ceph/src/rgw/rgw_crypt_sanitize.cc

   1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
   2 // vim: ts=8 sw=2 smarttab
   3
   4 /*
   5  * rgw_crypt_sanitize.cc
   6  *
   7  *  Created on: Mar 3, 2017
   8  *      Author: adam
   9  */
  10
  11 #include "rgw_common.h"
  12 #include "rgw_crypt_sanitize.h"
  13 #include "boost/algorithm/string/predicate.hpp"
  14
  15 namespace rgw {
  16 namespace crypt_sanitize {
  17 const char* HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY = "HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY";
  18 const char* x_amz_server_side_encryption_customer_key = "x-amz-server-side-encryption-customer-key";
  19 const char* dollar_x_amz_server_side_encryption_customer_key = "$x-amz-server-side-encryption-customer-key";
  20 const char* suppression_message = "=suppressed due to key presence=";
  21
  22 std::ostream& operator<<(std::ostream& out, const env& e) {
  23   if (g_ceph_context->_conf->rgw_crypt_suppress_logs) {
  24     if (boost::algorithm::iequals(
  25         e.name,
  26         HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY))
  27     {
  28       out << suppression_message;
  29       return out;
  30     }
  31     if (boost::algorithm::iequals(e.name, "QUERY_STRING") &&
  32         boost::algorithm::ifind_first(
  33             e.value,
  34             x_amz_server_side_encryption_customer_key))
  35     {
  36       out << suppression_message;
  37       return out;
  38     }
  39   }
  40   out << e.value;
  41   return out;
  42 }
  43
  44 std::ostream& operator<<(std::ostream& out, const x_meta_map& x) {
  45   if (g_ceph_context->_conf->rgw_crypt_suppress_logs &&
  46       boost::algorithm::iequals(x.name, x_amz_server_side_encryption_customer_key))
  47   {
  48     out << suppression_message;
  49     return out;
  50   }
  51   out << x.value;
  52   return out;
  53 }
  54
  55 std::ostream& operator<<(std::ostream& out, const s3_policy& x) {
  56   if (g_ceph_context->_conf->rgw_crypt_suppress_logs &&
  57       boost::algorithm::iequals(x.name, dollar_x_amz_server_side_encryption_customer_key))
  58   {
  59     out << suppression_message;
  60     return out;
  61   }
  62   out << x.value;
  63   return out;
  64 }
  65
  66 std::ostream& operator<<(std::ostream& out, const auth& x) {
  67   if (g_ceph_context->_conf->rgw_crypt_suppress_logs &&
  68       x.s->info.env->get(HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_KEY, nullptr) != nullptr)
  69   {
  70     out << suppression_message;
  71     return out;
  72   }
  73   out << x.value;
  74   return out;
  75 }
  76
  77 std::ostream& operator<<(std::ostream& out, const log_content& x) {
  78   if (g_ceph_context->_conf->rgw_crypt_suppress_logs &&
  79       boost::algorithm::ifind_first(x.buf, x_amz_server_side_encryption_customer_key)) {
  80     out << suppression_message;
  81     return out;
  82   }
  83   out << x.buf;
  84   return out;
  85 }
  86
  87 }
  88 }