342 extern std::string
lowercase_dash_http_attr(const std::string
& orig
);
2344 void rgw_setup_saved_curl_handles();
2345 void rgw_release_all_curl_handles();
2347 static inline void rgw_escape_str(const std::string
& s
, char esc_char
,
2348 char special_char
, std::string
*dest
)
2350 const char *src
= s
.c_str();
2351 char dest_buf
[s
.size() * 2 + 1];
2352 char *destp
= dest_buf
;
2354 for (size_t i
= 0; i
< s
.size(); i
++) {
2356 if (c
== esc_char
|| c
== special_char
) {
2357 *destp
++ = esc_char
;
2365 static inline ssize_t
rgw_unescape_str(const std::string
& s
, ssize_t ofs
,
2366 char esc_char
, char special_char
,
2369 const char *src
= s
.c_str();
2370 char dest_buf
[s
.size() + 1];
2371 char *destp
= dest_buf
;
2376 for (size_t i
= ofs
; i
< s
.size(); i
++) {
2378 if (!esc
&& c
== esc_char
) {
2382 if (!esc
&& c
== special_char
) {
2385 return (ssize_t
)i
+ 1;
2392 return std::string::npos
;
2395 static inline std::string
rgw_bl_str(ceph::buffer::list
& raw
)
2397 size_t len
= raw
.length();
2398 std::string
s(raw
.c_str(), len
);
2399 while (len
&& !s
[len
- 1]) {
2406 template <typename T
>
2407 int decode_bl(bufferlist
& bl
, T
& t
)
2409 auto iter
= bl
.cbegin();
2412 } catch (buffer::error
& err
) {