1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
5 * Ceph - scalable distributed file system
7 * Copyright (C) 2004-2009 Sage Weil <sage@newdream.net>
8 * Copyright (C) 2015 Yehuda Sadeh <yehuda@redhat.com>
10 * This is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License version 2.1, as published by the Free Software
13 * Foundation. See file COPYING.
17 #ifndef CEPH_RGW_COMMON_H
18 #define CEPH_RGW_COMMON_H
21 #include <string_view>
23 #include "common/ceph_crypto.h"
24 #include "common/random_string.h"
26 #include "rgw_bucket_layout.h"
28 #include "rgw_iam_policy.h"
29 #include "rgw_quota.h"
30 #include "rgw_string.h"
31 #include "common/async/yield_context.h"
32 #include "rgw_website.h"
33 #include "rgw_object_lock.h"
35 #include "rgw_op_type.h"
36 #include "rgw_sync_policy.h"
37 #include "cls/version/cls_version_types.h"
38 #include "cls/user/cls_user_types.h"
39 #include "cls/rgw/cls_rgw_types.h"
40 #include "include/rados/librados.hpp"
41 #include "rgw_public_access.h"
51 using RGWAttrs
= std::map
<std::string
, ceph::buffer::list
>;
54 using ceph::crypto::MD5
;
56 #define RGW_ATTR_PREFIX "user.rgw."
58 #define RGW_HTTP_RGWX_ATTR_PREFIX "RGWX_ATTR_"
59 #define RGW_HTTP_RGWX_ATTR_PREFIX_OUT "Rgwx-Attr-"
61 #define RGW_AMZ_PREFIX "x-amz-"
62 #define RGW_AMZ_META_PREFIX RGW_AMZ_PREFIX "meta-"
63 #define RGW_AMZ_WEBSITE_REDIRECT_LOCATION RGW_AMZ_PREFIX "website-redirect-location"
64 #define RGW_AMZ_TAG_COUNT RGW_AMZ_PREFIX "tagging-count"
66 #define RGW_SYS_PARAM_PREFIX "rgwx-"
68 #define RGW_ATTR_ACL RGW_ATTR_PREFIX "acl"
69 #define RGW_ATTR_LC RGW_ATTR_PREFIX "lc"
70 #define RGW_ATTR_CORS RGW_ATTR_PREFIX "cors"
71 #define RGW_ATTR_ETAG RGW_ATTR_PREFIX "etag"
72 #define RGW_ATTR_BUCKETS RGW_ATTR_PREFIX "buckets"
73 #define RGW_ATTR_META_PREFIX RGW_ATTR_PREFIX RGW_AMZ_META_PREFIX
74 #define RGW_ATTR_CONTENT_TYPE RGW_ATTR_PREFIX "content_type"
75 #define RGW_ATTR_CACHE_CONTROL RGW_ATTR_PREFIX "cache_control"
76 #define RGW_ATTR_CONTENT_DISP RGW_ATTR_PREFIX "content_disposition"
77 #define RGW_ATTR_CONTENT_ENC RGW_ATTR_PREFIX "content_encoding"
78 #define RGW_ATTR_CONTENT_LANG RGW_ATTR_PREFIX "content_language"
79 #define RGW_ATTR_EXPIRES RGW_ATTR_PREFIX "expires"
80 #define RGW_ATTR_DELETE_AT RGW_ATTR_PREFIX "delete_at"
81 #define RGW_ATTR_ID_TAG RGW_ATTR_PREFIX "idtag"
82 #define RGW_ATTR_TAIL_TAG RGW_ATTR_PREFIX "tail_tag"
83 #define RGW_ATTR_SHADOW_OBJ RGW_ATTR_PREFIX "shadow_name"
84 #define RGW_ATTR_MANIFEST RGW_ATTR_PREFIX "manifest"
85 #define RGW_ATTR_USER_MANIFEST RGW_ATTR_PREFIX "user_manifest"
86 #define RGW_ATTR_AMZ_WEBSITE_REDIRECT_LOCATION RGW_ATTR_PREFIX RGW_AMZ_WEBSITE_REDIRECT_LOCATION
87 #define RGW_ATTR_SLO_MANIFEST RGW_ATTR_PREFIX "slo_manifest"
88 /* Information whether an object is SLO or not must be exposed to
89 * user through custom HTTP header named X-Static-Large-Object. */
90 #define RGW_ATTR_SLO_UINDICATOR RGW_ATTR_META_PREFIX "static-large-object"
91 #define RGW_ATTR_X_ROBOTS_TAG RGW_ATTR_PREFIX "x-robots-tag"
92 #define RGW_ATTR_STORAGE_CLASS RGW_ATTR_PREFIX "storage_class"
95 #define RGW_ATTR_OBJECT_LOCK RGW_ATTR_PREFIX "object-lock"
96 #define RGW_ATTR_OBJECT_RETENTION RGW_ATTR_PREFIX "object-retention"
97 #define RGW_ATTR_OBJECT_LEGAL_HOLD RGW_ATTR_PREFIX "object-legal-hold"
100 #define RGW_ATTR_PG_VER RGW_ATTR_PREFIX "pg_ver"
101 #define RGW_ATTR_SOURCE_ZONE RGW_ATTR_PREFIX "source_zone"
102 #define RGW_ATTR_TAGS RGW_ATTR_PREFIX RGW_AMZ_PREFIX "tagging"
104 #define RGW_ATTR_TEMPURL_KEY1 RGW_ATTR_META_PREFIX "temp-url-key"
105 #define RGW_ATTR_TEMPURL_KEY2 RGW_ATTR_META_PREFIX "temp-url-key-2"
107 /* Account/container quota of the Swift API. */
108 #define RGW_ATTR_QUOTA_NOBJS RGW_ATTR_META_PREFIX "quota-count"
109 #define RGW_ATTR_QUOTA_MSIZE RGW_ATTR_META_PREFIX "quota-bytes"
111 /* Static Web Site of Swift API. */
112 #define RGW_ATTR_WEB_INDEX RGW_ATTR_META_PREFIX "web-index"
113 #define RGW_ATTR_WEB_ERROR RGW_ATTR_META_PREFIX "web-error"
114 #define RGW_ATTR_WEB_LISTINGS RGW_ATTR_META_PREFIX "web-listings"
115 #define RGW_ATTR_WEB_LIST_CSS RGW_ATTR_META_PREFIX "web-listings-css"
116 #define RGW_ATTR_SUBDIR_MARKER RGW_ATTR_META_PREFIX "web-directory-type"
118 #define RGW_ATTR_OLH_PREFIX RGW_ATTR_PREFIX "olh."
120 #define RGW_ATTR_OLH_INFO RGW_ATTR_OLH_PREFIX "info"
121 #define RGW_ATTR_OLH_VER RGW_ATTR_OLH_PREFIX "ver"
122 #define RGW_ATTR_OLH_ID_TAG RGW_ATTR_OLH_PREFIX "idtag"
123 #define RGW_ATTR_OLH_PENDING_PREFIX RGW_ATTR_OLH_PREFIX "pending."
125 #define RGW_ATTR_COMPRESSION RGW_ATTR_PREFIX "compression"
127 #define RGW_ATTR_APPEND_PART_NUM RGW_ATTR_PREFIX "append_part_num"
130 #define RGW_ATTR_IAM_POLICY RGW_ATTR_PREFIX "iam-policy"
131 #define RGW_ATTR_USER_POLICY RGW_ATTR_PREFIX "user-policy"
132 #define RGW_ATTR_PUBLIC_ACCESS RGW_ATTR_PREFIX "public-access"
134 /* RGW File Attributes */
135 #define RGW_ATTR_UNIX_KEY1 RGW_ATTR_PREFIX "unix-key1"
136 #define RGW_ATTR_UNIX1 RGW_ATTR_PREFIX "unix1"
138 #define RGW_ATTR_CRYPT_PREFIX RGW_ATTR_PREFIX "crypt."
139 #define RGW_ATTR_CRYPT_MODE RGW_ATTR_CRYPT_PREFIX "mode"
140 #define RGW_ATTR_CRYPT_KEYMD5 RGW_ATTR_CRYPT_PREFIX "keymd5"
141 #define RGW_ATTR_CRYPT_KEYID RGW_ATTR_CRYPT_PREFIX "keyid"
142 #define RGW_ATTR_CRYPT_KEYSEL RGW_ATTR_CRYPT_PREFIX "keysel"
143 #define RGW_ATTR_CRYPT_CONTEXT RGW_ATTR_CRYPT_PREFIX "context"
144 #define RGW_ATTR_CRYPT_DATAKEY RGW_ATTR_CRYPT_PREFIX "datakey"
147 #define RGW_FORMAT_PLAIN 0
148 #define RGW_FORMAT_XML 1
149 #define RGW_FORMAT_JSON 2
150 #define RGW_FORMAT_HTML 3
152 #define RGW_CAP_READ 0x1
153 #define RGW_CAP_WRITE 0x2
154 #define RGW_CAP_ALL (RGW_CAP_READ | RGW_CAP_WRITE)
156 #define RGW_REST_SWIFT 0x1
157 #define RGW_REST_SWIFT_AUTH 0x2
158 #define RGW_REST_S3 0x4
159 #define RGW_REST_WEBSITE 0x8
160 #define RGW_REST_STS 0x10
161 #define RGW_REST_IAM 0x20
163 #define RGW_SUSPENDED_USER_AUID (uint64_t)-2
165 #define RGW_OP_TYPE_READ 0x01
166 #define RGW_OP_TYPE_WRITE 0x02
167 #define RGW_OP_TYPE_DELETE 0x04
169 #define RGW_OP_TYPE_MODIFY (RGW_OP_TYPE_WRITE | RGW_OP_TYPE_DELETE)
170 #define RGW_OP_TYPE_ALL (RGW_OP_TYPE_READ | RGW_OP_TYPE_WRITE | RGW_OP_TYPE_DELETE)
172 #define RGW_DEFAULT_MAX_BUCKETS 1000
174 #define RGW_DEFER_TO_BUCKET_ACLS_RECURSE 1
175 #define RGW_DEFER_TO_BUCKET_ACLS_FULL_CONTROL 2
177 #define STATUS_CREATED 1900
178 #define STATUS_ACCEPTED 1901
179 #define STATUS_NO_CONTENT 1902
180 #define STATUS_PARTIAL_CONTENT 1903
181 #define STATUS_REDIRECT 1904
182 #define STATUS_NO_APPLY 1905
183 #define STATUS_APPLIED 1906
185 #define ERR_INVALID_BUCKET_NAME 2000
186 #define ERR_INVALID_OBJECT_NAME 2001
187 #define ERR_NO_SUCH_BUCKET 2002
188 #define ERR_METHOD_NOT_ALLOWED 2003
189 #define ERR_INVALID_DIGEST 2004
190 #define ERR_BAD_DIGEST 2005
191 #define ERR_UNRESOLVABLE_EMAIL 2006
192 #define ERR_INVALID_PART 2007
193 #define ERR_INVALID_PART_ORDER 2008
194 #define ERR_NO_SUCH_UPLOAD 2009
195 #define ERR_REQUEST_TIMEOUT 2010
196 #define ERR_LENGTH_REQUIRED 2011
197 #define ERR_REQUEST_TIME_SKEWED 2012
198 #define ERR_BUCKET_EXISTS 2013
199 #define ERR_BAD_URL 2014
200 #define ERR_PRECONDITION_FAILED 2015
201 #define ERR_NOT_MODIFIED 2016
202 #define ERR_INVALID_UTF8 2017
203 #define ERR_UNPROCESSABLE_ENTITY 2018
204 #define ERR_TOO_LARGE 2019
205 #define ERR_TOO_MANY_BUCKETS 2020
206 #define ERR_INVALID_REQUEST 2021
207 #define ERR_TOO_SMALL 2022
208 #define ERR_NOT_FOUND 2023
209 #define ERR_PERMANENT_REDIRECT 2024
210 #define ERR_LOCKED 2025
211 #define ERR_QUOTA_EXCEEDED 2026
212 #define ERR_SIGNATURE_NO_MATCH 2027
213 #define ERR_INVALID_ACCESS_KEY 2028
214 #define ERR_MALFORMED_XML 2029
215 #define ERR_USER_EXIST 2030
216 #define ERR_NOT_SLO_MANIFEST 2031
217 #define ERR_EMAIL_EXIST 2032
218 #define ERR_KEY_EXIST 2033
219 #define ERR_INVALID_SECRET_KEY 2034
220 #define ERR_INVALID_KEY_TYPE 2035
221 #define ERR_INVALID_CAP 2036
222 #define ERR_INVALID_TENANT_NAME 2037
223 #define ERR_WEBSITE_REDIRECT 2038
224 #define ERR_NO_SUCH_WEBSITE_CONFIGURATION 2039
225 #define ERR_AMZ_CONTENT_SHA256_MISMATCH 2040
226 #define ERR_NO_SUCH_LC 2041
227 #define ERR_NO_SUCH_USER 2042
228 #define ERR_NO_SUCH_SUBUSER 2043
229 #define ERR_MFA_REQUIRED 2044
230 #define ERR_NO_SUCH_CORS_CONFIGURATION 2045
231 #define ERR_NO_SUCH_OBJECT_LOCK_CONFIGURATION 2046
232 #define ERR_INVALID_RETENTION_PERIOD 2047
233 #define ERR_USER_SUSPENDED 2100
234 #define ERR_INTERNAL_ERROR 2200
235 #define ERR_NOT_IMPLEMENTED 2201
236 #define ERR_SERVICE_UNAVAILABLE 2202
237 #define ERR_ROLE_EXISTS 2203
238 #define ERR_MALFORMED_DOC 2204
239 #define ERR_NO_ROLE_FOUND 2205
240 #define ERR_DELETE_CONFLICT 2206
241 #define ERR_NO_SUCH_BUCKET_POLICY 2207
242 #define ERR_INVALID_LOCATION_CONSTRAINT 2208
243 #define ERR_TAG_CONFLICT 2209
244 #define ERR_INVALID_TAG 2210
245 #define ERR_ZERO_IN_URL 2211
246 #define ERR_MALFORMED_ACL_ERROR 2212
247 #define ERR_ZONEGROUP_DEFAULT_PLACEMENT_MISCONFIGURATION 2213
248 #define ERR_INVALID_ENCRYPTION_ALGORITHM 2214
249 #define ERR_INVALID_CORS_RULES_ERROR 2215
250 #define ERR_NO_CORS_FOUND 2216
251 #define ERR_INVALID_WEBSITE_ROUTING_RULES_ERROR 2217
252 #define ERR_RATE_LIMITED 2218
253 #define ERR_POSITION_NOT_EQUAL_TO_LENGTH 2219
254 #define ERR_OBJECT_NOT_APPENDABLE 2220
255 #define ERR_INVALID_BUCKET_STATE 2221
257 #define ERR_BUSY_RESHARDING 2300
258 #define ERR_NO_SUCH_ENTITY 2301
259 #define ERR_LIMIT_EXCEEDED 2302
262 #define ERR_PACKED_POLICY_TOO_LARGE 2400
263 #define ERR_INVALID_IDENTITY_TOKEN 2401
265 #define ERR_NO_SUCH_TAG_SET 2402
268 #define UINT32_MAX (0xffffffffu)
273 typedef void *RGWAccessHandle
;
275 enum RGWIntentEvent
{
285 /** Store error returns for output at a different point in the program */
289 bool is_clear() const;
291 friend std::ostream
& operator<<(std::ostream
& oss
, const rgw_err
&err
);
295 std::string err_code
;
299 /* Helper class used for RGWHTTPArgs parsing */
302 const std::string str
;
306 explicit NameVal(const std::string
& nv
) : str(nv
) {}
310 std::string
& get_name() { return name
; }
311 std::string
& get_val() { return val
; }
314 /** Stores the XML arguments associated with the HTTP request in req_state*/
316 std::string str
, empty_str
;
317 std::map
<std::string
, std::string
> val_map
;
318 std::map
<std::string
, std::string
> sys_val_map
;
319 std::map
<std::string
, std::string
> sub_resources
;
320 bool has_resp_modifier
= false;
321 bool admin_subresource_added
= false;
323 RGWHTTPArgs() = default;
324 explicit RGWHTTPArgs(const std::string
& s
, const DoutPrefixProvider
*dpp
) {
329 /** Set the arguments; as received */
330 void set(const std::string
& s
) {
331 has_resp_modifier
= false;
333 sub_resources
.clear();
336 /** parse the received arguments */
337 int parse(const DoutPrefixProvider
*dpp
);
338 void append(const std::string
& name
, const string
& val
);
339 /** Get the value for a specific argument parameter */
340 const string
& get(const std::string
& name
, bool *exists
= NULL
) const;
341 boost::optional
<const std::string
&>
342 get_optional(const std::string
& name
) const;
343 int get_bool(const std::string
& name
, bool *val
, bool *exists
);
344 int get_bool(const char *name
, bool *val
, bool *exists
);
345 void get_bool(const char *name
, bool *val
, bool def_val
);
346 int get_int(const char *name
, int *val
, int def_val
);
348 /** Get the value for specific system argument parameter */
349 std::string
sys_get(const std::string
& name
, bool *exists
= nullptr) const;
351 /** see if a parameter is contained in this RGWHTTPArgs */
352 bool exists(const char *name
) const {
353 return (val_map
.find(name
) != std::end(val_map
));
355 bool sub_resource_exists(const char *name
) const {
356 return (sub_resources
.find(name
) != std::end(sub_resources
));
358 std::map
<std::string
, std::string
>& get_params() {
361 const std::map
<std::string
, std::string
>& get_sub_resources() const {
362 return sub_resources
;
364 unsigned get_num_params() const {
365 return val_map
.size();
367 bool has_response_modifier() const {
368 return has_resp_modifier
;
370 void set_system() { /* make all system params visible */
371 std::map
<std::string
, std::string
>::iterator iter
;
372 for (iter
= sys_val_map
.begin(); iter
!= sys_val_map
.end(); ++iter
) {
373 val_map
[iter
->first
] = iter
->second
;
376 const std::string
& get_str() {
381 const char *rgw_conf_get(const map
<string
, string
, ltstr_nocase
>& conf_map
, const char *name
, const char *def_val
);
382 int rgw_conf_get_int(const map
<string
, string
, ltstr_nocase
>& conf_map
, const char *name
, int def_val
);
383 bool rgw_conf_get_bool(const map
<string
, string
, ltstr_nocase
>& conf_map
, const char *name
, bool def_val
);
390 int enable_usage_log
;
391 uint8_t defer_to_bucket_acls
;
392 void init(CephContext
*cct
);
397 defer_to_bucket_acls(0) {
402 std::map
<string
, string
, ltstr_nocase
> env_map
;
405 void init(CephContext
*cct
);
406 void init(CephContext
*cct
, char **envp
);
407 void set(std::string name
, std::string val
);
408 const char *get(const char *name
, const char *def_val
= nullptr) const;
409 int get_int(const char *name
, int def_val
= 0) const;
410 bool get_bool(const char *name
, bool def_val
= 0);
411 size_t get_size(const char *name
, size_t def_val
= 0) const;
412 bool exists(const char *name
) const;
413 bool exists_prefix(const char *prefix
) const;
414 void remove(const char *name
);
415 const std::map
<string
, string
, ltstr_nocase
>& get_map() const { return env_map
; }
416 int get_enable_ops_log() const {
417 return conf
.enable_ops_log
;
420 int get_enable_usage_log() const {
421 return conf
.enable_usage_log
;
424 int get_defer_to_bucket_acls() const {
425 return conf
.defer_to_bucket_acls
;
429 // return true if the connection is secure. this either means that the
430 // connection arrived via ssl, or was forwarded as https by a trusted proxy
431 bool rgw_transport_is_secure(CephContext
*cct
, const RGWEnv
& env
);
444 class RGWAccessControlPolicy
;
447 struct RGWAccessKey
{
448 string id
; // AccessKey
449 string key
; // SecretKey
453 RGWAccessKey(std::string _id
, std::string _key
)
454 : id(std::move(_id
)), key(std::move(_key
)) {}
456 void encode(bufferlist
& bl
) const {
457 ENCODE_START(2, 2, bl
);
464 void decode(bufferlist::const_iterator
& bl
) {
465 DECODE_START_LEGACY_COMPAT_LEN_32(2, 2, 2, bl
);
471 void dump(Formatter
*f
) const;
472 void dump_plain(Formatter
*f
) const;
473 void dump(Formatter
*f
, const string
& user
, bool swift
) const;
474 static void generate_test_instances(list
<RGWAccessKey
*>& o
);
476 void decode_json(JSONObj
*obj
);
477 void decode_json(JSONObj
*obj
, bool swift
);
479 WRITE_CLASS_ENCODER(RGWAccessKey
)
485 RGWSubUser() : perm_mask(0) {}
486 void encode(bufferlist
& bl
) const {
487 ENCODE_START(2, 2, bl
);
489 encode(perm_mask
, bl
);
493 void decode(bufferlist::const_iterator
& bl
) {
494 DECODE_START_LEGACY_COMPAT_LEN_32(2, 2, 2, bl
);
496 decode(perm_mask
, bl
);
499 void dump(Formatter
*f
) const;
500 void dump(Formatter
*f
, const string
& user
) const;
501 static void generate_test_instances(list
<RGWSubUser
*>& o
);
503 void decode_json(JSONObj
*obj
);
505 WRITE_CLASS_ENCODER(RGWSubUser
)
509 map
<string
, uint32_t> caps
;
511 int get_cap(const string
& cap
, string
& type
, uint32_t *perm
);
512 int add_cap(const string
& cap
);
513 int remove_cap(const string
& cap
);
515 static int parse_cap_perm(const string
& str
, uint32_t *perm
);
516 int add_from_string(const string
& str
);
517 int remove_from_string(const string
& str
);
519 void encode(bufferlist
& bl
) const {
520 ENCODE_START(1, 1, bl
);
524 void decode(bufferlist::const_iterator
& bl
) {
529 int check_cap(const string
& cap
, uint32_t perm
) const;
530 bool is_valid_cap_type(const string
& tp
);
531 void dump(Formatter
*f
) const;
532 void dump(Formatter
*f
, const char *name
) const;
534 void decode_json(JSONObj
*obj
);
536 WRITE_CLASS_ENCODER(RGWUserCaps
)
538 void encode_json(const char *name
, const obj_version
& v
, Formatter
*f
);
539 void encode_json(const char *name
, const RGWUserCaps
& val
, Formatter
*f
);
541 void decode_json_obj(obj_version
& v
, JSONObj
*obj
);
555 static string RGW_STORAGE_CLASS_STANDARD
= "STANDARD";
557 struct rgw_placement_rule
{
559 std::string storage_class
;
561 rgw_placement_rule() {}
562 rgw_placement_rule(const string
& _n
, const string
& _sc
) : name(_n
), storage_class(_sc
) {}
563 rgw_placement_rule(const rgw_placement_rule
& _r
, const string
& _sc
) : name(_r
.name
) {
567 storage_class
= _r
.storage_class
;
572 return name
.empty() && storage_class
.empty();
575 void inherit_from(const rgw_placement_rule
& r
) {
579 if (storage_class
.empty()) {
580 storage_class
= r
.storage_class
;
586 storage_class
.clear();
589 void init(const string
& n
, const string
& c
) {
594 static const string
& get_canonical_storage_class(const string
& storage_class
) {
595 if (storage_class
.empty()) {
596 return RGW_STORAGE_CLASS_STANDARD
;
598 return storage_class
;
601 const string
& get_storage_class() const {
602 return get_canonical_storage_class(storage_class
);
605 int compare(const rgw_placement_rule
& r
) const {
606 int c
= name
.compare(r
.name
);
610 return get_storage_class().compare(r
.get_storage_class());
613 bool operator==(const rgw_placement_rule
& r
) const {
614 return (name
== r
.name
&&
615 get_storage_class() == r
.get_storage_class());
618 bool operator!=(const rgw_placement_rule
& r
) const {
619 return !(*this == r
);
622 void encode(bufferlist
& bl
) const {
623 /* no ENCODE_START/END due to backward compatibility */
624 std::string s
= to_str();
628 void decode(bufferlist::const_iterator
& bl
) {
634 std::string
to_str() const {
635 if (standard_storage_class()) {
638 return to_str_explicit();
641 std::string
to_str_explicit() const {
642 return name
+ "/" + storage_class
;
645 void from_str(const std::string
& s
) {
646 size_t pos
= s
.find("/");
647 if (pos
== std::string::npos
) {
649 storage_class
.clear();
652 name
= s
.substr(0, pos
);
653 storage_class
= s
.substr(pos
+ 1);
656 bool standard_storage_class() const {
657 return storage_class
.empty() || storage_class
== RGW_STORAGE_CLASS_STANDARD
;
660 WRITE_CLASS_ENCODER(rgw_placement_rule
)
662 void encode_json(const char *name
, const rgw_placement_rule
& val
, ceph::Formatter
*f
);
663 void decode_json_obj(rgw_placement_rule
& v
, JSONObj
*obj
);
665 inline ostream
& operator<<(ostream
& out
, const rgw_placement_rule
& rule
) {
666 return out
<< rule
.to_str();
673 map
<string
, RGWAccessKey
> access_keys
;
674 map
<string
, RGWAccessKey
> swift_keys
;
675 map
<string
, RGWSubUser
> subusers
;
682 rgw_placement_rule default_placement
;
683 list
<string
> placement_tags
;
684 RGWQuotaInfo bucket_quota
;
685 map
<int, string
> temp_url_keys
;
686 RGWQuotaInfo user_quota
;
689 string assumed_role_arn
;
693 max_buckets(RGW_DEFAULT_MAX_BUCKETS
),
694 op_mask(RGW_OP_TYPE_ALL
),
700 RGWAccessKey
* get_key(const string
& access_key
) {
701 if (access_keys
.empty())
704 auto k
= access_keys
.find(access_key
);
705 if (k
== access_keys
.end())
711 void encode(bufferlist
& bl
) const {
712 ENCODE_START(22, 9, bl
);
713 encode((uint64_t)0, bl
); // old auid
716 if (!access_keys
.empty()) {
717 map
<string
, RGWAccessKey
>::const_iterator iter
= access_keys
.begin();
718 const RGWAccessKey
& k
= iter
->second
;
722 encode(access_key
, bl
);
723 encode(secret_key
, bl
);
724 encode(display_name
, bl
);
725 encode(user_email
, bl
);
728 if (!swift_keys
.empty()) {
729 map
<string
, RGWAccessKey
>::const_iterator iter
= swift_keys
.begin();
730 const RGWAccessKey
& k
= iter
->second
;
734 encode(swift_name
, bl
);
735 encode(swift_key
, bl
);
736 encode(user_id
.id
, bl
);
737 encode(access_keys
, bl
);
738 encode(subusers
, bl
);
739 encode(suspended
, bl
);
740 encode(swift_keys
, bl
);
741 encode(max_buckets
, bl
);
745 encode(default_placement
, bl
);
746 encode(placement_tags
, bl
);
747 encode(bucket_quota
, bl
);
748 encode(temp_url_keys
, bl
);
749 encode(user_quota
, bl
);
750 encode(user_id
.tenant
, bl
);
754 encode(assumed_role_arn
, bl
);
755 encode(user_id
.ns
, bl
);
758 void decode(bufferlist::const_iterator
& bl
) {
759 DECODE_START_LEGACY_COMPAT_LEN_32(22, 9, 9, bl
);
762 decode(old_auid
, bl
);
766 decode(access_key
, bl
);
767 decode(secret_key
, bl
);
772 access_keys
[access_key
] = k
;
774 decode(display_name
, bl
);
775 decode(user_email
, bl
);
776 /* We populate swift_keys map later nowadays, but we have to decode. */
779 if (struct_v
>= 3) decode(swift_name
, bl
);
780 if (struct_v
>= 4) decode(swift_key
, bl
);
782 decode(user_id
.id
, bl
);
784 user_id
.id
= access_key
;
786 decode(access_keys
, bl
);
787 decode(subusers
, bl
);
791 decode(suspended
, bl
);
794 decode(swift_keys
, bl
);
796 if (struct_v
>= 10) {
797 decode(max_buckets
, bl
);
799 max_buckets
= RGW_DEFAULT_MAX_BUCKETS
;
801 if (struct_v
>= 11) {
804 if (struct_v
>= 12) {
807 op_mask
= RGW_OP_TYPE_ALL
;
809 if (struct_v
>= 13) {
811 decode(default_placement
, bl
);
812 decode(placement_tags
, bl
); /* tags of allowed placement rules */
814 if (struct_v
>= 14) {
815 decode(bucket_quota
, bl
);
817 if (struct_v
>= 15) {
818 decode(temp_url_keys
, bl
);
820 if (struct_v
>= 16) {
821 decode(user_quota
, bl
);
823 if (struct_v
>= 17) {
824 decode(user_id
.tenant
, bl
);
826 user_id
.tenant
.clear();
828 if (struct_v
>= 18) {
831 if (struct_v
>= 19) {
834 if (struct_v
>= 20) {
837 if (struct_v
>= 21) {
838 decode(assumed_role_arn
, bl
);
840 if (struct_v
>= 22) {
841 decode(user_id
.ns
, bl
);
847 void dump(Formatter
*f
) const;
848 static void generate_test_instances(list
<RGWUserInfo
*>& o
);
850 void decode_json(JSONObj
*obj
);
852 WRITE_CLASS_ENCODER(RGWUserInfo
)
860 rgw_raw_obj(const rgw_pool
& _pool
, const std::string
& _oid
) {
863 rgw_raw_obj(const rgw_pool
& _pool
, const std::string
& _oid
, const string
& _loc
) : loc(_loc
) {
867 void init(const rgw_pool
& _pool
, const std::string
& _oid
) {
876 void encode(bufferlist
& bl
) const {
877 ENCODE_START(6, 6, bl
);
884 void decode_from_rgw_obj(bufferlist::const_iterator
& bl
);
886 void decode(bufferlist::const_iterator
& bl
) {
887 unsigned ofs
= bl
.get_off();
891 * this object was encoded as rgw_obj, prior to rgw_raw_obj been split out of it,
892 * let's decode it as rgw_obj and convert it
895 decode_from_rgw_obj(bl
);
904 bool operator<(const rgw_raw_obj
& o
) const {
905 int r
= pool
.compare(o
.pool
);
907 r
= oid
.compare(o
.oid
);
909 r
= loc
.compare(o
.loc
);
915 bool operator==(const rgw_raw_obj
& o
) const {
916 return (pool
== o
.pool
&& oid
== o
.oid
&& loc
== o
.loc
);
919 void dump(Formatter
*f
) const;
920 void decode_json(JSONObj
*obj
);
922 WRITE_CLASS_ENCODER(rgw_raw_obj
)
924 inline ostream
& operator<<(ostream
& out
, const rgw_raw_obj
& o
) {
925 out
<< o
.pool
<< ":" << o
.oid
;
929 struct rgw_bucket_placement
{
930 rgw_placement_rule placement_rule
;
933 void dump(Formatter
*f
) const;
936 struct RGWObjVersionTracker
{
937 obj_version read_version
;
938 obj_version write_version
;
940 obj_version
*version_for_read() {
941 return &read_version
;
944 obj_version
*version_for_write() {
945 if (write_version
.ver
== 0)
948 return &write_version
;
951 obj_version
*version_for_check() {
952 if (read_version
.ver
== 0)
955 return &read_version
;
958 void prepare_op_for_read(librados::ObjectReadOperation
*op
);
959 void prepare_op_for_write(librados::ObjectWriteOperation
*op
);
964 read_version
= obj_version();
965 write_version
= obj_version();
968 void generate_new_write_ver(CephContext
*cct
);
971 inline ostream
& operator<<(ostream
& out
, const obj_version
&v
)
973 out
<< v
.tag
<< ":" << v
.ver
;
977 inline ostream
& operator<<(ostream
& out
, const RGWObjVersionTracker
&ot
)
979 out
<< "{r=" << ot
.read_version
<< ",w=" << ot
.write_version
<< "}";
983 enum RGWBucketFlags
{
984 BUCKET_SUSPENDED
= 0x1,
985 BUCKET_VERSIONED
= 0x2,
986 BUCKET_VERSIONS_SUSPENDED
= 0x4,
987 BUCKET_DATASYNC_DISABLED
= 0X8,
988 BUCKET_MFA_ENABLED
= 0X10,
989 BUCKET_OBJ_LOCK_ENABLED
= 0X20,
994 struct RGWBucketInfo
{
999 ceph::real_time creation_time
;
1000 rgw_placement_rule placement_rule
;
1001 bool has_instance_obj
{false};
1002 RGWObjVersionTracker objv_tracker
; /* we don't need to serialize this, for runtime tracking */
1005 // layout of bucket index objects
1006 rgw::BucketLayout layout
;
1008 // Represents the number of bucket index object shards:
1009 // - value of 0 indicates there is no sharding (this is by default
1010 // before this feature is implemented).
1011 // - value of UINT32_T::MAX indicates this is a blind bucket.
1013 // Represents the shard number for blind bucket.
1014 const static uint32_t NUM_SHARDS_BLIND_BUCKET
;
1016 bool requester_pays
{false};
1018 bool has_website
{false};
1019 RGWBucketWebsiteConf website_conf
;
1021 bool swift_versioning
{false};
1022 string swift_ver_location
;
1024 map
<string
, uint32_t> mdsearch_config
;
1027 cls_rgw_reshard_status reshard_status
{cls_rgw_reshard_status::NOT_RESHARDING
};
1028 string new_bucket_instance_id
;
1030 RGWObjectLock obj_lock
;
1032 std::optional
<rgw_sync_policy_info
> sync_policy
;
1034 void encode(bufferlist
& bl
) const;
1035 void decode(bufferlist::const_iterator
& bl
);
1037 void dump(Formatter
*f
) const;
1038 static void generate_test_instances(list
<RGWBucketInfo
*>& o
);
1040 void decode_json(JSONObj
*obj
);
1042 bool versioned() const { return (flags
& BUCKET_VERSIONED
) != 0; }
1043 int versioning_status() const { return flags
& (BUCKET_VERSIONED
| BUCKET_VERSIONS_SUSPENDED
| BUCKET_MFA_ENABLED
); }
1044 bool versioning_enabled() const { return (versioning_status() & (BUCKET_VERSIONED
| BUCKET_VERSIONS_SUSPENDED
)) == BUCKET_VERSIONED
; }
1045 bool mfa_enabled() const { return (versioning_status() & BUCKET_MFA_ENABLED
) != 0; }
1046 bool datasync_flag_enabled() const { return (flags
& BUCKET_DATASYNC_DISABLED
) == 0; }
1047 bool obj_lock_enabled() const { return (flags
& BUCKET_OBJ_LOCK_ENABLED
) != 0; }
1049 bool has_swift_versioning() const {
1050 /* A bucket may be versioned through one mechanism only. */
1051 return swift_versioning
&& !versioned();
1054 void set_sync_policy(rgw_sync_policy_info
&& policy
);
1056 bool empty_sync_policy() const;
1061 WRITE_CLASS_ENCODER(RGWBucketInfo
)
1063 struct RGWBucketEntryPoint
1067 ceph::real_time creation_time
;
1070 bool has_bucket_info
;
1071 RGWBucketInfo old_bucket_info
;
1073 RGWBucketEntryPoint() : linked(false), has_bucket_info(false) {}
1075 void encode(bufferlist
& bl
) const {
1076 ENCODE_START(10, 8, bl
);
1078 encode(owner
.id
, bl
);
1080 uint64_t ctime
= (uint64_t)real_clock::to_time_t(creation_time
);
1083 encode(creation_time
, bl
);
1086 void decode(bufferlist::const_iterator
& bl
) {
1087 auto orig_iter
= bl
;
1088 DECODE_START_LEGACY_COMPAT_LEN_32(10, 4, 4, bl
);
1090 /* ouch, old entry, contains the bucket info itself */
1091 old_bucket_info
.decode(orig_iter
);
1092 has_bucket_info
= true;
1095 has_bucket_info
= false;
1097 decode(owner
.id
, bl
);
1101 if (struct_v
< 10) {
1102 creation_time
= real_clock::from_time_t((time_t)ctime
);
1104 if (struct_v
>= 9) {
1107 if (struct_v
>= 10) {
1108 decode(creation_time
, bl
);
1113 void dump(Formatter
*f
) const;
1114 void decode_json(JSONObj
*obj
);
1115 static void generate_test_instances(list
<RGWBucketEntryPoint
*>& o
);
1117 WRITE_CLASS_ENCODER(RGWBucketEntryPoint
)
1119 struct RGWStorageStats
1121 RGWObjCategory category
;
1123 uint64_t size_rounded
;
1124 uint64_t size_utilized
{0}; //< size after compression, encryption
1125 uint64_t num_objects
;
1128 : category(RGWObjCategory::None
),
1133 void dump(Formatter
*f
) const;
1138 /* Namespaced forward declarations. */
1142 class AWSBrowserUploadAbstractor
;
1152 using meta_map_t
= boost::container::flat_map
<std::string
, std::string
>;
1157 meta_map_t x_meta_map
;
1163 string request_uri_aws4
;
1164 string effective_uri
;
1165 string request_params
;
1167 string storage_class
;
1169 req_info(CephContext
*cct
, const RGWEnv
*env
);
1170 void rebuild_from(req_info
& src
);
1171 void init_meta_info(const DoutPrefixProvider
*dpp
, bool *found_bad_meta
);
1174 typedef cls_rgw_obj_key rgw_obj_index_key
;
1176 struct rgw_obj_key
{
1182 // cppcheck-suppress noExplicitConstructor
1183 rgw_obj_key(const string
& n
) : name(n
) {}
1184 rgw_obj_key(const string
& n
, const string
& i
) : name(n
), instance(i
) {}
1185 rgw_obj_key(const string
& n
, const string
& i
, const string
& _ns
) : name(n
), instance(i
), ns(_ns
) {}
1187 rgw_obj_key(const rgw_obj_index_key
& k
) {
1188 parse_index_key(k
.name
, &name
, &ns
);
1189 instance
= k
.instance
;
1192 static void parse_index_key(const string
& key
, string
*name
, string
*ns
) {
1193 if (key
[0] != '_') {
1198 if (key
[1] == '_') {
1199 *name
= key
.substr(1);
1203 ssize_t pos
= key
.find('_', 1);
1205 /* shouldn't happen, just use key */
1211 *name
= key
.substr(pos
+ 1);
1212 *ns
= key
.substr(1, pos
-1);
1215 void set(const string
& n
) {
1221 void set(const string
& n
, const string
& i
) {
1227 void set(const string
& n
, const string
& i
, const string
& _ns
) {
1233 bool set(const rgw_obj_index_key
& index_key
) {
1234 if (!parse_raw_oid(index_key
.name
, this)) {
1237 instance
= index_key
.instance
;
1241 void set_instance(const string
& i
) {
1245 const string
& get_instance() const {
1249 void set_ns(const std::string
& _ns
) {
1253 const std::string
& get_ns() const {
1257 string
get_index_key_name() const {
1259 if (name
.size() < 1 || name
[0] != '_') {
1262 return string("_") + name
;
1265 char buf
[ns
.size() + 16];
1266 snprintf(buf
, sizeof(buf
), "_%s_", ns
.c_str());
1267 return string(buf
) + name
;
1270 void get_index_key(rgw_obj_index_key
*key
) const {
1271 key
->name
= get_index_key_name();
1272 key
->instance
= instance
;
1275 string
get_loc() const {
1277 * For backward compatibility. Older versions used to have object locator on all objects,
1278 * however, the name was the effective object locator. This had the same effect as not
1279 * having object locator at all for most objects but the ones that started with underscore as
1280 * these were escaped.
1282 if (name
[0] == '_' && ns
.empty()) {
1289 bool empty() const {
1290 return name
.empty();
1293 bool have_null_instance() const {
1294 return instance
== "null";
1297 bool have_instance() const {
1298 return !instance
.empty();
1301 bool need_to_encode_instance() const {
1302 return have_instance() && !have_null_instance();
1305 string
get_oid() const {
1306 if (ns
.empty() && !need_to_encode_instance()) {
1307 if (name
.size() < 1 || name
[0] != '_') {
1310 return string("_") + name
;
1315 if (need_to_encode_instance()) {
1316 oid
.append(string(":") + instance
);
1323 bool operator==(const rgw_obj_key
& k
) const {
1324 return (name
.compare(k
.name
) == 0) &&
1325 (instance
.compare(k
.instance
) == 0);
1328 bool operator<(const rgw_obj_key
& k
) const {
1329 int r
= name
.compare(k
.name
);
1331 r
= instance
.compare(k
.instance
);
1336 bool operator<=(const rgw_obj_key
& k
) const {
1337 return !(k
< *this);
1340 static void parse_ns_field(string
& ns
, string
& instance
) {
1341 int pos
= ns
.find(':');
1343 instance
= ns
.substr(pos
+ 1);
1344 ns
= ns
.substr(0, pos
);
1350 // takes an oid and parses out the namespace (ns), name, and
1352 static bool parse_raw_oid(const string
& oid
, rgw_obj_key
*key
) {
1353 key
->instance
.clear();
1355 if (oid
[0] != '_') {
1360 if (oid
.size() >= 2 && oid
[1] == '_') {
1361 key
->name
= oid
.substr(1);
1365 if (oid
.size() < 3) // for namespace, min size would be 3: _x_
1368 size_t pos
= oid
.find('_', 2); // oid must match ^_[^_].+$
1369 if (pos
== string::npos
)
1372 key
->ns
= oid
.substr(1, pos
- 1);
1373 parse_ns_field(key
->ns
, key
->instance
);
1375 key
->name
= oid
.substr(pos
+ 1);
1380 * Translate a namespace-mangled object name to the user-facing name
1381 * existing in the given namespace.
1383 * If the object is part of the given namespace, it returns true
1384 * and cuts down the name to the unmangled version. If it is not
1385 * part of the given namespace, it returns false.
1387 static bool oid_to_key_in_ns(const string
& oid
, rgw_obj_key
*key
, const string
& ns
) {
1388 bool ret
= parse_raw_oid(oid
, key
);
1393 return (ns
== key
->ns
);
1397 * Given a mangled object name and an empty namespace string, this
1398 * function extracts the namespace into the string and sets the object
1399 * name to be the unmangled version.
1401 * It returns true after successfully doing so, or
1402 * false if it fails.
1404 static bool strip_namespace_from_name(string
& name
, string
& ns
, string
& instance
) {
1407 if (name
[0] != '_') {
1411 size_t pos
= name
.find('_', 1);
1412 if (pos
== string::npos
) {
1416 if (name
[1] == '_') {
1417 name
= name
.substr(1);
1421 size_t period_pos
= name
.find('.');
1422 if (period_pos
< pos
) {
1426 ns
= name
.substr(1, pos
-1);
1427 name
= name
.substr(pos
+1, string::npos
);
1429 parse_ns_field(ns
, instance
);
1433 void encode(bufferlist
& bl
) const {
1434 ENCODE_START(2, 1, bl
);
1436 encode(instance
, bl
);
1440 void decode(bufferlist::const_iterator
& bl
) {
1441 DECODE_START(2, bl
);
1443 decode(instance
, bl
);
1444 if (struct_v
>= 2) {
1449 void dump(Formatter
*f
) const;
1450 void decode_json(JSONObj
*obj
);
1452 string
to_str() const {
1453 if (instance
.empty()) {
1456 char buf
[name
.size() + instance
.size() + 16];
1457 snprintf(buf
, sizeof(buf
), "%s[%s]", name
.c_str(), instance
.c_str());
1461 WRITE_CLASS_ENCODER(rgw_obj_key
)
1463 inline ostream
& operator<<(ostream
& out
, const rgw_obj_key
&o
) {
1464 return out
<< o
.to_str();
1467 inline ostream
& operator<<(ostream
& out
, const rgw_obj_index_key
&o
) {
1468 if (o
.instance
.empty()) {
1469 return out
<< o
.name
;
1471 return out
<< o
.name
<< "[" << o
.instance
<< "]";
1475 struct req_init_state
{
1476 /* Keeps [[tenant]:]bucket until we parse the token. */
1481 #include "rgw_auth.h"
1484 class RGWSysObjectCtx
;
1486 /** Store all the state necessary to complete and respond to an HTTP request*/
1487 struct req_state
: DoutPrefixProvider
{
1489 rgw::io::BasicClient
*cio
{nullptr};
1490 http_op op
{OP_UNKNOWN
};
1491 RGWOpType op_type
{};
1492 bool content_started
{false};
1494 ceph::Formatter
*formatter
{nullptr};
1496 string relative_uri
;
1497 const char *length
{nullptr};
1498 int64_t content_length
{0};
1499 map
<string
, string
> generic_attrs
;
1501 bool expect_cont
{false};
1502 uint64_t obj_size
{0};
1503 bool enable_ops_log
;
1504 bool enable_usage_log
;
1505 uint8_t defer_to_bucket_acls
;
1506 uint32_t perm_mask
{0};
1508 /* Set once when url_bucket is parsed and not violated thereafter. */
1509 string account_name
;
1511 string bucket_tenant
;
1514 std::unique_ptr
<rgw::sal::RGWBucket
> bucket
;
1515 std::unique_ptr
<rgw::sal::RGWObject
> object
;
1516 string src_tenant_name
;
1517 string src_bucket_name
;
1518 std::unique_ptr
<rgw::sal::RGWObject
> src_object
;
1519 ACLOwner bucket_owner
;
1522 string zonegroup_name
;
1523 string zonegroup_endpoint
;
1524 string bucket_instance_id
;
1525 int bucket_instance_shard_id
{-1};
1526 string redirect_zone_endpoint
;
1530 real_time bucket_mtime
;
1531 std::map
<std::string
, ceph::bufferlist
> bucket_attrs
;
1532 bool bucket_exists
{false};
1533 rgw_placement_rule dest_placement
;
1535 bool has_bad_meta
{false};
1537 std::unique_ptr
<rgw::sal::RGWUser
> user
;
1540 /* TODO(rzarzynski): switch out to the static_ptr for both members. */
1542 /* Object having the knowledge about an authenticated identity and allowing
1543 * to apply it during the authorization phase (verify_permission() methods
1544 * of a given RGWOp). Thus, it bounds authentication and authorization steps
1545 * through a well-defined interface. For more details, see rgw_auth.h. */
1546 std::unique_ptr
<rgw::auth::Identity
> identity
;
1548 std::shared_ptr
<rgw::auth::Completer
> completer
;
1550 /* A container for credentials of the S3's browser upload. It's necessary
1551 * because: 1) the ::authenticate() method of auth engines and strategies
1552 * take req_state only; 2) auth strategies live much longer than RGWOps -
1553 * there is no way to pass additional data dependencies through ctors. */
1556 friend class RGWPostObj_ObjStore_S3
;
1558 friend class rgw::auth::s3::AWSBrowserUploadAbstractor
;
1559 friend class rgw::auth::s3::STSEngine
;
1561 std::string access_key
;
1562 std::string signature
;
1563 std::string x_amz_algorithm
;
1564 std::string x_amz_credential
;
1565 std::string x_amz_date
;
1566 std::string x_amz_security_token
;
1567 ceph::bufferlist encoded_policy
;
1571 std::unique_ptr
<RGWAccessControlPolicy
> user_acl
;
1572 std::unique_ptr
<RGWAccessControlPolicy
> bucket_acl
;
1573 std::unique_ptr
<RGWAccessControlPolicy
> object_acl
;
1575 rgw::IAM::Environment env
;
1576 boost::optional
<rgw::IAM::Policy
> iam_policy
;
1577 boost::optional
<PublicAccessBlockConfiguration
> bucket_access_conf
;
1578 vector
<rgw::IAM::Policy
> iam_user_policies
;
1580 /* Is the request made by an user marked as a system one?
1581 * Being system user means we also have the admin status. */
1582 bool system_request
{false};
1585 bool has_acl_header
{false};
1586 bool local_source
{false}; /* source is local */
1590 /* Content-Disposition override for TempURL of Swift API. */
1599 req_init_state init_state
;
1601 using Clock
= ceph::coarse_real_clock
;
1602 Clock::time_point time
;
1604 Clock::duration
time_elapsed() const { return Clock::now() - time
; }
1606 RGWObjectCtx
*obj_ctx
{nullptr};
1607 RGWSysObjectCtx
*sysobj_ctx
{nullptr};
1615 bool mfa_verified
{false};
1617 /// optional coroutine context
1618 optional_yield yield
{null_yield
};
1620 //token claims from STS token for ops log (can be used for Keystone token also)
1621 std::vector
<string
> token_claims
;
1623 vector
<rgw::IAM::Policy
> session_policies
;
1625 req_state(CephContext
* _cct
, RGWEnv
* e
, uint64_t id
);
1629 void set_user(std::unique_ptr
<rgw::sal::RGWUser
>& u
) { user
.swap(u
); }
1630 bool is_err() const { return err
.is_err(); }
1632 // implements DoutPrefixProvider
1633 std::ostream
& gen_prefix(std::ostream
& out
) const override
;
1634 CephContext
* get_cct() const override
{ return cct
; }
1635 unsigned get_subsys() const override
{ return ceph_subsys_rgw
; }
1638 void set_req_state_err(struct req_state
*, int);
1639 void set_req_state_err(struct req_state
*, int, const string
&);
1640 void set_req_state_err(struct rgw_err
&, int, const int);
1641 void dump(struct req_state
*);
1643 /** Store basic data on bucket */
1644 struct RGWBucketEnt
{
1647 size_t size_rounded
;
1648 ceph::real_time creation_time
;
1651 /* The placement_rule is necessary to calculate per-storage-policy statics
1652 * of the Swift API. Although the info available in RGWBucketInfo, we need
1653 * to duplicate it here to not affect the performance of buckets listing. */
1654 rgw_placement_rule placement_rule
;
1661 RGWBucketEnt(const RGWBucketEnt
&) = default;
1662 RGWBucketEnt(RGWBucketEnt
&&) = default;
1663 explicit RGWBucketEnt(const rgw_user
& u
, cls_user_bucket_entry
&& e
)
1664 : bucket(u
, std::move(e
.bucket
)),
1666 size_rounded(e
.size_rounded
),
1667 creation_time(e
.creation_time
),
1671 RGWBucketEnt
& operator=(const RGWBucketEnt
&) = default;
1673 void convert(cls_user_bucket_entry
*b
) const {
1674 bucket
.convert(&b
->bucket
);
1676 b
->size_rounded
= size_rounded
;
1677 b
->creation_time
= creation_time
;
1681 void encode(bufferlist
& bl
) const {
1682 ENCODE_START(7, 5, bl
);
1684 __u32 mt
= ceph::real_clock::to_time_t(creation_time
);
1685 string empty_str
; // originally had the bucket name here, but we encode bucket later
1686 encode(empty_str
, bl
);
1693 encode(creation_time
, bl
);
1694 encode(placement_rule
, bl
);
1697 void decode(bufferlist::const_iterator
& bl
) {
1698 DECODE_START_LEGACY_COMPAT_LEN(7, 5, 5, bl
);
1701 string empty_str
; // backward compatibility
1702 decode(empty_str
, bl
);
1707 creation_time
= ceph::real_clock::from_time_t(mt
);
1717 decode(creation_time
, bl
);
1719 decode(placement_rule
, bl
);
1722 void dump(Formatter
*f
) const;
1723 static void generate_test_instances(list
<RGWBucketEnt
*>& o
);
1725 WRITE_CLASS_ENCODER(RGWBucketEnt
)
1731 bool in_extra_data
{false}; /* in-memory only member, does not serialize */
1733 // Represents the hash index source for this object once it is set (non-empty)
1734 std::string index_hash_source
;
1737 rgw_obj(const rgw_bucket
& b
, const std::string
& name
) : bucket(b
), key(name
) {}
1738 rgw_obj(const rgw_bucket
& b
, const rgw_obj_key
& k
) : bucket(b
), key(k
) {}
1739 rgw_obj(const rgw_bucket
& b
, const rgw_obj_index_key
& k
) : bucket(b
), key(k
) {}
1741 void init(const rgw_bucket
& b
, const std::string
& name
) {
1745 void init(const rgw_bucket
& b
, const std::string
& name
, const string
& i
, const string
& n
) {
1747 key
.set(name
, i
, n
);
1749 void init_ns(const rgw_bucket
& b
, const std::string
& name
, const string
& n
) {
1752 key
.instance
.clear();
1756 bool empty() const {
1760 void set_key(const rgw_obj_key
& k
) {
1764 string
get_oid() const {
1765 return key
.get_oid();
1768 const string
& get_hash_object() const {
1769 return index_hash_source
.empty() ? key
.name
: index_hash_source
;
1772 void set_in_extra_data(bool val
) {
1773 in_extra_data
= val
;
1776 bool is_in_extra_data() const {
1777 return in_extra_data
;
1780 void encode(bufferlist
& bl
) const {
1781 ENCODE_START(6, 6, bl
);
1784 encode(key
.name
, bl
);
1785 encode(key
.instance
, bl
);
1786 // encode(placement_id, bl);
1789 void decode(bufferlist::const_iterator
& bl
) {
1790 DECODE_START_LEGACY_COMPAT_LEN(6, 3, 3, bl
);
1793 decode(bucket
.name
, bl
); /* bucket.name */
1794 decode(s
, bl
); /* loc */
1796 decode(key
.name
, bl
);
1800 decode(key
.instance
, bl
);
1801 if (key
.ns
.empty() && key
.instance
.empty()) {
1802 if (key
.name
[0] == '_') {
1803 key
.name
= key
.name
.substr(1);
1806 if (struct_v
>= 5) {
1807 decode(key
.name
, bl
);
1809 ssize_t pos
= key
.name
.find('_', 1);
1811 throw buffer::malformed_input();
1813 key
.name
= key
.name
.substr(pos
+ 1);
1819 decode(key
.name
, bl
);
1820 decode(key
.instance
, bl
);
1821 // decode(placement_id, bl);
1825 void dump(Formatter
*f
) const;
1826 static void generate_test_instances(list
<rgw_obj
*>& o
);
1828 bool operator==(const rgw_obj
& o
) const {
1829 return (key
== o
.key
) &&
1830 (bucket
== o
.bucket
);
1832 bool operator<(const rgw_obj
& o
) const {
1833 int r
= key
.name
.compare(o
.key
.name
);
1835 r
= bucket
.bucket_id
.compare(o
.bucket
.bucket_id
); /* not comparing bucket.name, if bucket_id is equal so will be bucket.name */
1837 r
= key
.ns
.compare(o
.key
.ns
);
1839 r
= key
.instance
.compare(o
.key
.instance
);
1847 const rgw_pool
& get_explicit_data_pool() {
1848 if (!in_extra_data
|| bucket
.explicit_placement
.data_extra_pool
.empty()) {
1849 return bucket
.explicit_placement
.data_pool
;
1851 return bucket
.explicit_placement
.data_extra_pool
;
1854 WRITE_CLASS_ENCODER(rgw_obj
)
1856 struct rgw_cache_entry_info
{
1857 string cache_locator
;
1860 rgw_cache_entry_info() : gen(0) {}
1863 inline ostream
& operator<<(ostream
& out
, const rgw_obj
&o
) {
1864 return out
<< o
.bucket
.name
<< ":" << o
.get_oid();
1867 static inline void buf_to_hex(const unsigned char* const buf
,
1872 for (size_t i
= 0; i
< len
; i
++) {
1873 ::sprintf(&str
[i
*2], "%02x", static_cast<int>(buf
[i
]));
1877 template<size_t N
> static inline std::array
<char, N
* 2 + 1>
1878 buf_to_hex(const std::array
<unsigned char, N
>& buf
)
1880 static_assert(N
> 0, "The input array must be at least one element long");
1882 std::array
<char, N
* 2 + 1> hex_dest
;
1883 buf_to_hex(buf
.data(), N
, hex_dest
.data());
1887 static inline int hexdigit(char c
)
1889 if (c
>= '0' && c
<= '9')
1892 if (c
>= 'A' && c
<= 'F')
1893 return c
- 'A' + 0xa;
1897 static inline int hex_to_buf(const char *hex
, char *buf
, int len
)
1900 const char *p
= hex
;
1905 int d
= hexdigit(*p
);
1922 static inline int rgw_str_to_bool(const char *s
, int def_val
)
1927 return (strcasecmp(s
, "true") == 0 ||
1928 strcasecmp(s
, "on") == 0 ||
1929 strcasecmp(s
, "yes") == 0 ||
1930 strcasecmp(s
, "1") == 0);
1933 static inline void append_rand_alpha(CephContext
*cct
, const string
& src
, string
& dest
, int len
)
1937 gen_rand_alphanumeric(cct
, buf
, len
);
1942 static inline const char *rgw_obj_category_name(RGWObjCategory category
)
1945 case RGWObjCategory::None
:
1947 case RGWObjCategory::Main
:
1949 case RGWObjCategory::Shadow
:
1950 return "rgw.shadow";
1951 case RGWObjCategory::MultiMeta
:
1952 return "rgw.multimeta";
1958 static inline uint64_t rgw_rounded_kb(uint64_t bytes
)
1960 return (bytes
+ 1023) / 1024;
1963 static inline uint64_t rgw_rounded_objsize(uint64_t bytes
)
1965 return ((bytes
+ 4095) & ~4095);
1968 static inline uint64_t rgw_rounded_objsize_kb(uint64_t bytes
)
1970 return ((bytes
+ 4095) & ~4095) / 1024;
1973 /* implement combining step, S3 header canonicalization; k is a
1974 * valid header and in lc form */
1975 void rgw_add_amz_meta_header(
1976 meta_map_t
& x_meta_map
,
1977 const std::string
& k
,
1978 const std::string
& v
);
1980 extern string
rgw_string_unquote(const string
& s
);
1981 extern void parse_csv_string(const string
& ival
, vector
<string
>& ovals
);
1982 extern int parse_key_value(string
& in_str
, string
& key
, string
& val
);
1983 extern int parse_key_value(string
& in_str
, const char *delim
, string
& key
, string
& val
);
1985 extern boost::optional
<std::pair
<std::string_view
, std::string_view
>>
1986 parse_key_value(const std::string_view
& in_str
,
1987 const std::string_view
& delim
);
1988 extern boost::optional
<std::pair
<std::string_view
, std::string_view
>>
1989 parse_key_value(const std::string_view
& in_str
);
1993 extern int parse_time(const char *time_str
, real_time
*time
);
1994 extern bool parse_rfc2616(const char *s
, struct tm
*t
);
1995 extern bool parse_iso8601(const char *s
, struct tm
*t
, uint32_t *pns
= NULL
, bool extended_format
= true);
1996 extern string
rgw_trim_whitespace(const string
& src
);
1997 extern std::string_view
rgw_trim_whitespace(const std::string_view
& src
);
1998 extern string
rgw_trim_quotes(const string
& val
);
2000 extern void rgw_to_iso8601(const real_time
& t
, char *dest
, int buf_size
);
2001 extern void rgw_to_iso8601(const real_time
& t
, string
*dest
);
2002 extern std::string
rgw_to_asctime(const utime_t
& t
);
2004 struct perm_state_base
{
2006 const rgw::IAM::Environment
& env
;
2007 rgw::auth::Identity
*identity
;
2008 const RGWBucketInfo bucket_info
;
2010 bool defer_to_bucket_acls
;
2011 boost::optional
<PublicAccessBlockConfiguration
> bucket_access_conf
;
2013 perm_state_base(CephContext
*_cct
,
2014 const rgw::IAM::Environment
& _env
,
2015 rgw::auth::Identity
*_identity
,
2016 const RGWBucketInfo
& _bucket_info
,
2018 bool _defer_to_bucket_acls
,
2019 boost::optional
<PublicAccessBlockConfiguration
> _bucket_acess_conf
= boost::none
) :
2022 identity(_identity
),
2023 bucket_info(_bucket_info
),
2024 perm_mask(_perm_mask
),
2025 defer_to_bucket_acls(_defer_to_bucket_acls
),
2026 bucket_access_conf(_bucket_acess_conf
)
2029 virtual ~perm_state_base() {}
2031 virtual const char *get_referer() const = 0;
2032 virtual std::optional
<bool> get_request_payer() const = 0; /*
2033 * empty state means that request_payer param was not passed in
2038 struct perm_state
: public perm_state_base
{
2039 const char *referer
;
2042 perm_state(CephContext
*_cct
,
2043 const rgw::IAM::Environment
& _env
,
2044 rgw::auth::Identity
*_identity
,
2045 const RGWBucketInfo
& _bucket_info
,
2047 bool _defer_to_bucket_acls
,
2048 const char *_referer
,
2049 bool _request_payer
) : perm_state_base(_cct
,
2054 _defer_to_bucket_acls
),
2056 request_payer(_request_payer
) {}
2058 const char *get_referer() const override
{
2062 std::optional
<bool> get_request_payer() const override
{
2063 return request_payer
;
2067 /** Check if the req_state's user has the necessary permissions
2068 * to do the requested action */
2069 bool verify_bucket_permission_no_policy(
2070 const DoutPrefixProvider
* dpp
,
2071 struct perm_state_base
* const s
,
2072 RGWAccessControlPolicy
* const user_acl
,
2073 RGWAccessControlPolicy
* const bucket_acl
,
2076 bool verify_user_permission_no_policy(const DoutPrefixProvider
* dpp
,
2077 struct perm_state_base
* const s
,
2078 RGWAccessControlPolicy
* const user_acl
,
2081 bool verify_object_permission_no_policy(const DoutPrefixProvider
* dpp
,
2082 struct perm_state_base
* const s
,
2083 RGWAccessControlPolicy
* const user_acl
,
2084 RGWAccessControlPolicy
* const bucket_acl
,
2085 RGWAccessControlPolicy
* const object_acl
,
2088 /** Check if the req_state's user has the necessary permissions
2089 * to do the requested action */
2090 rgw::IAM::Effect
eval_identity_or_session_policies(const vector
<rgw::IAM::Policy
>& user_policies
,
2091 const rgw::IAM::Environment
& env
,
2092 boost::optional
<const rgw::auth::Identity
&> id
,
2094 const rgw::ARN
& arn
);
2095 bool verify_user_permission(const DoutPrefixProvider
* dpp
,
2096 struct req_state
* const s
,
2097 RGWAccessControlPolicy
* const user_acl
,
2098 const vector
<rgw::IAM::Policy
>& user_policies
,
2099 const rgw::ARN
& res
,
2101 bool verify_user_permission_no_policy(const DoutPrefixProvider
* dpp
,
2102 struct req_state
* const s
,
2103 RGWAccessControlPolicy
* const user_acl
,
2105 bool verify_user_permission(const DoutPrefixProvider
* dpp
,
2106 struct req_state
* const s
,
2107 const rgw::ARN
& res
,
2109 bool verify_user_permission_no_policy(const DoutPrefixProvider
* dpp
,
2110 struct req_state
* const s
,
2112 bool verify_bucket_permission(
2113 const DoutPrefixProvider
* dpp
,
2114 struct req_state
* const s
,
2115 const rgw_bucket
& bucket
,
2116 RGWAccessControlPolicy
* const user_acl
,
2117 RGWAccessControlPolicy
* const bucket_acl
,
2118 const boost::optional
<rgw::IAM::Policy
>& bucket_policy
,
2119 const vector
<rgw::IAM::Policy
>& identity_policies
,
2120 const vector
<rgw::IAM::Policy
>& session_policies
,
2122 bool verify_bucket_permission(const DoutPrefixProvider
* dpp
, struct req_state
* const s
, const uint64_t op
);
2123 bool verify_bucket_permission_no_policy(
2124 const DoutPrefixProvider
* dpp
,
2125 struct req_state
* const s
,
2126 RGWAccessControlPolicy
* const user_acl
,
2127 RGWAccessControlPolicy
* const bucket_acl
,
2129 bool verify_bucket_permission_no_policy(const DoutPrefixProvider
* dpp
,
2130 struct req_state
* const s
,
2132 int verify_bucket_owner_or_policy(struct req_state
* const s
,
2134 extern bool verify_object_permission(
2135 const DoutPrefixProvider
* dpp
,
2136 struct req_state
* const s
,
2138 RGWAccessControlPolicy
* const user_acl
,
2139 RGWAccessControlPolicy
* const bucket_acl
,
2140 RGWAccessControlPolicy
* const object_acl
,
2141 const boost::optional
<rgw::IAM::Policy
>& bucket_policy
,
2142 const vector
<rgw::IAM::Policy
>& identity_policies
,
2143 const vector
<rgw::IAM::Policy
>& session_policies
,
2145 extern bool verify_object_permission(const DoutPrefixProvider
* dpp
, struct req_state
*s
, uint64_t op
);
2146 extern bool verify_object_permission_no_policy(
2147 const DoutPrefixProvider
* dpp
,
2148 struct req_state
* const s
,
2149 RGWAccessControlPolicy
* const user_acl
,
2150 RGWAccessControlPolicy
* const bucket_acl
,
2151 RGWAccessControlPolicy
* const object_acl
,
2153 extern bool verify_object_permission_no_policy(const DoutPrefixProvider
* dpp
, struct req_state
*s
,
2155 extern int verify_object_lock(
2156 const DoutPrefixProvider
* dpp
,
2157 const rgw::sal::RGWAttrs
& attrs
,
2158 const bool bypass_perm
,
2159 const bool bypass_governance_mode
);
2161 /** Convert an input URL into a sane object name
2162 * by converting %-escaped strings into characters, etc*/
2163 extern void rgw_uri_escape_char(char c
, string
& dst
);
2164 extern std::string
url_decode(const std::string_view
& src_str
,
2165 bool in_query
= false);
2166 extern void url_encode(const std::string
& src
, string
& dst
,
2167 bool encode_slash
= true);
2168 extern std::string
url_encode(const std::string
& src
, bool encode_slash
= true);
2169 extern std::string
url_remove_prefix(const std::string
& url
); // Removes hhtp, https and www from url
2170 /* destination should be CEPH_CRYPTO_HMACSHA1_DIGESTSIZE bytes long */
2171 extern void calc_hmac_sha1(const char *key
, int key_len
,
2172 const char *msg
, int msg_len
, char *dest
);
2174 static inline sha1_digest_t
2175 calc_hmac_sha1(const std::string_view
& key
, const std::string_view
& msg
) {
2177 calc_hmac_sha1(key
.data(), key
.size(), msg
.data(), msg
.size(),
2178 reinterpret_cast<char*>(dest
.v
));
2182 /* destination should be CEPH_CRYPTO_HMACSHA256_DIGESTSIZE bytes long */
2183 extern void calc_hmac_sha256(const char *key
, int key_len
,
2184 const char *msg
, int msg_len
,
2187 static inline sha256_digest_t
2188 calc_hmac_sha256(const char *key
, const int key_len
,
2189 const char *msg
, const int msg_len
) {
2190 sha256_digest_t dest
;
2191 calc_hmac_sha256(key
, key_len
, msg
, msg_len
,
2192 reinterpret_cast<char*>(dest
.v
));
2196 static inline sha256_digest_t
2197 calc_hmac_sha256(const std::string_view
& key
, const std::string_view
& msg
) {
2198 sha256_digest_t dest
;
2199 calc_hmac_sha256(key
.data(), key
.size(),
2200 msg
.data(), msg
.size(),
2201 reinterpret_cast<char*>(dest
.v
));
2205 static inline sha256_digest_t
2206 calc_hmac_sha256(const sha256_digest_t
&key
,
2207 const std::string_view
& msg
) {
2208 sha256_digest_t dest
;
2209 calc_hmac_sha256(reinterpret_cast<const char*>(key
.v
), sha256_digest_t::SIZE
,
2210 msg
.data(), msg
.size(),
2211 reinterpret_cast<char*>(dest
.v
));
2215 static inline sha256_digest_t
2216 calc_hmac_sha256(const std::vector
<unsigned char>& key
,
2217 const std::string_view
& msg
) {
2218 sha256_digest_t dest
;
2219 calc_hmac_sha256(reinterpret_cast<const char*>(key
.data()), key
.size(),
2220 msg
.data(), msg
.size(),
2221 reinterpret_cast<char*>(dest
.v
));
2225 template<size_t KeyLenN
>
2226 static inline sha256_digest_t
2227 calc_hmac_sha256(const std::array
<unsigned char, KeyLenN
>& key
,
2228 const std::string_view
& msg
) {
2229 sha256_digest_t dest
;
2230 calc_hmac_sha256(reinterpret_cast<const char*>(key
.data()), key
.size(),
2231 msg
.data(), msg
.size(),
2232 reinterpret_cast<char*>(dest
.v
));
2236 extern sha256_digest_t
calc_hash_sha256(const std::string_view
& msg
);
2238 extern ceph::crypto::SHA256
* calc_hash_sha256_open_stream();
2239 extern void calc_hash_sha256_update_stream(ceph::crypto::SHA256
* hash
,
2242 extern std::string
calc_hash_sha256_close_stream(ceph::crypto::SHA256
** phash
);
2243 extern std::string
calc_hash_sha256_restart_stream(ceph::crypto::SHA256
** phash
);
2245 extern int rgw_parse_op_type_list(const string
& str
, uint32_t *perm
);
2247 static constexpr uint32_t MATCH_POLICY_ACTION
= 0x01;
2248 static constexpr uint32_t MATCH_POLICY_RESOURCE
= 0x02;
2249 static constexpr uint32_t MATCH_POLICY_ARN
= 0x04;
2250 static constexpr uint32_t MATCH_POLICY_STRING
= 0x08;
2252 extern bool match_policy(std::string_view pattern
, std::string_view input
,
2255 extern string
camelcase_dash_http_attr(const string
& orig
);
2256 extern string
lowercase_dash_http_attr(const string
& orig
);
2258 void rgw_setup_saved_curl_handles();
2259 void rgw_release_all_curl_handles();
2261 static inline void rgw_escape_str(const string
& s
, char esc_char
,
2262 char special_char
, string
*dest
)
2264 const char *src
= s
.c_str();
2265 char dest_buf
[s
.size() * 2 + 1];
2266 char *destp
= dest_buf
;
2268 for (size_t i
= 0; i
< s
.size(); i
++) {
2270 if (c
== esc_char
|| c
== special_char
) {
2271 *destp
++ = esc_char
;
2279 static inline ssize_t
rgw_unescape_str(const string
& s
, ssize_t ofs
,
2280 char esc_char
, char special_char
,
2283 const char *src
= s
.c_str();
2284 char dest_buf
[s
.size() + 1];
2285 char *destp
= dest_buf
;
2290 for (size_t i
= ofs
; i
< s
.size(); i
++) {
2292 if (!esc
&& c
== esc_char
) {
2296 if (!esc
&& c
== special_char
) {
2299 return (ssize_t
)i
+ 1;
2306 return string::npos
;
2309 static inline string
rgw_bl_str(ceph::buffer::list
& raw
)
2311 size_t len
= raw
.length();
2312 string
s(raw
.c_str(), len
);
2313 while (len
&& !s
[len
- 1]) {
2320 template <typename T
>
2321 int decode_bl(bufferlist
& bl
, T
& t
)
2323 auto iter
= bl
.cbegin();
2326 } catch (buffer::error
& err
) {