]> git.proxmox.com Git - ceph.git/blob - ceph/src/rgw/rgw_op.cc
projects / ceph.git / blob
? search:


71fb198f3622bee3ac05c0cf8adefd37bd3fc52e
[ceph.git] / ceph / src / rgw / rgw_op.cc
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
3
4 #include <errno.h>
5 #include <stdlib.h>
6 #include <system_error>
7 #include <unistd.h>
8
9 #include <sstream>
10 #include <string_view>
11
12 #include <boost/algorithm/string/predicate.hpp>
13 #include <boost/optional.hpp>
14 #include <boost/utility/in_place_factory.hpp>
15
16 #include "include/scope_guard.h"
17 #include "common/Clock.h"
18 #include "common/armor.h"
19 #include "common/errno.h"
20 #include "common/mime.h"
21 #include "common/utf8.h"
22 #include "common/ceph_json.h"
23 #include "common/static_ptr.h"
24 #include "rgw_tracer.h"
25
26 #include "rgw_rados.h"
27 #include "rgw_zone.h"
28 #include "rgw_op.h"
29 #include "rgw_rest.h"
30 #include "rgw_acl.h"
31 #include "rgw_acl_s3.h"
32 #include "rgw_acl_swift.h"
33 #include "rgw_user.h"
34 #include "rgw_bucket.h"
35 #include "rgw_log.h"
36 #include "rgw_multi.h"
37 #include "rgw_multi_del.h"
38 #include "rgw_cors.h"
39 #include "rgw_cors_s3.h"
40 #include "rgw_rest_conn.h"
41 #include "rgw_rest_s3.h"
42 #include "rgw_tar.h"
43 #include "rgw_client_io.h"
44 #include "rgw_compression.h"
45 #include "rgw_role.h"
46 #include "rgw_tag_s3.h"
47 #include "rgw_putobj_processor.h"
48 #include "rgw_crypt.h"
49 #include "rgw_perf_counters.h"
50 #include "rgw_process_env.h"
51 #include "rgw_notify.h"
52 #include "rgw_notify_event_type.h"
53 #include "rgw_sal.h"
54 #include "rgw_sal_rados.h"
55 #include "rgw_lua_data_filter.h"
56 #include "rgw_lua.h"
57
58 #include "services/svc_zone.h"
59 #include "services/svc_quota.h"
60 #include "services/svc_sys_obj.h"
61
62 #include "cls/lock/cls_lock_client.h"
63 #include "cls/rgw/cls_rgw_client.h"
64
65
66 #include "include/ceph_assert.h"
67
68 #include "compressor/Compressor.h"
69
70 #ifdef WITH_ARROW_FLIGHT
71 #include "rgw_flight.h"
72 #include "rgw_flight_frontend.h"
73 #endif
74
75 #ifdef WITH_LTTNG
76 #define TRACEPOINT_DEFINE
77 #define TRACEPOINT_PROBE_DYNAMIC_LINKAGE
78 #include "tracing/rgw_op.h"
79 #undef TRACEPOINT_PROBE_DYNAMIC_LINKAGE
80 #undef TRACEPOINT_DEFINE
81 #else
82 #define tracepoint(...)
83 #endif
84
85 #define dout_context g_ceph_context
86 #define dout_subsys ceph_subsys_rgw
87
88 using namespace std;
89 using namespace librados;
90 using ceph::crypto::MD5;
91 using boost::optional;
92 using boost::none;
93
94 using rgw::ARN;
95 using rgw::IAM::Effect;
96 using rgw::IAM::Policy;
97
98 static string mp_ns = RGW_OBJ_NS_MULTIPART;
99 static string shadow_ns = RGW_OBJ_NS_SHADOW;
100
101 static void forward_req_info(const DoutPrefixProvider *dpp, CephContext *cct, req_info& info, const std::string& bucket_name);
102
103 static MultipartMetaFilter mp_filter;
104
105 // this probably should belong in the rgw_iam_policy_keywords, I'll get it to it
106 // at some point
107 static constexpr auto S3_EXISTING_OBJTAG = "s3:ExistingObjectTag";
108 static constexpr auto S3_RESOURCE_TAG = "s3:ResourceTag";
109 static constexpr auto S3_RUNTIME_RESOURCE_VAL = "${s3:ResourceTag";
110
111 int RGWGetObj::parse_range(void)
112 {
113 int r = -ERANGE;
114 string rs(range_str);
115 string ofs_str;
116 string end_str;
117
118 ignore_invalid_range = s->cct->_conf->rgw_ignore_get_invalid_range;
119 partial_content = false;
120
121 size_t pos = rs.find("bytes=");
122 if (pos == string::npos) {
123 pos = 0;
124 while (isspace(rs[pos]))
125 pos++;
126 int end = pos;
127 while (isalpha(rs[end]))
128 end++;
129 if (strncasecmp(rs.c_str(), "bytes", end - pos) != 0)
130 return 0;
131 while (isspace(rs[end]))
132 end++;
133 if (rs[end] != '=')
134 return 0;
135 rs = rs.substr(end + 1);
136 } else {
137 rs = rs.substr(pos + 6); /* size of("bytes=") */
138 }
139 pos = rs.find('-');
140 if (pos == string::npos)
141 goto done;
142
143 partial_content = true;
144
145 ofs_str = rs.substr(0, pos);
146 end_str = rs.substr(pos + 1);
147 if (end_str.length()) {
148 end = atoll(end_str.c_str());
149 if (end < 0)
150 goto done;
151 }
152
153 if (ofs_str.length()) {
154 ofs = atoll(ofs_str.c_str());
155 } else { // RFC2616 suffix-byte-range-spec
156 ofs = -end;
157 end = -1;
158 }
159
160 if (end >= 0 && end < ofs)
161 goto done;
162
163 range_parsed = true;
164 return 0;
165
166 done:
167 if (ignore_invalid_range) {
168 partial_content = false;
169 ofs = 0;
170 end = -1;
171 range_parsed = false; // allow retry
172 r = 0;
173 }
174
175 return r;
176 }
177
178 static int decode_policy(const DoutPrefixProvider *dpp,
179 CephContext *cct,
180 bufferlist& bl,
181 RGWAccessControlPolicy *policy)
182 {
183 auto iter = bl.cbegin();
184 try {
185 policy->decode(iter);
186 } catch (buffer::error& err) {
187 ldpp_dout(dpp, 0) << "ERROR: could not decode policy, caught buffer::error" << dendl;
188 return -EIO;
189 }
190 if (cct->_conf->subsys.should_gather<ceph_subsys_rgw, 15>()) {
191 ldpp_dout(dpp, 15) << __func__ << " Read AccessControlPolicy";
192 RGWAccessControlPolicy_S3 *s3policy = static_cast<RGWAccessControlPolicy_S3 *>(policy);
193 s3policy->to_xml(*_dout);
194 *_dout << dendl;
195 }
196 return 0;
197 }
198
199
200 static int get_user_policy_from_attr(const DoutPrefixProvider *dpp,
201 CephContext * const cct,
202 map<string, bufferlist>& attrs,
203 RGWAccessControlPolicy& policy /* out */)
204 {
205 auto aiter = attrs.find(RGW_ATTR_ACL);
206 if (aiter != attrs.end()) {
207 int ret = decode_policy(dpp, cct, aiter->second, &policy);
208 if (ret < 0) {
209 return ret;
210 }
211 } else {
212 return -ENOENT;
213 }
214
215 return 0;
216 }
217
218 /**
219 * Get the AccessControlPolicy for an object off of disk.
220 * policy: must point to a valid RGWACL, and will be filled upon return.
221 * bucket: name of the bucket containing the object.
222 * object: name of the object to get the ACL for.
223 * Returns: 0 on success, -ERR# otherwise.
224 */
225 int rgw_op_get_bucket_policy_from_attr(const DoutPrefixProvider *dpp,
226 CephContext *cct,
227 rgw::sal::Driver* driver,
228 RGWBucketInfo& bucket_info,
229 map<string, bufferlist>& bucket_attrs,
230 RGWAccessControlPolicy *policy,
231 optional_yield y)
232 {
233 map<string, bufferlist>::iterator aiter = bucket_attrs.find(RGW_ATTR_ACL);
234
235 if (aiter != bucket_attrs.end()) {
236 int ret = decode_policy(dpp, cct, aiter->second, policy);
237 if (ret < 0)
238 return ret;
239 } else {
240 ldpp_dout(dpp, 0) << "WARNING: couldn't find acl header for bucket, generating default" << dendl;
241 std::unique_ptr<rgw::sal::User> user = driver->get_user(bucket_info.owner);
242 /* object exists, but policy is broken */
243 int r = user->load_user(dpp, y);
244 if (r < 0)
245 return r;
246
247 policy->create_default(bucket_info.owner, user->get_display_name());
248 }
249 return 0;
250 }
251
252 static int get_obj_policy_from_attr(const DoutPrefixProvider *dpp,
253 CephContext *cct,
254 rgw::sal::Driver* driver,
255 RGWBucketInfo& bucket_info,
256 map<string, bufferlist>& bucket_attrs,
257 RGWAccessControlPolicy *policy,
258 string *storage_class,
259 rgw::sal::Object* obj,
260 optional_yield y)
261 {
262 bufferlist bl;
263 int ret = 0;
264
265 std::unique_ptr<rgw::sal::Object::ReadOp> rop = obj->get_read_op();
266
267 ret = rop->get_attr(dpp, RGW_ATTR_ACL, bl, y);
268 if (ret >= 0) {
269 ret = decode_policy(dpp, cct, bl, policy);
270 if (ret < 0)
271 return ret;
272 } else if (ret == -ENODATA) {
273 /* object exists, but policy is broken */
274 ldpp_dout(dpp, 0) << "WARNING: couldn't find acl header for object, generating default" << dendl;
275 std::unique_ptr<rgw::sal::User> user = driver->get_user(bucket_info.owner);
276 ret = user->load_user(dpp, y);
277 if (ret < 0)
278 return ret;
279
280 policy->create_default(bucket_info.owner, user->get_display_name());
281 }
282
283 if (storage_class) {
284 bufferlist scbl;
285 int r = rop->get_attr(dpp, RGW_ATTR_STORAGE_CLASS, scbl, y);
286 if (r >= 0) {
287 *storage_class = scbl.to_str();
288 } else {
289 storage_class->clear();
290 }
291 }
292
293 return ret;
294 }
295
296
297 static boost::optional<Policy> get_iam_policy_from_attr(CephContext* cct,
298 map<string, bufferlist>& attrs,
299 const string& tenant) {
300 auto i = attrs.find(RGW_ATTR_IAM_POLICY);
301 if (i != attrs.end()) {
302 return Policy(cct, tenant, i->second, false);
303 } else {
304 return none;
305 }
306 }
307
308 static boost::optional<PublicAccessBlockConfiguration>
309 get_public_access_conf_from_attr(const map<string, bufferlist>& attrs)
310 {
311 if (auto aiter = attrs.find(RGW_ATTR_PUBLIC_ACCESS);
312 aiter != attrs.end()) {
313 bufferlist::const_iterator iter{&aiter->second};
314 PublicAccessBlockConfiguration access_conf;
315 try {
316 access_conf.decode(iter);
317 } catch (const buffer::error& e) {
318 return boost::none;
319 }
320 return access_conf;
321 }
322 return boost::none;
323 }
324
325 vector<Policy> get_iam_user_policy_from_attr(CephContext* cct,
326 map<string, bufferlist>& attrs,
327 const string& tenant) {
328 vector<Policy> policies;
329 if (auto it = attrs.find(RGW_ATTR_USER_POLICY); it != attrs.end()) {
330 bufferlist out_bl = attrs[RGW_ATTR_USER_POLICY];
331 map<string, string> policy_map;
332 decode(policy_map, out_bl);
333 for (auto& it : policy_map) {
334 bufferlist bl = bufferlist::static_from_string(it.second);
335 Policy p(cct, tenant, bl, false);
336 policies.push_back(std::move(p));
337 }
338 }
339 return policies;
340 }
341
342 static int read_bucket_policy(const DoutPrefixProvider *dpp,
343 rgw::sal::Driver* driver,
344 req_state *s,
345 RGWBucketInfo& bucket_info,
346 map<string, bufferlist>& bucket_attrs,
347 RGWAccessControlPolicy *policy,
348 rgw_bucket& bucket,
349 optional_yield y)
350 {
351 if (!s->system_request && bucket_info.flags & BUCKET_SUSPENDED) {
352 ldpp_dout(dpp, 0) << "NOTICE: bucket " << bucket_info.bucket.name
353 << " is suspended" << dendl;
354 return -ERR_USER_SUSPENDED;
355 }
356
357 if (bucket.name.empty()) {
358 return 0;
359 }
360
361 int ret = rgw_op_get_bucket_policy_from_attr(dpp, s->cct, driver, bucket_info, bucket_attrs, policy, y);
362 if (ret == -ENOENT) {
363 ret = -ERR_NO_SUCH_BUCKET;
364 }
365
366 return ret;
367 }
368
369 static int read_obj_policy(const DoutPrefixProvider *dpp,
370 rgw::sal::Driver* driver,
371 req_state *s,
372 RGWBucketInfo& bucket_info,
373 map<string, bufferlist>& bucket_attrs,
374 RGWAccessControlPolicy* acl,
375 string *storage_class,
376 boost::optional<Policy>& policy,
377 rgw::sal::Bucket* bucket,
378 rgw::sal::Object* object,
379 optional_yield y,
380 bool copy_src=false)
381 {
382 string upload_id;
383 upload_id = s->info.args.get("uploadId");
384 std::unique_ptr<rgw::sal::Object> mpobj;
385 rgw_obj obj;
386
387 if (!s->system_request && bucket_info.flags & BUCKET_SUSPENDED) {
388 ldpp_dout(dpp, 0) << "NOTICE: bucket " << bucket_info.bucket.name
389 << " is suspended" << dendl;
390 return -ERR_USER_SUSPENDED;
391 }
392
393 // when getting policy info for copy-source obj, upload_id makes no sense.
394 // 'copy_src' is used to make this function backward compatible.
395 if (!upload_id.empty() && !copy_src) {
396 /* multipart upload */
397 std::unique_ptr<rgw::sal::MultipartUpload> upload;
398 upload = bucket->get_multipart_upload(object->get_name(), upload_id);
399 mpobj = upload->get_meta_obj();
400 mpobj->set_in_extra_data(true);
401 object = mpobj.get();
402 }
403 policy = get_iam_policy_from_attr(s->cct, bucket_attrs, bucket->get_tenant());
404
405 int ret = get_obj_policy_from_attr(dpp, s->cct, driver, bucket_info,
406 bucket_attrs, acl, storage_class, object,
407 s->yield);
408 if (ret == -ENOENT) {
409 /* object does not exist checking the bucket's ACL to make sure
410 that we send a proper error code */
411 RGWAccessControlPolicy bucket_policy(s->cct);
412 ret = rgw_op_get_bucket_policy_from_attr(dpp, s->cct, driver, bucket_info, bucket_attrs, &bucket_policy, y);
413 if (ret < 0) {
414 return ret;
415 }
416 const rgw_user& bucket_owner = bucket_policy.get_owner().get_id();
417 if (bucket_owner.compare(s->user->get_id()) != 0 &&
418 ! s->auth.identity->is_admin_of(bucket_owner)) {
419 auto r = eval_identity_or_session_policies(dpp, s->iam_user_policies, s->env,
420 rgw::IAM::s3ListBucket, ARN(bucket->get_key()));
421 if (r == Effect::Allow)
422 return -ENOENT;
423 if (r == Effect::Deny)
424 return -EACCES;
425 if (policy) {
426 ARN b_arn(bucket->get_key());
427 r = policy->eval(s->env, *s->auth.identity, rgw::IAM::s3ListBucket, b_arn);
428 if (r == Effect::Allow)
429 return -ENOENT;
430 if (r == Effect::Deny)
431 return -EACCES;
432 }
433 if (! s->session_policies.empty()) {
434 r = eval_identity_or_session_policies(dpp, s->session_policies, s->env,
435 rgw::IAM::s3ListBucket, ARN(bucket->get_key()));
436 if (r == Effect::Allow)
437 return -ENOENT;
438 if (r == Effect::Deny)
439 return -EACCES;
440 }
441 if (! bucket_policy.verify_permission(s, *s->auth.identity, s->perm_mask, RGW_PERM_READ))
442 ret = -EACCES;
443 else
444 ret = -ENOENT;
445 } else {
446 ret = -ENOENT;
447 }
448 }
449
450 return ret;
451 }
452
453 /**
454 * Get the AccessControlPolicy for an user, bucket or object off of disk.
455 * s: The req_state to draw information from.
456 * only_bucket: If true, reads the user and bucket ACLs rather than the object ACL.
457 * Returns: 0 on success, -ERR# otherwise.
458 */
459 int rgw_build_bucket_policies(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver, req_state* s, optional_yield y)
460 {
461 int ret = 0;
462
463 string bi = s->info.args.get(RGW_SYS_PARAM_PREFIX "bucket-instance");
464 if (!bi.empty()) {
465 // note: overwrites s->bucket_name, may include a tenant/
466 ret = rgw_bucket_parse_bucket_instance(bi, &s->bucket_name, &s->bucket_instance_id, &s->bucket_instance_shard_id);
467 if (ret < 0) {
468 return ret;
469 }
470 }
471
472 if(s->dialect.compare("s3") == 0) {
473 s->bucket_acl = std::make_unique<RGWAccessControlPolicy_S3>(s->cct);
474 } else if(s->dialect.compare("swift") == 0) {
475 /* We aren't allocating the account policy for those operations using
476 * the Swift's infrastructure that don't really need req_state::user.
477 * Typical example here is the implementation of /info. */
478 if (!s->user->get_id().empty()) {
479 s->user_acl = std::make_unique<RGWAccessControlPolicy_SWIFTAcct>(s->cct);
480 }
481 s->bucket_acl = std::make_unique<RGWAccessControlPolicy_SWIFT>(s->cct);
482 } else {
483 s->bucket_acl = std::make_unique<RGWAccessControlPolicy>(s->cct);
484 }
485
486 /* check if copy source is within the current domain */
487 if (!s->src_bucket_name.empty()) {
488 std::unique_ptr<rgw::sal::Bucket> src_bucket;
489 ret = driver->get_bucket(dpp, nullptr,
490 rgw_bucket_key(s->src_tenant_name,
491 s->src_bucket_name),
492 &src_bucket, y);
493 if (ret == 0) {
494 string& zonegroup = src_bucket->get_info().zonegroup;
495 s->local_source = driver->get_zone()->get_zonegroup().equals(zonegroup);
496 }
497 }
498
499 struct {
500 rgw_user uid;
501 std::string display_name;
502 } acct_acl_user = {
503 s->user->get_id(),
504 s->user->get_display_name(),
505 };
506
507 if (!s->bucket_name.empty()) {
508 s->bucket_exists = true;
509
510 /* This is the only place that s->bucket is created. It should never be
511 * overwritten. */
512 ret = driver->get_bucket(dpp, s->user.get(), rgw_bucket(s->bucket_tenant, s->bucket_name, s->bucket_instance_id), &s->bucket, y);
513 if (ret < 0) {
514 if (ret != -ENOENT) {
515 string bucket_log;
516 bucket_log = rgw_make_bucket_entry_name(s->bucket_tenant, s->bucket_name);
517 ldpp_dout(dpp, 0) << "NOTICE: couldn't get bucket from bucket_name (name="
518 << bucket_log << ")" << dendl;
519 return ret;
520 }
521 s->bucket_exists = false;
522 return -ERR_NO_SUCH_BUCKET;
523 }
524 if (!rgw::sal::Object::empty(s->object.get())) {
525 s->object->set_bucket(s->bucket.get());
526 }
527
528 s->bucket_mtime = s->bucket->get_modification_time();
529 s->bucket_attrs = s->bucket->get_attrs();
530 ret = read_bucket_policy(dpp, driver, s, s->bucket->get_info(),
531 s->bucket->get_attrs(),
532 s->bucket_acl.get(), s->bucket->get_key(), y);
533 acct_acl_user = {
534 s->bucket->get_info().owner,
535 s->bucket_acl->get_owner().get_display_name(),
536 };
537
538 s->bucket_owner = s->bucket_acl->get_owner();
539
540 std::unique_ptr<rgw::sal::ZoneGroup> zonegroup;
541 int r = driver->get_zonegroup(s->bucket->get_info().zonegroup, &zonegroup);
542 if (!r) {
543 s->zonegroup_endpoint = zonegroup->get_endpoint();
544 s->zonegroup_name = zonegroup->get_name();
545 }
546 if (r < 0 && ret == 0) {
547 ret = r;
548 }
549
550 if (!driver->get_zone()->get_zonegroup().equals(s->bucket->get_info().zonegroup)) {
551 ldpp_dout(dpp, 0) << "NOTICE: request for data in a different zonegroup ("
552 << s->bucket->get_info().zonegroup << " != "
553 << driver->get_zone()->get_zonegroup().get_id() << ")" << dendl;
554 /* we now need to make sure that the operation actually requires copy source, that is
555 * it's a copy operation
556 */
557 if (driver->get_zone()->get_zonegroup().is_master_zonegroup() && s->system_request) {
558 /*If this is the master, don't redirect*/
559 } else if (s->op_type == RGW_OP_GET_BUCKET_LOCATION ) {
560 /* If op is get bucket location, don't redirect */
561 } else if (!s->local_source ||
562 (s->op != OP_PUT && s->op != OP_COPY) ||
563 rgw::sal::Object::empty(s->object.get())) {
564 return -ERR_PERMANENT_REDIRECT;
565 }
566 }
567
568 /* init dest placement */
569 s->dest_placement.storage_class = s->info.storage_class;
570 s->dest_placement.inherit_from(s->bucket->get_placement_rule());
571
572 if (!driver->valid_placement(s->dest_placement)) {
573 ldpp_dout(dpp, 0) << "NOTICE: invalid dest placement: " << s->dest_placement.to_str() << dendl;
574 return -EINVAL;
575 }
576
577 s->bucket_access_conf = get_public_access_conf_from_attr(s->bucket->get_attrs());
578 }
579
580 /* handle user ACL only for those APIs which support it */
581 if (s->user_acl) {
582 std::unique_ptr<rgw::sal::User> acl_user = driver->get_user(acct_acl_user.uid);
583
584 ret = acl_user->read_attrs(dpp, y);
585 if (!ret) {
586 ret = get_user_policy_from_attr(dpp, s->cct, acl_user->get_attrs(), *s->user_acl);
587 }
588 if (-ENOENT == ret) {
589 /* In already existing clusters users won't have ACL. In such case
590 * assuming that only account owner has the rights seems to be
591 * reasonable. That allows to have only one verification logic.
592 * NOTE: there is small compatibility kludge for global, empty tenant:
593 * 1. if we try to reach an existing bucket, its owner is considered
594 * as account owner.
595 * 2. otherwise account owner is identity stored in s->user->user_id. */
596 s->user_acl->create_default(acct_acl_user.uid,
597 acct_acl_user.display_name);
598 ret = 0;
599 } else if (ret < 0) {
600 ldpp_dout(dpp, 0) << "NOTICE: couldn't get user attrs for handling ACL "
601 "(user_id=" << s->user->get_id() << ", ret=" << ret << ")" << dendl;
602 return ret;
603 }
604 }
605 // We don't need user policies in case of STS token returned by AssumeRole,
606 // hence the check for user type
607 if (! s->user->get_id().empty() && s->auth.identity->get_identity_type() != TYPE_ROLE) {
608 try {
609 ret = s->user->read_attrs(dpp, y);
610 if (ret == 0) {
611 auto user_policies = get_iam_user_policy_from_attr(s->cct,
612 s->user->get_attrs(),
613 s->user->get_tenant());
614 s->iam_user_policies.insert(s->iam_user_policies.end(),
615 std::make_move_iterator(user_policies.begin()),
616 std::make_move_iterator(user_policies.end()));
617 } else {
618 if (ret == -ENOENT)
619 ret = 0;
620 else ret = -EACCES;
621 }
622 } catch (const std::exception& e) {
623 ldpp_dout(dpp, -1) << "Error reading IAM User Policy: " << e.what() << dendl;
624 ret = -EACCES;
625 }
626 }
627
628 try {
629 s->iam_policy = get_iam_policy_from_attr(s->cct, s->bucket_attrs, s->bucket_tenant);
630 } catch (const std::exception& e) {
631 // Really this is a can't happen condition. We parse the policy
632 // when it's given to us, so perhaps we should abort or otherwise
633 // raise bloody murder.
634 ldpp_dout(dpp, 0) << "Error reading IAM Policy: " << e.what() << dendl;
635 ret = -EACCES;
636 }
637
638 bool success = driver->get_zone()->get_redirect_endpoint(&s->redirect_zone_endpoint);
639 if (success) {
640 ldpp_dout(dpp, 20) << "redirect_zone_endpoint=" << s->redirect_zone_endpoint << dendl;
641 }
642
643 return ret;
644 }
645
646 /**
647 * Get the AccessControlPolicy for a bucket or object off of disk.
648 * s: The req_state to draw information from.
649 * only_bucket: If true, reads the bucket ACL rather than the object ACL.
650 * Returns: 0 on success, -ERR# otherwise.
651 */
652 int rgw_build_object_policies(const DoutPrefixProvider *dpp, rgw::sal::Driver* driver,
653 req_state *s, bool prefetch_data, optional_yield y)
654 {
655 int ret = 0;
656
657 if (!rgw::sal::Object::empty(s->object.get())) {
658 if (!s->bucket_exists) {
659 return -ERR_NO_SUCH_BUCKET;
660 }
661 s->object_acl = std::make_unique<RGWAccessControlPolicy>(s->cct);
662
663 s->object->set_atomic();
664 if (prefetch_data) {
665 s->object->set_prefetch_data();
666 }
667 ret = read_obj_policy(dpp, driver, s, s->bucket->get_info(), s->bucket_attrs,
668 s->object_acl.get(), nullptr, s->iam_policy, s->bucket.get(),
669 s->object.get(), y);
670 }
671
672 return ret;
673 }
674
675 static int rgw_iam_remove_objtags(const DoutPrefixProvider *dpp, req_state* s, rgw::sal::Object* object, bool has_existing_obj_tag, bool has_resource_tag) {
676 object->set_atomic();
677 int op_ret = object->get_obj_attrs(s->yield, dpp);
678 if (op_ret < 0)
679 return op_ret;
680 rgw::sal::Attrs attrs = object->get_attrs();
681 auto tags = attrs.find(RGW_ATTR_TAGS);
682 if (tags != attrs.end()) {
683 RGWObjTags tagset;
684 try {
685 auto bliter = tags->second.cbegin();
686 tagset.decode(bliter);
687 } catch (buffer::error& err) {
688 ldpp_dout(s, 0) << "ERROR: caught buffer::error, couldn't decode TagSet" << dendl;
689 return -EIO;
690 }
691 for (auto& tag: tagset.get_tags()) {
692 if (has_existing_obj_tag) {
693 vector<std::unordered_multimap<string, string>::iterator> iters;
694 string key = "s3:ExistingObjectTag/" + tag.first;
695 auto result = s->env.equal_range(key);
696 for (auto& it = result.first; it != result.second; ++it)
697 {
698 if (tag.second == it->second) {
699 iters.emplace_back(it);
700 }
701 }
702 for (auto& it : iters) {
703 s->env.erase(it);
704 }
705 }//end if has_existing_obj_tag
706 if (has_resource_tag) {
707 vector<std::unordered_multimap<string, string>::iterator> iters;
708 string key = "s3:ResourceTag/" + tag.first;
709 auto result = s->env.equal_range(key);
710 for (auto& it = result.first; it != result.second; ++it)
711 {
712 if (tag.second == it->second) {
713 iters.emplace_back(it);
714 }
715 }
716 for (auto& it : iters) {
717 s->env.erase(it);
718 }
719 }//end if has_resource_tag
720 }
721 }
722 return 0;
723 }
724
725 void rgw_add_to_iam_environment(rgw::IAM::Environment& e, std::string_view key, std::string_view val){
726 // This variant just adds non empty key pairs to IAM env., values can be empty
727 // in certain cases like tagging
728 if (!key.empty())
729 e.emplace(key,val);
730 }
731
732 static int rgw_iam_add_tags_from_bl(req_state* s, bufferlist& bl, bool has_existing_obj_tag=false, bool has_resource_tag=false){
733 RGWObjTags& tagset = s->tagset;
734 try {
735 auto bliter = bl.cbegin();
736 tagset.decode(bliter);
737 } catch (buffer::error& err) {
738 ldpp_dout(s, 0) << "ERROR: caught buffer::error, couldn't decode TagSet" << dendl;
739 return -EIO;
740 }
741
742 for (const auto& tag: tagset.get_tags()){
743 if (has_existing_obj_tag)
744 rgw_add_to_iam_environment(s->env, "s3:ExistingObjectTag/" + tag.first, tag.second);
745 if (has_resource_tag)
746 rgw_add_to_iam_environment(s->env, "s3:ResourceTag/" + tag.first, tag.second);
747 }
748 return 0;
749 }
750
751 static int rgw_iam_add_objtags(const DoutPrefixProvider *dpp, req_state* s, rgw::sal::Object* object, bool has_existing_obj_tag, bool has_resource_tag) {
752 object->set_atomic();
753 int op_ret = object->get_obj_attrs(s->yield, dpp);
754 if (op_ret < 0)
755 return op_ret;
756 rgw::sal::Attrs attrs = object->get_attrs();
757 auto tags = attrs.find(RGW_ATTR_TAGS);
758 if (tags != attrs.end()){
759 return rgw_iam_add_tags_from_bl(s, tags->second, has_existing_obj_tag, has_resource_tag);
760 }
761 return 0;
762 }
763
764 static int rgw_iam_add_objtags(const DoutPrefixProvider *dpp, req_state* s, bool has_existing_obj_tag, bool has_resource_tag) {
765 if (!rgw::sal::Object::empty(s->object.get())) {
766 return rgw_iam_add_objtags(dpp, s, s->object.get(), has_existing_obj_tag, has_resource_tag);
767 }
768 return 0;
769 }
770
771 static int rgw_iam_add_buckettags(const DoutPrefixProvider *dpp, req_state* s, rgw::sal::Bucket* bucket) {
772 rgw::sal::Attrs attrs = bucket->get_attrs();
773 auto tags = attrs.find(RGW_ATTR_TAGS);
774 if (tags != attrs.end()) {
775 return rgw_iam_add_tags_from_bl(s, tags->second, false, true);
776 }
777 return 0;
778 }
779
780 static int rgw_iam_add_buckettags(const DoutPrefixProvider *dpp, req_state* s) {
781 return rgw_iam_add_buckettags(dpp, s, s->bucket.get());
782 }
783
784 static void rgw_iam_add_crypt_attrs(rgw::IAM::Environment& e,
785 const meta_map_t& attrs)
786 {
787 constexpr auto encrypt_attr = "x-amz-server-side-encryption";
788 constexpr auto s3_encrypt_attr = "s3:x-amz-server-side-encryption";
789 if (auto h = attrs.find(encrypt_attr); h != attrs.end()) {
790 rgw_add_to_iam_environment(e, s3_encrypt_attr, h->second);
791 }
792
793 constexpr auto kms_attr = "x-amz-server-side-encryption-aws-kms-key-id";
794 constexpr auto s3_kms_attr = "s3:x-amz-server-side-encryption-aws-kms-key-id";
795 if (auto h = attrs.find(kms_attr); h != attrs.end()) {
796 rgw_add_to_iam_environment(e, s3_kms_attr, h->second);
797 }
798 }
799
800 static std::tuple<bool, bool> rgw_check_policy_condition(const DoutPrefixProvider *dpp,
801 boost::optional<rgw::IAM::Policy> iam_policy,
802 boost::optional<vector<rgw::IAM::Policy>> identity_policies,
803 boost::optional<vector<rgw::IAM::Policy>> session_policies,
804 bool check_obj_exist_tag=true) {
805 bool has_existing_obj_tag = false, has_resource_tag = false;
806 bool iam_policy_s3_exist_tag = false, iam_policy_s3_resource_tag = false;
807 if (iam_policy) {
808 if (check_obj_exist_tag) {
809 iam_policy_s3_exist_tag = iam_policy->has_partial_conditional(S3_EXISTING_OBJTAG);
810 }
811 iam_policy_s3_resource_tag = iam_policy->has_partial_conditional(S3_RESOURCE_TAG) || iam_policy->has_partial_conditional_value(S3_RUNTIME_RESOURCE_VAL);
812 }
813
814 bool identity_policy_s3_exist_tag = false, identity_policy_s3_resource_tag = false;
815 if (identity_policies) {
816 for (auto& identity_policy : identity_policies.get()) {
817 if (check_obj_exist_tag) {
818 if (identity_policy.has_partial_conditional(S3_EXISTING_OBJTAG))
819 identity_policy_s3_exist_tag = true;
820 }
821 if (identity_policy.has_partial_conditional(S3_RESOURCE_TAG) || identity_policy.has_partial_conditional_value(S3_RUNTIME_RESOURCE_VAL))
822 identity_policy_s3_resource_tag = true;
823 if (identity_policy_s3_exist_tag && identity_policy_s3_resource_tag) // check all policies till both are set to true
824 break;
825 }
826 }
827
828 bool session_policy_s3_exist_tag = false, session_policy_s3_resource_flag = false;
829 if (session_policies) {
830 for (auto& session_policy : session_policies.get()) {
831 if (check_obj_exist_tag) {
832 if (session_policy.has_partial_conditional(S3_EXISTING_OBJTAG))
833 session_policy_s3_exist_tag = true;
834 }
835 if (session_policy.has_partial_conditional(S3_RESOURCE_TAG) || session_policy.has_partial_conditional_value(S3_RUNTIME_RESOURCE_VAL))
836 session_policy_s3_resource_flag = true;
837 if (session_policy_s3_exist_tag && session_policy_s3_resource_flag)
838 break;
839 }
840 }
841
842 has_existing_obj_tag = iam_policy_s3_exist_tag || identity_policy_s3_exist_tag || session_policy_s3_exist_tag;
843 has_resource_tag = iam_policy_s3_resource_tag || identity_policy_s3_resource_tag || session_policy_s3_resource_flag;
844 return make_tuple(has_existing_obj_tag, has_resource_tag);
845 }
846
847 static std::tuple<bool, bool> rgw_check_policy_condition(const DoutPrefixProvider *dpp, req_state* s, bool check_obj_exist_tag=true) {
848 return rgw_check_policy_condition(dpp, s->iam_policy, s->iam_user_policies, s->session_policies, check_obj_exist_tag);
849 }
850
851 static void rgw_add_grant_to_iam_environment(rgw::IAM::Environment& e, req_state *s){
852
853 using header_pair_t = std::pair <const char*, const char*>;
854 static const std::initializer_list <header_pair_t> acl_header_conditionals {
855 {"HTTP_X_AMZ_GRANT_READ", "s3:x-amz-grant-read"},
856 {"HTTP_X_AMZ_GRANT_WRITE", "s3:x-amz-grant-write"},
857 {"HTTP_X_AMZ_GRANT_READ_ACP", "s3:x-amz-grant-read-acp"},
858 {"HTTP_X_AMZ_GRANT_WRITE_ACP", "s3:x-amz-grant-write-acp"},
859 {"HTTP_X_AMZ_GRANT_FULL_CONTROL", "s3:x-amz-grant-full-control"}
860 };
861
862 if (s->has_acl_header){
863 for (const auto& c: acl_header_conditionals){
864 auto hdr = s->info.env->get(c.first);
865 if(hdr) {
866 e.emplace(c.second, hdr);
867 }
868 }
869 }
870 }
871
872 void rgw_build_iam_environment(rgw::sal::Driver* driver,
873 req_state* s)
874 {
875 const auto& m = s->info.env->get_map();
876 auto t = ceph::real_clock::now();
877 s->env.emplace("aws:CurrentTime", std::to_string(ceph::real_clock::to_time_t(t)));
878 s->env.emplace("aws:EpochTime", ceph::to_iso_8601(t));
879 // TODO: This is fine for now, but once we have STS we'll need to
880 // look and see. Also this won't work with the IdentityApplier
881 // model, since we need to know the actual credential.
882 s->env.emplace("aws:PrincipalType", "User");
883
884 auto i = m.find("HTTP_REFERER");
885 if (i != m.end()) {
886 s->env.emplace("aws:Referer", i->second);
887 }
888
889 if (rgw_transport_is_secure(s->cct, *s->info.env)) {
890 s->env.emplace("aws:SecureTransport", "true");
891 }
892
893 const auto remote_addr_param = s->cct->_conf->rgw_remote_addr_param;
894 if (remote_addr_param.length()) {
895 i = m.find(remote_addr_param);
896 } else {
897 i = m.find("REMOTE_ADDR");
898 }
899 if (i != m.end()) {
900 const string* ip = &(i->second);
901 string temp;
902 if (remote_addr_param == "HTTP_X_FORWARDED_FOR") {
903 const auto comma = ip->find(',');
904 if (comma != string::npos) {
905 temp.assign(*ip, 0, comma);
906 ip = &temp;
907 }
908 }
909 s->env.emplace("aws:SourceIp", *ip);
910 }
911
912 i = m.find("HTTP_USER_AGENT"); {
913 if (i != m.end())
914 s->env.emplace("aws:UserAgent", i->second);
915 }
916
917 if (s->user) {
918 // What to do about aws::userid? One can have multiple access
919 // keys so that isn't really suitable. Do we have a durable
920 // identifier that can persist through name changes?
921 s->env.emplace("aws:username", s->user->get_id().id);
922 }
923
924 i = m.find("HTTP_X_AMZ_SECURITY_TOKEN");
925 if (i != m.end()) {
926 s->env.emplace("sts:authentication", "true");
927 } else {
928 s->env.emplace("sts:authentication", "false");
929 }
930 }
931
932 /*
933 * GET on CloudTiered objects is processed only when sent from the sync client.
934 * In all other cases, fail with `ERR_INVALID_OBJECT_STATE`.
935 */
936 int handle_cloudtier_obj(rgw::sal::Attrs& attrs, bool sync_cloudtiered) {
937 int op_ret = 0;
938 auto attr_iter = attrs.find(RGW_ATTR_MANIFEST);
939 if (attr_iter != attrs.end()) {
940 RGWObjManifest m;
941 try {
942 decode(m, attr_iter->second);
943 if (m.get_tier_type() == "cloud-s3") {
944 if (!sync_cloudtiered) {
945 /* XXX: Instead send presigned redirect or read-through */
946 op_ret = -ERR_INVALID_OBJECT_STATE;
947 } else { // fetch object for sync and set cloud_tier attrs
948 bufferlist t, t_tier;
949 RGWObjTier tier_config;
950 m.get_tier_config(&tier_config);
951
952 t.append("cloud-s3");
953 attrs[RGW_ATTR_CLOUD_TIER_TYPE] = t;
954 encode(tier_config, t_tier);
955 attrs[RGW_ATTR_CLOUD_TIER_CONFIG] = t_tier;
956 }
957 }
958 } catch (const buffer::end_of_buffer&) {
959 // ignore empty manifest; it's not cloud-tiered
960 } catch (const std::exception& e) {
961 }
962 }
963
964 return op_ret;
965 }
966
967 void rgw_bucket_object_pre_exec(req_state *s)
968 {
969 if (s->expect_cont)
970 dump_continue(s);
971
972 dump_bucket_from_state(s);
973 }
974
975 // So! Now and then when we try to update bucket information, the
976 // bucket has changed during the course of the operation. (Or we have
977 // a cache consistency problem that Watch/Notify isn't ruling out
978 // completely.)
979 //
980 // When this happens, we need to update the bucket info and try
981 // again. We have, however, to try the right *part* again. We can't
982 // simply re-send, since that will obliterate the previous update.
983 //
984 // Thus, callers of this function should include everything that
985 // merges information to be changed into the bucket information as
986 // well as the call to set it.
987 //
988 // The called function must return an integer, negative on error. In
989 // general, they should just return op_ret.
990 namespace {
991 template<typename F>
992 int retry_raced_bucket_write(const DoutPrefixProvider *dpp, rgw::sal::Bucket* b, const F& f) {
993 auto r = f();
994 for (auto i = 0u; i < 15u && r == -ECANCELED; ++i) {
995 r = b->try_refresh_info(dpp, nullptr);
996 if (r >= 0) {
997 r = f();
998 }
999 }
1000 return r;
1001 }
1002 }
1003
1004
1005 int RGWGetObj::verify_permission(optional_yield y)
1006 {
1007 s->object->set_atomic();
1008
1009 if (prefetch_data()) {
1010 s->object->set_prefetch_data();
1011 }
1012
1013 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
1014 if (has_s3_existing_tag || has_s3_resource_tag)
1015 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
1016
1017 if (torrent.get_flag()) {
1018 if (s->object->get_instance().empty()) {
1019 action = rgw::IAM::s3GetObjectTorrent;
1020 } else {
1021 action = rgw::IAM::s3GetObjectVersionTorrent;
1022 }
1023 } else {
1024 if (s->object->get_instance().empty()) {
1025 action = rgw::IAM::s3GetObject;
1026 } else {
1027 action = rgw::IAM::s3GetObjectVersion;
1028 }
1029 }
1030
1031 if (!verify_object_permission(this, s, action)) {
1032 return -EACCES;
1033 }
1034
1035 if (s->bucket->get_info().obj_lock_enabled()) {
1036 get_retention = verify_object_permission(this, s, rgw::IAM::s3GetObjectRetention);
1037 get_legal_hold = verify_object_permission(this, s, rgw::IAM::s3GetObjectLegalHold);
1038 }
1039
1040 return 0;
1041 }
1042
1043 RGWOp::~RGWOp(){};
1044
1045 int RGWOp::verify_op_mask()
1046 {
1047 uint32_t required_mask = op_mask();
1048
1049 ldpp_dout(this, 20) << "required_mask= " << required_mask
1050 << " user.op_mask=" << s->user->get_info().op_mask << dendl;
1051
1052 if ((s->user->get_info().op_mask & required_mask) != required_mask) {
1053 return -EPERM;
1054 }
1055
1056 if (!s->system_request && (required_mask & RGW_OP_TYPE_MODIFY) && !driver->get_zone()->is_writeable()) {
1057 ldpp_dout(this, 5) << "NOTICE: modify request to a read-only zone by a "
1058 "non-system user, permission denied" << dendl;
1059 return -EPERM;
1060 }
1061
1062 return 0;
1063 }
1064
1065 int RGWGetObjTags::verify_permission(optional_yield y)
1066 {
1067 auto iam_action = s->object->get_instance().empty()?
1068 rgw::IAM::s3GetObjectTagging:
1069 rgw::IAM::s3GetObjectVersionTagging;
1070
1071 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
1072 if (has_s3_existing_tag || has_s3_resource_tag)
1073 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
1074 if (!verify_object_permission(this, s,iam_action))
1075 return -EACCES;
1076
1077 return 0;
1078 }
1079
1080 void RGWGetObjTags::pre_exec()
1081 {
1082 rgw_bucket_object_pre_exec(s);
1083 }
1084
1085 void RGWGetObjTags::execute(optional_yield y)
1086 {
1087 rgw::sal::Attrs attrs;
1088
1089 s->object->set_atomic();
1090
1091 op_ret = s->object->get_obj_attrs(y, this);
1092
1093 if (op_ret == 0){
1094 attrs = s->object->get_attrs();
1095 auto tags = attrs.find(RGW_ATTR_TAGS);
1096 if(tags != attrs.end()){
1097 has_tags = true;
1098 tags_bl.append(tags->second);
1099 }
1100 }
1101 send_response_data(tags_bl);
1102 }
1103
1104 int RGWPutObjTags::verify_permission(optional_yield y)
1105 {
1106 auto iam_action = s->object->get_instance().empty() ?
1107 rgw::IAM::s3PutObjectTagging:
1108 rgw::IAM::s3PutObjectVersionTagging;
1109
1110 //Using buckets tags for authorization makes more sense.
1111 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, true);
1112 if (has_s3_existing_tag)
1113 rgw_iam_add_objtags(this, s, true, false);
1114 if (has_s3_resource_tag)
1115 rgw_iam_add_buckettags(this, s);
1116 if (!verify_object_permission(this, s,iam_action))
1117 return -EACCES;
1118 return 0;
1119 }
1120
1121 void RGWPutObjTags::execute(optional_yield y)
1122 {
1123 op_ret = get_params(y);
1124 if (op_ret < 0)
1125 return;
1126
1127 if (rgw::sal::Object::empty(s->object.get())){
1128 op_ret= -EINVAL; // we only support tagging on existing objects
1129 return;
1130 }
1131
1132 s->object->set_atomic();
1133 op_ret = s->object->modify_obj_attrs(RGW_ATTR_TAGS, tags_bl, y, this);
1134 if (op_ret == -ECANCELED){
1135 op_ret = -ERR_TAG_CONFLICT;
1136 }
1137 }
1138
1139 void RGWDeleteObjTags::pre_exec()
1140 {
1141 rgw_bucket_object_pre_exec(s);
1142 }
1143
1144
1145 int RGWDeleteObjTags::verify_permission(optional_yield y)
1146 {
1147 if (!rgw::sal::Object::empty(s->object.get())) {
1148 auto iam_action = s->object->get_instance().empty() ?
1149 rgw::IAM::s3DeleteObjectTagging:
1150 rgw::IAM::s3DeleteObjectVersionTagging;
1151
1152 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
1153 if (has_s3_existing_tag || has_s3_resource_tag)
1154 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
1155 if (!verify_object_permission(this, s, iam_action))
1156 return -EACCES;
1157 }
1158 return 0;
1159 }
1160
1161 void RGWDeleteObjTags::execute(optional_yield y)
1162 {
1163 if (rgw::sal::Object::empty(s->object.get()))
1164 return;
1165
1166 op_ret = s->object->delete_obj_attrs(this, RGW_ATTR_TAGS, y);
1167 }
1168
1169 int RGWGetBucketTags::verify_permission(optional_yield y)
1170 {
1171 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
1172 if (has_s3_resource_tag)
1173 rgw_iam_add_buckettags(this, s);
1174
1175 if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketTagging)) {
1176 return -EACCES;
1177 }
1178
1179 return 0;
1180 }
1181
1182 void RGWGetBucketTags::pre_exec()
1183 {
1184 rgw_bucket_object_pre_exec(s);
1185 }
1186
1187 void RGWGetBucketTags::execute(optional_yield y)
1188 {
1189 auto iter = s->bucket_attrs.find(RGW_ATTR_TAGS);
1190 if (iter != s->bucket_attrs.end()) {
1191 has_tags = true;
1192 tags_bl.append(iter->second);
1193 } else {
1194 op_ret = -ERR_NO_SUCH_TAG_SET;
1195 }
1196 send_response_data(tags_bl);
1197 }
1198
1199 int RGWPutBucketTags::verify_permission(optional_yield y) {
1200 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
1201 if (has_s3_resource_tag)
1202 rgw_iam_add_buckettags(this, s);
1203
1204 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketTagging);
1205 }
1206
1207 void RGWPutBucketTags::execute(optional_yield y)
1208 {
1209
1210 op_ret = get_params(this, y);
1211 if (op_ret < 0)
1212 return;
1213
1214 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
1215 if (op_ret < 0) {
1216 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
1217 }
1218
1219 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, y] {
1220 rgw::sal::Attrs attrs = s->bucket->get_attrs();
1221 attrs[RGW_ATTR_TAGS] = tags_bl;
1222 return s->bucket->merge_and_store_attrs(this, attrs, y);
1223 });
1224
1225 }
1226
1227 void RGWDeleteBucketTags::pre_exec()
1228 {
1229 rgw_bucket_object_pre_exec(s);
1230 }
1231
1232 int RGWDeleteBucketTags::verify_permission(optional_yield y)
1233 {
1234 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
1235 if (has_s3_resource_tag)
1236 rgw_iam_add_buckettags(this, s);
1237
1238 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketTagging);
1239 }
1240
1241 void RGWDeleteBucketTags::execute(optional_yield y)
1242 {
1243 bufferlist in_data;
1244 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
1245 if (op_ret < 0) {
1246 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
1247 return;
1248 }
1249
1250 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, y] {
1251 rgw::sal::Attrs attrs = s->bucket->get_attrs();
1252 attrs.erase(RGW_ATTR_TAGS);
1253 op_ret = s->bucket->merge_and_store_attrs(this, attrs, y);
1254 if (op_ret < 0) {
1255 ldpp_dout(this, 0) << "RGWDeleteBucketTags() failed to remove RGW_ATTR_TAGS on bucket="
1256 << s->bucket->get_name()
1257 << " returned err= " << op_ret << dendl;
1258 }
1259 return op_ret;
1260 });
1261 }
1262
1263 int RGWGetBucketReplication::verify_permission(optional_yield y)
1264 {
1265 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
1266 if (has_s3_resource_tag)
1267 rgw_iam_add_buckettags(this, s);
1268
1269 if (!verify_bucket_permission(this, s, rgw::IAM::s3GetReplicationConfiguration)) {
1270 return -EACCES;
1271 }
1272
1273 return 0;
1274 }
1275
1276 void RGWGetBucketReplication::pre_exec()
1277 {
1278 rgw_bucket_object_pre_exec(s);
1279 }
1280
1281 void RGWGetBucketReplication::execute(optional_yield y)
1282 {
1283 send_response_data();
1284 }
1285
1286 int RGWPutBucketReplication::verify_permission(optional_yield y) {
1287 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
1288 if (has_s3_resource_tag)
1289 rgw_iam_add_buckettags(this, s);
1290 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutReplicationConfiguration);
1291 }
1292
1293 void RGWPutBucketReplication::execute(optional_yield y) {
1294
1295 op_ret = get_params(y);
1296 if (op_ret < 0)
1297 return;
1298
1299 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
1300 if (op_ret < 0) {
1301 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
1302 return;
1303 }
1304
1305 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
1306 auto sync_policy = (s->bucket->get_info().sync_policy ? *s->bucket->get_info().sync_policy : rgw_sync_policy_info());
1307
1308 for (auto& group : sync_policy_groups) {
1309 sync_policy.groups[group.id] = group;
1310 }
1311
1312 s->bucket->get_info().set_sync_policy(std::move(sync_policy));
1313
1314 int ret = s->bucket->put_info(this, false, real_time());
1315 if (ret < 0) {
1316 ldpp_dout(this, 0) << "ERROR: put_bucket_instance_info (bucket=" << s->bucket << ") returned ret=" << ret << dendl;
1317 return ret;
1318 }
1319
1320 return 0;
1321 });
1322 }
1323
1324 void RGWDeleteBucketReplication::pre_exec()
1325 {
1326 rgw_bucket_object_pre_exec(s);
1327 }
1328
1329 int RGWDeleteBucketReplication::verify_permission(optional_yield y)
1330 {
1331 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
1332 if (has_s3_resource_tag)
1333 rgw_iam_add_buckettags(this, s);
1334
1335 return verify_bucket_owner_or_policy(s, rgw::IAM::s3DeleteReplicationConfiguration);
1336 }
1337
1338 void RGWDeleteBucketReplication::execute(optional_yield y)
1339 {
1340 bufferlist in_data;
1341 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
1342 if (op_ret < 0) {
1343 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
1344 return;
1345 }
1346
1347 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
1348 if (!s->bucket->get_info().sync_policy) {
1349 return 0;
1350 }
1351
1352 rgw_sync_policy_info sync_policy = *s->bucket->get_info().sync_policy;
1353
1354 update_sync_policy(&sync_policy);
1355
1356 s->bucket->get_info().set_sync_policy(std::move(sync_policy));
1357
1358 int ret = s->bucket->put_info(this, false, real_time());
1359 if (ret < 0) {
1360 ldpp_dout(this, 0) << "ERROR: put_bucket_instance_info (bucket=" << s->bucket << ") returned ret=" << ret << dendl;
1361 return ret;
1362 }
1363
1364 return 0;
1365 });
1366 }
1367
1368 int RGWOp::do_aws4_auth_completion()
1369 {
1370 ldpp_dout(this, 5) << "NOTICE: call to do_aws4_auth_completion" << dendl;
1371 if (s->auth.completer) {
1372 if (!s->auth.completer->complete()) {
1373 return -ERR_AMZ_CONTENT_SHA256_MISMATCH;
1374 } else {
1375 ldpp_dout(this, 10) << "v4 auth ok -- do_aws4_auth_completion" << dendl;
1376 }
1377
1378 /* TODO(rzarzynski): yes, we're really called twice on PUTs. Only first
1379 * call passes, so we disable second one. This is old behaviour, sorry!
1380 * Plan for tomorrow: seek and destroy. */
1381 s->auth.completer = nullptr;
1382 }
1383
1384 return 0;
1385 }
1386
1387 int RGWOp::init_quota()
1388 {
1389 /* no quota enforcement for system requests */
1390 if (s->system_request)
1391 return 0;
1392
1393 /* init quota related stuff */
1394 if (!(s->user->get_info().op_mask & RGW_OP_TYPE_MODIFY)) {
1395 return 0;
1396 }
1397
1398 /* Need a bucket to get quota */
1399 if (rgw::sal::Bucket::empty(s->bucket.get())) {
1400 return 0;
1401 }
1402
1403 std::unique_ptr<rgw::sal::User> owner_user =
1404 driver->get_user(s->bucket->get_info().owner);
1405 rgw::sal::User* user;
1406
1407 if (s->user->get_id() == s->bucket_owner.get_id()) {
1408 user = s->user.get();
1409 } else {
1410 int r = owner_user->load_user(this, s->yield);
1411 if (r < 0)
1412 return r;
1413 user = owner_user.get();
1414
1415 }
1416
1417 driver->get_quota(quota);
1418
1419 if (s->bucket->get_info().quota.enabled) {
1420 quota.bucket_quota = s->bucket->get_info().quota;
1421 } else if (user->get_info().quota.bucket_quota.enabled) {
1422 quota.bucket_quota = user->get_info().quota.bucket_quota;
1423 }
1424
1425 if (user->get_info().quota.user_quota.enabled) {
1426 quota.user_quota = user->get_info().quota.user_quota;
1427 }
1428
1429 return 0;
1430 }
1431
1432 static bool validate_cors_rule_method(const DoutPrefixProvider *dpp, RGWCORSRule *rule, const char *req_meth) {
1433 if (!req_meth) {
1434 ldpp_dout(dpp, 5) << "req_meth is null" << dendl;
1435 return false;
1436 }
1437
1438 uint8_t flags = get_cors_method_flags(req_meth);
1439
1440 if (rule->get_allowed_methods() & flags) {
1441 ldpp_dout(dpp, 10) << "Method " << req_meth << " is supported" << dendl;
1442 } else {
1443 ldpp_dout(dpp, 5) << "Method " << req_meth << " is not supported" << dendl;
1444 return false;
1445 }
1446
1447 return true;
1448 }
1449
1450 static bool validate_cors_rule_header(const DoutPrefixProvider *dpp, RGWCORSRule *rule, const char *req_hdrs) {
1451 if (req_hdrs) {
1452 vector<string> hdrs;
1453 get_str_vec(req_hdrs, hdrs);
1454 for (const auto& hdr : hdrs) {
1455 if (!rule->is_header_allowed(hdr.c_str(), hdr.length())) {
1456 ldpp_dout(dpp, 5) << "Header " << hdr << " is not registered in this rule" << dendl;
1457 return false;
1458 }
1459 }
1460 }
1461 return true;
1462 }
1463
1464 int RGWOp::read_bucket_cors()
1465 {
1466 bufferlist bl;
1467
1468 map<string, bufferlist>::iterator aiter = s->bucket_attrs.find(RGW_ATTR_CORS);
1469 if (aiter == s->bucket_attrs.end()) {
1470 ldpp_dout(this, 20) << "no CORS configuration attr found" << dendl;
1471 cors_exist = false;
1472 return 0; /* no CORS configuration found */
1473 }
1474
1475 cors_exist = true;
1476
1477 bl = aiter->second;
1478
1479 auto iter = bl.cbegin();
1480 try {
1481 bucket_cors.decode(iter);
1482 } catch (buffer::error& err) {
1483 ldpp_dout(this, 0) << "ERROR: could not decode CORS, caught buffer::error" << dendl;
1484 return -EIO;
1485 }
1486 if (s->cct->_conf->subsys.should_gather<ceph_subsys_rgw, 15>()) {
1487 RGWCORSConfiguration_S3 *s3cors = static_cast<RGWCORSConfiguration_S3 *>(&bucket_cors);
1488 ldpp_dout(this, 15) << "Read RGWCORSConfiguration";
1489 s3cors->to_xml(*_dout);
1490 *_dout << dendl;
1491 }
1492 return 0;
1493 }
1494
1495 /** CORS 6.2.6.
1496 * If any of the header field-names is not a ASCII case-insensitive match for
1497 * any of the values in list of headers do not set any additional headers and
1498 * terminate this set of steps.
1499 * */
1500 static void get_cors_response_headers(const DoutPrefixProvider *dpp, RGWCORSRule *rule, const char *req_hdrs, string& hdrs, string& exp_hdrs, unsigned *max_age) {
1501 if (req_hdrs) {
1502 list<string> hl;
1503 get_str_list(req_hdrs, hl);
1504 for(list<string>::iterator it = hl.begin(); it != hl.end(); ++it) {
1505 if (!rule->is_header_allowed((*it).c_str(), (*it).length())) {
1506 ldpp_dout(dpp, 5) << "Header " << (*it) << " is not registered in this rule" << dendl;
1507 } else {
1508 if (hdrs.length() > 0) hdrs.append(",");
1509 hdrs.append((*it));
1510 }
1511 }
1512 }
1513 rule->format_exp_headers(exp_hdrs);
1514 *max_age = rule->get_max_age();
1515 }
1516
1517 /**
1518 * Generate the CORS header response
1519 *
1520 * This is described in the CORS standard, section 6.2.
1521 */
1522 bool RGWOp::generate_cors_headers(string& origin, string& method, string& headers, string& exp_headers, unsigned *max_age)
1523 {
1524 /* CORS 6.2.1. */
1525 const char *orig = s->info.env->get("HTTP_ORIGIN");
1526 if (!orig) {
1527 return false;
1528 }
1529
1530 /* Custom: */
1531 origin = orig;
1532 int temp_op_ret = read_bucket_cors();
1533 if (temp_op_ret < 0) {
1534 op_ret = temp_op_ret;
1535 return false;
1536 }
1537
1538 if (!cors_exist) {
1539 ldpp_dout(this, 2) << "No CORS configuration set yet for this bucket" << dendl;
1540 return false;
1541 }
1542
1543 /* CORS 6.2.2. */
1544 RGWCORSRule *rule = bucket_cors.host_name_rule(orig);
1545 if (!rule)
1546 return false;
1547
1548 /*
1549 * Set the Allowed-Origin header to a asterisk if this is allowed in the rule
1550 * and no Authorization was send by the client
1551 *
1552 * The origin parameter specifies a URI that may access the resource. The browser must enforce this.
1553 * For requests without credentials, the server may specify "*" as a wildcard,
1554 * thereby allowing any origin to access the resource.
1555 */
1556 const char *authorization = s->info.env->get("HTTP_AUTHORIZATION");
1557 if (!authorization && rule->has_wildcard_origin())
1558 origin = "*";
1559
1560 /* CORS 6.2.3. */
1561 const char *req_meth = s->info.env->get("HTTP_ACCESS_CONTROL_REQUEST_METHOD");
1562 if (!req_meth) {
1563 req_meth = s->info.method;
1564 }
1565
1566 if (req_meth) {
1567 method = req_meth;
1568 /* CORS 6.2.5. */
1569 if (!validate_cors_rule_method(this, rule, req_meth)) {
1570 return false;
1571 }
1572 }
1573
1574 /* CORS 6.2.4. */
1575 const char *req_hdrs = s->info.env->get("HTTP_ACCESS_CONTROL_REQUEST_HEADERS");
1576
1577 /* CORS 6.2.6. */
1578 get_cors_response_headers(this, rule, req_hdrs, headers, exp_headers, max_age);
1579
1580 return true;
1581 }
1582
1583 int rgw_policy_from_attrset(const DoutPrefixProvider *dpp, CephContext *cct, map<string, bufferlist>& attrset, RGWAccessControlPolicy *policy)
1584 {
1585 map<string, bufferlist>::iterator aiter = attrset.find(RGW_ATTR_ACL);
1586 if (aiter == attrset.end())
1587 return -EIO;
1588
1589 bufferlist& bl = aiter->second;
1590 auto iter = bl.cbegin();
1591 try {
1592 policy->decode(iter);
1593 } catch (buffer::error& err) {
1594 ldpp_dout(dpp, 0) << "ERROR: could not decode policy, caught buffer::error" << dendl;
1595 return -EIO;
1596 }
1597 if (cct->_conf->subsys.should_gather<ceph_subsys_rgw, 15>()) {
1598 RGWAccessControlPolicy_S3 *s3policy = static_cast<RGWAccessControlPolicy_S3 *>(policy);
1599 ldpp_dout(dpp, 15) << __func__ << " Read AccessControlPolicy";
1600 s3policy->to_xml(*_dout);
1601 *_dout << dendl;
1602 }
1603 return 0;
1604 }
1605
1606 int RGWGetObj::read_user_manifest_part(rgw::sal::Bucket* bucket,
1607 const rgw_bucket_dir_entry& ent,
1608 RGWAccessControlPolicy * const bucket_acl,
1609 const boost::optional<Policy>& bucket_policy,
1610 const off_t start_ofs,
1611 const off_t end_ofs,
1612 bool swift_slo)
1613 {
1614 ldpp_dout(this, 20) << "user manifest obj=" << ent.key.name
1615 << "[" << ent.key.instance << "]" << dendl;
1616 RGWGetObj_CB cb(this);
1617 RGWGetObj_Filter* filter = &cb;
1618 boost::optional<RGWGetObj_Decompress> decompress;
1619
1620 int64_t cur_ofs = start_ofs;
1621 int64_t cur_end = end_ofs;
1622
1623 std::unique_ptr<rgw::sal::Object> part = bucket->get_object(ent.key);
1624
1625 RGWAccessControlPolicy obj_policy(s->cct);
1626
1627 ldpp_dout(this, 20) << "reading obj=" << part << " ofs=" << cur_ofs
1628 << " end=" << cur_end << dendl;
1629
1630 part->set_atomic();
1631 part->set_prefetch_data();
1632
1633 std::unique_ptr<rgw::sal::Object::ReadOp> read_op = part->get_read_op();
1634
1635 if (!swift_slo) {
1636 /* SLO etag is optional */
1637 read_op->params.if_match = ent.meta.etag.c_str();
1638 }
1639
1640 op_ret = read_op->prepare(s->yield, this);
1641 if (op_ret < 0)
1642 return op_ret;
1643 op_ret = part->range_to_ofs(ent.meta.accounted_size, cur_ofs, cur_end);
1644 if (op_ret < 0)
1645 return op_ret;
1646 bool need_decompress;
1647 op_ret = rgw_compression_info_from_attrset(part->get_attrs(), need_decompress, cs_info);
1648 if (op_ret < 0) {
1649 ldpp_dout(this, 0) << "ERROR: failed to decode compression info" << dendl;
1650 return -EIO;
1651 }
1652
1653 if (need_decompress)
1654 {
1655 if (cs_info.orig_size != ent.meta.accounted_size) {
1656 // hmm.. something wrong, object not as expected, abort!
1657 ldpp_dout(this, 0) << "ERROR: expected cs_info.orig_size=" << cs_info.orig_size
1658 << ", actual read size=" << ent.meta.size << dendl;
1659 return -EIO;
1660 }
1661 decompress.emplace(s->cct, &cs_info, partial_content, filter);
1662 filter = &*decompress;
1663 }
1664 else
1665 {
1666 if (part->get_obj_size() != ent.meta.size) {
1667 // hmm.. something wrong, object not as expected, abort!
1668 ldpp_dout(this, 0) << "ERROR: expected obj_size=" << part->get_obj_size()
1669 << ", actual read size=" << ent.meta.size << dendl;
1670 return -EIO;
1671 }
1672 }
1673
1674 op_ret = rgw_policy_from_attrset(s, s->cct, part->get_attrs(), &obj_policy);
1675 if (op_ret < 0)
1676 return op_ret;
1677
1678 /* We can use global user_acl because LOs cannot have segments
1679 * stored inside different accounts. */
1680 if (s->system_request) {
1681 ldpp_dout(this, 2) << "overriding permissions due to system operation" << dendl;
1682 } else if (s->auth.identity->is_admin_of(s->user->get_id())) {
1683 ldpp_dout(this, 2) << "overriding permissions due to admin operation" << dendl;
1684 } else if (!verify_object_permission(this, s, part->get_obj(), s->user_acl.get(),
1685 bucket_acl, &obj_policy, bucket_policy,
1686 s->iam_user_policies, s->session_policies, action)) {
1687 return -EPERM;
1688 }
1689 if (ent.meta.size == 0) {
1690 return 0;
1691 }
1692
1693 perfcounter->inc(l_rgw_get_b, cur_end - cur_ofs);
1694 filter->fixup_range(cur_ofs, cur_end);
1695 op_ret = read_op->iterate(this, cur_ofs, cur_end, filter, s->yield);
1696 if (op_ret >= 0)
1697 op_ret = filter->flush();
1698 return op_ret;
1699 }
1700
1701 static int iterate_user_manifest_parts(const DoutPrefixProvider *dpp,
1702 CephContext * const cct,
1703 rgw::sal::Driver* const driver,
1704 const off_t ofs,
1705 const off_t end,
1706 rgw::sal::Bucket* bucket,
1707 const string& obj_prefix,
1708 RGWAccessControlPolicy * const bucket_acl,
1709 const boost::optional<Policy>& bucket_policy,
1710 uint64_t * const ptotal_len,
1711 uint64_t * const pobj_size,
1712 string * const pobj_sum,
1713 int (*cb)(rgw::sal::Bucket* bucket,
1714 const rgw_bucket_dir_entry& ent,
1715 RGWAccessControlPolicy * const bucket_acl,
1716 const boost::optional<Policy>& bucket_policy,
1717 off_t start_ofs,
1718 off_t end_ofs,
1719 void *param,
1720 bool swift_slo),
1721 void * const cb_param,
1722 optional_yield y)
1723 {
1724 uint64_t obj_ofs = 0, len_count = 0;
1725 bool found_start = false, found_end = false, handled_end = false;
1726 string delim;
1727
1728 utime_t start_time = ceph_clock_now();
1729
1730 rgw::sal::Bucket::ListParams params;
1731 params.prefix = obj_prefix;
1732 params.delim = delim;
1733
1734 rgw::sal::Bucket::ListResults results;
1735 MD5 etag_sum;
1736 // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
1737 etag_sum.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
1738 do {
1739 static constexpr auto MAX_LIST_OBJS = 100u;
1740 int r = bucket->list(dpp, params, MAX_LIST_OBJS, results, y);
1741 if (r < 0) {
1742 return r;
1743 }
1744
1745 for (rgw_bucket_dir_entry& ent : results.objs) {
1746 const uint64_t cur_total_len = obj_ofs;
1747 const uint64_t obj_size = ent.meta.accounted_size;
1748 uint64_t start_ofs = 0, end_ofs = obj_size;
1749
1750 if ((ptotal_len || cb) && !found_start && cur_total_len + obj_size > (uint64_t)ofs) {
1751 start_ofs = ofs - obj_ofs;
1752 found_start = true;
1753 }
1754
1755 obj_ofs += obj_size;
1756 if (pobj_sum) {
1757 etag_sum.Update((const unsigned char *)ent.meta.etag.c_str(),
1758 ent.meta.etag.length());
1759 }
1760
1761 if ((ptotal_len || cb) && !found_end && obj_ofs > (uint64_t)end) {
1762 end_ofs = end - cur_total_len + 1;
1763 found_end = true;
1764 }
1765
1766 perfcounter->tinc(l_rgw_get_lat,
1767 (ceph_clock_now() - start_time));
1768
1769 if (found_start && !handled_end) {
1770 len_count += end_ofs - start_ofs;
1771
1772 if (cb) {
1773 r = cb(bucket, ent, bucket_acl, bucket_policy, start_ofs, end_ofs,
1774 cb_param, false /* swift_slo */);
1775 if (r < 0) {
1776 return r;
1777 }
1778 }
1779 }
1780
1781 handled_end = found_end;
1782 start_time = ceph_clock_now();
1783 }
1784 } while (results.is_truncated);
1785
1786 if (ptotal_len) {
1787 *ptotal_len = len_count;
1788 }
1789 if (pobj_size) {
1790 *pobj_size = obj_ofs;
1791 }
1792 if (pobj_sum) {
1793 complete_etag(etag_sum, pobj_sum);
1794 }
1795
1796 return 0;
1797 }
1798
1799 struct rgw_slo_part {
1800 RGWAccessControlPolicy *bucket_acl = nullptr;
1801 Policy* bucket_policy = nullptr;
1802 rgw::sal::Bucket* bucket;
1803 string obj_name;
1804 uint64_t size = 0;
1805 string etag;
1806 };
1807
1808 static int iterate_slo_parts(const DoutPrefixProvider *dpp,
1809 CephContext *cct,
1810 rgw::sal::Driver* driver,
1811 off_t ofs,
1812 off_t end,
1813 map<uint64_t, rgw_slo_part>& slo_parts,
1814 int (*cb)(rgw::sal::Bucket* bucket,
1815 const rgw_bucket_dir_entry& ent,
1816 RGWAccessControlPolicy *bucket_acl,
1817 const boost::optional<Policy>& bucket_policy,
1818 off_t start_ofs,
1819 off_t end_ofs,
1820 void *param,
1821 bool swift_slo),
1822 void *cb_param)
1823 {
1824 bool found_start = false, found_end = false;
1825
1826 if (slo_parts.empty()) {
1827 return 0;
1828 }
1829
1830 utime_t start_time = ceph_clock_now();
1831
1832 map<uint64_t, rgw_slo_part>::iterator iter = slo_parts.upper_bound(ofs);
1833 if (iter != slo_parts.begin()) {
1834 --iter;
1835 }
1836
1837 uint64_t obj_ofs = iter->first;
1838
1839 for (; iter != slo_parts.end() && !found_end; ++iter) {
1840 rgw_slo_part& part = iter->second;
1841 rgw_bucket_dir_entry ent;
1842
1843 ent.key.name = part.obj_name;
1844 ent.meta.accounted_size = ent.meta.size = part.size;
1845 ent.meta.etag = part.etag;
1846
1847 uint64_t cur_total_len = obj_ofs;
1848 uint64_t start_ofs = 0, end_ofs = ent.meta.size - 1;
1849
1850 if (!found_start && cur_total_len + ent.meta.size > (uint64_t)ofs) {
1851 start_ofs = ofs - obj_ofs;
1852 found_start = true;
1853 }
1854
1855 obj_ofs += ent.meta.size;
1856
1857 if (!found_end && obj_ofs > (uint64_t)end) {
1858 end_ofs = end - cur_total_len;
1859 found_end = true;
1860 }
1861
1862 perfcounter->tinc(l_rgw_get_lat,
1863 (ceph_clock_now() - start_time));
1864
1865 if (found_start) {
1866 if (cb) {
1867 ldpp_dout(dpp, 20) << "iterate_slo_parts()"
1868 << " obj=" << part.obj_name
1869 << " start_ofs=" << start_ofs
1870 << " end_ofs=" << end_ofs
1871 << dendl;
1872
1873 // SLO is a Swift thing, and Swift has no knowledge of S3 Policies.
1874 int r = cb(part.bucket, ent, part.bucket_acl,
1875 (part.bucket_policy ?
1876 boost::optional<Policy>(*part.bucket_policy) : none),
1877 start_ofs, end_ofs, cb_param, true /* swift_slo */);
1878 if (r < 0)
1879 return r;
1880 }
1881 }
1882
1883 start_time = ceph_clock_now();
1884 }
1885
1886 return 0;
1887 }
1888
1889 static int get_obj_user_manifest_iterate_cb(rgw::sal::Bucket* bucket,
1890 const rgw_bucket_dir_entry& ent,
1891 RGWAccessControlPolicy * const bucket_acl,
1892 const boost::optional<Policy>& bucket_policy,
1893 const off_t start_ofs,
1894 const off_t end_ofs,
1895 void * const param,
1896 bool swift_slo = false)
1897 {
1898 RGWGetObj *op = static_cast<RGWGetObj *>(param);
1899 return op->read_user_manifest_part(
1900 bucket, ent, bucket_acl, bucket_policy, start_ofs, end_ofs, swift_slo);
1901 }
1902
1903 int RGWGetObj::handle_user_manifest(const char *prefix, optional_yield y)
1904 {
1905 const std::string_view prefix_view(prefix);
1906 ldpp_dout(this, 2) << "RGWGetObj::handle_user_manifest() prefix="
1907 << prefix_view << dendl;
1908
1909 const size_t pos = prefix_view.find('/');
1910 if (pos == string::npos) {
1911 return -EINVAL;
1912 }
1913
1914 const std::string bucket_name = url_decode(prefix_view.substr(0, pos));
1915 const std::string obj_prefix = url_decode(prefix_view.substr(pos + 1));
1916
1917 RGWAccessControlPolicy _bucket_acl(s->cct);
1918 RGWAccessControlPolicy *bucket_acl;
1919 boost::optional<Policy> _bucket_policy;
1920 boost::optional<Policy>* bucket_policy;
1921 RGWBucketInfo bucket_info;
1922 std::unique_ptr<rgw::sal::Bucket> ubucket;
1923 rgw::sal::Bucket* pbucket = NULL;
1924 int r = 0;
1925
1926 if (bucket_name.compare(s->bucket->get_name()) != 0) {
1927 map<string, bufferlist> bucket_attrs;
1928 r = driver->get_bucket(this, s->user.get(), s->user->get_tenant(), bucket_name, &ubucket, y);
1929 if (r < 0) {
1930 ldpp_dout(this, 0) << "could not get bucket info for bucket="
1931 << bucket_name << dendl;
1932 return r;
1933 }
1934 bucket_acl = &_bucket_acl;
1935 r = read_bucket_policy(this, driver, s, ubucket->get_info(), bucket_attrs, bucket_acl, ubucket->get_key(), y);
1936 if (r < 0) {
1937 ldpp_dout(this, 0) << "failed to read bucket policy" << dendl;
1938 return r;
1939 }
1940 _bucket_policy = get_iam_policy_from_attr(s->cct, bucket_attrs, s->user->get_tenant());
1941 bucket_policy = &_bucket_policy;
1942 pbucket = ubucket.get();
1943 } else {
1944 pbucket = s->bucket.get();
1945 bucket_acl = s->bucket_acl.get();
1946 bucket_policy = &s->iam_policy;
1947 }
1948
1949 /* dry run to find out:
1950 * - total length (of the parts we are going to send to client),
1951 * - overall DLO's content size,
1952 * - md5 sum of overall DLO's content (for etag of Swift API). */
1953 r = iterate_user_manifest_parts(this, s->cct, driver, ofs, end,
1954 pbucket, obj_prefix, bucket_acl, *bucket_policy,
1955 nullptr, &s->obj_size, &lo_etag,
1956 nullptr /* cb */, nullptr /* cb arg */, y);
1957 if (r < 0) {
1958 return r;
1959 }
1960 s->object->set_obj_size(s->obj_size);
1961
1962 r = s->object->range_to_ofs(s->obj_size, ofs, end);
1963 if (r < 0) {
1964 return r;
1965 }
1966
1967 r = iterate_user_manifest_parts(this, s->cct, driver, ofs, end,
1968 pbucket, obj_prefix, bucket_acl, *bucket_policy,
1969 &total_len, nullptr, nullptr,
1970 nullptr, nullptr, y);
1971 if (r < 0) {
1972 return r;
1973 }
1974
1975 if (!get_data) {
1976 bufferlist bl;
1977 send_response_data(bl, 0, 0);
1978 return 0;
1979 }
1980
1981 r = iterate_user_manifest_parts(this, s->cct, driver, ofs, end,
1982 pbucket, obj_prefix, bucket_acl, *bucket_policy,
1983 nullptr, nullptr, nullptr,
1984 get_obj_user_manifest_iterate_cb, (void *)this, y);
1985 if (r < 0) {
1986 return r;
1987 }
1988
1989 if (!total_len) {
1990 bufferlist bl;
1991 send_response_data(bl, 0, 0);
1992 }
1993
1994 return r;
1995 }
1996
1997 int RGWGetObj::handle_slo_manifest(bufferlist& bl, optional_yield y)
1998 {
1999 RGWSLOInfo slo_info;
2000 auto bliter = bl.cbegin();
2001 try {
2002 decode(slo_info, bliter);
2003 } catch (buffer::error& err) {
2004 ldpp_dout(this, 0) << "ERROR: failed to decode slo manifest" << dendl;
2005 return -EIO;
2006 }
2007 ldpp_dout(this, 2) << "RGWGetObj::handle_slo_manifest()" << dendl;
2008
2009 vector<RGWAccessControlPolicy> allocated_acls;
2010 map<string, pair<RGWAccessControlPolicy *, boost::optional<Policy>>> policies;
2011 map<string, std::unique_ptr<rgw::sal::Bucket>> buckets;
2012
2013 map<uint64_t, rgw_slo_part> slo_parts;
2014
2015 MD5 etag_sum;
2016 // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
2017 etag_sum.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
2018 total_len = 0;
2019
2020 for (const auto& entry : slo_info.entries) {
2021 const string& path = entry.path;
2022
2023 /* If the path starts with slashes, strip them all. */
2024 const size_t pos_init = path.find_first_not_of('/');
2025 /* According to the documentation of std::string::find following check
2026 * is not necessary as we should get the std::string::npos propagation
2027 * here. This might be true with the accuracy to implementation's bugs.
2028 * See following question on SO:
2029 * http://stackoverflow.com/questions/1011790/why-does-stdstring-findtext-stdstringnpos-not-return-npos
2030 */
2031 if (pos_init == string::npos) {
2032 return -EINVAL;
2033 }
2034
2035 const size_t pos_sep = path.find('/', pos_init);
2036 if (pos_sep == string::npos) {
2037 return -EINVAL;
2038 }
2039
2040 string bucket_name = path.substr(pos_init, pos_sep - pos_init);
2041 string obj_name = path.substr(pos_sep + 1);
2042
2043 rgw::sal::Bucket* bucket;
2044 RGWAccessControlPolicy *bucket_acl;
2045 Policy* bucket_policy;
2046
2047 if (bucket_name.compare(s->bucket->get_name()) != 0) {
2048 const auto& piter = policies.find(bucket_name);
2049 if (piter != policies.end()) {
2050 bucket_acl = piter->second.first;
2051 bucket_policy = piter->second.second.get_ptr();
2052 bucket = buckets[bucket_name].get();
2053 } else {
2054 allocated_acls.push_back(RGWAccessControlPolicy(s->cct));
2055 RGWAccessControlPolicy& _bucket_acl = allocated_acls.back();
2056
2057 std::unique_ptr<rgw::sal::Bucket> tmp_bucket;
2058 int r = driver->get_bucket(this, s->user.get(), s->user->get_tenant(), bucket_name, &tmp_bucket, y);
2059 if (r < 0) {
2060 ldpp_dout(this, 0) << "could not get bucket info for bucket="
2061 << bucket_name << dendl;
2062 return r;
2063 }
2064 bucket = tmp_bucket.get();
2065 bucket_acl = &_bucket_acl;
2066 r = read_bucket_policy(this, driver, s, tmp_bucket->get_info(), tmp_bucket->get_attrs(), bucket_acl,
2067 tmp_bucket->get_key(), y);
2068 if (r < 0) {
2069 ldpp_dout(this, 0) << "failed to read bucket ACL for bucket "
2070 << bucket << dendl;
2071 return r;
2072 }
2073 auto _bucket_policy = get_iam_policy_from_attr(
2074 s->cct, tmp_bucket->get_attrs(), tmp_bucket->get_tenant());
2075 bucket_policy = _bucket_policy.get_ptr();
2076 buckets[bucket_name].swap(tmp_bucket);
2077 policies[bucket_name] = make_pair(bucket_acl, _bucket_policy);
2078 }
2079 } else {
2080 bucket = s->bucket.get();
2081 bucket_acl = s->bucket_acl.get();
2082 bucket_policy = s->iam_policy.get_ptr();
2083 }
2084
2085 rgw_slo_part part;
2086 part.bucket_acl = bucket_acl;
2087 part.bucket_policy = bucket_policy;
2088 part.bucket = bucket;
2089 part.obj_name = obj_name;
2090 part.size = entry.size_bytes;
2091 part.etag = entry.etag;
2092 ldpp_dout(this, 20) << "slo_part: bucket=" << part.bucket
2093 << " obj=" << part.obj_name
2094 << " size=" << part.size
2095 << " etag=" << part.etag
2096 << dendl;
2097
2098 etag_sum.Update((const unsigned char *)entry.etag.c_str(),
2099 entry.etag.length());
2100
2101 slo_parts[total_len] = part;
2102 total_len += part.size;
2103 } /* foreach entry */
2104
2105 complete_etag(etag_sum, &lo_etag);
2106
2107 s->obj_size = slo_info.total_size;
2108 s->object->set_obj_size(slo_info.total_size);
2109 ldpp_dout(this, 20) << "s->obj_size=" << s->obj_size << dendl;
2110
2111 int r = s->object->range_to_ofs(total_len, ofs, end);
2112 if (r < 0) {
2113 return r;
2114 }
2115
2116 total_len = end - ofs + 1;
2117 ldpp_dout(this, 20) << "Requested: ofs=" << ofs
2118 << " end=" << end
2119 << " total=" << total_len
2120 << dendl;
2121
2122 r = iterate_slo_parts(this, s->cct, driver, ofs, end, slo_parts,
2123 get_obj_user_manifest_iterate_cb, (void *)this);
2124 if (r < 0) {
2125 return r;
2126 }
2127
2128 return 0;
2129 }
2130
2131 int RGWGetObj::get_data_cb(bufferlist& bl, off_t bl_ofs, off_t bl_len)
2132 {
2133 /* garbage collection related handling:
2134 * defer_gc disabled for https://tracker.ceph.com/issues/47866 */
2135 return send_response_data(bl, bl_ofs, bl_len);
2136 }
2137
2138 int RGWGetObj::get_lua_filter(std::unique_ptr<RGWGetObj_Filter>* filter, RGWGetObj_Filter* cb) {
2139 std::string script;
2140 const auto rc = rgw::lua::read_script(s, s->penv.lua.manager.get(), s->bucket_tenant, s->yield, rgw::lua::context::getData, script);
2141 if (rc == -ENOENT) {
2142 // no script, nothing to do
2143 return 0;
2144 } else if (rc < 0) {
2145 ldpp_dout(this, 5) << "WARNING: failed to read data script. error: " << rc << dendl;
2146 return rc;
2147 }
2148 filter->reset(new rgw::lua::RGWGetObjFilter(s, script, cb));
2149 return 0;
2150 }
2151
2152 bool RGWGetObj::prefetch_data()
2153 {
2154 /* HEAD request, stop prefetch*/
2155 if (!get_data || s->info.env->exists("HTTP_X_RGW_AUTH")) {
2156 return false;
2157 }
2158
2159 range_str = s->info.env->get("HTTP_RANGE");
2160 // TODO: add range prefetch
2161 if (range_str) {
2162 parse_range();
2163 return false;
2164 }
2165
2166 return get_data;
2167 }
2168
2169 void RGWGetObj::pre_exec()
2170 {
2171 rgw_bucket_object_pre_exec(s);
2172 }
2173
2174 static inline void rgw_cond_decode_objtags(
2175 req_state *s,
2176 const std::map<std::string, buffer::list> &attrs)
2177 {
2178 const auto& tags = attrs.find(RGW_ATTR_TAGS);
2179 if (tags != attrs.end()) {
2180 try {
2181 bufferlist::const_iterator iter{&tags->second};
2182 s->tagset.decode(iter);
2183 } catch (buffer::error& err) {
2184 ldpp_dout(s, 0)
2185 << "ERROR: caught buffer::error, couldn't decode TagSet" << dendl;
2186 }
2187 }
2188 }
2189
2190 void RGWGetObj::execute(optional_yield y)
2191 {
2192 bufferlist bl;
2193 gc_invalidate_time = ceph_clock_now();
2194 gc_invalidate_time += (s->cct->_conf->rgw_gc_obj_min_wait / 2);
2195
2196 bool need_decompress = false;
2197 int64_t ofs_x = 0, end_x = 0;
2198 bool encrypted = false;
2199
2200 RGWGetObj_CB cb(this);
2201 RGWGetObj_Filter* filter = (RGWGetObj_Filter *)&cb;
2202 boost::optional<RGWGetObj_Decompress> decompress;
2203 #ifdef WITH_ARROW_FLIGHT
2204 boost::optional<rgw::flight::FlightGetObj_Filter> flight_filter;
2205 #endif
2206 std::unique_ptr<RGWGetObj_Filter> decrypt;
2207 std::unique_ptr<RGWGetObj_Filter> run_lua;
2208 map<string, bufferlist>::iterator attr_iter;
2209
2210 perfcounter->inc(l_rgw_get);
2211
2212 std::unique_ptr<rgw::sal::Object::ReadOp> read_op(s->object->get_read_op());
2213
2214 op_ret = get_params(y);
2215 if (op_ret < 0)
2216 goto done_err;
2217
2218 op_ret = init_common();
2219 if (op_ret < 0)
2220 goto done_err;
2221
2222 read_op->params.mod_ptr = mod_ptr;
2223 read_op->params.unmod_ptr = unmod_ptr;
2224 read_op->params.high_precision_time = s->system_request; /* system request need to use high precision time */
2225 read_op->params.mod_zone_id = mod_zone_id;
2226 read_op->params.mod_pg_ver = mod_pg_ver;
2227 read_op->params.if_match = if_match;
2228 read_op->params.if_nomatch = if_nomatch;
2229 read_op->params.lastmod = &lastmod;
2230
2231 op_ret = read_op->prepare(s->yield, this);
2232 if (op_ret < 0)
2233 goto done_err;
2234 version_id = s->object->get_instance();
2235 s->obj_size = s->object->get_obj_size();
2236 attrs = s->object->get_attrs();
2237
2238 /* STAT ops don't need data, and do no i/o */
2239 if (get_type() == RGW_OP_STAT_OBJ) {
2240 return;
2241 }
2242 if (s->info.env->exists("HTTP_X_RGW_AUTH")) {
2243 op_ret = 0;
2244 goto done_err;
2245 }
2246 /* start gettorrent */
2247 if (torrent.get_flag())
2248 {
2249 attr_iter = attrs.find(RGW_ATTR_CRYPT_MODE);
2250 if (attr_iter != attrs.end() && attr_iter->second.to_str() == "SSE-C-AES256") {
2251 ldpp_dout(this, 0) << "ERROR: torrents are not supported for objects "
2252 "encrypted with SSE-C" << dendl;
2253 op_ret = -EINVAL;
2254 goto done_err;
2255 }
2256 torrent.init(s, driver);
2257 rgw_obj obj = s->object->get_obj();
2258 op_ret = torrent.get_torrent_file(s->object.get(), total_len, bl, obj);
2259 if (op_ret < 0)
2260 {
2261 ldpp_dout(this, 0) << "ERROR: failed to get_torrent_file ret= " << op_ret
2262 << dendl;
2263 goto done_err;
2264 }
2265 op_ret = send_response_data(bl, 0, total_len);
2266 if (op_ret < 0)
2267 {
2268 ldpp_dout(this, 0) << "ERROR: failed to send_response_data ret= " << op_ret << dendl;
2269 goto done_err;
2270 }
2271 return;
2272 }
2273 /* end gettorrent */
2274
2275 // run lua script on decompressed and decrypted data - first filter runs last
2276 op_ret = get_lua_filter(&run_lua, filter);
2277 if (run_lua != nullptr) {
2278 filter = run_lua.get();
2279 }
2280 if (op_ret < 0) {
2281 goto done_err;
2282 }
2283
2284 #ifdef WITH_ARROW_FLIGHT
2285 if (s->penv.flight_store) {
2286 if (ofs == 0) {
2287 // insert a GetObj_Filter to monitor and create flight
2288 flight_filter.emplace(s, filter);
2289 filter = &*flight_filter;
2290 }
2291 } else {
2292 ldpp_dout(this, 0) << "ERROR: flight_store not created in " << __func__ << dendl;
2293 }
2294 #endif
2295
2296 op_ret = rgw_compression_info_from_attrset(attrs, need_decompress, cs_info);
2297 if (op_ret < 0) {
2298 ldpp_dout(this, 0) << "ERROR: failed to decode compression info, cannot decompress" << dendl;
2299 goto done_err;
2300 }
2301
2302 // where encryption and compression are combined, compression was applied to
2303 // the data before encryption. if the system header rgwx-skip-decrypt is
2304 // present, we have to skip the decompression filter too
2305 encrypted = attrs.count(RGW_ATTR_CRYPT_MODE);
2306
2307 if (need_decompress && (!encrypted || !skip_decrypt)) {
2308 s->obj_size = cs_info.orig_size;
2309 s->object->set_obj_size(cs_info.orig_size);
2310 decompress.emplace(s->cct, &cs_info, partial_content, filter);
2311 filter = &*decompress;
2312 }
2313
2314 attr_iter = attrs.find(RGW_ATTR_OBJ_REPLICATION_TRACE);
2315 if (attr_iter != attrs.end()) {
2316 try {
2317 std::vector<rgw_zone_set_entry> zones;
2318 auto p = attr_iter->second.cbegin();
2319 decode(zones, p);
2320 for (const auto& zone: zones) {
2321 if (zone == dst_zone_trace) {
2322 op_ret = -ERR_NOT_MODIFIED;
2323 ldpp_dout(this, 4) << "Object already has been copied to this destination. Returning "
2324 << op_ret << dendl;
2325 goto done_err;
2326 }
2327 }
2328 } catch (const buffer::error&) {}
2329 }
2330
2331 if (get_type() == RGW_OP_GET_OBJ && get_data) {
2332 op_ret = handle_cloudtier_obj(attrs, sync_cloudtiered);
2333 if (op_ret < 0) {
2334 ldpp_dout(this, 4) << "Cannot get cloud tiered object: " << *s->object
2335 <<". Failing with " << op_ret << dendl;
2336 if (op_ret == -ERR_INVALID_OBJECT_STATE) {
2337 s->err.message = "This object was transitioned to cloud-s3";
2338 }
2339 goto done_err;
2340 }
2341 }
2342
2343 attr_iter = attrs.find(RGW_ATTR_USER_MANIFEST);
2344 if (attr_iter != attrs.end() && !skip_manifest) {
2345 op_ret = handle_user_manifest(attr_iter->second.c_str(), y);
2346 if (op_ret < 0) {
2347 ldpp_dout(this, 0) << "ERROR: failed to handle user manifest ret="
2348 << op_ret << dendl;
2349 goto done_err;
2350 }
2351 return;
2352 }
2353
2354 attr_iter = attrs.find(RGW_ATTR_SLO_MANIFEST);
2355 if (attr_iter != attrs.end() && !skip_manifest) {
2356 is_slo = true;
2357 op_ret = handle_slo_manifest(attr_iter->second, y);
2358 if (op_ret < 0) {
2359 ldpp_dout(this, 0) << "ERROR: failed to handle slo manifest ret=" << op_ret
2360 << dendl;
2361 goto done_err;
2362 }
2363 return;
2364 }
2365
2366 // for range requests with obj size 0
2367 if (range_str && !(s->obj_size)) {
2368 total_len = 0;
2369 op_ret = -ERANGE;
2370 goto done_err;
2371 }
2372
2373 op_ret = s->object->range_to_ofs(s->obj_size, ofs, end);
2374 if (op_ret < 0)
2375 goto done_err;
2376 total_len = (ofs <= end ? end + 1 - ofs : 0);
2377
2378 ofs_x = ofs;
2379 end_x = end;
2380 filter->fixup_range(ofs_x, end_x);
2381
2382 /* Check whether the object has expired. Swift API documentation
2383 * stands that we should return 404 Not Found in such case. */
2384 if (need_object_expiration() && s->object->is_expired()) {
2385 op_ret = -ENOENT;
2386 goto done_err;
2387 }
2388
2389 /* Decode S3 objtags, if any */
2390 rgw_cond_decode_objtags(s, attrs);
2391
2392 start = ofs;
2393
2394 attr_iter = attrs.find(RGW_ATTR_MANIFEST);
2395 op_ret = this->get_decrypt_filter(&decrypt, filter,
2396 attr_iter != attrs.end() ? &(attr_iter->second) : nullptr);
2397 if (decrypt != nullptr) {
2398 filter = decrypt.get();
2399 filter->fixup_range(ofs_x, end_x);
2400 }
2401 if (op_ret < 0) {
2402 goto done_err;
2403 }
2404
2405
2406 if (!get_data || ofs > end) {
2407 send_response_data(bl, 0, 0);
2408 return;
2409 }
2410
2411 perfcounter->inc(l_rgw_get_b, end - ofs);
2412
2413 op_ret = read_op->iterate(this, ofs_x, end_x, filter, s->yield);
2414
2415 if (op_ret >= 0)
2416 op_ret = filter->flush();
2417
2418 perfcounter->tinc(l_rgw_get_lat, s->time_elapsed());
2419 if (op_ret < 0) {
2420 goto done_err;
2421 }
2422
2423 op_ret = send_response_data(bl, 0, 0);
2424 if (op_ret < 0) {
2425 goto done_err;
2426 }
2427 return;
2428
2429 done_err:
2430 send_response_data_error(y);
2431 }
2432
2433 int RGWGetObj::init_common()
2434 {
2435 if (range_str) {
2436 /* range parsed error when prefetch */
2437 if (!range_parsed) {
2438 int r = parse_range();
2439 if (r < 0)
2440 return r;
2441 }
2442 }
2443 if (if_mod) {
2444 if (parse_time(if_mod, &mod_time) < 0)
2445 return -EINVAL;
2446 mod_ptr = &mod_time;
2447 }
2448
2449 if (if_unmod) {
2450 if (parse_time(if_unmod, &unmod_time) < 0)
2451 return -EINVAL;
2452 unmod_ptr = &unmod_time;
2453 }
2454
2455 return 0;
2456 }
2457
2458 int RGWListBuckets::verify_permission(optional_yield y)
2459 {
2460 rgw::Partition partition = rgw::Partition::aws;
2461 rgw::Service service = rgw::Service::s3;
2462
2463 string tenant;
2464 if (s->auth.identity->get_identity_type() == TYPE_ROLE) {
2465 tenant = s->auth.identity->get_role_tenant();
2466 } else {
2467 tenant = s->user->get_tenant();
2468 }
2469
2470 if (!verify_user_permission(this, s, ARN(partition, service, "", tenant, "*"), rgw::IAM::s3ListAllMyBuckets, false)) {
2471 return -EACCES;
2472 }
2473
2474 return 0;
2475 }
2476
2477 int RGWGetUsage::verify_permission(optional_yield y)
2478 {
2479 if (s->auth.identity->is_anonymous()) {
2480 return -EACCES;
2481 }
2482
2483 return 0;
2484 }
2485
2486 void RGWListBuckets::execute(optional_yield y)
2487 {
2488 bool done;
2489 bool started = false;
2490 uint64_t total_count = 0;
2491
2492 const uint64_t max_buckets = s->cct->_conf->rgw_list_buckets_max_chunk;
2493
2494 op_ret = get_params(y);
2495 if (op_ret < 0) {
2496 goto send_end;
2497 }
2498
2499 if (supports_account_metadata()) {
2500 op_ret = s->user->read_attrs(this, s->yield);
2501 if (op_ret < 0) {
2502 goto send_end;
2503 }
2504 }
2505
2506 is_truncated = false;
2507 do {
2508 rgw::sal::BucketList buckets;
2509 uint64_t read_count;
2510 if (limit >= 0) {
2511 read_count = min(limit - total_count, max_buckets);
2512 } else {
2513 read_count = max_buckets;
2514 }
2515
2516 op_ret = s->user->list_buckets(this, marker, end_marker, read_count, should_get_stats(), buckets, y);
2517
2518 if (op_ret < 0) {
2519 /* hmm.. something wrong here.. the user was authenticated, so it
2520 should exist */
2521 ldpp_dout(this, 10) << "WARNING: failed on rgw_get_user_buckets uid="
2522 << s->user->get_id() << dendl;
2523 break;
2524 }
2525
2526 is_truncated = buckets.is_truncated();
2527
2528 /* We need to have stats for all our policies - even if a given policy
2529 * isn't actually used in a given account. In such situation its usage
2530 * stats would be simply full of zeros. */
2531 std::set<std::string> targets;
2532 driver->get_zone()->get_zonegroup().get_placement_target_names(targets);
2533 for (const auto& policy : targets) {
2534 policies_stats.emplace(policy, decltype(policies_stats)::mapped_type());
2535 }
2536
2537 std::map<std::string, std::unique_ptr<rgw::sal::Bucket>>& m = buckets.get_buckets();
2538 for (const auto& kv : m) {
2539 const auto& bucket = kv.second;
2540
2541 global_stats.bytes_used += bucket->get_size();
2542 global_stats.bytes_used_rounded += bucket->get_size_rounded();
2543 global_stats.objects_count += bucket->get_count();
2544
2545 /* operator[] still can create a new entry for storage policy seen
2546 * for first time. */
2547 auto& policy_stats = policies_stats[bucket->get_placement_rule().to_str()];
2548 policy_stats.bytes_used += bucket->get_size();
2549 policy_stats.bytes_used_rounded += bucket->get_size_rounded();
2550 policy_stats.buckets_count++;
2551 policy_stats.objects_count += bucket->get_count();
2552 }
2553 global_stats.buckets_count += m.size();
2554 total_count += m.size();
2555
2556 done = (m.size() < read_count || (limit >= 0 && total_count >= (uint64_t)limit));
2557
2558 if (!started) {
2559 send_response_begin(buckets.count() > 0);
2560 started = true;
2561 }
2562
2563 if (read_count > 0 &&
2564 !m.empty()) {
2565 auto riter = m.rbegin();
2566 marker = riter->first;
2567
2568 handle_listing_chunk(std::move(buckets));
2569 }
2570 } while (is_truncated && !done);
2571
2572 send_end:
2573 if (!started) {
2574 send_response_begin(false);
2575 }
2576 send_response_end();
2577 }
2578
2579 void RGWGetUsage::execute(optional_yield y)
2580 {
2581 uint64_t start_epoch = 0;
2582 uint64_t end_epoch = (uint64_t)-1;
2583 op_ret = get_params(y);
2584 if (op_ret < 0)
2585 return;
2586
2587 if (!start_date.empty()) {
2588 op_ret = utime_t::parse_date(start_date, &start_epoch, NULL);
2589 if (op_ret < 0) {
2590 ldpp_dout(this, 0) << "ERROR: failed to parse start date" << dendl;
2591 return;
2592 }
2593 }
2594
2595 if (!end_date.empty()) {
2596 op_ret = utime_t::parse_date(end_date, &end_epoch, NULL);
2597 if (op_ret < 0) {
2598 ldpp_dout(this, 0) << "ERROR: failed to parse end date" << dendl;
2599 return;
2600 }
2601 }
2602
2603 uint32_t max_entries = 1000;
2604
2605 bool is_truncated = true;
2606
2607 RGWUsageIter usage_iter;
2608
2609 while (s->bucket && is_truncated) {
2610 op_ret = s->bucket->read_usage(this, start_epoch, end_epoch, max_entries, &is_truncated,
2611 usage_iter, usage);
2612 if (op_ret == -ENOENT) {
2613 op_ret = 0;
2614 is_truncated = false;
2615 }
2616
2617 if (op_ret < 0) {
2618 return;
2619 }
2620 }
2621
2622 op_ret = rgw_user_sync_all_stats(this, driver, s->user.get(), y);
2623 if (op_ret < 0) {
2624 ldpp_dout(this, 0) << "ERROR: failed to sync user stats" << dendl;
2625 return;
2626 }
2627
2628 op_ret = rgw_user_get_all_buckets_stats(this, driver, s->user.get(), buckets_usage, y);
2629 if (op_ret < 0) {
2630 ldpp_dout(this, 0) << "ERROR: failed to get user's buckets stats" << dendl;
2631 return;
2632 }
2633
2634 op_ret = s->user->read_stats(this, y, &stats);
2635 if (op_ret < 0) {
2636 ldpp_dout(this, 0) << "ERROR: can't read user header" << dendl;
2637 return;
2638 }
2639
2640 return;
2641 }
2642
2643 int RGWStatAccount::verify_permission(optional_yield y)
2644 {
2645 if (!verify_user_permission_no_policy(this, s, RGW_PERM_READ)) {
2646 return -EACCES;
2647 }
2648
2649 return 0;
2650 }
2651
2652 void RGWStatAccount::execute(optional_yield y)
2653 {
2654 string marker;
2655 rgw::sal::BucketList buckets;
2656 uint64_t max_buckets = s->cct->_conf->rgw_list_buckets_max_chunk;
2657 const string *lastmarker;
2658
2659 do {
2660
2661 lastmarker = nullptr;
2662 op_ret = s->user->list_buckets(this, marker, string(), max_buckets, true, buckets, y);
2663 if (op_ret < 0) {
2664 /* hmm.. something wrong here.. the user was authenticated, so it
2665 should exist */
2666 ldpp_dout(this, 10) << "WARNING: failed on list_buckets uid="
2667 << s->user->get_id() << " ret=" << op_ret << dendl;
2668 break;
2669 } else {
2670 /* We need to have stats for all our policies - even if a given policy
2671 * isn't actually used in a given account. In such situation its usage
2672 * stats would be simply full of zeros. */
2673 std::set<std::string> names;
2674 driver->get_zone()->get_zonegroup().get_placement_target_names(names);
2675 for (const auto& policy : names) {
2676 policies_stats.emplace(policy, decltype(policies_stats)::mapped_type());
2677 }
2678
2679 std::map<std::string, std::unique_ptr<rgw::sal::Bucket>>& m = buckets.get_buckets();
2680 for (const auto& kv : m) {
2681 const auto& bucket = kv.second;
2682 lastmarker = &kv.first;
2683
2684 global_stats.bytes_used += bucket->get_size();
2685 global_stats.bytes_used_rounded += bucket->get_size_rounded();
2686 global_stats.objects_count += bucket->get_count();
2687
2688 /* operator[] still can create a new entry for storage policy seen
2689 * for first time. */
2690 auto& policy_stats = policies_stats[bucket->get_placement_rule().to_str()];
2691 policy_stats.bytes_used += bucket->get_size();
2692 policy_stats.bytes_used_rounded += bucket->get_size_rounded();
2693 policy_stats.buckets_count++;
2694 policy_stats.objects_count += bucket->get_count();
2695 }
2696 global_stats.buckets_count += m.size();
2697
2698 }
2699 if (!lastmarker) {
2700 ldpp_dout(this, -1) << "ERROR: rgw_read_user_buckets, stasis at marker="
2701 << marker << " uid=" << s->user->get_id() << dendl;
2702 break;
2703 }
2704 marker = *lastmarker;
2705 } while (buckets.is_truncated());
2706 }
2707
2708 int RGWGetBucketVersioning::verify_permission(optional_yield y)
2709 {
2710 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
2711 if (has_s3_resource_tag)
2712 rgw_iam_add_buckettags(this, s);
2713
2714 return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketVersioning);
2715 }
2716
2717 void RGWGetBucketVersioning::pre_exec()
2718 {
2719 rgw_bucket_object_pre_exec(s);
2720 }
2721
2722 void RGWGetBucketVersioning::execute(optional_yield y)
2723 {
2724 if (! s->bucket_exists) {
2725 op_ret = -ERR_NO_SUCH_BUCKET;
2726 return;
2727 }
2728
2729 versioned = s->bucket->versioned();
2730 versioning_enabled = s->bucket->versioning_enabled();
2731 mfa_enabled = s->bucket->get_info().mfa_enabled();
2732 }
2733
2734 int RGWSetBucketVersioning::verify_permission(optional_yield y)
2735 {
2736 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
2737 if (has_s3_resource_tag)
2738 rgw_iam_add_buckettags(this, s);
2739
2740 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketVersioning);
2741 }
2742
2743 void RGWSetBucketVersioning::pre_exec()
2744 {
2745 rgw_bucket_object_pre_exec(s);
2746 }
2747
2748 void RGWSetBucketVersioning::execute(optional_yield y)
2749 {
2750 op_ret = get_params(y);
2751 if (op_ret < 0)
2752 return;
2753
2754 if (! s->bucket_exists) {
2755 op_ret = -ERR_NO_SUCH_BUCKET;
2756 return;
2757 }
2758
2759 if (s->bucket->get_info().obj_lock_enabled() && versioning_status != VersioningEnabled) {
2760 s->err.message = "bucket versioning cannot be disabled on buckets with object lock enabled";
2761 ldpp_dout(this, 4) << "ERROR: " << s->err.message << dendl;
2762 op_ret = -ERR_INVALID_BUCKET_STATE;
2763 return;
2764 }
2765
2766 bool cur_mfa_status = s->bucket->get_info().mfa_enabled();
2767
2768 mfa_set_status &= (mfa_status != cur_mfa_status);
2769
2770 if (mfa_set_status &&
2771 !s->mfa_verified) {
2772 op_ret = -ERR_MFA_REQUIRED;
2773 return;
2774 }
2775 //if mfa is enabled for bucket, make sure mfa code is validated in case versioned status gets changed
2776 if (cur_mfa_status) {
2777 bool req_versioning_status = false;
2778 //if requested versioning status is not the same as the one set for the bucket, return error
2779 if (versioning_status == VersioningEnabled) {
2780 req_versioning_status = (s->bucket->get_info().flags & BUCKET_VERSIONS_SUSPENDED) != 0;
2781 } else if (versioning_status == VersioningSuspended) {
2782 req_versioning_status = (s->bucket->get_info().flags & BUCKET_VERSIONS_SUSPENDED) == 0;
2783 }
2784 if (req_versioning_status && !s->mfa_verified) {
2785 op_ret = -ERR_MFA_REQUIRED;
2786 return;
2787 }
2788 }
2789
2790 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
2791 if (op_ret < 0) {
2792 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
2793 return;
2794 }
2795
2796 bool modified = mfa_set_status;
2797
2798 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [&] {
2799 if (mfa_set_status) {
2800 if (mfa_status) {
2801 s->bucket->get_info().flags |= BUCKET_MFA_ENABLED;
2802 } else {
2803 s->bucket->get_info().flags &= ~BUCKET_MFA_ENABLED;
2804 }
2805 }
2806
2807 if (versioning_status == VersioningEnabled) {
2808 s->bucket->get_info().flags |= BUCKET_VERSIONED;
2809 s->bucket->get_info().flags &= ~BUCKET_VERSIONS_SUSPENDED;
2810 modified = true;
2811 } else if (versioning_status == VersioningSuspended) {
2812 s->bucket->get_info().flags |= (BUCKET_VERSIONED | BUCKET_VERSIONS_SUSPENDED);
2813 modified = true;
2814 } else {
2815 return op_ret;
2816 }
2817 s->bucket->set_attrs(rgw::sal::Attrs(s->bucket_attrs));
2818 return s->bucket->put_info(this, false, real_time());
2819 });
2820
2821 if (!modified) {
2822 return;
2823 }
2824
2825 if (op_ret < 0) {
2826 ldpp_dout(this, 0) << "NOTICE: put_bucket_info on bucket=" << s->bucket->get_name()
2827 << " returned err=" << op_ret << dendl;
2828 return;
2829 }
2830 }
2831
2832 int RGWGetBucketWebsite::verify_permission(optional_yield y)
2833 {
2834 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
2835 if (has_s3_resource_tag)
2836 rgw_iam_add_buckettags(this, s);
2837
2838 return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketWebsite);
2839 }
2840
2841 void RGWGetBucketWebsite::pre_exec()
2842 {
2843 rgw_bucket_object_pre_exec(s);
2844 }
2845
2846 void RGWGetBucketWebsite::execute(optional_yield y)
2847 {
2848 if (!s->bucket->get_info().has_website) {
2849 op_ret = -ERR_NO_SUCH_WEBSITE_CONFIGURATION;
2850 }
2851 }
2852
2853 int RGWSetBucketWebsite::verify_permission(optional_yield y)
2854 {
2855 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
2856 if (has_s3_resource_tag)
2857 rgw_iam_add_buckettags(this, s);
2858
2859 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketWebsite);
2860 }
2861
2862 void RGWSetBucketWebsite::pre_exec()
2863 {
2864 rgw_bucket_object_pre_exec(s);
2865 }
2866
2867 void RGWSetBucketWebsite::execute(optional_yield y)
2868 {
2869 op_ret = get_params(y);
2870
2871 if (op_ret < 0)
2872 return;
2873
2874 if (!s->bucket_exists) {
2875 op_ret = -ERR_NO_SUCH_BUCKET;
2876 return;
2877 }
2878
2879 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
2880 if (op_ret < 0) {
2881 ldpp_dout(this, 0) << " forward_request_to_master returned ret=" << op_ret << dendl;
2882 return;
2883 }
2884
2885 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
2886 s->bucket->get_info().has_website = true;
2887 s->bucket->get_info().website_conf = website_conf;
2888 op_ret = s->bucket->put_info(this, false, real_time());
2889 return op_ret;
2890 });
2891
2892 if (op_ret < 0) {
2893 ldpp_dout(this, 0) << "NOTICE: put_bucket_info on bucket=" << s->bucket->get_name()
2894 << " returned err=" << op_ret << dendl;
2895 return;
2896 }
2897 }
2898
2899 int RGWDeleteBucketWebsite::verify_permission(optional_yield y)
2900 {
2901 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
2902 if (has_s3_resource_tag)
2903 rgw_iam_add_buckettags(this, s);
2904
2905 return verify_bucket_owner_or_policy(s, rgw::IAM::s3DeleteBucketWebsite);
2906 }
2907
2908 void RGWDeleteBucketWebsite::pre_exec()
2909 {
2910 rgw_bucket_object_pre_exec(s);
2911 }
2912
2913 void RGWDeleteBucketWebsite::execute(optional_yield y)
2914 {
2915 if (!s->bucket_exists) {
2916 op_ret = -ERR_NO_SUCH_BUCKET;
2917 return;
2918 }
2919
2920 bufferlist in_data;
2921
2922 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
2923 if (op_ret < 0) {
2924 ldpp_dout(this, 0) << "NOTICE: forward_to_master failed on bucket=" << s->bucket->get_name()
2925 << "returned err=" << op_ret << dendl;
2926 return;
2927 }
2928 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
2929 s->bucket->get_info().has_website = false;
2930 s->bucket->get_info().website_conf = RGWBucketWebsiteConf();
2931 op_ret = s->bucket->put_info(this, false, real_time());
2932 return op_ret;
2933 });
2934 if (op_ret < 0) {
2935 ldpp_dout(this, 0) << "NOTICE: put_bucket_info on bucket=" << s->bucket
2936 << " returned err=" << op_ret << dendl;
2937 return;
2938 }
2939 }
2940
2941 int RGWStatBucket::verify_permission(optional_yield y)
2942 {
2943 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
2944 if (has_s3_resource_tag)
2945 rgw_iam_add_buckettags(this, s);
2946
2947 // This (a HEAD request on a bucket) is governed by the s3:ListBucket permission.
2948 if (!verify_bucket_permission(this, s, rgw::IAM::s3ListBucket)) {
2949 return -EACCES;
2950 }
2951
2952 return 0;
2953 }
2954
2955 void RGWStatBucket::pre_exec()
2956 {
2957 rgw_bucket_object_pre_exec(s);
2958 }
2959
2960 void RGWStatBucket::execute(optional_yield y)
2961 {
2962 if (!s->bucket_exists) {
2963 op_ret = -ERR_NO_SUCH_BUCKET;
2964 return;
2965 }
2966
2967 op_ret = driver->get_bucket(this, s->user.get(), s->bucket->get_key(), &bucket, y);
2968 if (op_ret) {
2969 return;
2970 }
2971 op_ret = bucket->update_container_stats(s);
2972 }
2973
2974 int RGWListBucket::verify_permission(optional_yield y)
2975 {
2976 op_ret = get_params(y);
2977 if (op_ret < 0) {
2978 return op_ret;
2979 }
2980 if (!prefix.empty())
2981 s->env.emplace("s3:prefix", prefix);
2982
2983 if (!delimiter.empty())
2984 s->env.emplace("s3:delimiter", delimiter);
2985
2986 s->env.emplace("s3:max-keys", std::to_string(max));
2987
2988 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
2989 if (has_s3_resource_tag)
2990 rgw_iam_add_buckettags(this, s);
2991
2992 if (!verify_bucket_permission(this,
2993 s,
2994 list_versions ?
2995 rgw::IAM::s3ListBucketVersions :
2996 rgw::IAM::s3ListBucket)) {
2997 return -EACCES;
2998 }
2999
3000 return 0;
3001 }
3002
3003 int RGWListBucket::parse_max_keys()
3004 {
3005 // Bound max value of max-keys to configured value for security
3006 // Bound min value of max-keys to '0'
3007 // Some S3 clients explicitly send max-keys=0 to detect if the bucket is
3008 // empty without listing any items.
3009 return parse_value_and_bound(max_keys, max, 0,
3010 g_conf().get_val<uint64_t>("rgw_max_listing_results"),
3011 default_max);
3012 }
3013
3014 void RGWListBucket::pre_exec()
3015 {
3016 rgw_bucket_object_pre_exec(s);
3017 }
3018
3019 void RGWListBucket::execute(optional_yield y)
3020 {
3021 if (!s->bucket_exists) {
3022 op_ret = -ERR_NO_SUCH_BUCKET;
3023 return;
3024 }
3025
3026 if (allow_unordered && !delimiter.empty()) {
3027 ldpp_dout(this, 0) <<
3028 "ERROR: unordered bucket listing requested with a delimiter" << dendl;
3029 op_ret = -EINVAL;
3030 return;
3031 }
3032
3033 if (need_container_stats()) {
3034 op_ret = s->bucket->update_container_stats(s);
3035 }
3036
3037 rgw::sal::Bucket::ListParams params;
3038 params.prefix = prefix;
3039 params.delim = delimiter;
3040 params.marker = marker;
3041 params.end_marker = end_marker;
3042 params.list_versions = list_versions;
3043 params.allow_unordered = allow_unordered;
3044 params.shard_id = shard_id;
3045
3046 rgw::sal::Bucket::ListResults results;
3047
3048 op_ret = s->bucket->list(this, params, max, results, y);
3049 if (op_ret >= 0) {
3050 next_marker = results.next_marker;
3051 is_truncated = results.is_truncated;
3052 objs = std::move(results.objs);
3053 common_prefixes = std::move(results.common_prefixes);
3054 }
3055 }
3056
3057 int RGWGetBucketLogging::verify_permission(optional_yield y)
3058 {
3059 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
3060 if (has_s3_resource_tag)
3061 rgw_iam_add_buckettags(this, s);
3062
3063 return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketLogging);
3064 }
3065
3066 int RGWGetBucketLocation::verify_permission(optional_yield y)
3067 {
3068 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
3069 if (has_s3_resource_tag)
3070 rgw_iam_add_buckettags(this, s);
3071
3072 return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketLocation);
3073 }
3074
3075 int RGWCreateBucket::verify_permission(optional_yield y)
3076 {
3077 /* This check is mostly needed for S3 that doesn't support account ACL.
3078 * Swift doesn't allow to delegate any permission to an anonymous user,
3079 * so it will become an early exit in such case. */
3080 if (s->auth.identity->is_anonymous()) {
3081 return -EACCES;
3082 }
3083
3084 rgw_bucket bucket;
3085 bucket.name = s->bucket_name;
3086 bucket.tenant = s->bucket_tenant;
3087 ARN arn = ARN(bucket);
3088 if (!verify_user_permission(this, s, arn, rgw::IAM::s3CreateBucket, false)) {
3089 return -EACCES;
3090 }
3091
3092 if (s->user->get_tenant() != s->bucket_tenant) {
3093 //AssumeRole is meant for cross account access
3094 if (s->auth.identity->get_identity_type() != TYPE_ROLE) {
3095 ldpp_dout(this, 10) << "user cannot create a bucket in a different tenant"
3096 << " (user_id.tenant=" << s->user->get_tenant()
3097 << " requested=" << s->bucket_tenant << ")"
3098 << dendl;
3099 return -EACCES;
3100 }
3101 }
3102
3103 if (s->user->get_max_buckets() < 0) {
3104 return -EPERM;
3105 }
3106
3107 if (s->user->get_max_buckets()) {
3108 rgw::sal::BucketList buckets;
3109 string marker;
3110 op_ret = s->user->list_buckets(this, marker, string(), s->user->get_max_buckets(),
3111 false, buckets, y);
3112 if (op_ret < 0) {
3113 return op_ret;
3114 }
3115
3116 if ((int)buckets.count() >= s->user->get_max_buckets()) {
3117 return -ERR_TOO_MANY_BUCKETS;
3118 }
3119 }
3120
3121 return 0;
3122 }
3123
3124 void RGWCreateBucket::pre_exec()
3125 {
3126 rgw_bucket_object_pre_exec(s);
3127 }
3128
3129 static void prepare_add_del_attrs(const map<string, bufferlist>& orig_attrs,
3130 map<string, bufferlist>& out_attrs,
3131 map<string, bufferlist>& out_rmattrs)
3132 {
3133 for (const auto& kv : orig_attrs) {
3134 const string& name = kv.first;
3135
3136 /* Check if the attr is user-defined metadata item. */
3137 if (name.compare(0, sizeof(RGW_ATTR_META_PREFIX) - 1,
3138 RGW_ATTR_META_PREFIX) == 0) {
3139 /* For the objects all existing meta attrs have to be removed. */
3140 out_rmattrs[name] = kv.second;
3141 } else if (out_attrs.find(name) == std::end(out_attrs)) {
3142 out_attrs[name] = kv.second;
3143 }
3144 }
3145 }
3146
3147 /* Fuse resource metadata basing on original attributes in @orig_attrs, set
3148 * of _custom_ attribute names to remove in @rmattr_names and attributes in
3149 * @out_attrs. Place results in @out_attrs.
3150 *
3151 * NOTE: it's supposed that all special attrs already present in @out_attrs
3152 * will be preserved without any change. Special attributes are those which
3153 * names start with RGW_ATTR_META_PREFIX. They're complement to custom ones
3154 * used for X-Account-Meta-*, X-Container-Meta-*, X-Amz-Meta and so on. */
3155 static void prepare_add_del_attrs(const map<string, bufferlist>& orig_attrs,
3156 const set<string>& rmattr_names,
3157 map<string, bufferlist>& out_attrs)
3158 {
3159 for (const auto& kv : orig_attrs) {
3160 const string& name = kv.first;
3161
3162 /* Check if the attr is user-defined metadata item. */
3163 if (name.compare(0, strlen(RGW_ATTR_META_PREFIX),
3164 RGW_ATTR_META_PREFIX) == 0) {
3165 /* For the buckets all existing meta attrs are preserved,
3166 except those that are listed in rmattr_names. */
3167 if (rmattr_names.find(name) != std::end(rmattr_names)) {
3168 const auto aiter = out_attrs.find(name);
3169
3170 if (aiter != std::end(out_attrs)) {
3171 out_attrs.erase(aiter);
3172 }
3173 } else {
3174 /* emplace() won't alter the map if the key is already present.
3175 * This behaviour is fully intensional here. */
3176 out_attrs.emplace(kv);
3177 }
3178 } else if (out_attrs.find(name) == std::end(out_attrs)) {
3179 out_attrs[name] = kv.second;
3180 }
3181 }
3182 }
3183
3184
3185 static void populate_with_generic_attrs(const req_state * const s,
3186 map<string, bufferlist>& out_attrs)
3187 {
3188 for (const auto& kv : s->generic_attrs) {
3189 bufferlist& attrbl = out_attrs[kv.first];
3190 const string& val = kv.second;
3191 attrbl.clear();
3192 attrbl.append(val.c_str(), val.size() + 1);
3193 }
3194 }
3195
3196
3197 static int filter_out_quota_info(std::map<std::string, bufferlist>& add_attrs,
3198 const std::set<std::string>& rmattr_names,
3199 RGWQuotaInfo& quota,
3200 bool * quota_extracted = nullptr)
3201 {
3202 bool extracted = false;
3203
3204 /* Put new limit on max objects. */
3205 auto iter = add_attrs.find(RGW_ATTR_QUOTA_NOBJS);
3206 std::string err;
3207 if (std::end(add_attrs) != iter) {
3208 quota.max_objects =
3209 static_cast<int64_t>(strict_strtoll(iter->second.c_str(), 10, &err));
3210 if (!err.empty()) {
3211 return -EINVAL;
3212 }
3213 add_attrs.erase(iter);
3214 extracted = true;
3215 }
3216
3217 /* Put new limit on bucket (container) size. */
3218 iter = add_attrs.find(RGW_ATTR_QUOTA_MSIZE);
3219 if (iter != add_attrs.end()) {
3220 quota.max_size =
3221 static_cast<int64_t>(strict_strtoll(iter->second.c_str(), 10, &err));
3222 if (!err.empty()) {
3223 return -EINVAL;
3224 }
3225 add_attrs.erase(iter);
3226 extracted = true;
3227 }
3228
3229 for (const auto& name : rmattr_names) {
3230 /* Remove limit on max objects. */
3231 if (name.compare(RGW_ATTR_QUOTA_NOBJS) == 0) {
3232 quota.max_objects = -1;
3233 extracted = true;
3234 }
3235
3236 /* Remove limit on max bucket size. */
3237 if (name.compare(RGW_ATTR_QUOTA_MSIZE) == 0) {
3238 quota.max_size = -1;
3239 extracted = true;
3240 }
3241 }
3242
3243 /* Swift requries checking on raw usage instead of the 4 KiB rounded one. */
3244 quota.check_on_raw = true;
3245 quota.enabled = quota.max_size > 0 || quota.max_objects > 0;
3246
3247 if (quota_extracted) {
3248 *quota_extracted = extracted;
3249 }
3250
3251 return 0;
3252 }
3253
3254
3255 static void filter_out_website(std::map<std::string, ceph::bufferlist>& add_attrs,
3256 const std::set<std::string>& rmattr_names,
3257 RGWBucketWebsiteConf& ws_conf)
3258 {
3259 std::string lstval;
3260
3261 /* Let's define a mapping between each custom attribute and the memory where
3262 * attribute's value should be stored. The memory location is expressed by
3263 * a non-const reference. */
3264 const auto mapping = {
3265 std::make_pair(RGW_ATTR_WEB_INDEX, std::ref(ws_conf.index_doc_suffix)),
3266 std::make_pair(RGW_ATTR_WEB_ERROR, std::ref(ws_conf.error_doc)),
3267 std::make_pair(RGW_ATTR_WEB_LISTINGS, std::ref(lstval)),
3268 std::make_pair(RGW_ATTR_WEB_LIST_CSS, std::ref(ws_conf.listing_css_doc)),
3269 std::make_pair(RGW_ATTR_SUBDIR_MARKER, std::ref(ws_conf.subdir_marker))
3270 };
3271
3272 for (const auto& kv : mapping) {
3273 const char * const key = kv.first;
3274 auto& target = kv.second;
3275
3276 auto iter = add_attrs.find(key);
3277
3278 if (std::end(add_attrs) != iter) {
3279 /* The "target" is a reference to ws_conf. */
3280 target = iter->second.c_str();
3281 add_attrs.erase(iter);
3282 }
3283
3284 if (rmattr_names.count(key)) {
3285 target = std::string();
3286 }
3287 }
3288
3289 if (! lstval.empty()) {
3290 ws_conf.listing_enabled = boost::algorithm::iequals(lstval, "true");
3291 }
3292 }
3293
3294
3295 void RGWCreateBucket::execute(optional_yield y)
3296 {
3297 buffer::list aclbl;
3298 buffer::list corsbl;
3299 string bucket_name = rgw_make_bucket_entry_name(s->bucket_tenant, s->bucket_name);
3300
3301 op_ret = get_params(y);
3302 if (op_ret < 0)
3303 return;
3304
3305 if (!relaxed_region_enforcement &&
3306 !location_constraint.empty() &&
3307 !driver->get_zone()->has_zonegroup_api(location_constraint)) {
3308 ldpp_dout(this, 0) << "location constraint (" << location_constraint << ")"
3309 << " can't be found." << dendl;
3310 op_ret = -ERR_INVALID_LOCATION_CONSTRAINT;
3311 s->err.message = "The specified location-constraint is not valid";
3312 return;
3313 }
3314
3315 if (!relaxed_region_enforcement && !driver->get_zone()->get_zonegroup().is_master_zonegroup() && !location_constraint.empty() &&
3316 driver->get_zone()->get_zonegroup().get_api_name() != location_constraint) {
3317 ldpp_dout(this, 0) << "location constraint (" << location_constraint << ")"
3318 << " doesn't match zonegroup" << " (" << driver->get_zone()->get_zonegroup().get_api_name() << ")"
3319 << dendl;
3320 op_ret = -ERR_INVALID_LOCATION_CONSTRAINT;
3321 s->err.message = "The specified location-constraint is not valid";
3322 return;
3323 }
3324
3325 std::set<std::string> names;
3326 driver->get_zone()->get_zonegroup().get_placement_target_names(names);
3327 if (!placement_rule.name.empty() &&
3328 !names.count(placement_rule.name)) {
3329 ldpp_dout(this, 0) << "placement target (" << placement_rule.name << ")"
3330 << " doesn't exist in the placement targets of zonegroup"
3331 << " (" << driver->get_zone()->get_zonegroup().get_api_name() << ")" << dendl;
3332 op_ret = -ERR_INVALID_LOCATION_CONSTRAINT;
3333 s->err.message = "The specified placement target does not exist";
3334 return;
3335 }
3336
3337 /* we need to make sure we read bucket info, it's not read before for this
3338 * specific request */
3339 {
3340 std::unique_ptr<rgw::sal::Bucket> tmp_bucket;
3341 op_ret = driver->get_bucket(this, s->user.get(), s->bucket_tenant,
3342 s->bucket_name, &tmp_bucket, y);
3343 if (op_ret < 0 && op_ret != -ENOENT)
3344 return;
3345 s->bucket_exists = (op_ret != -ENOENT);
3346
3347 if (s->bucket_exists) {
3348 if (!s->system_request &&
3349 driver->get_zone()->get_zonegroup().get_id() !=
3350 tmp_bucket->get_info().zonegroup) {
3351 op_ret = -EEXIST;
3352 return;
3353 }
3354 /* Initialize info from req_state */
3355 info = tmp_bucket->get_info();
3356 }
3357 }
3358
3359 s->bucket_owner.set_id(s->user->get_id()); /* XXX dang use s->bucket->owner */
3360 s->bucket_owner.set_name(s->user->get_display_name());
3361
3362 string zonegroup_id;
3363
3364 if (s->system_request) {
3365 zonegroup_id = s->info.args.get(RGW_SYS_PARAM_PREFIX "zonegroup");
3366 if (zonegroup_id.empty()) {
3367 zonegroup_id = driver->get_zone()->get_zonegroup().get_id();
3368 }
3369 } else {
3370 zonegroup_id = driver->get_zone()->get_zonegroup().get_id();
3371 }
3372
3373 /* Encode special metadata first as we're using std::map::emplace under
3374 * the hood. This method will add the new items only if the map doesn't
3375 * contain such keys yet. */
3376 policy.encode(aclbl);
3377 emplace_attr(RGW_ATTR_ACL, std::move(aclbl));
3378
3379 if (has_cors) {
3380 cors_config.encode(corsbl);
3381 emplace_attr(RGW_ATTR_CORS, std::move(corsbl));
3382 }
3383
3384 RGWQuotaInfo quota_info;
3385 const RGWQuotaInfo * pquota_info = nullptr;
3386 if (need_metadata_upload()) {
3387 /* It's supposed that following functions WILL NOT change any special
3388 * attributes (like RGW_ATTR_ACL) if they are already present in attrs. */
3389 op_ret = rgw_get_request_metadata(this, s->cct, s->info, attrs, false);
3390 if (op_ret < 0) {
3391 return;
3392 }
3393 prepare_add_del_attrs(s->bucket_attrs, rmattr_names, attrs);
3394 populate_with_generic_attrs(s, attrs);
3395
3396 op_ret = filter_out_quota_info(attrs, rmattr_names, quota_info);
3397 if (op_ret < 0) {
3398 return;
3399 } else {
3400 pquota_info = &quota_info;
3401 }
3402
3403 /* Web site of Swift API. */
3404 filter_out_website(attrs, rmattr_names, info.website_conf);
3405 info.has_website = !info.website_conf.is_empty();
3406 }
3407
3408 rgw_bucket tmp_bucket;
3409 tmp_bucket.tenant = s->bucket_tenant; /* ignored if bucket exists */
3410 tmp_bucket.name = s->bucket_name;
3411
3412 /* Handle updates of the metadata for Swift's object versioning. */
3413 if (swift_ver_location) {
3414 info.swift_ver_location = *swift_ver_location;
3415 info.swift_versioning = (! swift_ver_location->empty());
3416 }
3417
3418 /* We're replacing bucket with the newly created one */
3419 ldpp_dout(this, 10) << "user=" << s->user << " bucket=" << tmp_bucket << dendl;
3420 op_ret = s->user->create_bucket(this, tmp_bucket, zonegroup_id,
3421 placement_rule,
3422 info.swift_ver_location,
3423 pquota_info, policy, attrs, info, ep_objv,
3424 true, obj_lock_enabled, &s->bucket_exists, s->info,
3425 &s->bucket, y);
3426
3427 /* continue if EEXIST and create_bucket will fail below. this way we can
3428 * recover from a partial create by retrying it. */
3429 ldpp_dout(this, 20) << "rgw_create_bucket returned ret=" << op_ret << " bucket=" << s->bucket.get() << dendl;
3430
3431 if (op_ret)
3432 return;
3433
3434 const bool existed = s->bucket_exists;
3435 if (need_metadata_upload() && existed) {
3436 /* OK, it looks we lost race with another request. As it's required to
3437 * handle metadata fusion and upload, the whole operation becomes very
3438 * similar in nature to PutMetadataBucket. However, as the attrs may
3439 * changed in the meantime, we have to refresh. */
3440 short tries = 0;
3441 do {
3442 map<string, bufferlist> battrs;
3443
3444 op_ret = s->bucket->load_bucket(this, y);
3445 if (op_ret < 0) {
3446 return;
3447 } else if (!s->bucket->is_owner(s->user.get())) {
3448 /* New bucket doesn't belong to the account we're operating on. */
3449 op_ret = -EEXIST;
3450 return;
3451 } else {
3452 s->bucket_attrs = s->bucket->get_attrs();
3453 }
3454
3455 attrs.clear();
3456
3457 op_ret = rgw_get_request_metadata(this, s->cct, s->info, attrs, false);
3458 if (op_ret < 0) {
3459 return;
3460 }
3461 prepare_add_del_attrs(s->bucket_attrs, rmattr_names, attrs);
3462 populate_with_generic_attrs(s, attrs);
3463 op_ret = filter_out_quota_info(attrs, rmattr_names, s->bucket->get_info().quota);
3464 if (op_ret < 0) {
3465 return;
3466 }
3467
3468 /* Handle updates of the metadata for Swift's object versioning. */
3469 if (swift_ver_location) {
3470 s->bucket->get_info().swift_ver_location = *swift_ver_location;
3471 s->bucket->get_info().swift_versioning = (! swift_ver_location->empty());
3472 }
3473
3474 /* Web site of Swift API. */
3475 filter_out_website(attrs, rmattr_names, s->bucket->get_info().website_conf);
3476 s->bucket->get_info().has_website = !s->bucket->get_info().website_conf.is_empty();
3477
3478 /* This will also set the quota on the bucket. */
3479 op_ret = s->bucket->merge_and_store_attrs(this, attrs, y);
3480 } while (op_ret == -ECANCELED && tries++ < 20);
3481
3482 /* Restore the proper return code. */
3483 if (op_ret >= 0) {
3484 op_ret = -ERR_BUCKET_EXISTS;
3485 }
3486 }
3487 }
3488
3489 int RGWDeleteBucket::verify_permission(optional_yield y)
3490 {
3491 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
3492 if (has_s3_resource_tag)
3493 rgw_iam_add_buckettags(this, s);
3494
3495 if (!verify_bucket_permission(this, s, rgw::IAM::s3DeleteBucket)) {
3496 return -EACCES;
3497 }
3498
3499 return 0;
3500 }
3501
3502 void RGWDeleteBucket::pre_exec()
3503 {
3504 rgw_bucket_object_pre_exec(s);
3505 }
3506
3507 void RGWDeleteBucket::execute(optional_yield y)
3508 {
3509 if (s->bucket_name.empty()) {
3510 op_ret = -EINVAL;
3511 return;
3512 }
3513
3514 if (!s->bucket_exists) {
3515 ldpp_dout(this, 0) << "ERROR: bucket " << s->bucket_name << " not found" << dendl;
3516 op_ret = -ERR_NO_SUCH_BUCKET;
3517 return;
3518 }
3519 RGWObjVersionTracker ot;
3520 ot.read_version = s->bucket->get_version();
3521
3522 if (s->system_request) {
3523 string tag = s->info.args.get(RGW_SYS_PARAM_PREFIX "tag");
3524 string ver_str = s->info.args.get(RGW_SYS_PARAM_PREFIX "ver");
3525 if (!tag.empty()) {
3526 ot.read_version.tag = tag;
3527 uint64_t ver;
3528 string err;
3529 ver = strict_strtol(ver_str.c_str(), 10, &err);
3530 if (!err.empty()) {
3531 ldpp_dout(this, 0) << "failed to parse ver param" << dendl;
3532 op_ret = -EINVAL;
3533 return;
3534 }
3535 ot.read_version.ver = ver;
3536 }
3537 }
3538
3539 op_ret = s->bucket->sync_user_stats(this, y);
3540 if ( op_ret < 0) {
3541 ldpp_dout(this, 1) << "WARNING: failed to sync user stats before bucket delete: op_ret= " << op_ret << dendl;
3542 }
3543
3544 op_ret = s->bucket->check_empty(this, y);
3545 if (op_ret < 0) {
3546 return;
3547 }
3548
3549 bufferlist in_data;
3550 op_ret = driver->forward_request_to_master(this, s->user.get(), &ot.read_version, in_data, nullptr, s->info, y);
3551 if (op_ret < 0) {
3552 if (op_ret == -ENOENT) {
3553 /* adjust error, we want to return with NoSuchBucket and not
3554 * NoSuchKey */
3555 op_ret = -ERR_NO_SUCH_BUCKET;
3556 }
3557 return;
3558 }
3559
3560 op_ret = rgw_remove_sse_s3_bucket_key(s);
3561 if (op_ret != 0) {
3562 // do nothing; it will already have been logged
3563 }
3564
3565 op_ret = s->bucket->remove_bucket(this, false, false, nullptr, y);
3566 if (op_ret < 0 && op_ret == -ECANCELED) {
3567 // lost a race, either with mdlog sync or another delete bucket operation.
3568 // in either case, we've already called ctl.bucket->unlink_bucket()
3569 op_ret = 0;
3570 }
3571
3572 return;
3573 }
3574
3575 int RGWPutObj::init_processing(optional_yield y) {
3576 copy_source = url_decode(s->info.env->get("HTTP_X_AMZ_COPY_SOURCE", ""));
3577 copy_source_range = s->info.env->get("HTTP_X_AMZ_COPY_SOURCE_RANGE");
3578 size_t pos;
3579 int ret;
3580
3581 /* handle x-amz-copy-source */
3582 std::string_view cs_view(copy_source);
3583 if (! cs_view.empty()) {
3584 if (cs_view[0] == '/')
3585 cs_view.remove_prefix(1);
3586 copy_source_bucket_name = std::string(cs_view);
3587 pos = copy_source_bucket_name.find("/");
3588 if (pos == std::string::npos) {
3589 ret = -EINVAL;
3590 ldpp_dout(this, 5) << "x-amz-copy-source bad format" << dendl;
3591 return ret;
3592 }
3593 copy_source_object_name =
3594 copy_source_bucket_name.substr(pos + 1, copy_source_bucket_name.size());
3595 copy_source_bucket_name = copy_source_bucket_name.substr(0, pos);
3596 #define VERSION_ID_STR "?versionId="
3597 pos = copy_source_object_name.find(VERSION_ID_STR);
3598 if (pos == std::string::npos) {
3599 copy_source_object_name = url_decode(copy_source_object_name);
3600 } else {
3601 copy_source_version_id =
3602 copy_source_object_name.substr(pos + sizeof(VERSION_ID_STR) - 1);
3603 copy_source_object_name =
3604 url_decode(copy_source_object_name.substr(0, pos));
3605 }
3606 pos = copy_source_bucket_name.find(":");
3607 if (pos == std::string::npos) {
3608 // if tenant is not specified in x-amz-copy-source, use tenant of the requester
3609 copy_source_tenant_name = s->user->get_tenant();
3610 } else {
3611 copy_source_tenant_name = copy_source_bucket_name.substr(0, pos);
3612 copy_source_bucket_name = copy_source_bucket_name.substr(pos + 1, copy_source_bucket_name.size());
3613 if (copy_source_bucket_name.empty()) {
3614 ret = -EINVAL;
3615 ldpp_dout(this, 5) << "source bucket name is empty" << dendl;
3616 return ret;
3617 }
3618 }
3619 std::unique_ptr<rgw::sal::Bucket> bucket;
3620 ret = driver->get_bucket(this, s->user.get(), copy_source_tenant_name, copy_source_bucket_name,
3621 &bucket, y);
3622 if (ret < 0) {
3623 ldpp_dout(this, 5) << __func__ << "(): get_bucket() returned ret=" << ret << dendl;
3624 if (ret == -ENOENT) {
3625 ret = -ERR_NO_SUCH_BUCKET;
3626 }
3627 return ret;
3628 }
3629
3630 ret = bucket->load_bucket(this, y);
3631 if (ret < 0) {
3632 ldpp_dout(this, 5) << __func__ << "(): load_bucket() returned ret=" << ret << dendl;
3633 return ret;
3634 }
3635 copy_source_bucket_info = bucket->get_info();
3636
3637 /* handle x-amz-copy-source-range */
3638 if (copy_source_range) {
3639 string range = copy_source_range;
3640 pos = range.find("bytes=");
3641 if (pos == std::string::npos || pos != 0) {
3642 ret = -EINVAL;
3643 ldpp_dout(this, 5) << "x-amz-copy-source-range bad format" << dendl;
3644 return ret;
3645 }
3646 /* 6 is the length of "bytes=" */
3647 range = range.substr(pos + 6);
3648 pos = range.find("-");
3649 if (pos == std::string::npos) {
3650 ret = -EINVAL;
3651 ldpp_dout(this, 5) << "x-amz-copy-source-range bad format" << dendl;
3652 return ret;
3653 }
3654 string first = range.substr(0, pos);
3655 string last = range.substr(pos + 1);
3656 if (first.find_first_not_of("0123456789") != std::string::npos ||
3657 last.find_first_not_of("0123456789") != std::string::npos) {
3658 ldpp_dout(this, 5) << "x-amz-copy-source-range bad format not an integer" << dendl;
3659 ret = -EINVAL;
3660 return ret;
3661 }
3662 copy_source_range_fst = strtoull(first.c_str(), NULL, 10);
3663 copy_source_range_lst = strtoull(last.c_str(), NULL, 10);
3664 if (copy_source_range_fst > copy_source_range_lst) {
3665 ret = -ERANGE;
3666 ldpp_dout(this, 5) << "x-amz-copy-source-range bad format first number bigger than second" << dendl;
3667 return ret;
3668 }
3669 }
3670
3671 } /* copy_source */
3672 return RGWOp::init_processing(y);
3673 }
3674
3675 int RGWPutObj::verify_permission(optional_yield y)
3676 {
3677 if (! copy_source.empty()) {
3678
3679 RGWAccessControlPolicy cs_acl(s->cct);
3680 boost::optional<Policy> policy;
3681 map<string, bufferlist> cs_attrs;
3682 std::unique_ptr<rgw::sal::Bucket> cs_bucket;
3683 int ret = driver->get_bucket(NULL, copy_source_bucket_info, &cs_bucket);
3684 if (ret < 0)
3685 return ret;
3686
3687 std::unique_ptr<rgw::sal::Object> cs_object =
3688 cs_bucket->get_object(rgw_obj_key(copy_source_object_name, copy_source_version_id));
3689
3690 cs_object->set_atomic();
3691 cs_object->set_prefetch_data();
3692
3693 /* check source object permissions */
3694 if (ret = read_obj_policy(this, driver, s, copy_source_bucket_info, cs_attrs, &cs_acl, nullptr,
3695 policy, cs_bucket.get(), cs_object.get(), y, true); ret < 0) {
3696 return ret;
3697 }
3698
3699 /* admin request overrides permission checks */
3700 if (! s->auth.identity->is_admin_of(cs_acl.get_owner().get_id())) {
3701 if (policy || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
3702 //add source object tags for permission evaluation
3703 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, policy, s->iam_user_policies, s->session_policies);
3704 if (has_s3_existing_tag || has_s3_resource_tag)
3705 rgw_iam_add_objtags(this, s, cs_object.get(), has_s3_existing_tag, has_s3_resource_tag);
3706 auto usr_policy_res = Effect::Pass;
3707 rgw::ARN obj_arn(cs_object->get_obj());
3708 for (auto& user_policy : s->iam_user_policies) {
3709 if (usr_policy_res = user_policy.eval(s->env, *s->auth.identity,
3710 cs_object->get_instance().empty() ?
3711 rgw::IAM::s3GetObject :
3712 rgw::IAM::s3GetObjectVersion,
3713 obj_arn); usr_policy_res == Effect::Deny)
3714 return -EACCES;
3715 else if (usr_policy_res == Effect::Allow)
3716 break;
3717 }
3718 rgw::IAM::Effect e = Effect::Pass;
3719 if (policy) {
3720 rgw::ARN obj_arn(cs_object->get_obj());
3721 e = policy->eval(s->env, *s->auth.identity,
3722 cs_object->get_instance().empty() ?
3723 rgw::IAM::s3GetObject :
3724 rgw::IAM::s3GetObjectVersion,
3725 obj_arn);
3726 }
3727 if (e == Effect::Deny) {
3728 return -EACCES;
3729 } else if (usr_policy_res == Effect::Pass && e == Effect::Pass &&
3730 !cs_acl.verify_permission(this, *s->auth.identity, s->perm_mask,
3731 RGW_PERM_READ)) {
3732 return -EACCES;
3733 }
3734 rgw_iam_remove_objtags(this, s, cs_object.get(), has_s3_existing_tag, has_s3_resource_tag);
3735 } else if (!cs_acl.verify_permission(this, *s->auth.identity, s->perm_mask,
3736 RGW_PERM_READ)) {
3737 return -EACCES;
3738 }
3739 }
3740 }
3741
3742 if (s->bucket_access_conf && s->bucket_access_conf->block_public_acls()) {
3743 if (s->canned_acl.compare("public-read") ||
3744 s->canned_acl.compare("public-read-write") ||
3745 s->canned_acl.compare("authenticated-read"))
3746 return -EACCES;
3747 }
3748
3749 auto op_ret = get_params(y);
3750 if (op_ret < 0) {
3751 ldpp_dout(this, 20) << "get_params() returned ret=" << op_ret << dendl;
3752 return op_ret;
3753 }
3754
3755 if (s->iam_policy || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
3756 rgw_add_grant_to_iam_environment(s->env, s);
3757
3758 rgw_add_to_iam_environment(s->env, "s3:x-amz-acl", s->canned_acl);
3759
3760 if (obj_tags != nullptr && obj_tags->count() > 0){
3761 auto tags = obj_tags->get_tags();
3762 for (const auto& kv: tags){
3763 rgw_add_to_iam_environment(s->env, "s3:RequestObjectTag/"+kv.first, kv.second);
3764 }
3765 }
3766
3767 // add server-side encryption headers
3768 rgw_iam_add_crypt_attrs(s->env, s->info.crypt_attribute_map);
3769
3770 // Add bucket tags for authorization
3771 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
3772 if (has_s3_resource_tag)
3773 rgw_iam_add_buckettags(this, s);
3774
3775 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
3776 rgw::IAM::s3PutObject,
3777 s->object->get_obj());
3778 if (identity_policy_res == Effect::Deny)
3779 return -EACCES;
3780
3781 rgw::IAM::Effect e = Effect::Pass;
3782 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
3783 if (s->iam_policy) {
3784 ARN obj_arn(s->object->get_obj());
3785 e = s->iam_policy->eval(s->env, *s->auth.identity,
3786 rgw::IAM::s3PutObject,
3787 obj_arn,
3788 princ_type);
3789 }
3790 if (e == Effect::Deny) {
3791 return -EACCES;
3792 }
3793
3794 if (!s->session_policies.empty()) {
3795 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
3796 rgw::IAM::s3PutObject,
3797 s->object->get_obj());
3798 if (session_policy_res == Effect::Deny) {
3799 return -EACCES;
3800 }
3801 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
3802 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
3803 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) ||
3804 (session_policy_res == Effect::Allow && e == Effect::Allow))
3805 return 0;
3806 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
3807 //Intersection of session policy and identity policy plus bucket policy
3808 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) || e == Effect::Allow)
3809 return 0;
3810 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
3811 if (session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow)
3812 return 0;
3813 }
3814 return -EACCES;
3815 }
3816 if (e == Effect::Allow || identity_policy_res == Effect::Allow) {
3817 return 0;
3818 }
3819 }
3820
3821 if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
3822 return -EACCES;
3823 }
3824
3825 return 0;
3826 }
3827
3828
3829 void RGWPutObj::pre_exec()
3830 {
3831 rgw_bucket_object_pre_exec(s);
3832 }
3833
3834 class RGWPutObj_CB : public RGWGetObj_Filter
3835 {
3836 RGWPutObj *op;
3837 public:
3838 explicit RGWPutObj_CB(RGWPutObj *_op) : op(_op) {}
3839 ~RGWPutObj_CB() override {}
3840
3841 int handle_data(bufferlist& bl, off_t bl_ofs, off_t bl_len) override {
3842 return op->get_data_cb(bl, bl_ofs, bl_len);
3843 }
3844 };
3845
3846 int RGWPutObj::get_data_cb(bufferlist& bl, off_t bl_ofs, off_t bl_len)
3847 {
3848 bufferlist bl_tmp;
3849 bl.begin(bl_ofs).copy(bl_len, bl_tmp);
3850
3851 bl_aux.append(bl_tmp);
3852
3853 return bl_len;
3854 }
3855
3856 int RGWPutObj::get_data(const off_t fst, const off_t lst, bufferlist& bl)
3857 {
3858 RGWPutObj_CB cb(this);
3859 RGWGetObj_Filter* filter = &cb;
3860 boost::optional<RGWGetObj_Decompress> decompress;
3861 std::unique_ptr<RGWGetObj_Filter> decrypt;
3862 RGWCompressionInfo cs_info;
3863 map<string, bufferlist> attrs;
3864 int ret = 0;
3865
3866 uint64_t obj_size;
3867 int64_t new_ofs, new_end;
3868
3869 new_ofs = fst;
3870 new_end = lst;
3871
3872 std::unique_ptr<rgw::sal::Bucket> bucket;
3873 ret = driver->get_bucket(nullptr, copy_source_bucket_info, &bucket);
3874 if (ret < 0)
3875 return ret;
3876
3877 std::unique_ptr<rgw::sal::Object> obj = bucket->get_object(rgw_obj_key(copy_source_object_name, copy_source_version_id));
3878 std::unique_ptr<rgw::sal::Object::ReadOp> read_op(obj->get_read_op());
3879
3880 ret = read_op->prepare(s->yield, this);
3881 if (ret < 0)
3882 return ret;
3883
3884 obj_size = obj->get_obj_size();
3885
3886 bool need_decompress;
3887 op_ret = rgw_compression_info_from_attrset(obj->get_attrs(), need_decompress, cs_info);
3888 if (op_ret < 0) {
3889 ldpp_dout(this, 0) << "ERROR: failed to decode compression info" << dendl;
3890 return -EIO;
3891 }
3892
3893 bool partial_content = true;
3894 if (need_decompress)
3895 {
3896 obj_size = cs_info.orig_size;
3897 decompress.emplace(s->cct, &cs_info, partial_content, filter);
3898 filter = &*decompress;
3899 }
3900
3901 auto attr_iter = obj->get_attrs().find(RGW_ATTR_MANIFEST);
3902 op_ret = this->get_decrypt_filter(&decrypt,
3903 filter,
3904 obj->get_attrs(),
3905 attr_iter != obj->get_attrs().end() ? &(attr_iter->second) : nullptr);
3906 if (decrypt != nullptr) {
3907 filter = decrypt.get();
3908 }
3909 if (op_ret < 0) {
3910 return op_ret;
3911 }
3912
3913 ret = obj->range_to_ofs(obj_size, new_ofs, new_end);
3914 if (ret < 0)
3915 return ret;
3916
3917 filter->fixup_range(new_ofs, new_end);
3918 ret = read_op->iterate(this, new_ofs, new_end, filter, s->yield);
3919
3920 if (ret >= 0)
3921 ret = filter->flush();
3922
3923 bl.claim_append(bl_aux);
3924
3925 return ret;
3926 }
3927
3928 // special handling for compression type = "random" with multipart uploads
3929 static CompressorRef get_compressor_plugin(const req_state *s,
3930 const std::string& compression_type)
3931 {
3932 if (compression_type != "random") {
3933 return Compressor::create(s->cct, compression_type);
3934 }
3935
3936 bool is_multipart{false};
3937 const auto& upload_id = s->info.args.get("uploadId", &is_multipart);
3938
3939 if (!is_multipart) {
3940 return Compressor::create(s->cct, compression_type);
3941 }
3942
3943 // use a hash of the multipart upload id so all parts use the same plugin
3944 const auto alg = std::hash<std::string>{}(upload_id) % Compressor::COMP_ALG_LAST;
3945 if (alg == Compressor::COMP_ALG_NONE) {
3946 return nullptr;
3947 }
3948 return Compressor::create(s->cct, alg);
3949 }
3950
3951 int RGWPutObj::get_lua_filter(std::unique_ptr<rgw::sal::DataProcessor>* filter, rgw::sal::DataProcessor* cb) {
3952 std::string script;
3953 const auto rc = rgw::lua::read_script(s, s->penv.lua.manager.get(), s->bucket_tenant, s->yield, rgw::lua::context::putData, script);
3954 if (rc == -ENOENT) {
3955 // no script, nothing to do
3956 return 0;
3957 } else if (rc < 0) {
3958 ldpp_dout(this, 5) << "WARNING: failed to read data script. error: " << rc << dendl;
3959 return rc;
3960 }
3961 filter->reset(new rgw::lua::RGWPutObjFilter(s, script, cb));
3962 return 0;
3963 }
3964
3965 void RGWPutObj::execute(optional_yield y)
3966 {
3967 char supplied_md5_bin[CEPH_CRYPTO_MD5_DIGESTSIZE + 1];
3968 char supplied_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
3969 char calc_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
3970 unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
3971 MD5 hash;
3972 // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
3973 hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
3974 bufferlist bl, aclbl, bs;
3975 int len;
3976
3977 off_t fst;
3978 off_t lst;
3979
3980 bool need_calc_md5 = (dlo_manifest == NULL) && (slo_info == NULL);
3981 perfcounter->inc(l_rgw_put);
3982 // report latency on return
3983 auto put_lat = make_scope_guard([&] {
3984 perfcounter->tinc(l_rgw_put_lat, s->time_elapsed());
3985 });
3986
3987 op_ret = -EINVAL;
3988 if (rgw::sal::Object::empty(s->object.get())) {
3989 return;
3990 }
3991
3992 if (!s->bucket_exists) {
3993 op_ret = -ERR_NO_SUCH_BUCKET;
3994 return;
3995 }
3996
3997 op_ret = get_system_versioning_params(s, &olh_epoch, &version_id);
3998 if (op_ret < 0) {
3999 ldpp_dout(this, 20) << "get_system_versioning_params() returned ret="
4000 << op_ret << dendl;
4001 return;
4002 }
4003
4004 if (supplied_md5_b64) {
4005 need_calc_md5 = true;
4006
4007 ldpp_dout(this, 15) << "supplied_md5_b64=" << supplied_md5_b64 << dendl;
4008 op_ret = ceph_unarmor(supplied_md5_bin, &supplied_md5_bin[CEPH_CRYPTO_MD5_DIGESTSIZE + 1],
4009 supplied_md5_b64, supplied_md5_b64 + strlen(supplied_md5_b64));
4010 ldpp_dout(this, 15) << "ceph_armor ret=" << op_ret << dendl;
4011 if (op_ret != CEPH_CRYPTO_MD5_DIGESTSIZE) {
4012 op_ret = -ERR_INVALID_DIGEST;
4013 return;
4014 }
4015
4016 buf_to_hex((const unsigned char *)supplied_md5_bin, CEPH_CRYPTO_MD5_DIGESTSIZE, supplied_md5);
4017 ldpp_dout(this, 15) << "supplied_md5=" << supplied_md5 << dendl;
4018 }
4019
4020 if (!chunked_upload) { /* with chunked upload we don't know how big is the upload.
4021 we also check sizes at the end anyway */
4022 op_ret = s->bucket->check_quota(this, quota, s->content_length, y);
4023 if (op_ret < 0) {
4024 ldpp_dout(this, 20) << "check_quota() returned ret=" << op_ret << dendl;
4025 return;
4026 }
4027 }
4028
4029 if (supplied_etag) {
4030 strncpy(supplied_md5, supplied_etag, sizeof(supplied_md5) - 1);
4031 supplied_md5[sizeof(supplied_md5) - 1] = '\0';
4032 }
4033
4034 const bool multipart = !multipart_upload_id.empty();
4035
4036 /* Handle object versioning of Swift API. */
4037 if (! multipart) {
4038 op_ret = s->object->swift_versioning_copy(this, s->yield);
4039 if (op_ret < 0) {
4040 return;
4041 }
4042 }
4043
4044 // make reservation for notification if needed
4045 std::unique_ptr<rgw::sal::Notification> res
4046 = driver->get_notification(
4047 s->object.get(), s->src_object.get(), s,
4048 rgw::notify::ObjectCreatedPut, y);
4049 if(!multipart) {
4050 op_ret = res->publish_reserve(this, obj_tags.get());
4051 if (op_ret < 0) {
4052 return;
4053 }
4054 }
4055
4056 // create the object processor
4057 std::unique_ptr<rgw::sal::Writer> processor;
4058
4059 rgw_placement_rule *pdest_placement = &s->dest_placement;
4060
4061 if (multipart) {
4062 std::unique_ptr<rgw::sal::MultipartUpload> upload;
4063 upload = s->bucket->get_multipart_upload(s->object->get_name(),
4064 multipart_upload_id);
4065 op_ret = upload->get_info(this, s->yield, &pdest_placement);
4066
4067 s->trace->SetAttribute(tracing::rgw::UPLOAD_ID, multipart_upload_id);
4068 multipart_trace = tracing::rgw::tracer.add_span(name(), upload->get_trace());
4069
4070 if (op_ret < 0) {
4071 if (op_ret != -ENOENT) {
4072 ldpp_dout(this, 0) << "ERROR: get_multipart_info returned " << op_ret << ": " << cpp_strerror(-op_ret) << dendl;
4073 } else {// -ENOENT: raced with upload complete/cancel, no need to spam log
4074 ldpp_dout(this, 20) << "failed to get multipart info (returned " << op_ret << ": " << cpp_strerror(-op_ret) << "): probably raced with upload complete / cancel" << dendl;
4075 }
4076 return;
4077 }
4078 /* upload will go out of scope, so copy the dest placement for later use */
4079 s->dest_placement = *pdest_placement;
4080 pdest_placement = &s->dest_placement;
4081 ldpp_dout(this, 20) << "dest_placement for part=" << *pdest_placement << dendl;
4082 processor = upload->get_writer(this, s->yield, s->object.get(),
4083 s->user->get_id(), pdest_placement,
4084 multipart_part_num, multipart_part_str);
4085 } else if(append) {
4086 if (s->bucket->versioned()) {
4087 op_ret = -ERR_INVALID_BUCKET_STATE;
4088 return;
4089 }
4090 processor = driver->get_append_writer(this, s->yield, s->object.get(),
4091 s->bucket_owner.get_id(),
4092 pdest_placement, s->req_id, position,
4093 &cur_accounted_size);
4094 } else {
4095 if (s->bucket->versioning_enabled()) {
4096 if (!version_id.empty()) {
4097 s->object->set_instance(version_id);
4098 } else {
4099 s->object->gen_rand_obj_instance_name();
4100 version_id = s->object->get_instance();
4101 }
4102 }
4103 processor = driver->get_atomic_writer(this, s->yield, s->object.get(),
4104 s->bucket_owner.get_id(),
4105 pdest_placement, olh_epoch, s->req_id);
4106 }
4107
4108 op_ret = processor->prepare(s->yield);
4109 if (op_ret < 0) {
4110 ldpp_dout(this, 20) << "processor->prepare() returned ret=" << op_ret
4111 << dendl;
4112 return;
4113 }
4114 if ((! copy_source.empty()) && !copy_source_range) {
4115 std::unique_ptr<rgw::sal::Bucket> bucket;
4116 op_ret = driver->get_bucket(nullptr, copy_source_bucket_info, &bucket);
4117 if (op_ret < 0) {
4118 ldpp_dout(this, 0) << "ERROR: failed to get bucket with error" << op_ret << dendl;
4119 return;
4120 }
4121 std::unique_ptr<rgw::sal::Object> obj =
4122 bucket->get_object(rgw_obj_key(copy_source_object_name, copy_source_version_id));
4123
4124 RGWObjState *astate;
4125 op_ret = obj->get_obj_state(this, &astate, s->yield);
4126 if (op_ret < 0) {
4127 ldpp_dout(this, 0) << "ERROR: get copy source obj state returned with error" << op_ret << dendl;
4128 return;
4129 }
4130 bufferlist bl;
4131 if (astate->get_attr(RGW_ATTR_MANIFEST, bl)) {
4132 RGWObjManifest m;
4133 try{
4134 decode(m, bl);
4135 if (m.get_tier_type() == "cloud-s3") {
4136 op_ret = -ERR_INVALID_OBJECT_STATE;
4137 s->err.message = "This object was transitioned to cloud-s3";
4138 ldpp_dout(this, 4) << "Cannot copy cloud tiered object. Failing with "
4139 << op_ret << dendl;
4140 return;
4141 }
4142 } catch (const buffer::end_of_buffer&) {
4143 // ignore empty manifest; it's not cloud-tiered
4144 } catch (const std::exception& e) {
4145 ldpp_dout(this, 1) << "WARNING: failed to decode object manifest for "
4146 << *s->object << ": " << e.what() << dendl;
4147 }
4148 }
4149
4150 if (!astate->exists){
4151 op_ret = -ENOENT;
4152 return;
4153 }
4154 lst = astate->accounted_size - 1;
4155 } else {
4156 lst = copy_source_range_lst;
4157 }
4158 fst = copy_source_range_fst;
4159
4160 // no filters by default
4161 rgw::sal::DataProcessor *filter = processor.get();
4162
4163 const auto& compression_type = driver->get_compression_type(*pdest_placement);
4164 CompressorRef plugin;
4165 boost::optional<RGWPutObj_Compress> compressor;
4166
4167 std::unique_ptr<rgw::sal::DataProcessor> encrypt;
4168 std::unique_ptr<rgw::sal::DataProcessor> run_lua;
4169
4170 if (!append) { // compression and encryption only apply to full object uploads
4171 op_ret = get_encrypt_filter(&encrypt, filter);
4172 if (op_ret < 0) {
4173 return;
4174 }
4175 if (encrypt != nullptr) {
4176 filter = &*encrypt;
4177 }
4178 // a zonegroup feature is required to combine compression and encryption
4179 const rgw::sal::ZoneGroup& zonegroup = driver->get_zone()->get_zonegroup();
4180 const bool compress_encrypted = zonegroup.supports(rgw::zone_features::compress_encrypted);
4181 if (compression_type != "none" &&
4182 (encrypt == nullptr || compress_encrypted)) {
4183 plugin = get_compressor_plugin(s, compression_type);
4184 if (!plugin) {
4185 ldpp_dout(this, 1) << "Cannot load plugin for compression type "
4186 << compression_type << dendl;
4187 } else {
4188 compressor.emplace(s->cct, plugin, filter);
4189 filter = &*compressor;
4190 // always send incompressible hint when rgw is itself doing compression
4191 s->object->set_compressed();
4192 }
4193 }
4194 // run lua script before data is compressed and encrypted - last filter runs first
4195 op_ret = get_lua_filter(&run_lua, filter);
4196 if (op_ret < 0) {
4197 return;
4198 }
4199 if (run_lua) {
4200 filter = &*run_lua;
4201 }
4202 }
4203 tracepoint(rgw_op, before_data_transfer, s->req_id.c_str());
4204 do {
4205 bufferlist data;
4206 if (fst > lst)
4207 break;
4208 if (copy_source.empty()) {
4209 len = get_data(data);
4210 } else {
4211 off_t cur_lst = min<off_t>(fst + s->cct->_conf->rgw_max_chunk_size - 1, lst);
4212 op_ret = get_data(fst, cur_lst, data);
4213 if (op_ret < 0)
4214 return;
4215 len = data.length();
4216 s->content_length += len;
4217 fst += len;
4218 }
4219 if (len < 0) {
4220 op_ret = len;
4221 ldpp_dout(this, 20) << "get_data() returned ret=" << op_ret << dendl;
4222 return;
4223 } else if (len == 0) {
4224 break;
4225 }
4226
4227 if (need_calc_md5) {
4228 hash.Update((const unsigned char *)data.c_str(), data.length());
4229 }
4230
4231 /* update torrrent */
4232 torrent.update(data);
4233
4234 op_ret = filter->process(std::move(data), ofs);
4235 if (op_ret < 0) {
4236 ldpp_dout(this, 20) << "processor->process() returned ret="
4237 << op_ret << dendl;
4238 return;
4239 }
4240
4241 ofs += len;
4242 } while (len > 0);
4243 tracepoint(rgw_op, after_data_transfer, s->req_id.c_str(), ofs);
4244
4245 // flush any data in filters
4246 op_ret = filter->process({}, ofs);
4247 if (op_ret < 0) {
4248 return;
4249 }
4250
4251 if (!chunked_upload && ofs != s->content_length) {
4252 op_ret = -ERR_REQUEST_TIMEOUT;
4253 return;
4254 }
4255 s->obj_size = ofs;
4256 s->object->set_obj_size(ofs);
4257
4258 perfcounter->inc(l_rgw_put_b, s->obj_size);
4259
4260 op_ret = do_aws4_auth_completion();
4261 if (op_ret < 0) {
4262 return;
4263 }
4264
4265 op_ret = s->bucket->check_quota(this, quota, s->obj_size, y);
4266 if (op_ret < 0) {
4267 ldpp_dout(this, 20) << "second check_quota() returned op_ret=" << op_ret << dendl;
4268 return;
4269 }
4270
4271 hash.Final(m);
4272
4273 if (compressor && compressor->is_compressed()) {
4274 bufferlist tmp;
4275 RGWCompressionInfo cs_info;
4276 cs_info.compression_type = plugin->get_type_name();
4277 cs_info.orig_size = s->obj_size;
4278 cs_info.compressor_message = compressor->get_compressor_message();
4279 cs_info.blocks = move(compressor->get_compression_blocks());
4280 encode(cs_info, tmp);
4281 attrs[RGW_ATTR_COMPRESSION] = tmp;
4282 ldpp_dout(this, 20) << "storing " << RGW_ATTR_COMPRESSION
4283 << " with type=" << cs_info.compression_type
4284 << ", orig_size=" << cs_info.orig_size
4285 << ", blocks=" << cs_info.blocks.size() << dendl;
4286 }
4287
4288 buf_to_hex(m, CEPH_CRYPTO_MD5_DIGESTSIZE, calc_md5);
4289
4290 etag = calc_md5;
4291
4292 if (supplied_md5_b64 && strcmp(calc_md5, supplied_md5)) {
4293 op_ret = -ERR_BAD_DIGEST;
4294 return;
4295 }
4296
4297 policy.encode(aclbl);
4298 emplace_attr(RGW_ATTR_ACL, std::move(aclbl));
4299
4300 if (dlo_manifest) {
4301 op_ret = encode_dlo_manifest_attr(dlo_manifest, attrs);
4302 if (op_ret < 0) {
4303 ldpp_dout(this, 0) << "bad user manifest: " << dlo_manifest << dendl;
4304 return;
4305 }
4306 }
4307
4308 if (slo_info) {
4309 bufferlist manifest_bl;
4310 encode(*slo_info, manifest_bl);
4311 emplace_attr(RGW_ATTR_SLO_MANIFEST, std::move(manifest_bl));
4312 }
4313
4314 if (supplied_etag && etag.compare(supplied_etag) != 0) {
4315 op_ret = -ERR_UNPROCESSABLE_ENTITY;
4316 return;
4317 }
4318 bl.append(etag.c_str(), etag.size());
4319 emplace_attr(RGW_ATTR_ETAG, std::move(bl));
4320
4321 populate_with_generic_attrs(s, attrs);
4322 op_ret = rgw_get_request_metadata(this, s->cct, s->info, attrs);
4323 if (op_ret < 0) {
4324 return;
4325 }
4326 encode_delete_at_attr(delete_at, attrs);
4327 encode_obj_tags_attr(obj_tags.get(), attrs);
4328 rgw_cond_decode_objtags(s, attrs);
4329
4330 /* Add a custom metadata to expose the information whether an object
4331 * is an SLO or not. Appending the attribute must be performed AFTER
4332 * processing any input from user in order to prohibit overwriting. */
4333 if (slo_info) {
4334 bufferlist slo_userindicator_bl;
4335 slo_userindicator_bl.append("True", 4);
4336 emplace_attr(RGW_ATTR_SLO_UINDICATOR, std::move(slo_userindicator_bl));
4337 }
4338 if (obj_legal_hold) {
4339 bufferlist obj_legal_hold_bl;
4340 obj_legal_hold->encode(obj_legal_hold_bl);
4341 emplace_attr(RGW_ATTR_OBJECT_LEGAL_HOLD, std::move(obj_legal_hold_bl));
4342 }
4343 if (obj_retention) {
4344 bufferlist obj_retention_bl;
4345 obj_retention->encode(obj_retention_bl);
4346 emplace_attr(RGW_ATTR_OBJECT_RETENTION, std::move(obj_retention_bl));
4347 }
4348
4349 tracepoint(rgw_op, processor_complete_enter, s->req_id.c_str());
4350 op_ret = processor->complete(s->obj_size, etag, &mtime, real_time(), attrs,
4351 (delete_at ? *delete_at : real_time()), if_match, if_nomatch,
4352 (user_data.empty() ? nullptr : &user_data), nullptr, nullptr,
4353 s->yield);
4354 tracepoint(rgw_op, processor_complete_exit, s->req_id.c_str());
4355
4356 /* produce torrent */
4357 if (s->cct->_conf->rgw_torrent_flag && (ofs == torrent.get_data_len()))
4358 {
4359 torrent.init(s, driver);
4360 torrent.set_create_date(mtime);
4361 op_ret = torrent.complete(y);
4362 if (0 != op_ret)
4363 {
4364 ldpp_dout(this, 0) << "ERROR: torrent.handle_data() returned " << op_ret << dendl;
4365 return;
4366 }
4367 }
4368
4369 // send request to notification manager
4370 int ret = res->publish_commit(this, s->obj_size, mtime, etag, s->object->get_instance());
4371 if (ret < 0) {
4372 ldpp_dout(this, 1) << "ERROR: publishing notification failed, with error: " << ret << dendl;
4373 // too late to rollback operation, hence op_ret is not set here
4374 }
4375 }
4376
4377 int RGWPostObj::verify_permission(optional_yield y)
4378 {
4379 return 0;
4380 }
4381
4382 void RGWPostObj::pre_exec()
4383 {
4384 rgw_bucket_object_pre_exec(s);
4385 }
4386
4387 void RGWPostObj::execute(optional_yield y)
4388 {
4389 boost::optional<RGWPutObj_Compress> compressor;
4390 CompressorRef plugin;
4391 char supplied_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
4392
4393 /* Read in the data from the POST form. */
4394 op_ret = get_params(y);
4395 if (op_ret < 0) {
4396 return;
4397 }
4398
4399 op_ret = verify_params();
4400 if (op_ret < 0) {
4401 return;
4402 }
4403
4404 // add server-side encryption headers
4405 rgw_iam_add_crypt_attrs(s->env, s->info.crypt_attribute_map);
4406
4407 if (s->iam_policy || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
4408 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
4409 rgw::IAM::s3PutObject,
4410 s->object->get_obj());
4411 if (identity_policy_res == Effect::Deny) {
4412 op_ret = -EACCES;
4413 return;
4414 }
4415
4416 rgw::IAM::Effect e = Effect::Pass;
4417 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
4418 if (s->iam_policy) {
4419 ARN obj_arn(s->object->get_obj());
4420 e = s->iam_policy->eval(s->env, *s->auth.identity,
4421 rgw::IAM::s3PutObject,
4422 obj_arn,
4423 princ_type);
4424 }
4425 if (e == Effect::Deny) {
4426 op_ret = -EACCES;
4427 return;
4428 }
4429
4430 if (!s->session_policies.empty()) {
4431 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
4432 rgw::IAM::s3PutObject,
4433 s->object->get_obj());
4434 if (session_policy_res == Effect::Deny) {
4435 op_ret = -EACCES;
4436 return;
4437 }
4438 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
4439 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
4440 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) ||
4441 (session_policy_res == Effect::Allow && e == Effect::Allow)) {
4442 op_ret = 0;
4443 return;
4444 }
4445 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
4446 //Intersection of session policy and identity policy plus bucket policy
4447 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) || e == Effect::Allow) {
4448 op_ret = 0;
4449 return;
4450 }
4451 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
4452 if (session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) {
4453 op_ret = 0;
4454 return;
4455 }
4456 }
4457 op_ret = -EACCES;
4458 return;
4459 }
4460 if (identity_policy_res == Effect::Pass && e == Effect::Pass && !verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
4461 op_ret = -EACCES;
4462 return;
4463 }
4464 } else if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
4465 op_ret = -EACCES;
4466 return;
4467 }
4468
4469 // make reservation for notification if needed
4470 std::unique_ptr<rgw::sal::Notification> res
4471 = driver->get_notification(s->object.get(), s->src_object.get(), s, rgw::notify::ObjectCreatedPost, y);
4472 op_ret = res->publish_reserve(this);
4473 if (op_ret < 0) {
4474 return;
4475 }
4476
4477 /* Start iteration over data fields. It's necessary as Swift's FormPost
4478 * is capable to handle multiple files in single form. */
4479 do {
4480 char calc_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
4481 unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
4482 MD5 hash;
4483 // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
4484 hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
4485 ceph::buffer::list bl, aclbl;
4486
4487 op_ret = s->bucket->check_quota(this, quota, s->content_length, y);
4488 if (op_ret < 0) {
4489 return;
4490 }
4491
4492 if (supplied_md5_b64) {
4493 char supplied_md5_bin[CEPH_CRYPTO_MD5_DIGESTSIZE + 1];
4494 ldpp_dout(this, 15) << "supplied_md5_b64=" << supplied_md5_b64 << dendl;
4495 op_ret = ceph_unarmor(supplied_md5_bin, &supplied_md5_bin[CEPH_CRYPTO_MD5_DIGESTSIZE + 1],
4496 supplied_md5_b64, supplied_md5_b64 + strlen(supplied_md5_b64));
4497 ldpp_dout(this, 15) << "ceph_armor ret=" << op_ret << dendl;
4498 if (op_ret != CEPH_CRYPTO_MD5_DIGESTSIZE) {
4499 op_ret = -ERR_INVALID_DIGEST;
4500 return;
4501 }
4502
4503 buf_to_hex((const unsigned char *)supplied_md5_bin, CEPH_CRYPTO_MD5_DIGESTSIZE, supplied_md5);
4504 ldpp_dout(this, 15) << "supplied_md5=" << supplied_md5 << dendl;
4505 }
4506
4507 std::unique_ptr<rgw::sal::Object> obj =
4508 s->bucket->get_object(rgw_obj_key(get_current_filename()));
4509 if (s->bucket->versioning_enabled()) {
4510 obj->gen_rand_obj_instance_name();
4511 }
4512
4513 std::unique_ptr<rgw::sal::Writer> processor;
4514 processor = driver->get_atomic_writer(this, s->yield, obj.get(),
4515 s->bucket_owner.get_id(),
4516 &s->dest_placement, 0, s->req_id);
4517 op_ret = processor->prepare(s->yield);
4518 if (op_ret < 0) {
4519 return;
4520 }
4521
4522 /* No filters by default. */
4523 rgw::sal::DataProcessor *filter = processor.get();
4524
4525 std::unique_ptr<rgw::sal::DataProcessor> encrypt;
4526 op_ret = get_encrypt_filter(&encrypt, filter);
4527 if (op_ret < 0) {
4528 return;
4529 }
4530 if (encrypt != nullptr) {
4531 filter = encrypt.get();
4532 } else {
4533 const auto& compression_type = driver->get_compression_type(s->dest_placement);
4534 if (compression_type != "none") {
4535 plugin = Compressor::create(s->cct, compression_type);
4536 if (!plugin) {
4537 ldpp_dout(this, 1) << "Cannot load plugin for compression type "
4538 << compression_type << dendl;
4539 } else {
4540 compressor.emplace(s->cct, plugin, filter);
4541 filter = &*compressor;
4542 }
4543 }
4544 }
4545
4546 bool again;
4547 do {
4548 ceph::bufferlist data;
4549 int len = get_data(data, again);
4550
4551 if (len < 0) {
4552 op_ret = len;
4553 return;
4554 }
4555
4556 if (!len) {
4557 break;
4558 }
4559
4560 hash.Update((const unsigned char *)data.c_str(), data.length());
4561 op_ret = filter->process(std::move(data), ofs);
4562 if (op_ret < 0) {
4563 return;
4564 }
4565
4566 ofs += len;
4567
4568 if (ofs > max_len) {
4569 op_ret = -ERR_TOO_LARGE;
4570 return;
4571 }
4572 } while (again);
4573
4574 // flush
4575 op_ret = filter->process({}, ofs);
4576 if (op_ret < 0) {
4577 return;
4578 }
4579
4580 if (ofs < min_len) {
4581 op_ret = -ERR_TOO_SMALL;
4582 return;
4583 }
4584
4585 s->obj_size = ofs;
4586 s->object->set_obj_size(ofs);
4587
4588
4589 op_ret = s->bucket->check_quota(this, quota, s->obj_size, y);
4590 if (op_ret < 0) {
4591 return;
4592 }
4593
4594 hash.Final(m);
4595 buf_to_hex(m, CEPH_CRYPTO_MD5_DIGESTSIZE, calc_md5);
4596
4597 etag = calc_md5;
4598
4599 if (supplied_md5_b64 && strcmp(calc_md5, supplied_md5)) {
4600 op_ret = -ERR_BAD_DIGEST;
4601 return;
4602 }
4603
4604 bl.append(etag.c_str(), etag.size());
4605 emplace_attr(RGW_ATTR_ETAG, std::move(bl));
4606
4607 policy.encode(aclbl);
4608 emplace_attr(RGW_ATTR_ACL, std::move(aclbl));
4609
4610 const std::string content_type = get_current_content_type();
4611 if (! content_type.empty()) {
4612 ceph::bufferlist ct_bl;
4613 ct_bl.append(content_type.c_str(), content_type.size() + 1);
4614 emplace_attr(RGW_ATTR_CONTENT_TYPE, std::move(ct_bl));
4615 }
4616
4617 if (compressor && compressor->is_compressed()) {
4618 ceph::bufferlist tmp;
4619 RGWCompressionInfo cs_info;
4620 cs_info.compression_type = plugin->get_type_name();
4621 cs_info.orig_size = s->obj_size;
4622 cs_info.compressor_message = compressor->get_compressor_message();
4623 cs_info.blocks = move(compressor->get_compression_blocks());
4624 encode(cs_info, tmp);
4625 emplace_attr(RGW_ATTR_COMPRESSION, std::move(tmp));
4626 }
4627
4628 op_ret = processor->complete(s->obj_size, etag, nullptr, real_time(), attrs,
4629 (delete_at ? *delete_at : real_time()),
4630 nullptr, nullptr, nullptr, nullptr, nullptr,
4631 s->yield);
4632 if (op_ret < 0) {
4633 return;
4634 }
4635 } while (is_next_file_to_upload());
4636
4637 // send request to notification manager
4638 int ret = res->publish_commit(this, ofs, s->object->get_mtime(), etag, s->object->get_instance());
4639 if (ret < 0) {
4640 ldpp_dout(this, 1) << "ERROR: publishing notification failed, with error: " << ret << dendl;
4641 // too late to rollback operation, hence op_ret is not set here
4642 }
4643 }
4644
4645
4646 void RGWPutMetadataAccount::filter_out_temp_url(map<string, bufferlist>& add_attrs,
4647 const set<string>& rmattr_names,
4648 map<int, string>& temp_url_keys)
4649 {
4650 map<string, bufferlist>::iterator iter;
4651
4652 iter = add_attrs.find(RGW_ATTR_TEMPURL_KEY1);
4653 if (iter != add_attrs.end()) {
4654 temp_url_keys[0] = iter->second.c_str();
4655 add_attrs.erase(iter);
4656 }
4657
4658 iter = add_attrs.find(RGW_ATTR_TEMPURL_KEY2);
4659 if (iter != add_attrs.end()) {
4660 temp_url_keys[1] = iter->second.c_str();
4661 add_attrs.erase(iter);
4662 }
4663
4664 for (const string& name : rmattr_names) {
4665 if (name.compare(RGW_ATTR_TEMPURL_KEY1) == 0) {
4666 temp_url_keys[0] = string();
4667 }
4668 if (name.compare(RGW_ATTR_TEMPURL_KEY2) == 0) {
4669 temp_url_keys[1] = string();
4670 }
4671 }
4672 }
4673
4674 int RGWPutMetadataAccount::init_processing(optional_yield y)
4675 {
4676 /* First, go to the base class. At the time of writing the method was
4677 * responsible only for initializing the quota. This isn't necessary
4678 * here as we are touching metadata only. I'm putting this call only
4679 * for the future. */
4680 op_ret = RGWOp::init_processing(y);
4681 if (op_ret < 0) {
4682 return op_ret;
4683 }
4684
4685 op_ret = get_params(y);
4686 if (op_ret < 0) {
4687 return op_ret;
4688 }
4689
4690 op_ret = s->user->read_attrs(this, y);
4691 if (op_ret < 0) {
4692 return op_ret;
4693 }
4694 orig_attrs = s->user->get_attrs();
4695
4696 if (has_policy) {
4697 bufferlist acl_bl;
4698 policy.encode(acl_bl);
4699 attrs.emplace(RGW_ATTR_ACL, std::move(acl_bl));
4700 }
4701
4702 op_ret = rgw_get_request_metadata(this, s->cct, s->info, attrs, false);
4703 if (op_ret < 0) {
4704 return op_ret;
4705 }
4706 prepare_add_del_attrs(orig_attrs, rmattr_names, attrs);
4707 populate_with_generic_attrs(s, attrs);
4708
4709 /* Try extract the TempURL-related stuff now to allow verify_permission
4710 * evaluate whether we need FULL_CONTROL or not. */
4711 filter_out_temp_url(attrs, rmattr_names, temp_url_keys);
4712
4713 /* The same with quota except a client needs to be reseller admin. */
4714 op_ret = filter_out_quota_info(attrs, rmattr_names, new_quota,
4715 &new_quota_extracted);
4716 if (op_ret < 0) {
4717 return op_ret;
4718 }
4719
4720 return 0;
4721 }
4722
4723 int RGWPutMetadataAccount::verify_permission(optional_yield y)
4724 {
4725 if (s->auth.identity->is_anonymous()) {
4726 return -EACCES;
4727 }
4728
4729 if (!verify_user_permission_no_policy(this, s, RGW_PERM_WRITE)) {
4730 return -EACCES;
4731 }
4732
4733 /* Altering TempURL keys requires FULL_CONTROL. */
4734 if (!temp_url_keys.empty() && s->perm_mask != RGW_PERM_FULL_CONTROL) {
4735 return -EPERM;
4736 }
4737
4738 /* We are failing this intensionally to allow system user/reseller admin
4739 * override in rgw_process.cc. This is the way to specify a given RGWOp
4740 * expect extra privileges. */
4741 if (new_quota_extracted) {
4742 return -EACCES;
4743 }
4744
4745 return 0;
4746 }
4747
4748 void RGWPutMetadataAccount::execute(optional_yield y)
4749 {
4750 /* Params have been extracted earlier. See init_processing(). */
4751 op_ret = s->user->load_user(this, y);
4752 if (op_ret < 0) {
4753 return;
4754 }
4755
4756 /* Handle the TempURL-related stuff. */
4757 if (!temp_url_keys.empty()) {
4758 for (auto& pair : temp_url_keys) {
4759 s->user->get_info().temp_url_keys[pair.first] = std::move(pair.second);
4760 }
4761 }
4762
4763 /* Handle the quota extracted at the verify_permission step. */
4764 if (new_quota_extracted) {
4765 s->user->get_info().quota.user_quota = std::move(new_quota);
4766 }
4767
4768 /* We are passing here the current (old) user info to allow the function
4769 * optimize-out some operations. */
4770 s->user->set_attrs(attrs);
4771 op_ret = s->user->store_user(this, y, false, &s->user->get_info());
4772 }
4773
4774 int RGWPutMetadataBucket::verify_permission(optional_yield y)
4775 {
4776 if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
4777 return -EACCES;
4778 }
4779
4780 return 0;
4781 }
4782
4783 void RGWPutMetadataBucket::pre_exec()
4784 {
4785 rgw_bucket_object_pre_exec(s);
4786 }
4787
4788 void RGWPutMetadataBucket::execute(optional_yield y)
4789 {
4790 op_ret = get_params(y);
4791 if (op_ret < 0) {
4792 return;
4793 }
4794
4795 op_ret = rgw_get_request_metadata(this, s->cct, s->info, attrs, false);
4796 if (op_ret < 0) {
4797 return;
4798 }
4799
4800 if (!placement_rule.empty() &&
4801 placement_rule != s->bucket->get_placement_rule()) {
4802 op_ret = -EEXIST;
4803 return;
4804 }
4805
4806 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
4807 /* Encode special metadata first as we're using std::map::emplace under
4808 * the hood. This method will add the new items only if the map doesn't
4809 * contain such keys yet. */
4810 if (has_policy) {
4811 if (s->dialect.compare("swift") == 0) {
4812 auto old_policy = \
4813 static_cast<RGWAccessControlPolicy_SWIFT*>(s->bucket_acl.get());
4814 auto new_policy = static_cast<RGWAccessControlPolicy_SWIFT*>(&policy);
4815 new_policy->filter_merge(policy_rw_mask, old_policy);
4816 policy = *new_policy;
4817 }
4818 buffer::list bl;
4819 policy.encode(bl);
4820 emplace_attr(RGW_ATTR_ACL, std::move(bl));
4821 }
4822
4823 if (has_cors) {
4824 buffer::list bl;
4825 cors_config.encode(bl);
4826 emplace_attr(RGW_ATTR_CORS, std::move(bl));
4827 }
4828
4829 /* It's supposed that following functions WILL NOT change any
4830 * special attributes (like RGW_ATTR_ACL) if they are already
4831 * present in attrs. */
4832 prepare_add_del_attrs(s->bucket_attrs, rmattr_names, attrs);
4833 populate_with_generic_attrs(s, attrs);
4834
4835 /* According to the Swift's behaviour and its container_quota
4836 * WSGI middleware implementation: anyone with write permissions
4837 * is able to set the bucket quota. This stays in contrast to
4838 * account quotas that can be set only by clients holding
4839 * reseller admin privileges. */
4840 op_ret = filter_out_quota_info(attrs, rmattr_names, s->bucket->get_info().quota);
4841 if (op_ret < 0) {
4842 return op_ret;
4843 }
4844
4845 if (swift_ver_location) {
4846 s->bucket->get_info().swift_ver_location = *swift_ver_location;
4847 s->bucket->get_info().swift_versioning = (!swift_ver_location->empty());
4848 }
4849
4850 /* Web site of Swift API. */
4851 filter_out_website(attrs, rmattr_names, s->bucket->get_info().website_conf);
4852 s->bucket->get_info().has_website = !s->bucket->get_info().website_conf.is_empty();
4853
4854 /* Setting attributes also stores the provided bucket info. Due
4855 * to this fact, the new quota settings can be serialized with
4856 * the same call. */
4857 op_ret = s->bucket->merge_and_store_attrs(this, attrs, s->yield);
4858 return op_ret;
4859 });
4860 }
4861
4862 int RGWPutMetadataObject::verify_permission(optional_yield y)
4863 {
4864 // This looks to be something specific to Swift. We could add
4865 // operations like swift:PutMetadataObject to the Policy Engine.
4866 if (!verify_object_permission_no_policy(this, s, RGW_PERM_WRITE)) {
4867 return -EACCES;
4868 }
4869
4870 return 0;
4871 }
4872
4873 void RGWPutMetadataObject::pre_exec()
4874 {
4875 rgw_bucket_object_pre_exec(s);
4876 }
4877
4878 void RGWPutMetadataObject::execute(optional_yield y)
4879 {
4880 rgw_obj target_obj;
4881 rgw::sal::Attrs attrs, rmattrs;
4882
4883 s->object->set_atomic();
4884
4885 op_ret = get_params(y);
4886 if (op_ret < 0) {
4887 return;
4888 }
4889
4890 op_ret = rgw_get_request_metadata(this, s->cct, s->info, attrs);
4891 if (op_ret < 0) {
4892 return;
4893 }
4894
4895 /* check if obj exists, read orig attrs */
4896 op_ret = s->object->get_obj_attrs(s->yield, s, &target_obj);
4897 if (op_ret < 0) {
4898 return;
4899 }
4900
4901 /* Check whether the object has expired. Swift API documentation
4902 * stands that we should return 404 Not Found in such case. */
4903 if (need_object_expiration() && s->object->is_expired()) {
4904 op_ret = -ENOENT;
4905 return;
4906 }
4907
4908 /* Filter currently existing attributes. */
4909 prepare_add_del_attrs(s->object->get_attrs(), attrs, rmattrs);
4910 populate_with_generic_attrs(s, attrs);
4911 encode_delete_at_attr(delete_at, attrs);
4912
4913 if (dlo_manifest) {
4914 op_ret = encode_dlo_manifest_attr(dlo_manifest, attrs);
4915 if (op_ret < 0) {
4916 ldpp_dout(this, 0) << "bad user manifest: " << dlo_manifest << dendl;
4917 return;
4918 }
4919 }
4920
4921 op_ret = s->object->set_obj_attrs(this, &attrs, &rmattrs, s->yield);
4922 }
4923
4924 int RGWDeleteObj::handle_slo_manifest(bufferlist& bl, optional_yield y)
4925 {
4926 RGWSLOInfo slo_info;
4927 auto bliter = bl.cbegin();
4928 try {
4929 decode(slo_info, bliter);
4930 } catch (buffer::error& err) {
4931 ldpp_dout(this, 0) << "ERROR: failed to decode slo manifest" << dendl;
4932 return -EIO;
4933 }
4934
4935 try {
4936 deleter = std::unique_ptr<RGWBulkDelete::Deleter>(\
4937 new RGWBulkDelete::Deleter(this, driver, s));
4938 } catch (const std::bad_alloc&) {
4939 return -ENOMEM;
4940 }
4941
4942 list<RGWBulkDelete::acct_path_t> items;
4943 for (const auto& iter : slo_info.entries) {
4944 const string& path_str = iter.path;
4945
4946 const size_t pos_init = path_str.find_first_not_of('/');
4947 if (std::string_view::npos == pos_init) {
4948 return -EINVAL;
4949 }
4950
4951 const size_t sep_pos = path_str.find('/', pos_init);
4952 if (std::string_view::npos == sep_pos) {
4953 return -EINVAL;
4954 }
4955
4956 RGWBulkDelete::acct_path_t path;
4957
4958 path.bucket_name = url_decode(path_str.substr(pos_init, sep_pos - pos_init));
4959 path.obj_key = url_decode(path_str.substr(sep_pos + 1));
4960
4961 items.push_back(path);
4962 }
4963
4964 /* Request removal of the manifest object itself. */
4965 RGWBulkDelete::acct_path_t path;
4966 path.bucket_name = s->bucket_name;
4967 path.obj_key = s->object->get_key();
4968 items.push_back(path);
4969
4970 int ret = deleter->delete_chunk(items, y);
4971 if (ret < 0) {
4972 return ret;
4973 }
4974
4975 return 0;
4976 }
4977
4978 int RGWDeleteObj::verify_permission(optional_yield y)
4979 {
4980 int op_ret = get_params(y);
4981 if (op_ret) {
4982 return op_ret;
4983 }
4984
4985 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
4986 if (has_s3_existing_tag || has_s3_resource_tag)
4987 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
4988
4989 if (s->iam_policy || ! s->iam_user_policies.empty() || ! s->session_policies.empty()) {
4990 if (s->bucket->get_info().obj_lock_enabled() && bypass_governance_mode) {
4991 auto r = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
4992 rgw::IAM::s3BypassGovernanceRetention, ARN(s->bucket->get_key(), s->object->get_name()));
4993 if (r == Effect::Deny) {
4994 bypass_perm = false;
4995 } else if (r == Effect::Pass && s->iam_policy) {
4996 ARN obj_arn(ARN(s->bucket->get_key(), s->object->get_name()));
4997 r = s->iam_policy->eval(s->env, *s->auth.identity, rgw::IAM::s3BypassGovernanceRetention, obj_arn);
4998 if (r == Effect::Deny) {
4999 bypass_perm = false;
5000 }
5001 } else if (r == Effect::Pass && !s->session_policies.empty()) {
5002 r = eval_identity_or_session_policies(this, s->session_policies, s->env,
5003 rgw::IAM::s3BypassGovernanceRetention, ARN(s->bucket->get_key(), s->object->get_name()));
5004 if (r == Effect::Deny) {
5005 bypass_perm = false;
5006 }
5007 }
5008 }
5009 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
5010 s->object->get_instance().empty() ?
5011 rgw::IAM::s3DeleteObject :
5012 rgw::IAM::s3DeleteObjectVersion,
5013 ARN(s->bucket->get_key(), s->object->get_name()));
5014 if (identity_policy_res == Effect::Deny) {
5015 return -EACCES;
5016 }
5017
5018 rgw::IAM::Effect r = Effect::Pass;
5019 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
5020 ARN obj_arn(ARN(s->bucket->get_key(), s->object->get_name()));
5021 if (s->iam_policy) {
5022 r = s->iam_policy->eval(s->env, *s->auth.identity,
5023 s->object->get_instance().empty() ?
5024 rgw::IAM::s3DeleteObject :
5025 rgw::IAM::s3DeleteObjectVersion,
5026 obj_arn,
5027 princ_type);
5028 }
5029 if (r == Effect::Deny)
5030 return -EACCES;
5031
5032 if (!s->session_policies.empty()) {
5033 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
5034 s->object->get_instance().empty() ?
5035 rgw::IAM::s3DeleteObject :
5036 rgw::IAM::s3DeleteObjectVersion,
5037 obj_arn);
5038 if (session_policy_res == Effect::Deny) {
5039 return -EACCES;
5040 }
5041 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
5042 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
5043 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) ||
5044 (session_policy_res == Effect::Allow && r == Effect::Allow)) {
5045 return 0;
5046 }
5047 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
5048 //Intersection of session policy and identity policy plus bucket policy
5049 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) || r == Effect::Allow) {
5050 return 0;
5051 }
5052 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
5053 if (session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) {
5054 return 0;
5055 }
5056 }
5057 return -EACCES;
5058 }
5059 if (r == Effect::Allow || identity_policy_res == Effect::Allow)
5060 return 0;
5061 }
5062
5063 if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
5064 return -EACCES;
5065 }
5066
5067 if (s->bucket->get_info().mfa_enabled() &&
5068 !s->object->get_instance().empty() &&
5069 !s->mfa_verified) {
5070 ldpp_dout(this, 5) << "NOTICE: object delete request with a versioned object, mfa auth not provided" << dendl;
5071 return -ERR_MFA_REQUIRED;
5072 }
5073
5074 return 0;
5075 }
5076
5077 void RGWDeleteObj::pre_exec()
5078 {
5079 rgw_bucket_object_pre_exec(s);
5080 }
5081
5082 void RGWDeleteObj::execute(optional_yield y)
5083 {
5084 if (!s->bucket_exists) {
5085 op_ret = -ERR_NO_SUCH_BUCKET;
5086 return;
5087 }
5088
5089 if (!rgw::sal::Object::empty(s->object.get())) {
5090 uint64_t obj_size = 0;
5091 std::string etag;
5092 {
5093 RGWObjState* astate = nullptr;
5094 bool check_obj_lock = s->object->have_instance() && s->bucket->get_info().obj_lock_enabled();
5095
5096 op_ret = s->object->get_obj_state(this, &astate, s->yield, true);
5097 if (op_ret < 0) {
5098 if (need_object_expiration() || multipart_delete) {
5099 return;
5100 }
5101
5102 if (check_obj_lock) {
5103 /* check if obj exists, read orig attrs */
5104 if (op_ret == -ENOENT) {
5105 /* object maybe delete_marker, skip check_obj_lock*/
5106 check_obj_lock = false;
5107 } else {
5108 return;
5109 }
5110 }
5111 } else {
5112 obj_size = astate->size;
5113 etag = astate->attrset[RGW_ATTR_ETAG].to_str();
5114 }
5115
5116 // ignore return value from get_obj_attrs in all other cases
5117 op_ret = 0;
5118
5119 if (check_obj_lock) {
5120 ceph_assert(astate);
5121 int object_lock_response = verify_object_lock(this, astate->attrset, bypass_perm, bypass_governance_mode);
5122 if (object_lock_response != 0) {
5123 op_ret = object_lock_response;
5124 if (op_ret == -EACCES) {
5125 s->err.message = "forbidden by object lock";
5126 }
5127 return;
5128 }
5129 }
5130
5131 if (multipart_delete) {
5132 if (!astate) {
5133 op_ret = -ERR_NOT_SLO_MANIFEST;
5134 return;
5135 }
5136
5137 const auto slo_attr = astate->attrset.find(RGW_ATTR_SLO_MANIFEST);
5138
5139 if (slo_attr != astate->attrset.end()) {
5140 op_ret = handle_slo_manifest(slo_attr->second, y);
5141 if (op_ret < 0) {
5142 ldpp_dout(this, 0) << "ERROR: failed to handle slo manifest ret=" << op_ret << dendl;
5143 }
5144 } else {
5145 op_ret = -ERR_NOT_SLO_MANIFEST;
5146 }
5147
5148 return;
5149 }
5150 }
5151
5152 // make reservation for notification if needed
5153 const auto versioned_object = s->bucket->versioning_enabled();
5154 const auto event_type = versioned_object &&
5155 s->object->get_instance().empty() ?
5156 rgw::notify::ObjectRemovedDeleteMarkerCreated :
5157 rgw::notify::ObjectRemovedDelete;
5158 std::unique_ptr<rgw::sal::Notification> res
5159 = driver->get_notification(s->object.get(), s->src_object.get(), s,
5160 event_type, y);
5161 op_ret = res->publish_reserve(this);
5162 if (op_ret < 0) {
5163 return;
5164 }
5165
5166 s->object->set_atomic();
5167
5168 bool ver_restored = false;
5169 op_ret = s->object->swift_versioning_restore(ver_restored, this);
5170 if (op_ret < 0) {
5171 return;
5172 }
5173
5174 if (!ver_restored) {
5175 uint64_t epoch = 0;
5176
5177 /* Swift's versioning mechanism hasn't found any previous version of
5178 * the object that could be restored. This means we should proceed
5179 * with the regular delete path. */
5180 op_ret = get_system_versioning_params(s, &epoch, &version_id);
5181 if (op_ret < 0) {
5182 return;
5183 }
5184
5185 std::unique_ptr<rgw::sal::Object::DeleteOp> del_op = s->object->get_delete_op();
5186 del_op->params.obj_owner = s->owner;
5187 del_op->params.bucket_owner = s->bucket_owner;
5188 del_op->params.versioning_status = s->bucket->get_info().versioning_status();
5189 del_op->params.unmod_since = unmod_since;
5190 del_op->params.high_precision_time = s->system_request;
5191 del_op->params.olh_epoch = epoch;
5192 del_op->params.marker_version_id = version_id;
5193
5194 op_ret = del_op->delete_obj(this, y);
5195 if (op_ret >= 0) {
5196 delete_marker = del_op->result.delete_marker;
5197 version_id = del_op->result.version_id;
5198 }
5199
5200 /* Check whether the object has expired. Swift API documentation
5201 * stands that we should return 404 Not Found in such case. */
5202 if (need_object_expiration() && s->object->is_expired()) {
5203 op_ret = -ENOENT;
5204 return;
5205 }
5206 }
5207
5208 if (op_ret == -ECANCELED) {
5209 op_ret = 0;
5210 }
5211 if (op_ret == -ERR_PRECONDITION_FAILED && no_precondition_error) {
5212 op_ret = 0;
5213 }
5214
5215 // send request to notification manager
5216 int ret = res->publish_commit(this, obj_size, ceph::real_clock::now(), etag, version_id);
5217 if (ret < 0) {
5218 ldpp_dout(this, 1) << "ERROR: publishing notification failed, with error: " << ret << dendl;
5219 // too late to rollback operation, hence op_ret is not set here
5220 }
5221 } else {
5222 op_ret = -EINVAL;
5223 }
5224 }
5225
5226 bool RGWCopyObj::parse_copy_location(const std::string_view& url_src,
5227 string& bucket_name,
5228 rgw_obj_key& key,
5229 req_state* s)
5230 {
5231 std::string_view name_str;
5232 std::string_view params_str;
5233
5234 // search for ? before url-decoding so we don't accidentally match %3F
5235 size_t pos = url_src.find('?');
5236 if (pos == string::npos) {
5237 name_str = url_src;
5238 } else {
5239 name_str = url_src.substr(0, pos);
5240 params_str = url_src.substr(pos + 1);
5241 }
5242
5243 if (name_str[0] == '/') // trim leading slash
5244 name_str.remove_prefix(1);
5245
5246 std::string dec_src = url_decode(name_str);
5247
5248 pos = dec_src.find('/');
5249 if (pos == string::npos)
5250 return false;
5251
5252 bucket_name = dec_src.substr(0, pos);
5253 key.name = dec_src.substr(pos + 1);
5254
5255 if (key.name.empty()) {
5256 return false;
5257 }
5258
5259 if (! params_str.empty()) {
5260 RGWHTTPArgs args;
5261 args.set(std::string(params_str));
5262 args.parse(s);
5263
5264 key.instance = args.get("versionId", NULL);
5265 }
5266
5267 return true;
5268 }
5269
5270 int RGWCopyObj::init_processing(optional_yield y)
5271 {
5272 op_ret = RGWOp::init_processing(y);
5273 if (op_ret < 0) {
5274 return op_ret;
5275 }
5276
5277 op_ret = get_params(y);
5278 if (op_ret < 0)
5279 return op_ret;
5280
5281 op_ret = get_system_versioning_params(s, &olh_epoch, &version_id);
5282 if (op_ret < 0) {
5283 return op_ret;
5284 }
5285
5286 op_ret = driver->get_bucket(this, s->user.get(),
5287 rgw_bucket_key(s->src_tenant_name,
5288 s->src_bucket_name),
5289 &src_bucket, y);
5290 if (op_ret < 0) {
5291 if (op_ret == -ENOENT) {
5292 op_ret = -ERR_NO_SUCH_BUCKET;
5293 }
5294 return op_ret;
5295 }
5296
5297 /* This is the only place the bucket is set on src_object */
5298 s->src_object->set_bucket(src_bucket.get());
5299 return 0;
5300 }
5301
5302 int RGWCopyObj::verify_permission(optional_yield y)
5303 {
5304 RGWAccessControlPolicy src_acl(s->cct);
5305 boost::optional<Policy> src_policy;
5306
5307 /* get buckets info (source and dest) */
5308 if (s->local_source && source_zone.empty()) {
5309 s->src_object->set_atomic();
5310 s->src_object->set_prefetch_data();
5311
5312 rgw_placement_rule src_placement;
5313
5314 /* check source object permissions */
5315 op_ret = read_obj_policy(this, driver, s, src_bucket->get_info(), src_bucket->get_attrs(), &src_acl, &src_placement.storage_class,
5316 src_policy, src_bucket.get(), s->src_object.get(), y);
5317 if (op_ret < 0) {
5318 return op_ret;
5319 }
5320
5321 /* follow up on previous checks that required reading source object head */
5322 if (need_to_check_storage_class) {
5323 src_placement.inherit_from(src_bucket->get_placement_rule());
5324
5325 op_ret = check_storage_class(src_placement);
5326 if (op_ret < 0) {
5327 return op_ret;
5328 }
5329 }
5330
5331 /* admin request overrides permission checks */
5332 if (!s->auth.identity->is_admin_of(src_acl.get_owner().get_id())) {
5333 if (src_policy || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
5334 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, src_policy, s->iam_user_policies, s->session_policies);
5335 if (has_s3_existing_tag || has_s3_resource_tag)
5336 rgw_iam_add_objtags(this, s, s->src_object.get(), has_s3_existing_tag, has_s3_resource_tag);
5337
5338 ARN obj_arn(s->src_object->get_obj());
5339 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
5340 s->src_object->get_instance().empty() ?
5341 rgw::IAM::s3GetObject :
5342 rgw::IAM::s3GetObjectVersion,
5343 obj_arn);
5344 if (identity_policy_res == Effect::Deny) {
5345 return -EACCES;
5346 }
5347 auto e = Effect::Pass;
5348 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
5349 if (src_policy) {
5350 e = src_policy->eval(s->env, *s->auth.identity,
5351 s->src_object->get_instance().empty() ?
5352 rgw::IAM::s3GetObject :
5353 rgw::IAM::s3GetObjectVersion,
5354 obj_arn,
5355 princ_type);
5356 }
5357 if (e == Effect::Deny) {
5358 return -EACCES;
5359 }
5360 if (!s->session_policies.empty()) {
5361 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
5362 s->src_object->get_instance().empty() ?
5363 rgw::IAM::s3GetObject :
5364 rgw::IAM::s3GetObjectVersion,
5365 obj_arn);
5366 if (session_policy_res == Effect::Deny) {
5367 return -EACCES;
5368 }
5369 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
5370 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
5371 if ((session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) &&
5372 (session_policy_res != Effect::Allow || e != Effect::Allow)) {
5373 return -EACCES;
5374 }
5375 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
5376 //Intersection of session policy and identity policy plus bucket policy
5377 if ((session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) && e != Effect::Allow) {
5378 return -EACCES;
5379 }
5380 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
5381 if (session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) {
5382 return -EACCES;
5383 }
5384 }
5385 }
5386 if (identity_policy_res == Effect::Pass && e == Effect::Pass &&
5387 !src_acl.verify_permission(this, *s->auth.identity, s->perm_mask,
5388 RGW_PERM_READ)) {
5389 return -EACCES;
5390 }
5391 //remove src object tags as it may interfere with policy evaluation of destination obj
5392 if (has_s3_existing_tag || has_s3_resource_tag)
5393 rgw_iam_remove_objtags(this, s, s->src_object.get(), has_s3_existing_tag, has_s3_resource_tag);
5394
5395 } else if (!src_acl.verify_permission(this, *s->auth.identity,
5396 s->perm_mask,
5397 RGW_PERM_READ)) {
5398 return -EACCES;
5399 }
5400 }
5401 }
5402
5403 RGWAccessControlPolicy dest_bucket_policy(s->cct);
5404
5405 s->object->set_atomic();
5406
5407 /* check dest bucket permissions */
5408 op_ret = read_bucket_policy(this, driver, s, s->bucket->get_info(),
5409 s->bucket->get_attrs(),
5410 &dest_bucket_policy, s->bucket->get_key(), y);
5411 if (op_ret < 0) {
5412 return op_ret;
5413 }
5414 auto dest_iam_policy = get_iam_policy_from_attr(s->cct, s->bucket->get_attrs(), s->bucket->get_tenant());
5415 /* admin request overrides permission checks */
5416 if (! s->auth.identity->is_admin_of(dest_policy.get_owner().get_id())){
5417 if (dest_iam_policy != boost::none || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
5418 //Add destination bucket tags for authorization
5419 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, dest_iam_policy, s->iam_user_policies, s->session_policies);
5420 if (has_s3_resource_tag)
5421 rgw_iam_add_buckettags(this, s, s->bucket.get());
5422
5423 rgw_add_to_iam_environment(s->env, "s3:x-amz-copy-source", copy_source);
5424 if (md_directive)
5425 rgw_add_to_iam_environment(s->env, "s3:x-amz-metadata-directive",
5426 *md_directive);
5427
5428 ARN obj_arn(s->object->get_obj());
5429 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies,
5430 s->env,
5431 rgw::IAM::s3PutObject,
5432 obj_arn);
5433 if (identity_policy_res == Effect::Deny) {
5434 return -EACCES;
5435 }
5436 auto e = Effect::Pass;
5437 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
5438 if (dest_iam_policy) {
5439 e = dest_iam_policy->eval(s->env, *s->auth.identity,
5440 rgw::IAM::s3PutObject,
5441 obj_arn,
5442 princ_type);
5443 }
5444 if (e == Effect::Deny) {
5445 return -EACCES;
5446 }
5447 if (!s->session_policies.empty()) {
5448 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
5449 rgw::IAM::s3PutObject, obj_arn);
5450 if (session_policy_res == Effect::Deny) {
5451 return false;
5452 }
5453 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
5454 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
5455 if ((session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) &&
5456 (session_policy_res != Effect::Allow || e == Effect::Allow)) {
5457 return -EACCES;
5458 }
5459 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
5460 //Intersection of session policy and identity policy plus bucket policy
5461 if ((session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) && e != Effect::Allow) {
5462 return -EACCES;
5463 }
5464 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
5465 if (session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) {
5466 return -EACCES;
5467 }
5468 }
5469 }
5470 if (identity_policy_res == Effect::Pass && e == Effect::Pass &&
5471 ! dest_bucket_policy.verify_permission(this,
5472 *s->auth.identity,
5473 s->perm_mask,
5474 RGW_PERM_WRITE)){
5475 return -EACCES;
5476 }
5477 } else if (! dest_bucket_policy.verify_permission(this, *s->auth.identity, s->perm_mask,
5478 RGW_PERM_WRITE)) {
5479 return -EACCES;
5480 }
5481
5482 }
5483
5484 op_ret = init_dest_policy();
5485 if (op_ret < 0) {
5486 return op_ret;
5487 }
5488
5489 return 0;
5490 }
5491
5492
5493 int RGWCopyObj::init_common()
5494 {
5495 if (if_mod) {
5496 if (parse_time(if_mod, &mod_time) < 0) {
5497 op_ret = -EINVAL;
5498 return op_ret;
5499 }
5500 mod_ptr = &mod_time;
5501 }
5502
5503 if (if_unmod) {
5504 if (parse_time(if_unmod, &unmod_time) < 0) {
5505 op_ret = -EINVAL;
5506 return op_ret;
5507 }
5508 unmod_ptr = &unmod_time;
5509 }
5510
5511 bufferlist aclbl;
5512 dest_policy.encode(aclbl);
5513 emplace_attr(RGW_ATTR_ACL, std::move(aclbl));
5514
5515 op_ret = rgw_get_request_metadata(this, s->cct, s->info, attrs);
5516 if (op_ret < 0) {
5517 return op_ret;
5518 }
5519 populate_with_generic_attrs(s, attrs);
5520
5521 return 0;
5522 }
5523
5524 static void copy_obj_progress_cb(off_t ofs, void *param)
5525 {
5526 RGWCopyObj *op = static_cast<RGWCopyObj *>(param);
5527 op->progress_cb(ofs);
5528 }
5529
5530 void RGWCopyObj::progress_cb(off_t ofs)
5531 {
5532 if (!s->cct->_conf->rgw_copy_obj_progress)
5533 return;
5534
5535 if (ofs - last_ofs <
5536 static_cast<off_t>(s->cct->_conf->rgw_copy_obj_progress_every_bytes)) {
5537 return;
5538 }
5539
5540 send_partial_response(ofs);
5541
5542 last_ofs = ofs;
5543 }
5544
5545 void RGWCopyObj::pre_exec()
5546 {
5547 rgw_bucket_object_pre_exec(s);
5548 }
5549
5550 void RGWCopyObj::execute(optional_yield y)
5551 {
5552 if (init_common() < 0)
5553 return;
5554
5555 // make reservation for notification if needed
5556 std::unique_ptr<rgw::sal::Notification> res
5557 = driver->get_notification(
5558 s->object.get(), s->src_object.get(),
5559 s, rgw::notify::ObjectCreatedCopy, y);
5560 op_ret = res->publish_reserve(this);
5561 if (op_ret < 0) {
5562 return;
5563 }
5564
5565 if ( ! version_id.empty()) {
5566 s->object->set_instance(version_id);
5567 } else if (s->bucket->versioning_enabled()) {
5568 s->object->gen_rand_obj_instance_name();
5569 }
5570
5571 s->src_object->set_atomic();
5572 s->object->set_atomic();
5573
5574 encode_delete_at_attr(delete_at, attrs);
5575
5576 if (obj_retention) {
5577 bufferlist obj_retention_bl;
5578 obj_retention->encode(obj_retention_bl);
5579 emplace_attr(RGW_ATTR_OBJECT_RETENTION, std::move(obj_retention_bl));
5580 }
5581 if (obj_legal_hold) {
5582 bufferlist obj_legal_hold_bl;
5583 obj_legal_hold->encode(obj_legal_hold_bl);
5584 emplace_attr(RGW_ATTR_OBJECT_LEGAL_HOLD, std::move(obj_legal_hold_bl));
5585 }
5586
5587 uint64_t obj_size = 0;
5588 {
5589 // get src object size (cached in obj_ctx from verify_permission())
5590 RGWObjState* astate = nullptr;
5591 op_ret = s->src_object->get_obj_state(this, &astate, s->yield, true);
5592 if (op_ret < 0) {
5593 return;
5594 }
5595
5596 /* Check if the src object is cloud-tiered */
5597 bufferlist bl;
5598 if (astate->get_attr(RGW_ATTR_MANIFEST, bl)) {
5599 RGWObjManifest m;
5600 try{
5601 decode(m, bl);
5602 if (m.get_tier_type() == "cloud-s3") {
5603 op_ret = -ERR_INVALID_OBJECT_STATE;
5604 s->err.message = "This object was transitioned to cloud-s3";
5605 ldpp_dout(this, 4) << "Cannot copy cloud tiered object. Failing with "
5606 << op_ret << dendl;
5607 return;
5608 }
5609 } catch (const buffer::end_of_buffer&) {
5610 // ignore empty manifest; it's not cloud-tiered
5611 } catch (const std::exception& e) {
5612 ldpp_dout(this, 1) << "WARNING: failed to decode object manifest for "
5613 << *s->object << ": " << e.what() << dendl;
5614 }
5615 }
5616
5617 obj_size = astate->size;
5618
5619 if (!s->system_request) { // no quota enforcement for system requests
5620 if (astate->accounted_size > static_cast<size_t>(s->cct->_conf->rgw_max_put_size)) {
5621 op_ret = -ERR_TOO_LARGE;
5622 return;
5623 }
5624 // enforce quota against the destination bucket owner
5625 op_ret = s->bucket->check_quota(this, quota, astate->accounted_size, y);
5626 if (op_ret < 0) {
5627 return;
5628 }
5629 }
5630 }
5631
5632 bool high_precision_time = (s->system_request);
5633
5634 /* Handle object versioning of Swift API. In case of copying to remote this
5635 * should fail gently (op_ret == 0) as the dst_obj will not exist here. */
5636 op_ret = s->object->swift_versioning_copy(this, s->yield);
5637 if (op_ret < 0) {
5638 return;
5639 }
5640
5641 op_ret = s->src_object->copy_object(s->user.get(),
5642 &s->info,
5643 source_zone,
5644 s->object.get(),
5645 s->bucket.get(),
5646 src_bucket.get(),
5647 s->dest_placement,
5648 &src_mtime,
5649 &mtime,
5650 mod_ptr,
5651 unmod_ptr,
5652 high_precision_time,
5653 if_match,
5654 if_nomatch,
5655 attrs_mod,
5656 copy_if_newer,
5657 attrs,
5658 RGWObjCategory::Main,
5659 olh_epoch,
5660 delete_at,
5661 (version_id.empty() ? NULL : &version_id),
5662 &s->req_id, /* use req_id as tag */
5663 &etag,
5664 copy_obj_progress_cb, (void *)this,
5665 this,
5666 s->yield);
5667
5668 // send request to notification manager
5669 int ret = res->publish_commit(this, obj_size, mtime, etag, s->object->get_instance());
5670 if (ret < 0) {
5671 ldpp_dout(this, 1) << "ERROR: publishing notification failed, with error: " << ret << dendl;
5672 // too late to rollback operation, hence op_ret is not set here
5673 }
5674 }
5675
5676 int RGWGetACLs::verify_permission(optional_yield y)
5677 {
5678 bool perm;
5679 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
5680 if (!rgw::sal::Object::empty(s->object.get())) {
5681 auto iam_action = s->object->get_instance().empty() ?
5682 rgw::IAM::s3GetObjectAcl :
5683 rgw::IAM::s3GetObjectVersionAcl;
5684 if (has_s3_existing_tag || has_s3_resource_tag)
5685 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
5686 perm = verify_object_permission(this, s, iam_action);
5687 } else {
5688 if (!s->bucket_exists) {
5689 return -ERR_NO_SUCH_BUCKET;
5690 }
5691 if (has_s3_resource_tag)
5692 rgw_iam_add_buckettags(this, s);
5693 perm = verify_bucket_permission(this, s, rgw::IAM::s3GetBucketAcl);
5694 }
5695 if (!perm)
5696 return -EACCES;
5697
5698 return 0;
5699 }
5700
5701 void RGWGetACLs::pre_exec()
5702 {
5703 rgw_bucket_object_pre_exec(s);
5704 }
5705
5706 void RGWGetACLs::execute(optional_yield y)
5707 {
5708 stringstream ss;
5709 RGWAccessControlPolicy* const acl = \
5710 (!rgw::sal::Object::empty(s->object.get()) ? s->object_acl.get() : s->bucket_acl.get());
5711 RGWAccessControlPolicy_S3* const s3policy = \
5712 static_cast<RGWAccessControlPolicy_S3*>(acl);
5713 s3policy->to_xml(ss);
5714 acls = ss.str();
5715 }
5716
5717
5718
5719 int RGWPutACLs::verify_permission(optional_yield y)
5720 {
5721 bool perm;
5722
5723 rgw_add_to_iam_environment(s->env, "s3:x-amz-acl", s->canned_acl);
5724
5725 rgw_add_grant_to_iam_environment(s->env, s);
5726 if (!rgw::sal::Object::empty(s->object.get())) {
5727 auto iam_action = s->object->get_instance().empty() ? rgw::IAM::s3PutObjectAcl : rgw::IAM::s3PutObjectVersionAcl;
5728 op_ret = rgw_iam_add_objtags(this, s, true, true);
5729 perm = verify_object_permission(this, s, iam_action);
5730 } else {
5731 op_ret = rgw_iam_add_buckettags(this, s);
5732 perm = verify_bucket_permission(this, s, rgw::IAM::s3PutBucketAcl);
5733 }
5734 if (!perm)
5735 return -EACCES;
5736
5737 return 0;
5738 }
5739
5740 int RGWGetLC::verify_permission(optional_yield y)
5741 {
5742 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
5743 if (has_s3_resource_tag)
5744 rgw_iam_add_buckettags(this, s);
5745
5746 bool perm;
5747 perm = verify_bucket_permission(this, s, rgw::IAM::s3GetLifecycleConfiguration);
5748 if (!perm)
5749 return -EACCES;
5750
5751 return 0;
5752 }
5753
5754 int RGWPutLC::verify_permission(optional_yield y)
5755 {
5756 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
5757 if (has_s3_resource_tag)
5758 rgw_iam_add_buckettags(this, s);
5759
5760 bool perm;
5761 perm = verify_bucket_permission(this, s, rgw::IAM::s3PutLifecycleConfiguration);
5762 if (!perm)
5763 return -EACCES;
5764
5765 return 0;
5766 }
5767
5768 int RGWDeleteLC::verify_permission(optional_yield y)
5769 {
5770 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
5771 if (has_s3_resource_tag)
5772 rgw_iam_add_buckettags(this, s);
5773
5774 bool perm;
5775 perm = verify_bucket_permission(this, s, rgw::IAM::s3PutLifecycleConfiguration);
5776 if (!perm)
5777 return -EACCES;
5778
5779 return 0;
5780 }
5781
5782 void RGWPutACLs::pre_exec()
5783 {
5784 rgw_bucket_object_pre_exec(s);
5785 }
5786
5787 void RGWGetLC::pre_exec()
5788 {
5789 rgw_bucket_object_pre_exec(s);
5790 }
5791
5792 void RGWPutLC::pre_exec()
5793 {
5794 rgw_bucket_object_pre_exec(s);
5795 }
5796
5797 void RGWDeleteLC::pre_exec()
5798 {
5799 rgw_bucket_object_pre_exec(s);
5800 }
5801
5802 void RGWPutACLs::execute(optional_yield y)
5803 {
5804 bufferlist bl;
5805
5806 RGWAccessControlPolicy_S3 *policy = NULL;
5807 RGWACLXMLParser_S3 parser(s->cct);
5808 RGWAccessControlPolicy_S3 new_policy(s->cct);
5809 stringstream ss;
5810
5811 op_ret = 0; /* XXX redundant? */
5812
5813 if (!parser.init()) {
5814 op_ret = -EINVAL;
5815 return;
5816 }
5817
5818
5819 RGWAccessControlPolicy* const existing_policy = \
5820 (rgw::sal::Object::empty(s->object.get()) ? s->bucket_acl.get() : s->object_acl.get());
5821
5822 owner = existing_policy->get_owner();
5823
5824 op_ret = get_params(y);
5825 if (op_ret < 0) {
5826 if (op_ret == -ERANGE) {
5827 ldpp_dout(this, 4) << "The size of request xml data is larger than the max limitation, data size = "
5828 << s->length << dendl;
5829 op_ret = -ERR_MALFORMED_XML;
5830 s->err.message = "The XML you provided was larger than the maximum " +
5831 std::to_string(s->cct->_conf->rgw_max_put_param_size) +
5832 " bytes allowed.";
5833 }
5834 return;
5835 }
5836
5837 char* buf = data.c_str();
5838 ldpp_dout(this, 15) << "read len=" << data.length() << " data=" << (buf ? buf : "") << dendl;
5839
5840 if (!s->canned_acl.empty() && data.length() > 0) {
5841 op_ret = -EINVAL;
5842 return;
5843 }
5844
5845 if (!s->canned_acl.empty() || s->has_acl_header) {
5846 op_ret = get_policy_from_state(driver, s, ss);
5847 if (op_ret < 0)
5848 return;
5849
5850 data.clear();
5851 data.append(ss.str());
5852 }
5853
5854 if (!parser.parse(data.c_str(), data.length(), 1)) {
5855 op_ret = -EINVAL;
5856 return;
5857 }
5858 policy = static_cast<RGWAccessControlPolicy_S3 *>(parser.find_first("AccessControlPolicy"));
5859 if (!policy) {
5860 op_ret = -EINVAL;
5861 return;
5862 }
5863
5864 const RGWAccessControlList& req_acl = policy->get_acl();
5865 const multimap<string, ACLGrant>& req_grant_map = req_acl.get_grant_map();
5866 #define ACL_GRANTS_MAX_NUM 100
5867 int max_num = s->cct->_conf->rgw_acl_grants_max_num;
5868 if (max_num < 0) {
5869 max_num = ACL_GRANTS_MAX_NUM;
5870 }
5871
5872 int grants_num = req_grant_map.size();
5873 if (grants_num > max_num) {
5874 ldpp_dout(this, 4) << "An acl can have up to " << max_num
5875 << " grants, request acl grants num: " << grants_num << dendl;
5876 op_ret = -ERR_LIMIT_EXCEEDED;
5877 s->err.message = "The request is rejected, because the acl grants number you requested is larger than the maximum "
5878 + std::to_string(max_num)
5879 + " grants allowed in an acl.";
5880 return;
5881 }
5882
5883 // forward bucket acl requests to meta master zone
5884 if ((rgw::sal::Object::empty(s->object.get()))) {
5885 bufferlist in_data;
5886 // include acl data unless it was generated from a canned_acl
5887 if (s->canned_acl.empty()) {
5888 in_data.append(data);
5889 }
5890 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
5891 if (op_ret < 0) {
5892 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
5893 return;
5894 }
5895 }
5896
5897 if (s->cct->_conf->subsys.should_gather<ceph_subsys_rgw, 15>()) {
5898 ldpp_dout(this, 15) << "Old AccessControlPolicy";
5899 policy->to_xml(*_dout);
5900 *_dout << dendl;
5901 }
5902
5903 op_ret = policy->rebuild(this, driver, &owner, new_policy, s->err.message);
5904 if (op_ret < 0)
5905 return;
5906
5907 if (s->cct->_conf->subsys.should_gather<ceph_subsys_rgw, 15>()) {
5908 ldpp_dout(this, 15) << "New AccessControlPolicy:";
5909 new_policy.to_xml(*_dout);
5910 *_dout << dendl;
5911 }
5912
5913 if (s->bucket_access_conf &&
5914 s->bucket_access_conf->block_public_acls() &&
5915 new_policy.is_public(this)) {
5916 op_ret = -EACCES;
5917 return;
5918 }
5919 new_policy.encode(bl);
5920 map<string, bufferlist> attrs;
5921
5922 if (!rgw::sal::Object::empty(s->object.get())) {
5923 s->object->set_atomic();
5924 //if instance is empty, we should modify the latest object
5925 op_ret = s->object->modify_obj_attrs(RGW_ATTR_ACL, bl, s->yield, this);
5926 } else {
5927 map<string,bufferlist> attrs = s->bucket_attrs;
5928 attrs[RGW_ATTR_ACL] = bl;
5929 op_ret = s->bucket->merge_and_store_attrs(this, attrs, y);
5930 }
5931 if (op_ret == -ECANCELED) {
5932 op_ret = 0; /* lost a race, but it's ok because acls are immutable */
5933 }
5934 }
5935
5936 void RGWPutLC::execute(optional_yield y)
5937 {
5938 bufferlist bl;
5939
5940 RGWLifecycleConfiguration_S3 config(s->cct);
5941 RGWXMLParser parser;
5942 RGWLifecycleConfiguration_S3 new_config(s->cct);
5943
5944 // amazon says that Content-MD5 is required for this op specifically, but MD5
5945 // is not a security primitive and FIPS mode makes it difficult to use. if the
5946 // client provides the header we'll try to verify its checksum, but the header
5947 // itself is no longer required
5948 std::optional<std::string> content_md5_bin;
5949
5950 content_md5 = s->info.env->get("HTTP_CONTENT_MD5");
5951 if (content_md5 != nullptr) {
5952 try {
5953 content_md5_bin = rgw::from_base64(std::string_view(content_md5));
5954 } catch (...) {
5955 s->err.message = "Request header Content-MD5 contains character "
5956 "that is not base64 encoded.";
5957 ldpp_dout(this, 5) << s->err.message << dendl;
5958 op_ret = -ERR_BAD_DIGEST;
5959 return;
5960 }
5961 }
5962
5963 if (!parser.init()) {
5964 op_ret = -EINVAL;
5965 return;
5966 }
5967
5968 op_ret = get_params(y);
5969 if (op_ret < 0)
5970 return;
5971
5972 char* buf = data.c_str();
5973 ldpp_dout(this, 15) << "read len=" << data.length() << " data=" << (buf ? buf : "") << dendl;
5974
5975 if (content_md5_bin) {
5976 MD5 data_hash;
5977 // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
5978 data_hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
5979 unsigned char data_hash_res[CEPH_CRYPTO_MD5_DIGESTSIZE];
5980 data_hash.Update(reinterpret_cast<const unsigned char*>(buf), data.length());
5981 data_hash.Final(data_hash_res);
5982
5983 if (memcmp(data_hash_res, content_md5_bin->c_str(), CEPH_CRYPTO_MD5_DIGESTSIZE) != 0) {
5984 op_ret = -ERR_BAD_DIGEST;
5985 s->err.message = "The Content-MD5 you specified did not match what we received.";
5986 ldpp_dout(this, 5) << s->err.message
5987 << " Specified content md5: " << content_md5
5988 << ", calculated content md5: " << data_hash_res
5989 << dendl;
5990 return;
5991 }
5992 }
5993
5994 if (!parser.parse(buf, data.length(), 1)) {
5995 op_ret = -ERR_MALFORMED_XML;
5996 return;
5997 }
5998
5999 try {
6000 RGWXMLDecoder::decode_xml("LifecycleConfiguration", config, &parser);
6001 } catch (RGWXMLDecoder::err& err) {
6002 ldpp_dout(this, 5) << "Bad lifecycle configuration: " << err << dendl;
6003 op_ret = -ERR_MALFORMED_XML;
6004 return;
6005 }
6006
6007 op_ret = config.rebuild(new_config);
6008 if (op_ret < 0)
6009 return;
6010
6011 if (s->cct->_conf->subsys.should_gather<ceph_subsys_rgw, 15>()) {
6012 XMLFormatter xf;
6013 new_config.dump_xml(&xf);
6014 stringstream ss;
6015 xf.flush(ss);
6016 ldpp_dout(this, 15) << "New LifecycleConfiguration:" << ss.str() << dendl;
6017 }
6018
6019 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
6020 if (op_ret < 0) {
6021 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
6022 return;
6023 }
6024
6025 op_ret = driver->get_rgwlc()->set_bucket_config(s->bucket.get(), s->bucket_attrs, &new_config);
6026 if (op_ret < 0) {
6027 return;
6028 }
6029 return;
6030 }
6031
6032 void RGWDeleteLC::execute(optional_yield y)
6033 {
6034 bufferlist data;
6035 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
6036 if (op_ret < 0) {
6037 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
6038 return;
6039 }
6040
6041 op_ret = driver->get_rgwlc()->remove_bucket_config(s->bucket.get(), s->bucket_attrs);
6042 if (op_ret < 0) {
6043 return;
6044 }
6045 return;
6046 }
6047
6048 int RGWGetCORS::verify_permission(optional_yield y)
6049 {
6050 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
6051 if (has_s3_resource_tag)
6052 rgw_iam_add_buckettags(this, s);
6053
6054 return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketCORS);
6055 }
6056
6057 void RGWGetCORS::execute(optional_yield y)
6058 {
6059 op_ret = read_bucket_cors();
6060 if (op_ret < 0)
6061 return ;
6062
6063 if (!cors_exist) {
6064 ldpp_dout(this, 2) << "No CORS configuration set yet for this bucket" << dendl;
6065 op_ret = -ERR_NO_CORS_FOUND;
6066 return;
6067 }
6068 }
6069
6070 int RGWPutCORS::verify_permission(optional_yield y)
6071 {
6072 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
6073 if (has_s3_resource_tag)
6074 rgw_iam_add_buckettags(this, s);
6075
6076 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketCORS);
6077 }
6078
6079 void RGWPutCORS::execute(optional_yield y)
6080 {
6081 rgw_raw_obj obj;
6082
6083 op_ret = get_params(y);
6084 if (op_ret < 0)
6085 return;
6086
6087 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
6088 if (op_ret < 0) {
6089 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
6090 return;
6091 }
6092
6093 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
6094 rgw::sal::Attrs attrs(s->bucket_attrs);
6095 attrs[RGW_ATTR_CORS] = cors_bl;
6096 return s->bucket->merge_and_store_attrs(this, attrs, s->yield);
6097 });
6098 }
6099
6100 int RGWDeleteCORS::verify_permission(optional_yield y)
6101 {
6102 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
6103 if (has_s3_resource_tag)
6104 rgw_iam_add_buckettags(this, s);
6105
6106 // No separate delete permission
6107 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketCORS);
6108 }
6109
6110 void RGWDeleteCORS::execute(optional_yield y)
6111 {
6112 bufferlist data;
6113 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
6114 if (op_ret < 0) {
6115 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
6116 return;
6117 }
6118
6119 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
6120 op_ret = read_bucket_cors();
6121 if (op_ret < 0)
6122 return op_ret;
6123
6124 if (!cors_exist) {
6125 ldpp_dout(this, 2) << "No CORS configuration set yet for this bucket" << dendl;
6126 op_ret = -ENOENT;
6127 return op_ret;
6128 }
6129
6130 rgw::sal::Attrs attrs(s->bucket_attrs);
6131 attrs.erase(RGW_ATTR_CORS);
6132 op_ret = s->bucket->merge_and_store_attrs(this, attrs, s->yield);
6133 if (op_ret < 0) {
6134 ldpp_dout(this, 0) << "RGWLC::RGWDeleteCORS() failed to set attrs on bucket=" << s->bucket->get_name()
6135 << " returned err=" << op_ret << dendl;
6136 }
6137 return op_ret;
6138 });
6139 }
6140
6141 void RGWOptionsCORS::get_response_params(string& hdrs, string& exp_hdrs, unsigned *max_age) {
6142 get_cors_response_headers(this, rule, req_hdrs, hdrs, exp_hdrs, max_age);
6143 }
6144
6145 int RGWOptionsCORS::validate_cors_request(RGWCORSConfiguration *cc) {
6146 rule = cc->host_name_rule(origin);
6147 if (!rule) {
6148 ldpp_dout(this, 10) << "There is no cors rule present for " << origin << dendl;
6149 return -ENOENT;
6150 }
6151
6152 if (!validate_cors_rule_method(this, rule, req_meth)) {
6153 return -ENOENT;
6154 }
6155
6156 if (!validate_cors_rule_header(this, rule, req_hdrs)) {
6157 return -ENOENT;
6158 }
6159
6160 return 0;
6161 }
6162
6163 void RGWOptionsCORS::execute(optional_yield y)
6164 {
6165 op_ret = read_bucket_cors();
6166 if (op_ret < 0)
6167 return;
6168
6169 origin = s->info.env->get("HTTP_ORIGIN");
6170 if (!origin) {
6171 ldpp_dout(this, 0) << "Missing mandatory Origin header" << dendl;
6172 op_ret = -EINVAL;
6173 return;
6174 }
6175 req_meth = s->info.env->get("HTTP_ACCESS_CONTROL_REQUEST_METHOD");
6176 if (!req_meth) {
6177 ldpp_dout(this, 0) << "Missing mandatory Access-control-request-method header" << dendl;
6178 op_ret = -EINVAL;
6179 return;
6180 }
6181 if (!cors_exist) {
6182 ldpp_dout(this, 2) << "No CORS configuration set yet for this bucket" << dendl;
6183 op_ret = -ENOENT;
6184 return;
6185 }
6186 req_hdrs = s->info.env->get("HTTP_ACCESS_CONTROL_REQUEST_HEADERS");
6187 op_ret = validate_cors_request(&bucket_cors);
6188 if (!rule) {
6189 origin = req_meth = NULL;
6190 return;
6191 }
6192 return;
6193 }
6194
6195 int RGWGetRequestPayment::verify_permission(optional_yield y)
6196 {
6197 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
6198 if (has_s3_resource_tag)
6199 rgw_iam_add_buckettags(this, s);
6200
6201 return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketRequestPayment);
6202 }
6203
6204 void RGWGetRequestPayment::pre_exec()
6205 {
6206 rgw_bucket_object_pre_exec(s);
6207 }
6208
6209 void RGWGetRequestPayment::execute(optional_yield y)
6210 {
6211 requester_pays = s->bucket->get_info().requester_pays;
6212 }
6213
6214 int RGWSetRequestPayment::verify_permission(optional_yield y)
6215 {
6216 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
6217 if (has_s3_resource_tag)
6218 rgw_iam_add_buckettags(this, s);
6219
6220 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketRequestPayment);
6221 }
6222
6223 void RGWSetRequestPayment::pre_exec()
6224 {
6225 rgw_bucket_object_pre_exec(s);
6226 }
6227
6228 void RGWSetRequestPayment::execute(optional_yield y)
6229 {
6230
6231 op_ret = get_params(y);
6232 if (op_ret < 0)
6233 return;
6234
6235 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, in_data, nullptr, s->info, y);
6236 if (op_ret < 0) {
6237 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
6238 return;
6239 }
6240
6241 s->bucket->get_info().requester_pays = requester_pays;
6242 op_ret = s->bucket->put_info(this, false, real_time());
6243 if (op_ret < 0) {
6244 ldpp_dout(this, 0) << "NOTICE: put_bucket_info on bucket=" << s->bucket->get_name()
6245 << " returned err=" << op_ret << dendl;
6246 return;
6247 }
6248 s->bucket_attrs = s->bucket->get_attrs();
6249 }
6250
6251 int RGWInitMultipart::verify_permission(optional_yield y)
6252 {
6253 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
6254 if (has_s3_existing_tag || has_s3_resource_tag)
6255 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
6256
6257 // add server-side encryption headers
6258 rgw_iam_add_crypt_attrs(s->env, s->info.crypt_attribute_map);
6259
6260 if (s->iam_policy || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
6261 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
6262 rgw::IAM::s3PutObject,
6263 s->object->get_obj());
6264 if (identity_policy_res == Effect::Deny) {
6265 return -EACCES;
6266 }
6267
6268 rgw::IAM::Effect e = Effect::Pass;
6269 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
6270 ARN obj_arn(s->object->get_obj());
6271 if (s->iam_policy) {
6272 e = s->iam_policy->eval(s->env, *s->auth.identity,
6273 rgw::IAM::s3PutObject,
6274 obj_arn,
6275 princ_type);
6276 }
6277 if (e == Effect::Deny) {
6278 return -EACCES;
6279 }
6280
6281 if (!s->session_policies.empty()) {
6282 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
6283 rgw::IAM::s3PutObject,
6284 s->object->get_obj());
6285 if (session_policy_res == Effect::Deny) {
6286 return -EACCES;
6287 }
6288 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
6289 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
6290 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) ||
6291 (session_policy_res == Effect::Allow && e == Effect::Allow)) {
6292 return 0;
6293 }
6294 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
6295 //Intersection of session policy and identity policy plus bucket policy
6296 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) || e == Effect::Allow) {
6297 return 0;
6298 }
6299 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
6300 if (session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) {
6301 return 0;
6302 }
6303 }
6304 return -EACCES;
6305 }
6306 if (e == Effect::Allow || identity_policy_res == Effect::Allow) {
6307 return 0;
6308 }
6309 }
6310
6311 if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
6312 return -EACCES;
6313 }
6314
6315 return 0;
6316 }
6317
6318 void RGWInitMultipart::pre_exec()
6319 {
6320 rgw_bucket_object_pre_exec(s);
6321 }
6322
6323 void RGWInitMultipart::execute(optional_yield y)
6324 {
6325 multipart_trace = tracing::rgw::tracer.start_trace(tracing::rgw::MULTIPART, s->trace_enabled);
6326 bufferlist aclbl, tracebl;
6327 rgw::sal::Attrs attrs;
6328
6329 op_ret = get_params(y);
6330 if (op_ret < 0) {
6331 return;
6332 }
6333
6334 if (rgw::sal::Object::empty(s->object.get()))
6335 return;
6336
6337 if (multipart_trace) {
6338 tracing::encode(multipart_trace->GetContext(), tracebl);
6339 attrs[RGW_ATTR_TRACE] = tracebl;
6340 }
6341
6342 policy.encode(aclbl);
6343 attrs[RGW_ATTR_ACL] = aclbl;
6344
6345 populate_with_generic_attrs(s, attrs);
6346
6347 /* select encryption mode */
6348 op_ret = prepare_encryption(attrs);
6349 if (op_ret != 0)
6350 return;
6351
6352 op_ret = rgw_get_request_metadata(this, s->cct, s->info, attrs);
6353 if (op_ret < 0) {
6354 return;
6355 }
6356
6357 std::unique_ptr<rgw::sal::MultipartUpload> upload;
6358 upload = s->bucket->get_multipart_upload(s->object->get_name(),
6359 upload_id);
6360 op_ret = upload->init(this, s->yield, s->owner, s->dest_placement, attrs);
6361
6362 if (op_ret == 0) {
6363 upload_id = upload->get_upload_id();
6364 }
6365 s->trace->SetAttribute(tracing::rgw::UPLOAD_ID, upload_id);
6366 multipart_trace->UpdateName(tracing::rgw::MULTIPART + upload_id);
6367
6368 }
6369
6370 int RGWCompleteMultipart::verify_permission(optional_yield y)
6371 {
6372 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
6373 if (has_s3_existing_tag || has_s3_resource_tag)
6374 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
6375
6376 // add server-side encryption headers
6377 rgw_iam_add_crypt_attrs(s->env, s->info.crypt_attribute_map);
6378
6379 if (s->iam_policy || ! s->iam_user_policies.empty() || ! s->session_policies.empty()) {
6380 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
6381 rgw::IAM::s3PutObject,
6382 s->object->get_obj());
6383 if (identity_policy_res == Effect::Deny) {
6384 return -EACCES;
6385 }
6386
6387 rgw::IAM::Effect e = Effect::Pass;
6388 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
6389 rgw::ARN obj_arn(s->object->get_obj());
6390 if (s->iam_policy) {
6391 e = s->iam_policy->eval(s->env, *s->auth.identity,
6392 rgw::IAM::s3PutObject,
6393 obj_arn,
6394 princ_type);
6395 }
6396 if (e == Effect::Deny) {
6397 return -EACCES;
6398 }
6399
6400 if (!s->session_policies.empty()) {
6401 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
6402 rgw::IAM::s3PutObject,
6403 s->object->get_obj());
6404 if (session_policy_res == Effect::Deny) {
6405 return -EACCES;
6406 }
6407 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
6408 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
6409 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) ||
6410 (session_policy_res == Effect::Allow && e == Effect::Allow)) {
6411 return 0;
6412 }
6413 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
6414 //Intersection of session policy and identity policy plus bucket policy
6415 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) || e == Effect::Allow) {
6416 return 0;
6417 }
6418 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
6419 if (session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) {
6420 return 0;
6421 }
6422 }
6423 return -EACCES;
6424 }
6425 if (e == Effect::Allow || identity_policy_res == Effect::Allow) {
6426 return 0;
6427 }
6428 }
6429
6430 if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
6431 return -EACCES;
6432 }
6433
6434 return 0;
6435 }
6436
6437 void RGWCompleteMultipart::pre_exec()
6438 {
6439 rgw_bucket_object_pre_exec(s);
6440 }
6441
6442 void RGWCompleteMultipart::execute(optional_yield y)
6443 {
6444 RGWMultiCompleteUpload *parts;
6445 RGWMultiXMLParser parser;
6446 std::unique_ptr<rgw::sal::MultipartUpload> upload;
6447 off_t ofs = 0;
6448 std::unique_ptr<rgw::sal::Object> meta_obj;
6449 std::unique_ptr<rgw::sal::Object> target_obj;
6450 uint64_t olh_epoch = 0;
6451
6452 op_ret = get_params(y);
6453 if (op_ret < 0)
6454 return;
6455 op_ret = get_system_versioning_params(s, &olh_epoch, &version_id);
6456 if (op_ret < 0) {
6457 return;
6458 }
6459
6460 if (!data.length()) {
6461 op_ret = -ERR_MALFORMED_XML;
6462 return;
6463 }
6464
6465 if (!parser.init()) {
6466 op_ret = -EIO;
6467 return;
6468 }
6469
6470 if (!parser.parse(data.c_str(), data.length(), 1)) {
6471 op_ret = -ERR_MALFORMED_XML;
6472 return;
6473 }
6474
6475 parts = static_cast<RGWMultiCompleteUpload *>(parser.find_first("CompleteMultipartUpload"));
6476 if (!parts || parts->parts.empty()) {
6477 // CompletedMultipartUpload is incorrect but some versions of some libraries use it, see PR #41700
6478 parts = static_cast<RGWMultiCompleteUpload *>(parser.find_first("CompletedMultipartUpload"));
6479 }
6480
6481 if (!parts || parts->parts.empty()) {
6482 op_ret = -ERR_MALFORMED_XML;
6483 return;
6484 }
6485
6486
6487 if ((int)parts->parts.size() >
6488 s->cct->_conf->rgw_multipart_part_upload_limit) {
6489 op_ret = -ERANGE;
6490 return;
6491 }
6492
6493 upload = s->bucket->get_multipart_upload(s->object->get_name(), upload_id);
6494
6495 RGWCompressionInfo cs_info;
6496 bool compressed = false;
6497 uint64_t accounted_size = 0;
6498
6499 list<rgw_obj_index_key> remove_objs; /* objects to be removed from index listing */
6500
6501 meta_obj = upload->get_meta_obj();
6502 meta_obj->set_in_extra_data(true);
6503 meta_obj->set_hash_source(s->object->get_name());
6504
6505 /*take a cls lock on meta_obj to prevent racing completions (or retries)
6506 from deleting the parts*/
6507 int max_lock_secs_mp =
6508 s->cct->_conf.get_val<int64_t>("rgw_mp_lock_max_time");
6509 utime_t dur(max_lock_secs_mp, 0);
6510
6511 serializer = meta_obj->get_serializer(this, "RGWCompleteMultipart");
6512 op_ret = serializer->try_lock(this, dur, y);
6513 if (op_ret < 0) {
6514 ldpp_dout(this, 0) << "failed to acquire lock" << dendl;
6515 if (op_ret == -ENOENT && check_previously_completed(parts)) {
6516 ldpp_dout(this, 1) << "NOTICE: This multipart completion is already completed" << dendl;
6517 op_ret = 0;
6518 return;
6519 }
6520 op_ret = -ERR_INTERNAL_ERROR;
6521 s->err.message = "This multipart completion is already in progress";
6522 return;
6523 }
6524
6525 op_ret = meta_obj->get_obj_attrs(s->yield, this);
6526 if (op_ret < 0) {
6527 ldpp_dout(this, 0) << "ERROR: failed to get obj attrs, obj=" << meta_obj
6528 << " ret=" << op_ret << dendl;
6529 return;
6530 }
6531 s->trace->SetAttribute(tracing::rgw::UPLOAD_ID, upload_id);
6532 jspan_context trace_ctx(false, false);
6533 extract_span_context(meta_obj->get_attrs(), trace_ctx);
6534 multipart_trace = tracing::rgw::tracer.add_span(name(), trace_ctx);
6535
6536
6537 // make reservation for notification if needed
6538 std::unique_ptr<rgw::sal::Notification> res
6539 = driver->get_notification(meta_obj.get(), nullptr, s, rgw::notify::ObjectCreatedCompleteMultipartUpload, y, &s->object->get_name());
6540 op_ret = res->publish_reserve(this);
6541 if (op_ret < 0) {
6542 return;
6543 }
6544
6545 target_obj = s->bucket->get_object(rgw_obj_key(s->object->get_name()));
6546 if (s->bucket->versioning_enabled()) {
6547 if (!version_id.empty()) {
6548 target_obj->set_instance(version_id);
6549 } else {
6550 target_obj->gen_rand_obj_instance_name();
6551 version_id = target_obj->get_instance();
6552 }
6553 }
6554 target_obj->set_attrs(meta_obj->get_attrs());
6555
6556 op_ret = upload->complete(this, y, s->cct, parts->parts, remove_objs, accounted_size, compressed, cs_info, ofs, s->req_id, s->owner, olh_epoch, target_obj.get());
6557 if (op_ret < 0) {
6558 ldpp_dout(this, 0) << "ERROR: upload complete failed ret=" << op_ret << dendl;
6559 return;
6560 }
6561
6562 // remove the upload meta object ; the meta object is not versioned
6563 // when the bucket is, as that would add an unneeded delete marker
6564 int r = meta_obj->delete_object(this, y, true /* prevent versioning */);
6565 if (r >= 0) {
6566 /* serializer's exclusive lock is released */
6567 serializer->clear_locked();
6568 } else {
6569 ldpp_dout(this, 0) << "WARNING: failed to remove object " << meta_obj << dendl;
6570 }
6571
6572 // send request to notification manager
6573 int ret = res->publish_commit(this, ofs, upload->get_mtime(), etag, target_obj->get_instance());
6574 if (ret < 0) {
6575 ldpp_dout(this, 1) << "ERROR: publishing notification failed, with error: " << ret << dendl;
6576 // too late to rollback operation, hence op_ret is not set here
6577 }
6578 } // RGWCompleteMultipart::execute
6579
6580 bool RGWCompleteMultipart::check_previously_completed(const RGWMultiCompleteUpload* parts)
6581 {
6582 // re-calculate the etag from the parts and compare to the existing object
6583 int ret = s->object->get_obj_attrs(s->yield, this);
6584 if (ret < 0) {
6585 ldpp_dout(this, 0) << __func__ << "() ERROR: get_obj_attrs() returned ret=" << ret << dendl;
6586 return false;
6587 }
6588 rgw::sal::Attrs sattrs = s->object->get_attrs();
6589 string oetag = sattrs[RGW_ATTR_ETAG].to_str();
6590
6591 MD5 hash;
6592 // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
6593 hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
6594 for (const auto& [index, part] : parts->parts) {
6595 std::string partetag = rgw_string_unquote(part);
6596 char petag[CEPH_CRYPTO_MD5_DIGESTSIZE];
6597 hex_to_buf(partetag.c_str(), petag, CEPH_CRYPTO_MD5_DIGESTSIZE);
6598 hash.Update((const unsigned char *)petag, sizeof(petag));
6599 ldpp_dout(this, 20) << __func__ << "() re-calculating multipart etag: part: "
6600 << index << ", etag: " << partetag << dendl;
6601 }
6602
6603 unsigned char final_etag[CEPH_CRYPTO_MD5_DIGESTSIZE];
6604 char final_etag_str[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 16];
6605 hash.Final(final_etag);
6606 buf_to_hex(final_etag, CEPH_CRYPTO_MD5_DIGESTSIZE, final_etag_str);
6607 snprintf(&final_etag_str[CEPH_CRYPTO_MD5_DIGESTSIZE * 2], sizeof(final_etag_str) - CEPH_CRYPTO_MD5_DIGESTSIZE * 2,
6608 "-%lld", (long long)parts->parts.size());
6609
6610 if (oetag.compare(final_etag_str) != 0) {
6611 ldpp_dout(this, 1) << __func__ << "() NOTICE: etag mismatch: object etag:"
6612 << oetag << ", re-calculated etag:" << final_etag_str << dendl;
6613 return false;
6614 }
6615 ldpp_dout(this, 5) << __func__ << "() object etag and re-calculated etag match, etag: " << oetag << dendl;
6616 return true;
6617 }
6618
6619 void RGWCompleteMultipart::complete()
6620 {
6621 /* release exclusive lock iff not already */
6622 if (unlikely(serializer.get() && serializer->is_locked())) {
6623 int r = serializer->unlock();
6624 if (r < 0) {
6625 ldpp_dout(this, 0) << "WARNING: failed to unlock " << *serializer.get() << dendl;
6626 }
6627 }
6628
6629 etag = s->object->get_attrs()[RGW_ATTR_ETAG].to_str();
6630
6631 send_response();
6632 }
6633
6634 int RGWAbortMultipart::verify_permission(optional_yield y)
6635 {
6636 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
6637 if (has_s3_existing_tag || has_s3_resource_tag)
6638 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
6639
6640 if (s->iam_policy || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
6641 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
6642 rgw::IAM::s3AbortMultipartUpload,
6643 s->object->get_obj());
6644 if (identity_policy_res == Effect::Deny) {
6645 return -EACCES;
6646 }
6647
6648 rgw::IAM::Effect e = Effect::Pass;
6649 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
6650 ARN obj_arn(s->object->get_obj());
6651 if (s->iam_policy) {
6652 e = s->iam_policy->eval(s->env, *s->auth.identity,
6653 rgw::IAM::s3AbortMultipartUpload,
6654 obj_arn, princ_type);
6655 }
6656
6657 if (e == Effect::Deny) {
6658 return -EACCES;
6659 }
6660
6661 if (!s->session_policies.empty()) {
6662 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
6663 rgw::IAM::s3PutObject,
6664 s->object->get_obj());
6665 if (session_policy_res == Effect::Deny) {
6666 return -EACCES;
6667 }
6668 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
6669 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
6670 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) ||
6671 (session_policy_res == Effect::Allow && e == Effect::Allow)) {
6672 return 0;
6673 }
6674 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
6675 //Intersection of session policy and identity policy plus bucket policy
6676 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) || e == Effect::Allow) {
6677 return 0;
6678 }
6679 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
6680 if (session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) {
6681 return 0;
6682 }
6683 }
6684 return -EACCES;
6685 }
6686 if (e == Effect::Allow || identity_policy_res == Effect::Allow) {
6687 return 0;
6688 }
6689 }
6690
6691 if (!verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE)) {
6692 return -EACCES;
6693 }
6694
6695 return 0;
6696 }
6697
6698 void RGWAbortMultipart::pre_exec()
6699 {
6700 rgw_bucket_object_pre_exec(s);
6701 }
6702
6703 void RGWAbortMultipart::execute(optional_yield y)
6704 {
6705 op_ret = -EINVAL;
6706 string upload_id;
6707 upload_id = s->info.args.get("uploadId");
6708 std::unique_ptr<rgw::sal::Object> meta_obj;
6709 std::unique_ptr<rgw::sal::MultipartUpload> upload;
6710
6711 if (upload_id.empty() || rgw::sal::Object::empty(s->object.get()))
6712 return;
6713
6714 upload = s->bucket->get_multipart_upload(s->object->get_name(), upload_id);
6715 jspan_context trace_ctx(false, false);
6716 if (tracing::rgw::tracer.is_enabled()) {
6717 // read meta object attributes for trace info
6718 meta_obj = upload->get_meta_obj();
6719 meta_obj->set_in_extra_data(true);
6720 meta_obj->get_obj_attrs(s->yield, this);
6721 extract_span_context(meta_obj->get_attrs(), trace_ctx);
6722 }
6723 multipart_trace = tracing::rgw::tracer.add_span(name(), trace_ctx);
6724
6725 op_ret = upload->abort(this, s->cct);
6726 }
6727
6728 int RGWListMultipart::verify_permission(optional_yield y)
6729 {
6730 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
6731 if (has_s3_existing_tag || has_s3_resource_tag)
6732 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
6733
6734 if (!verify_object_permission(this, s, rgw::IAM::s3ListMultipartUploadParts))
6735 return -EACCES;
6736
6737 return 0;
6738 }
6739
6740 void RGWListMultipart::pre_exec()
6741 {
6742 rgw_bucket_object_pre_exec(s);
6743 }
6744
6745 void RGWListMultipart::execute(optional_yield y)
6746 {
6747 op_ret = get_params(y);
6748 if (op_ret < 0)
6749 return;
6750
6751 upload = s->bucket->get_multipart_upload(s->object->get_name(), upload_id);
6752
6753 rgw::sal::Attrs attrs;
6754 op_ret = upload->get_info(this, s->yield, &placement, &attrs);
6755 /* decode policy */
6756 map<string, bufferlist>::iterator iter = attrs.find(RGW_ATTR_ACL);
6757 if (iter != attrs.end()) {
6758 auto bliter = iter->second.cbegin();
6759 try {
6760 policy.decode(bliter);
6761 } catch (buffer::error& err) {
6762 ldpp_dout(this, 0) << "ERROR: could not decode policy, caught buffer::error" << dendl;
6763 op_ret = -EIO;
6764 }
6765 }
6766 if (op_ret < 0)
6767 return;
6768
6769 op_ret = upload->list_parts(this, s->cct, max_parts, marker, NULL, &truncated);
6770 }
6771
6772 int RGWListBucketMultiparts::verify_permission(optional_yield y)
6773 {
6774 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
6775 if (has_s3_resource_tag)
6776 rgw_iam_add_buckettags(this, s);
6777
6778 if (!verify_bucket_permission(this,
6779 s,
6780 rgw::IAM::s3ListBucketMultipartUploads))
6781 return -EACCES;
6782
6783 return 0;
6784 }
6785
6786 void RGWListBucketMultiparts::pre_exec()
6787 {
6788 rgw_bucket_object_pre_exec(s);
6789 }
6790
6791 void RGWListBucketMultiparts::execute(optional_yield y)
6792 {
6793 op_ret = get_params(y);
6794 if (op_ret < 0)
6795 return;
6796
6797 if (s->prot_flags & RGW_REST_SWIFT) {
6798 string path_args;
6799 path_args = s->info.args.get("path");
6800 if (!path_args.empty()) {
6801 if (!delimiter.empty() || !prefix.empty()) {
6802 op_ret = -EINVAL;
6803 return;
6804 }
6805 prefix = path_args;
6806 delimiter="/";
6807 }
6808 }
6809
6810 op_ret = s->bucket->list_multiparts(this, prefix, marker_meta,
6811 delimiter, max_uploads, uploads,
6812 &common_prefixes, &is_truncated);
6813 if (op_ret < 0) {
6814 return;
6815 }
6816
6817 if (!uploads.empty()) {
6818 next_marker_key = uploads.back()->get_key();
6819 next_marker_upload_id = uploads.back()->get_upload_id();
6820 }
6821 }
6822
6823 void RGWGetHealthCheck::execute(optional_yield y)
6824 {
6825 if (!g_conf()->rgw_healthcheck_disabling_path.empty() &&
6826 (::access(g_conf()->rgw_healthcheck_disabling_path.c_str(), F_OK) == 0)) {
6827 /* Disabling path specified & existent in the filesystem. */
6828 op_ret = -ERR_SERVICE_UNAVAILABLE; /* 503 */
6829 } else {
6830 op_ret = 0; /* 200 OK */
6831 }
6832 }
6833
6834 int RGWDeleteMultiObj::verify_permission(optional_yield y)
6835 {
6836 int op_ret = get_params(y);
6837 if (op_ret) {
6838 return op_ret;
6839 }
6840
6841 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
6842 if (has_s3_existing_tag || has_s3_resource_tag)
6843 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
6844
6845 if (s->iam_policy || ! s->iam_user_policies.empty() || ! s->session_policies.empty()) {
6846 if (s->bucket->get_info().obj_lock_enabled() && bypass_governance_mode) {
6847 ARN bucket_arn(s->bucket->get_key());
6848 auto r = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
6849 rgw::IAM::s3BypassGovernanceRetention, ARN(s->bucket->get_key()));
6850 if (r == Effect::Deny) {
6851 bypass_perm = false;
6852 } else if (r == Effect::Pass && s->iam_policy) {
6853 r = s->iam_policy->eval(s->env, *s->auth.identity, rgw::IAM::s3BypassGovernanceRetention,
6854 bucket_arn);
6855 if (r == Effect::Deny) {
6856 bypass_perm = false;
6857 }
6858 } else if (r == Effect::Pass && !s->session_policies.empty()) {
6859 r = eval_identity_or_session_policies(this, s->session_policies, s->env,
6860 rgw::IAM::s3BypassGovernanceRetention, ARN(s->bucket->get_key()));
6861 if (r == Effect::Deny) {
6862 bypass_perm = false;
6863 }
6864 }
6865 }
6866
6867 bool not_versioned = rgw::sal::Object::empty(s->object.get()) || s->object->get_instance().empty();
6868
6869 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
6870 not_versioned ?
6871 rgw::IAM::s3DeleteObject :
6872 rgw::IAM::s3DeleteObjectVersion,
6873 ARN(s->bucket->get_key()));
6874 if (identity_policy_res == Effect::Deny) {
6875 return -EACCES;
6876 }
6877
6878 rgw::IAM::Effect r = Effect::Pass;
6879 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
6880 rgw::ARN bucket_arn(s->bucket->get_key());
6881 if (s->iam_policy) {
6882 r = s->iam_policy->eval(s->env, *s->auth.identity,
6883 not_versioned ?
6884 rgw::IAM::s3DeleteObject :
6885 rgw::IAM::s3DeleteObjectVersion,
6886 bucket_arn,
6887 princ_type);
6888 }
6889 if (r == Effect::Deny)
6890 return -EACCES;
6891
6892 if (!s->session_policies.empty()) {
6893 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
6894 not_versioned ?
6895 rgw::IAM::s3DeleteObject :
6896 rgw::IAM::s3DeleteObjectVersion,
6897 ARN(s->bucket->get_key()));
6898 if (session_policy_res == Effect::Deny) {
6899 return -EACCES;
6900 }
6901 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
6902 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
6903 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) ||
6904 (session_policy_res == Effect::Allow && r == Effect::Allow)) {
6905 return 0;
6906 }
6907 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
6908 //Intersection of session policy and identity policy plus bucket policy
6909 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) || r == Effect::Allow) {
6910 return 0;
6911 }
6912 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
6913 if (session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) {
6914 return 0;
6915 }
6916 }
6917 return -EACCES;
6918 }
6919 if (r == Effect::Allow || identity_policy_res == Effect::Allow)
6920 return 0;
6921 }
6922
6923 acl_allowed = verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE);
6924 if (!acl_allowed)
6925 return -EACCES;
6926
6927 return 0;
6928 }
6929
6930 void RGWDeleteMultiObj::pre_exec()
6931 {
6932 rgw_bucket_object_pre_exec(s);
6933 }
6934
6935 void RGWDeleteMultiObj::write_ops_log_entry(rgw_log_entry& entry) const {
6936 int num_err = 0;
6937 int num_ok = 0;
6938 for (auto iter = ops_log_entries.begin();
6939 iter != ops_log_entries.end();
6940 ++iter) {
6941 if (iter->error) {
6942 num_err++;
6943 } else {
6944 num_ok++;
6945 }
6946 }
6947 entry.delete_multi_obj_meta.num_err = num_err;
6948 entry.delete_multi_obj_meta.num_ok = num_ok;
6949 entry.delete_multi_obj_meta.objects = std::move(ops_log_entries);
6950 }
6951
6952 void RGWDeleteMultiObj::wait_flush(optional_yield y,
6953 boost::asio::deadline_timer *formatter_flush_cond,
6954 std::function<bool()> predicate)
6955 {
6956 if (y && formatter_flush_cond) {
6957 auto yc = y.get_yield_context();
6958 while (!predicate()) {
6959 boost::system::error_code error;
6960 formatter_flush_cond->async_wait(yc[error]);
6961 rgw_flush_formatter(s, s->formatter);
6962 }
6963 }
6964 }
6965
6966 void RGWDeleteMultiObj::handle_individual_object(const rgw_obj_key& o, optional_yield y,
6967 boost::asio::deadline_timer *formatter_flush_cond)
6968 {
6969 std::string version_id;
6970 std::unique_ptr<rgw::sal::Object> obj = bucket->get_object(o);
6971 if (s->iam_policy || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
6972 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
6973 o.instance.empty() ?
6974 rgw::IAM::s3DeleteObject :
6975 rgw::IAM::s3DeleteObjectVersion,
6976 ARN(obj->get_obj()));
6977 if (identity_policy_res == Effect::Deny) {
6978 send_partial_response(o, false, "", -EACCES, formatter_flush_cond);
6979 return;
6980 }
6981
6982 rgw::IAM::Effect e = Effect::Pass;
6983 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
6984 if (s->iam_policy) {
6985 ARN obj_arn(obj->get_obj());
6986 e = s->iam_policy->eval(s->env,
6987 *s->auth.identity,
6988 o.instance.empty() ?
6989 rgw::IAM::s3DeleteObject :
6990 rgw::IAM::s3DeleteObjectVersion,
6991 obj_arn,
6992 princ_type);
6993 }
6994 if (e == Effect::Deny) {
6995 send_partial_response(o, false, "", -EACCES, formatter_flush_cond);
6996 return;
6997 }
6998
6999 if (!s->session_policies.empty()) {
7000 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
7001 o.instance.empty() ?
7002 rgw::IAM::s3DeleteObject :
7003 rgw::IAM::s3DeleteObjectVersion,
7004 ARN(obj->get_obj()));
7005 if (session_policy_res == Effect::Deny) {
7006 send_partial_response(o, false, "", -EACCES, formatter_flush_cond);
7007 return;
7008 }
7009 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
7010 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
7011 if ((session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) &&
7012 (session_policy_res != Effect::Allow || e != Effect::Allow)) {
7013 send_partial_response(o, false, "", -EACCES, formatter_flush_cond);
7014 return;
7015 }
7016 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
7017 //Intersection of session policy and identity policy plus bucket policy
7018 if ((session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) && e != Effect::Allow) {
7019 send_partial_response(o, false, "", -EACCES, formatter_flush_cond);
7020 return;
7021 }
7022 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
7023 if (session_policy_res != Effect::Allow || identity_policy_res != Effect::Allow) {
7024 send_partial_response(o, false, "", -EACCES, formatter_flush_cond);
7025 return;
7026 }
7027 }
7028 send_partial_response(o, false, "", -EACCES, formatter_flush_cond);
7029 return;
7030 }
7031
7032 if ((identity_policy_res == Effect::Pass && e == Effect::Pass && !acl_allowed)) {
7033 send_partial_response(o, false, "", -EACCES, formatter_flush_cond);
7034 return;
7035 }
7036 }
7037
7038 uint64_t obj_size = 0;
7039 std::string etag;
7040
7041 if (!rgw::sal::Object::empty(obj.get())) {
7042 RGWObjState* astate = nullptr;
7043 bool check_obj_lock = obj->have_instance() && bucket->get_info().obj_lock_enabled();
7044 const auto ret = obj->get_obj_state(this, &astate, y, true);
7045
7046 if (ret < 0) {
7047 if (ret == -ENOENT) {
7048 // object maybe delete_marker, skip check_obj_lock
7049 check_obj_lock = false;
7050 } else {
7051 // Something went wrong.
7052 send_partial_response(o, false, "", ret, formatter_flush_cond);
7053 return;
7054 }
7055 } else {
7056 obj_size = astate->size;
7057 etag = astate->attrset[RGW_ATTR_ETAG].to_str();
7058 }
7059
7060 if (check_obj_lock) {
7061 ceph_assert(astate);
7062 int object_lock_response = verify_object_lock(this, astate->attrset, bypass_perm, bypass_governance_mode);
7063 if (object_lock_response != 0) {
7064 send_partial_response(o, false, "", object_lock_response, formatter_flush_cond);
7065 return;
7066 }
7067 }
7068 }
7069
7070 // make reservation for notification if needed
7071 const auto versioned_object = s->bucket->versioning_enabled();
7072 const auto event_type = versioned_object && obj->get_instance().empty() ?
7073 rgw::notify::ObjectRemovedDeleteMarkerCreated :
7074 rgw::notify::ObjectRemovedDelete;
7075 std::unique_ptr<rgw::sal::Notification> res
7076 = driver->get_notification(obj.get(), s->src_object.get(), s, event_type, y);
7077 op_ret = res->publish_reserve(this);
7078 if (op_ret < 0) {
7079 send_partial_response(o, false, "", op_ret, formatter_flush_cond);
7080 return;
7081 }
7082
7083 obj->set_atomic();
7084
7085 std::unique_ptr<rgw::sal::Object::DeleteOp> del_op = obj->get_delete_op();
7086 del_op->params.versioning_status = obj->get_bucket()->get_info().versioning_status();
7087 del_op->params.obj_owner = s->owner;
7088 del_op->params.bucket_owner = s->bucket_owner;
7089 del_op->params.marker_version_id = version_id;
7090
7091 op_ret = del_op->delete_obj(this, y);
7092 if (op_ret == -ENOENT) {
7093 op_ret = 0;
7094 }
7095
7096 send_partial_response(o, del_op->result.delete_marker, del_op->result.version_id, op_ret, formatter_flush_cond);
7097
7098 // send request to notification manager
7099 int ret = res->publish_commit(this, obj_size, ceph::real_clock::now(), etag, version_id);
7100 if (ret < 0) {
7101 ldpp_dout(this, 1) << "ERROR: publishing notification failed, with error: " << ret << dendl;
7102 // too late to rollback operation, hence op_ret is not set here
7103 }
7104 }
7105
7106 void RGWDeleteMultiObj::execute(optional_yield y)
7107 {
7108 RGWMultiDelDelete *multi_delete;
7109 vector<rgw_obj_key>::iterator iter;
7110 RGWMultiDelXMLParser parser;
7111 uint32_t aio_count = 0;
7112 const uint32_t max_aio = std::max<uint32_t>(1, s->cct->_conf->rgw_multi_obj_del_max_aio);
7113 char* buf;
7114 std::optional<boost::asio::deadline_timer> formatter_flush_cond;
7115 if (y) {
7116 formatter_flush_cond = std::make_optional<boost::asio::deadline_timer>(y.get_io_context());
7117 }
7118
7119 buf = data.c_str();
7120 if (!buf) {
7121 op_ret = -EINVAL;
7122 goto error;
7123 }
7124
7125 if (!parser.init()) {
7126 op_ret = -EINVAL;
7127 goto error;
7128 }
7129
7130 if (!parser.parse(buf, data.length(), 1)) {
7131 op_ret = -EINVAL;
7132 goto error;
7133 }
7134
7135 multi_delete = static_cast<RGWMultiDelDelete *>(parser.find_first("Delete"));
7136 if (!multi_delete) {
7137 op_ret = -EINVAL;
7138 goto error;
7139 } else {
7140 #define DELETE_MULTI_OBJ_MAX_NUM 1000
7141 int max_num = s->cct->_conf->rgw_delete_multi_obj_max_num;
7142 if (max_num < 0) {
7143 max_num = DELETE_MULTI_OBJ_MAX_NUM;
7144 }
7145 int multi_delete_object_num = multi_delete->objects.size();
7146 if (multi_delete_object_num > max_num) {
7147 op_ret = -ERR_MALFORMED_XML;
7148 goto error;
7149 }
7150 }
7151
7152 if (multi_delete->is_quiet())
7153 quiet = true;
7154
7155 if (s->bucket->get_info().mfa_enabled()) {
7156 bool has_versioned = false;
7157 for (auto i : multi_delete->objects) {
7158 if (!i.instance.empty()) {
7159 has_versioned = true;
7160 break;
7161 }
7162 }
7163 if (has_versioned && !s->mfa_verified) {
7164 ldpp_dout(this, 5) << "NOTICE: multi-object delete request with a versioned object, mfa auth not provided" << dendl;
7165 op_ret = -ERR_MFA_REQUIRED;
7166 goto error;
7167 }
7168 }
7169
7170 begin_response();
7171 if (multi_delete->objects.empty()) {
7172 goto done;
7173 }
7174
7175 for (iter = multi_delete->objects.begin();
7176 iter != multi_delete->objects.end();
7177 ++iter) {
7178 rgw_obj_key obj_key = *iter;
7179 if (y) {
7180 wait_flush(y, &*formatter_flush_cond, [&aio_count, max_aio] {
7181 return aio_count < max_aio;
7182 });
7183 aio_count++;
7184 spawn::spawn(y.get_yield_context(), [this, &y, &aio_count, obj_key, &formatter_flush_cond] (yield_context yield) {
7185 handle_individual_object(obj_key, optional_yield { y.get_io_context(), yield }, &*formatter_flush_cond);
7186 aio_count--;
7187 });
7188 } else {
7189 handle_individual_object(obj_key, y, nullptr);
7190 }
7191 }
7192 if (formatter_flush_cond) {
7193 wait_flush(y, &*formatter_flush_cond, [this, n=multi_delete->objects.size()] {
7194 return n == ops_log_entries.size();
7195 });
7196 }
7197
7198 /* set the return code to zero, errors at this point will be
7199 dumped to the response */
7200 op_ret = 0;
7201
7202 done:
7203 // will likely segfault if begin_response() has not been called
7204 end_response();
7205 return;
7206
7207 error:
7208 send_status();
7209 return;
7210
7211 }
7212
7213 bool RGWBulkDelete::Deleter::verify_permission(RGWBucketInfo& binfo,
7214 map<string, bufferlist>& battrs,
7215 ACLOwner& bucket_owner /* out */,
7216 optional_yield y)
7217 {
7218 RGWAccessControlPolicy bacl(driver->ctx());
7219 int ret = read_bucket_policy(dpp, driver, s, binfo, battrs, &bacl, binfo.bucket, y);
7220 if (ret < 0) {
7221 return false;
7222 }
7223
7224 auto policy = get_iam_policy_from_attr(s->cct, battrs, binfo.bucket.tenant);
7225
7226 bucket_owner = bacl.get_owner();
7227
7228 /* We can use global user_acl because each BulkDelete request is allowed
7229 * to work on entities from a single account only. */
7230 return verify_bucket_permission(dpp, s, binfo.bucket, s->user_acl.get(),
7231 &bacl, policy, s->iam_user_policies, s->session_policies, rgw::IAM::s3DeleteBucket);
7232 }
7233
7234 bool RGWBulkDelete::Deleter::delete_single(const acct_path_t& path, optional_yield y)
7235 {
7236 std::unique_ptr<rgw::sal::Bucket> bucket;
7237 ACLOwner bowner;
7238 RGWObjVersionTracker ot;
7239
7240 int ret = driver->get_bucket(dpp, s->user.get(), s->user->get_tenant(), path.bucket_name, &bucket, y);
7241 if (ret < 0) {
7242 goto binfo_fail;
7243 }
7244
7245 ret = bucket->load_bucket(dpp, s->yield);
7246 if (ret < 0) {
7247 goto binfo_fail;
7248 }
7249
7250 if (!verify_permission(bucket->get_info(), bucket->get_attrs(), bowner, y)) {
7251 ret = -EACCES;
7252 goto auth_fail;
7253 }
7254
7255 if (!path.obj_key.empty()) {
7256 ACLOwner bucket_owner;
7257
7258 bucket_owner.set_id(bucket->get_info().owner);
7259 std::unique_ptr<rgw::sal::Object> obj = bucket->get_object(path.obj_key);
7260 obj->set_atomic();
7261
7262 std::unique_ptr<rgw::sal::Object::DeleteOp> del_op = obj->get_delete_op();
7263 del_op->params.versioning_status = obj->get_bucket()->get_info().versioning_status();
7264 del_op->params.obj_owner = bowner;
7265 del_op->params.bucket_owner = bucket_owner;
7266
7267 ret = del_op->delete_obj(dpp, y);
7268 if (ret < 0) {
7269 goto delop_fail;
7270 }
7271 } else {
7272 ret = bucket->remove_bucket(dpp, false, true, &s->info, s->yield);
7273 if (ret < 0) {
7274 goto delop_fail;
7275 }
7276 }
7277
7278 num_deleted++;
7279 return true;
7280
7281 binfo_fail:
7282 if (-ENOENT == ret) {
7283 ldpp_dout(dpp, 20) << "cannot find bucket = " << path.bucket_name << dendl;
7284 num_unfound++;
7285 } else {
7286 ldpp_dout(dpp, 20) << "cannot get bucket info, ret = " << ret << dendl;
7287
7288 fail_desc_t failed_item = {
7289 .err = ret,
7290 .path = path
7291 };
7292 failures.push_back(failed_item);
7293 }
7294 return false;
7295
7296 auth_fail:
7297 ldpp_dout(dpp, 20) << "wrong auth for " << path << dendl;
7298 {
7299 fail_desc_t failed_item = {
7300 .err = ret,
7301 .path = path
7302 };
7303 failures.push_back(failed_item);
7304 }
7305 return false;
7306
7307 delop_fail:
7308 if (-ENOENT == ret) {
7309 ldpp_dout(dpp, 20) << "cannot find entry " << path << dendl;
7310 num_unfound++;
7311 } else {
7312 fail_desc_t failed_item = {
7313 .err = ret,
7314 .path = path
7315 };
7316 failures.push_back(failed_item);
7317 }
7318 return false;
7319 }
7320
7321 bool RGWBulkDelete::Deleter::delete_chunk(const std::list<acct_path_t>& paths, optional_yield y)
7322 {
7323 ldpp_dout(dpp, 20) << "in delete_chunk" << dendl;
7324 for (auto path : paths) {
7325 ldpp_dout(dpp, 20) << "bulk deleting path: " << path << dendl;
7326 delete_single(path, y);
7327 }
7328
7329 return true;
7330 }
7331
7332 int RGWBulkDelete::verify_permission(optional_yield y)
7333 {
7334 return 0;
7335 }
7336
7337 void RGWBulkDelete::pre_exec()
7338 {
7339 rgw_bucket_object_pre_exec(s);
7340 }
7341
7342 void RGWBulkDelete::execute(optional_yield y)
7343 {
7344 deleter = std::unique_ptr<Deleter>(new Deleter(this, driver, s));
7345
7346 bool is_truncated = false;
7347 do {
7348 list<RGWBulkDelete::acct_path_t> items;
7349
7350 int ret = get_data(items, &is_truncated);
7351 if (ret < 0) {
7352 return;
7353 }
7354
7355 ret = deleter->delete_chunk(items, y);
7356 } while (!op_ret && is_truncated);
7357
7358 return;
7359 }
7360
7361
7362 constexpr std::array<int, 2> RGWBulkUploadOp::terminal_errors;
7363
7364 int RGWBulkUploadOp::verify_permission(optional_yield y)
7365 {
7366 if (s->auth.identity->is_anonymous()) {
7367 return -EACCES;
7368 }
7369
7370 if (! verify_user_permission_no_policy(this, s, RGW_PERM_WRITE)) {
7371 return -EACCES;
7372 }
7373
7374 if (s->user->get_tenant() != s->bucket_tenant) {
7375 ldpp_dout(this, 10) << "user cannot create a bucket in a different tenant"
7376 << " (user_id.tenant=" << s->user->get_tenant()
7377 << " requested=" << s->bucket_tenant << ")" << dendl;
7378 return -EACCES;
7379 }
7380
7381 if (s->user->get_max_buckets() < 0) {
7382 return -EPERM;
7383 }
7384
7385 return 0;
7386 }
7387
7388 void RGWBulkUploadOp::pre_exec()
7389 {
7390 rgw_bucket_object_pre_exec(s);
7391 }
7392
7393 boost::optional<std::pair<std::string, rgw_obj_key>>
7394 RGWBulkUploadOp::parse_path(const std::string_view& path)
7395 {
7396 /* We need to skip all slashes at the beginning in order to preserve
7397 * compliance with Swift. */
7398 const size_t start_pos = path.find_first_not_of('/');
7399
7400 if (std::string_view::npos != start_pos) {
7401 /* Seperator is the first slash after the leading ones. */
7402 const size_t sep_pos = path.substr(start_pos).find('/');
7403
7404 if (std::string_view::npos != sep_pos) {
7405 const auto bucket_name = path.substr(start_pos, sep_pos - start_pos);
7406 const auto obj_name = path.substr(sep_pos + 1);
7407
7408 return std::make_pair(std::string(bucket_name),
7409 rgw_obj_key(std::string(obj_name)));
7410 } else {
7411 /* It's guaranteed here that bucket name is at least one character
7412 * long and is different than slash. */
7413 return std::make_pair(std::string(path.substr(start_pos)),
7414 rgw_obj_key());
7415 }
7416 }
7417
7418 return none;
7419 }
7420
7421 std::pair<std::string, std::string>
7422 RGWBulkUploadOp::handle_upload_path(req_state *s)
7423 {
7424 std::string bucket_path, file_prefix;
7425 if (! s->init_state.url_bucket.empty()) {
7426 file_prefix = bucket_path = s->init_state.url_bucket + "/";
7427 if (!rgw::sal::Object::empty(s->object.get())) {
7428 const std::string& object_name = s->object->get_name();
7429
7430 /* As rgw_obj_key::empty() already verified emptiness of s->object->get_name(),
7431 * we can safely examine its last element. */
7432 if (object_name.back() == '/') {
7433 file_prefix.append(object_name);
7434 } else {
7435 file_prefix.append(object_name).append("/");
7436 }
7437 }
7438 }
7439 return std::make_pair(bucket_path, file_prefix);
7440 }
7441
7442 int RGWBulkUploadOp::handle_dir_verify_permission(optional_yield y)
7443 {
7444 if (s->user->get_max_buckets() > 0) {
7445 rgw::sal::BucketList buckets;
7446 std::string marker;
7447 op_ret = s->user->list_buckets(this, marker, std::string(), s->user->get_max_buckets(),
7448 false, buckets, y);
7449 if (op_ret < 0) {
7450 return op_ret;
7451 }
7452
7453 if (buckets.count() >= static_cast<size_t>(s->user->get_max_buckets())) {
7454 return -ERR_TOO_MANY_BUCKETS;
7455 }
7456 }
7457
7458 return 0;
7459 }
7460
7461 static void forward_req_info(const DoutPrefixProvider *dpp, CephContext *cct, req_info& info, const std::string& bucket_name)
7462 {
7463 /* the request of container or object level will contain bucket name.
7464 * only at account level need to append the bucket name */
7465 if (info.script_uri.find(bucket_name) != std::string::npos) {
7466 return;
7467 }
7468
7469 ldpp_dout(dpp, 20) << "append the bucket: "<< bucket_name << " to req_info" << dendl;
7470 info.script_uri.append("/").append(bucket_name);
7471 info.request_uri_aws4 = info.request_uri = info.script_uri;
7472 info.effective_uri = "/" + bucket_name;
7473 }
7474
7475 void RGWBulkUploadOp::init(rgw::sal::Driver* const driver,
7476 req_state* const s,
7477 RGWHandler* const h)
7478 {
7479 RGWOp::init(driver, s, h);
7480 }
7481
7482 int RGWBulkUploadOp::handle_dir(const std::string_view path, optional_yield y)
7483 {
7484 ldpp_dout(this, 20) << "got directory=" << path << dendl;
7485
7486 op_ret = handle_dir_verify_permission(y);
7487 if (op_ret < 0) {
7488 return op_ret;
7489 }
7490
7491 std::string bucket_name;
7492 rgw_obj_key object_junk;
7493 std::tie(bucket_name, object_junk) = *parse_path(path);
7494
7495 /* we need to make sure we read bucket info, it's not read before for this
7496 * specific request */
7497 std::unique_ptr<rgw::sal::Bucket> bucket;
7498
7499 /* Create metadata: ACLs. */
7500 std::map<std::string, ceph::bufferlist> attrs;
7501 RGWAccessControlPolicy policy;
7502 policy.create_default(s->user->get_id(), s->user->get_display_name());
7503 ceph::bufferlist aclbl;
7504 policy.encode(aclbl);
7505 attrs.emplace(RGW_ATTR_ACL, std::move(aclbl));
7506
7507 obj_version objv, ep_objv;
7508 bool bucket_exists;
7509 RGWQuotaInfo quota_info;
7510 const RGWQuotaInfo* pquota_info = nullptr;
7511 RGWBucketInfo out_info;
7512 string swift_ver_location;
7513 rgw_bucket new_bucket;
7514 req_info info = s->info;
7515 new_bucket.tenant = s->bucket_tenant; /* ignored if bucket exists */
7516 new_bucket.name = bucket_name;
7517 rgw_placement_rule placement_rule;
7518 placement_rule.storage_class = s->info.storage_class;
7519 forward_req_info(this, s->cct, info, bucket_name);
7520
7521 op_ret = s->user->create_bucket(this, new_bucket,
7522 driver->get_zone()->get_zonegroup().get_id(),
7523 placement_rule, swift_ver_location,
7524 pquota_info, policy, attrs,
7525 out_info, ep_objv,
7526 true, false, &bucket_exists,
7527 info, &bucket, y);
7528 /* continue if EEXIST and create_bucket will fail below. this way we can
7529 * recover from a partial create by retrying it. */
7530 ldpp_dout(this, 20) << "rgw_create_bucket returned ret=" << op_ret
7531 << ", bucket=" << bucket << dendl;
7532
7533 return op_ret;
7534 }
7535
7536
7537 bool RGWBulkUploadOp::handle_file_verify_permission(RGWBucketInfo& binfo,
7538 const rgw_obj& obj,
7539 std::map<std::string, ceph::bufferlist>& battrs,
7540 ACLOwner& bucket_owner /* out */,
7541 optional_yield y)
7542 {
7543 RGWAccessControlPolicy bacl(driver->ctx());
7544 op_ret = read_bucket_policy(this, driver, s, binfo, battrs, &bacl, binfo.bucket, y);
7545 if (op_ret < 0) {
7546 ldpp_dout(this, 20) << "cannot read_policy() for bucket" << dendl;
7547 return false;
7548 }
7549
7550 auto policy = get_iam_policy_from_attr(s->cct, battrs, binfo.bucket.tenant);
7551
7552 bucket_owner = bacl.get_owner();
7553 if (policy || ! s->iam_user_policies.empty() || !s->session_policies.empty()) {
7554 auto identity_policy_res = eval_identity_or_session_policies(this, s->iam_user_policies, s->env,
7555 rgw::IAM::s3PutObject, obj);
7556 if (identity_policy_res == Effect::Deny) {
7557 return false;
7558 }
7559
7560 rgw::IAM::PolicyPrincipal princ_type = rgw::IAM::PolicyPrincipal::Other;
7561 ARN obj_arn(obj);
7562 auto e = policy->eval(s->env, *s->auth.identity,
7563 rgw::IAM::s3PutObject, obj_arn, princ_type);
7564 if (e == Effect::Deny) {
7565 return false;
7566 }
7567
7568 if (!s->session_policies.empty()) {
7569 auto session_policy_res = eval_identity_or_session_policies(this, s->session_policies, s->env,
7570 rgw::IAM::s3PutObject, obj);
7571 if (session_policy_res == Effect::Deny) {
7572 return false;
7573 }
7574 if (princ_type == rgw::IAM::PolicyPrincipal::Role) {
7575 //Intersection of session policy and identity policy plus intersection of session policy and bucket policy
7576 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) ||
7577 (session_policy_res == Effect::Allow && e == Effect::Allow)) {
7578 return true;
7579 }
7580 } else if (princ_type == rgw::IAM::PolicyPrincipal::Session) {
7581 //Intersection of session policy and identity policy plus bucket policy
7582 if ((session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) || e == Effect::Allow) {
7583 return true;
7584 }
7585 } else if (princ_type == rgw::IAM::PolicyPrincipal::Other) {// there was no match in the bucket policy
7586 if (session_policy_res == Effect::Allow && identity_policy_res == Effect::Allow) {
7587 return true;
7588 }
7589 }
7590 return false;
7591 }
7592 if (e == Effect::Allow || identity_policy_res == Effect::Allow) {
7593 return true;
7594 }
7595 }
7596
7597 return verify_bucket_permission_no_policy(this, s, s->user_acl.get(),
7598 &bacl, RGW_PERM_WRITE);
7599 }
7600
7601 int RGWBulkUploadOp::handle_file(const std::string_view path,
7602 const size_t size,
7603 AlignedStreamGetter& body, optional_yield y)
7604 {
7605
7606 ldpp_dout(this, 20) << "got file=" << path << ", size=" << size << dendl;
7607
7608 if (size > static_cast<size_t>(s->cct->_conf->rgw_max_put_size)) {
7609 op_ret = -ERR_TOO_LARGE;
7610 return op_ret;
7611 }
7612
7613 std::string bucket_name;
7614 rgw_obj_key object;
7615 std::tie(bucket_name, object) = *parse_path(path);
7616
7617 std::unique_ptr<rgw::sal::Bucket> bucket;
7618 ACLOwner bowner;
7619
7620 op_ret = driver->get_bucket(this, s->user.get(), rgw_bucket(rgw_bucket_key(s->user->get_tenant(), bucket_name)), &bucket, y);
7621 if (op_ret < 0) {
7622 if (op_ret == -ENOENT) {
7623 ldpp_dout(this, 20) << "non existent directory=" << bucket_name << dendl;
7624 }
7625 return op_ret;
7626 }
7627
7628 std::unique_ptr<rgw::sal::Object> obj = bucket->get_object(object);
7629
7630 if (! handle_file_verify_permission(bucket->get_info(),
7631 obj->get_obj(),
7632 bucket->get_attrs(), bowner, y)) {
7633 ldpp_dout(this, 20) << "object creation unauthorized" << dendl;
7634 op_ret = -EACCES;
7635 return op_ret;
7636 }
7637
7638 op_ret = bucket->check_quota(this, quota, size, y);
7639 if (op_ret < 0) {
7640 return op_ret;
7641 }
7642
7643 if (bucket->versioning_enabled()) {
7644 obj->gen_rand_obj_instance_name();
7645 }
7646
7647 rgw_placement_rule dest_placement = s->dest_placement;
7648 dest_placement.inherit_from(bucket->get_placement_rule());
7649
7650 std::unique_ptr<rgw::sal::Writer> processor;
7651 processor = driver->get_atomic_writer(this, s->yield, obj.get(),
7652 bowner.get_id(),
7653 &s->dest_placement, 0, s->req_id);
7654 op_ret = processor->prepare(s->yield);
7655 if (op_ret < 0) {
7656 ldpp_dout(this, 20) << "cannot prepare processor due to ret=" << op_ret << dendl;
7657 return op_ret;
7658 }
7659
7660 /* No filters by default. */
7661 rgw::sal::DataProcessor *filter = processor.get();
7662
7663 const auto& compression_type = driver->get_compression_type(dest_placement);
7664 CompressorRef plugin;
7665 boost::optional<RGWPutObj_Compress> compressor;
7666 if (compression_type != "none") {
7667 plugin = Compressor::create(s->cct, compression_type);
7668 if (! plugin) {
7669 ldpp_dout(this, 1) << "Cannot load plugin for rgw_compression_type "
7670 << compression_type << dendl;
7671 } else {
7672 compressor.emplace(s->cct, plugin, filter);
7673 filter = &*compressor;
7674 }
7675 }
7676
7677 /* Upload file content. */
7678 ssize_t len = 0;
7679 size_t ofs = 0;
7680 MD5 hash;
7681 // Allow use of MD5 digest in FIPS mode for non-cryptographic purposes
7682 hash.SetFlags(EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
7683 do {
7684 ceph::bufferlist data;
7685 len = body.get_at_most(s->cct->_conf->rgw_max_chunk_size, data);
7686
7687 ldpp_dout(this, 20) << "body=" << data.c_str() << dendl;
7688 if (len < 0) {
7689 op_ret = len;
7690 return op_ret;
7691 } else if (len > 0) {
7692 hash.Update((const unsigned char *)data.c_str(), data.length());
7693 op_ret = filter->process(std::move(data), ofs);
7694 if (op_ret < 0) {
7695 ldpp_dout(this, 20) << "filter->process() returned ret=" << op_ret << dendl;
7696 return op_ret;
7697 }
7698
7699 ofs += len;
7700 }
7701
7702 } while (len > 0);
7703
7704 // flush
7705 op_ret = filter->process({}, ofs);
7706 if (op_ret < 0) {
7707 return op_ret;
7708 }
7709
7710 if (ofs != size) {
7711 ldpp_dout(this, 10) << "real file size different from declared" << dendl;
7712 op_ret = -EINVAL;
7713 return op_ret;
7714 }
7715
7716 op_ret = bucket->check_quota(this, quota, size, y);
7717 if (op_ret < 0) {
7718 ldpp_dout(this, 20) << "quota exceeded for path=" << path << dendl;
7719 return op_ret;
7720 }
7721
7722 char calc_md5[CEPH_CRYPTO_MD5_DIGESTSIZE * 2 + 1];
7723 unsigned char m[CEPH_CRYPTO_MD5_DIGESTSIZE];
7724 hash.Final(m);
7725 buf_to_hex(m, CEPH_CRYPTO_MD5_DIGESTSIZE, calc_md5);
7726
7727 /* Create metadata: ETAG. */
7728 std::map<std::string, ceph::bufferlist> attrs;
7729 std::string etag = calc_md5;
7730 ceph::bufferlist etag_bl;
7731 etag_bl.append(etag.c_str(), etag.size() + 1);
7732 attrs.emplace(RGW_ATTR_ETAG, std::move(etag_bl));
7733
7734 /* Create metadata: ACLs. */
7735 RGWAccessControlPolicy policy;
7736 policy.create_default(s->user->get_id(), s->user->get_display_name());
7737 ceph::bufferlist aclbl;
7738 policy.encode(aclbl);
7739 attrs.emplace(RGW_ATTR_ACL, std::move(aclbl));
7740
7741 /* Create metadata: compression info. */
7742 if (compressor && compressor->is_compressed()) {
7743 ceph::bufferlist tmp;
7744 RGWCompressionInfo cs_info;
7745 cs_info.compression_type = plugin->get_type_name();
7746 cs_info.orig_size = size;
7747 cs_info.compressor_message = compressor->get_compressor_message();
7748 cs_info.blocks = std::move(compressor->get_compression_blocks());
7749 encode(cs_info, tmp);
7750 attrs.emplace(RGW_ATTR_COMPRESSION, std::move(tmp));
7751 }
7752
7753 /* Complete the transaction. */
7754 op_ret = processor->complete(size, etag, nullptr, ceph::real_time(),
7755 attrs, ceph::real_time() /* delete_at */,
7756 nullptr, nullptr, nullptr, nullptr, nullptr,
7757 s->yield);
7758 if (op_ret < 0) {
7759 ldpp_dout(this, 20) << "processor::complete returned op_ret=" << op_ret << dendl;
7760 }
7761
7762 return op_ret;
7763 }
7764
7765 void RGWBulkUploadOp::execute(optional_yield y)
7766 {
7767 ceph::bufferlist buffer(64 * 1024);
7768
7769 ldpp_dout(this, 20) << "start" << dendl;
7770
7771 /* Create an instance of stream-abstracting class. Having this indirection
7772 * allows for easy introduction of decompressors like gzip and bzip2. */
7773 auto stream = create_stream();
7774 if (! stream) {
7775 return;
7776 }
7777
7778 /* Handling the $UPLOAD_PATH accordingly to the Swift's Bulk middleware. See:
7779 * https://github.com/openstack/swift/blob/2.13.0/swift/common/middleware/bulk.py#L31-L41 */
7780 std::string bucket_path, file_prefix;
7781 std::tie(bucket_path, file_prefix) = handle_upload_path(s);
7782
7783 auto status = rgw::tar::StatusIndicator::create();
7784 do {
7785 op_ret = stream->get_exactly(rgw::tar::BLOCK_SIZE, buffer);
7786 if (op_ret < 0) {
7787 ldpp_dout(this, 2) << "cannot read header" << dendl;
7788 return;
7789 }
7790
7791 /* We need to re-interpret the buffer as a TAR block. Exactly two blocks
7792 * must be tracked to detect out end-of-archive. It occurs when both of
7793 * them are empty (zeroed). Tracing this particular inter-block dependency
7794 * is responsibility of the rgw::tar::StatusIndicator class. */
7795 boost::optional<rgw::tar::HeaderView> header;
7796 std::tie(status, header) = rgw::tar::interpret_block(status, buffer);
7797
7798 if (! status.empty() && header) {
7799 /* This specific block isn't empty (entirely zeroed), so we can parse
7800 * it as a TAR header and dispatch. At the moment we do support only
7801 * regular files and directories. Everything else (symlinks, devices)
7802 * will be ignored but won't cease the whole upload. */
7803 switch (header->get_filetype()) {
7804 case rgw::tar::FileType::NORMAL_FILE: {
7805 ldpp_dout(this, 2) << "handling regular file" << dendl;
7806
7807 std::string filename;
7808 if (bucket_path.empty())
7809 filename = header->get_filename();
7810 else
7811 filename = file_prefix + std::string(header->get_filename());
7812 auto body = AlignedStreamGetter(0, header->get_filesize(),
7813 rgw::tar::BLOCK_SIZE, *stream);
7814 op_ret = handle_file(filename,
7815 header->get_filesize(),
7816 body, y);
7817 if (! op_ret) {
7818 /* Only regular files counts. */
7819 num_created++;
7820 } else {
7821 failures.emplace_back(op_ret, std::string(filename));
7822 }
7823 break;
7824 }
7825 case rgw::tar::FileType::DIRECTORY: {
7826 ldpp_dout(this, 2) << "handling regular directory" << dendl;
7827
7828 std::string_view dirname = bucket_path.empty() ? header->get_filename() : bucket_path;
7829 op_ret = handle_dir(dirname, y);
7830 if (op_ret < 0 && op_ret != -ERR_BUCKET_EXISTS) {
7831 failures.emplace_back(op_ret, std::string(dirname));
7832 }
7833 break;
7834 }
7835 default: {
7836 /* Not recognized. Skip. */
7837 op_ret = 0;
7838 break;
7839 }
7840 }
7841
7842 /* In case of any problems with sub-request authorization Swift simply
7843 * terminates whole upload immediately. */
7844 if (boost::algorithm::contains(std::initializer_list<int>{ op_ret },
7845 terminal_errors)) {
7846 ldpp_dout(this, 2) << "terminating due to ret=" << op_ret << dendl;
7847 break;
7848 }
7849 } else {
7850 ldpp_dout(this, 2) << "an empty block" << dendl;
7851 op_ret = 0;
7852 }
7853
7854 buffer.clear();
7855 } while (! status.eof());
7856
7857 return;
7858 }
7859
7860 RGWBulkUploadOp::AlignedStreamGetter::~AlignedStreamGetter()
7861 {
7862 const size_t aligned_legnth = length + (-length % alignment);
7863 ceph::bufferlist junk;
7864
7865 DecoratedStreamGetter::get_exactly(aligned_legnth - position, junk);
7866 }
7867
7868 ssize_t RGWBulkUploadOp::AlignedStreamGetter::get_at_most(const size_t want,
7869 ceph::bufferlist& dst)
7870 {
7871 const size_t max_to_read = std::min(want, length - position);
7872 const auto len = DecoratedStreamGetter::get_at_most(max_to_read, dst);
7873 if (len > 0) {
7874 position += len;
7875 }
7876 return len;
7877 }
7878
7879 ssize_t RGWBulkUploadOp::AlignedStreamGetter::get_exactly(const size_t want,
7880 ceph::bufferlist& dst)
7881 {
7882 const auto len = DecoratedStreamGetter::get_exactly(want, dst);
7883 if (len > 0) {
7884 position += len;
7885 }
7886 return len;
7887 }
7888
7889 int RGWGetAttrs::verify_permission(optional_yield y)
7890 {
7891 s->object->set_atomic();
7892
7893 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
7894 if (has_s3_existing_tag || has_s3_resource_tag)
7895 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
7896
7897 auto iam_action = s->object->get_instance().empty() ?
7898 rgw::IAM::s3GetObject :
7899 rgw::IAM::s3GetObjectVersion;
7900
7901 if (!verify_object_permission(this, s, iam_action)) {
7902 return -EACCES;
7903 }
7904
7905 return 0;
7906 }
7907
7908 void RGWGetAttrs::pre_exec()
7909 {
7910 rgw_bucket_object_pre_exec(s);
7911 }
7912
7913 void RGWGetAttrs::execute(optional_yield y)
7914 {
7915 op_ret = get_params();
7916 if (op_ret < 0)
7917 return;
7918
7919 s->object->set_atomic();
7920
7921 op_ret = s->object->get_obj_attrs(s->yield, this);
7922 if (op_ret < 0) {
7923 ldpp_dout(this, 0) << "ERROR: failed to get obj attrs, obj=" << s->object
7924 << " ret=" << op_ret << dendl;
7925 return;
7926 }
7927
7928 /* XXX RGWObject::get_obj_attrs() does not support filtering (yet) */
7929 auto& obj_attrs = s->object->get_attrs();
7930 if (attrs.size() != 0) {
7931 /* return only attrs requested */
7932 for (auto& att : attrs) {
7933 auto iter = obj_attrs.find(att.first);
7934 if (iter != obj_attrs.end()) {
7935 att.second = iter->second;
7936 }
7937 }
7938 } else {
7939 /* return all attrs */
7940 for (auto& att : obj_attrs) {
7941 attrs.insert(get_attrs_t::value_type(att.first, att.second));;
7942 }
7943 }
7944
7945 return;
7946 }
7947
7948 int RGWRMAttrs::verify_permission(optional_yield y)
7949 {
7950 // This looks to be part of the RGW-NFS machinery and has no S3 or
7951 // Swift equivalent.
7952 bool perm;
7953 if (!rgw::sal::Object::empty(s->object.get())) {
7954 perm = verify_object_permission_no_policy(this, s, RGW_PERM_WRITE);
7955 } else {
7956 perm = verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE);
7957 }
7958 if (!perm)
7959 return -EACCES;
7960
7961 return 0;
7962 }
7963
7964 void RGWRMAttrs::pre_exec()
7965 {
7966 rgw_bucket_object_pre_exec(s);
7967 }
7968
7969 void RGWRMAttrs::execute(optional_yield y)
7970 {
7971 op_ret = get_params();
7972 if (op_ret < 0)
7973 return;
7974
7975 s->object->set_atomic();
7976
7977 op_ret = s->object->set_obj_attrs(this, nullptr, &attrs, y);
7978 if (op_ret < 0) {
7979 ldpp_dout(this, 0) << "ERROR: failed to delete obj attrs, obj=" << s->object
7980 << " ret=" << op_ret << dendl;
7981 }
7982 return;
7983 }
7984
7985 int RGWSetAttrs::verify_permission(optional_yield y)
7986 {
7987 // This looks to be part of the RGW-NFS machinery and has no S3 or
7988 // Swift equivalent.
7989 bool perm;
7990 if (!rgw::sal::Object::empty(s->object.get())) {
7991 perm = verify_object_permission_no_policy(this, s, RGW_PERM_WRITE);
7992 } else {
7993 perm = verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE);
7994 }
7995 if (!perm)
7996 return -EACCES;
7997
7998 return 0;
7999 }
8000
8001 void RGWSetAttrs::pre_exec()
8002 {
8003 rgw_bucket_object_pre_exec(s);
8004 }
8005
8006 void RGWSetAttrs::execute(optional_yield y)
8007 {
8008 op_ret = get_params(y);
8009 if (op_ret < 0)
8010 return;
8011
8012 if (!rgw::sal::Object::empty(s->object.get())) {
8013 rgw::sal::Attrs a(attrs);
8014 op_ret = s->object->set_obj_attrs(this, &a, nullptr, y);
8015 } else {
8016 op_ret = s->bucket->merge_and_store_attrs(this, attrs, y);
8017 }
8018
8019 } /* RGWSetAttrs::execute() */
8020
8021 void RGWGetObjLayout::pre_exec()
8022 {
8023 rgw_bucket_object_pre_exec(s);
8024 }
8025
8026 void RGWGetObjLayout::execute(optional_yield y)
8027 {
8028 }
8029
8030
8031 int RGWConfigBucketMetaSearch::verify_permission(optional_yield y)
8032 {
8033 if (!s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
8034 return -EACCES;
8035 }
8036
8037 return 0;
8038 }
8039
8040 void RGWConfigBucketMetaSearch::pre_exec()
8041 {
8042 rgw_bucket_object_pre_exec(s);
8043 }
8044
8045 void RGWConfigBucketMetaSearch::execute(optional_yield y)
8046 {
8047 op_ret = get_params(y);
8048 if (op_ret < 0) {
8049 ldpp_dout(this, 20) << "NOTICE: get_params() returned ret=" << op_ret << dendl;
8050 return;
8051 }
8052
8053 s->bucket->get_info().mdsearch_config = mdsearch_config;
8054
8055 op_ret = s->bucket->put_info(this, false, real_time());
8056 if (op_ret < 0) {
8057 ldpp_dout(this, 0) << "NOTICE: put_bucket_info on bucket=" << s->bucket->get_name()
8058 << " returned err=" << op_ret << dendl;
8059 return;
8060 }
8061 s->bucket_attrs = s->bucket->get_attrs();
8062 }
8063
8064 int RGWGetBucketMetaSearch::verify_permission(optional_yield y)
8065 {
8066 if (!s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
8067 return -EACCES;
8068 }
8069
8070 return 0;
8071 }
8072
8073 void RGWGetBucketMetaSearch::pre_exec()
8074 {
8075 rgw_bucket_object_pre_exec(s);
8076 }
8077
8078 int RGWDelBucketMetaSearch::verify_permission(optional_yield y)
8079 {
8080 if (!s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
8081 return -EACCES;
8082 }
8083
8084 return 0;
8085 }
8086
8087 void RGWDelBucketMetaSearch::pre_exec()
8088 {
8089 rgw_bucket_object_pre_exec(s);
8090 }
8091
8092 void RGWDelBucketMetaSearch::execute(optional_yield y)
8093 {
8094 s->bucket->get_info().mdsearch_config.clear();
8095
8096 op_ret = s->bucket->put_info(this, false, real_time());
8097 if (op_ret < 0) {
8098 ldpp_dout(this, 0) << "NOTICE: put_bucket_info on bucket=" << s->bucket->get_name()
8099 << " returned err=" << op_ret << dendl;
8100 return;
8101 }
8102 s->bucket_attrs = s->bucket->get_attrs();
8103 }
8104
8105
8106 RGWHandler::~RGWHandler()
8107 {
8108 }
8109
8110 int RGWHandler::init(rgw::sal::Driver* _driver,
8111 req_state *_s,
8112 rgw::io::BasicClient *cio)
8113 {
8114 driver = _driver;
8115 s = _s;
8116
8117 return 0;
8118 }
8119
8120 int RGWHandler::do_init_permissions(const DoutPrefixProvider *dpp, optional_yield y)
8121 {
8122 int ret = rgw_build_bucket_policies(dpp, driver, s, y);
8123 if (ret < 0) {
8124 ldpp_dout(dpp, 10) << "init_permissions on " << s->bucket
8125 << " failed, ret=" << ret << dendl;
8126 return ret==-ENODATA ? -EACCES : ret;
8127 }
8128
8129 rgw_build_iam_environment(driver, s);
8130 return ret;
8131 }
8132
8133 int RGWHandler::do_read_permissions(RGWOp *op, bool only_bucket, optional_yield y)
8134 {
8135 if (only_bucket) {
8136 /* already read bucket info */
8137 return 0;
8138 }
8139 int ret = rgw_build_object_policies(op, driver, s, op->prefetch_data(), y);
8140
8141 if (ret < 0) {
8142 ldpp_dout(op, 10) << "read_permissions on " << s->bucket << ":"
8143 << s->object << " only_bucket=" << only_bucket
8144 << " ret=" << ret << dendl;
8145 if (ret == -ENODATA)
8146 ret = -EACCES;
8147 if (s->auth.identity->is_anonymous() && ret == -EACCES)
8148 ret = -EPERM;
8149 }
8150
8151 return ret;
8152 }
8153
8154 int RGWOp::error_handler(int err_no, string *error_content, optional_yield y) {
8155 return dialect_handler->error_handler(err_no, error_content, y);
8156 }
8157
8158 int RGWHandler::error_handler(int err_no, string *error_content, optional_yield) {
8159 // This is the do-nothing error handler
8160 return err_no;
8161 }
8162
8163 std::ostream& RGWOp::gen_prefix(std::ostream& out) const
8164 {
8165 // append <dialect>:<op name> to the prefix
8166 return s->gen_prefix(out) << s->dialect << ':' << name() << ' ';
8167 }
8168
8169 void RGWDefaultResponseOp::send_response() {
8170 if (op_ret) {
8171 set_req_state_err(s, op_ret);
8172 }
8173 dump_errno(s);
8174 end_header(s);
8175 }
8176
8177 void RGWPutBucketPolicy::send_response()
8178 {
8179 if (!op_ret) {
8180 /* A successful Put Bucket Policy should return a 204 on success */
8181 op_ret = STATUS_NO_CONTENT;
8182 }
8183 if (op_ret) {
8184 set_req_state_err(s, op_ret);
8185 }
8186 dump_errno(s);
8187 end_header(s);
8188 }
8189
8190 int RGWPutBucketPolicy::verify_permission(optional_yield y)
8191 {
8192 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8193 if (has_s3_resource_tag)
8194 rgw_iam_add_buckettags(this, s);
8195
8196 if (!verify_bucket_permission(this, s, rgw::IAM::s3PutBucketPolicy)) {
8197 return -EACCES;
8198 }
8199
8200 return 0;
8201 }
8202
8203 int RGWPutBucketPolicy::get_params(optional_yield y)
8204 {
8205 const auto max_size = s->cct->_conf->rgw_max_put_param_size;
8206 // At some point when I have more time I want to make a version of
8207 // rgw_rest_read_all_input that doesn't use malloc.
8208 std::tie(op_ret, data) = read_all_input(s, max_size, false);
8209
8210 // And throws exceptions.
8211 return op_ret;
8212 }
8213
8214 void RGWPutBucketPolicy::execute(optional_yield y)
8215 {
8216 op_ret = get_params(y);
8217 if (op_ret < 0) {
8218 return;
8219 }
8220
8221 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
8222 if (op_ret < 0) {
8223 ldpp_dout(this, 20) << "forward_request_to_master returned ret=" << op_ret << dendl;
8224 return;
8225 }
8226
8227 try {
8228 const Policy p(
8229 s->cct, s->bucket_tenant, data,
8230 s->cct->_conf.get_val<bool>("rgw_policy_reject_invalid_principals"));
8231 rgw::sal::Attrs attrs(s->bucket_attrs);
8232 if (s->bucket_access_conf &&
8233 s->bucket_access_conf->block_public_policy() &&
8234 rgw::IAM::is_public(p)) {
8235 op_ret = -EACCES;
8236 return;
8237 }
8238
8239 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [&p, this, &attrs] {
8240 attrs[RGW_ATTR_IAM_POLICY].clear();
8241 attrs[RGW_ATTR_IAM_POLICY].append(p.text);
8242 op_ret = s->bucket->merge_and_store_attrs(this, attrs, s->yield);
8243 return op_ret;
8244 });
8245 } catch (rgw::IAM::PolicyParseException& e) {
8246 ldpp_dout(this, 5) << "failed to parse policy: " << e.what() << dendl;
8247 op_ret = -EINVAL;
8248 s->err.message = e.what();
8249 }
8250 }
8251
8252 void RGWGetBucketPolicy::send_response()
8253 {
8254 if (op_ret) {
8255 set_req_state_err(s, op_ret);
8256 }
8257 dump_errno(s);
8258 end_header(s, this, "application/json");
8259 dump_body(s, policy);
8260 }
8261
8262 int RGWGetBucketPolicy::verify_permission(optional_yield y)
8263 {
8264 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8265 if (has_s3_resource_tag)
8266 rgw_iam_add_buckettags(this, s);
8267
8268 if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketPolicy)) {
8269 return -EACCES;
8270 }
8271
8272 return 0;
8273 }
8274
8275 void RGWGetBucketPolicy::execute(optional_yield y)
8276 {
8277 rgw::sal::Attrs attrs(s->bucket_attrs);
8278 auto aiter = attrs.find(RGW_ATTR_IAM_POLICY);
8279 if (aiter == attrs.end()) {
8280 ldpp_dout(this, 0) << "can't find bucket IAM POLICY attr bucket_name = "
8281 << s->bucket_name << dendl;
8282 op_ret = -ERR_NO_SUCH_BUCKET_POLICY;
8283 s->err.message = "The bucket policy does not exist";
8284 return;
8285 } else {
8286 policy = attrs[RGW_ATTR_IAM_POLICY];
8287
8288 if (policy.length() == 0) {
8289 ldpp_dout(this, 10) << "The bucket policy does not exist, bucket: "
8290 << s->bucket_name << dendl;
8291 op_ret = -ERR_NO_SUCH_BUCKET_POLICY;
8292 s->err.message = "The bucket policy does not exist";
8293 return;
8294 }
8295 }
8296 }
8297
8298 void RGWDeleteBucketPolicy::send_response()
8299 {
8300 if (op_ret) {
8301 set_req_state_err(s, op_ret);
8302 }
8303 dump_errno(s);
8304 end_header(s);
8305 }
8306
8307 int RGWDeleteBucketPolicy::verify_permission(optional_yield y)
8308 {
8309 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8310 if (has_s3_resource_tag)
8311 rgw_iam_add_buckettags(this, s);
8312
8313 if (!verify_bucket_permission(this, s, rgw::IAM::s3DeleteBucketPolicy)) {
8314 return -EACCES;
8315 }
8316
8317 return 0;
8318 }
8319
8320 void RGWDeleteBucketPolicy::execute(optional_yield y)
8321 {
8322 bufferlist data;
8323 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
8324 if (op_ret < 0) {
8325 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
8326 return;
8327 }
8328
8329 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
8330 rgw::sal::Attrs attrs(s->bucket_attrs);
8331 attrs.erase(RGW_ATTR_IAM_POLICY);
8332 op_ret = s->bucket->merge_and_store_attrs(this, attrs, s->yield);
8333 return op_ret;
8334 });
8335 }
8336
8337 void RGWPutBucketObjectLock::pre_exec()
8338 {
8339 rgw_bucket_object_pre_exec(s);
8340 }
8341
8342 int RGWPutBucketObjectLock::verify_permission(optional_yield y)
8343 {
8344 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8345 if (has_s3_resource_tag)
8346 rgw_iam_add_buckettags(this, s);
8347
8348 return verify_bucket_owner_or_policy(s, rgw::IAM::s3PutBucketObjectLockConfiguration);
8349 }
8350
8351 void RGWPutBucketObjectLock::execute(optional_yield y)
8352 {
8353 if (!s->bucket->get_info().obj_lock_enabled()) {
8354 s->err.message = "object lock configuration can't be set if bucket object lock not enabled";
8355 ldpp_dout(this, 4) << "ERROR: " << s->err.message << dendl;
8356 op_ret = -ERR_INVALID_BUCKET_STATE;
8357 return;
8358 }
8359
8360 RGWXMLDecoder::XMLParser parser;
8361 if (!parser.init()) {
8362 ldpp_dout(this, 0) << "ERROR: failed to initialize parser" << dendl;
8363 op_ret = -EINVAL;
8364 return;
8365 }
8366 op_ret = get_params(y);
8367 if (op_ret < 0) {
8368 return;
8369 }
8370 if (!parser.parse(data.c_str(), data.length(), 1)) {
8371 op_ret = -ERR_MALFORMED_XML;
8372 return;
8373 }
8374
8375 try {
8376 RGWXMLDecoder::decode_xml("ObjectLockConfiguration", obj_lock, &parser, true);
8377 } catch (RGWXMLDecoder::err& err) {
8378 ldpp_dout(this, 5) << "unexpected xml:" << err << dendl;
8379 op_ret = -ERR_MALFORMED_XML;
8380 return;
8381 }
8382 if (obj_lock.has_rule() && !obj_lock.retention_period_valid()) {
8383 s->err.message = "retention period must be a positive integer value";
8384 ldpp_dout(this, 4) << "ERROR: " << s->err.message << dendl;
8385 op_ret = -ERR_INVALID_RETENTION_PERIOD;
8386 return;
8387 }
8388
8389 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
8390 if (op_ret < 0) {
8391 ldpp_dout(this, 20) << __func__ << "forward_request_to_master returned ret=" << op_ret << dendl;
8392 return;
8393 }
8394
8395 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
8396 s->bucket->get_info().obj_lock = obj_lock;
8397 op_ret = s->bucket->put_info(this, false, real_time());
8398 return op_ret;
8399 });
8400 return;
8401 }
8402
8403 void RGWGetBucketObjectLock::pre_exec()
8404 {
8405 rgw_bucket_object_pre_exec(s);
8406 }
8407
8408 int RGWGetBucketObjectLock::verify_permission(optional_yield y)
8409 {
8410 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8411 if (has_s3_resource_tag)
8412 rgw_iam_add_buckettags(this, s);
8413
8414 return verify_bucket_owner_or_policy(s, rgw::IAM::s3GetBucketObjectLockConfiguration);
8415 }
8416
8417 void RGWGetBucketObjectLock::execute(optional_yield y)
8418 {
8419 if (!s->bucket->get_info().obj_lock_enabled()) {
8420 op_ret = -ERR_NO_SUCH_OBJECT_LOCK_CONFIGURATION;
8421 return;
8422 }
8423 }
8424
8425 int RGWPutObjRetention::verify_permission(optional_yield y)
8426 {
8427 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
8428 if (has_s3_existing_tag || has_s3_resource_tag)
8429 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
8430
8431 if (!verify_object_permission(this, s, rgw::IAM::s3PutObjectRetention)) {
8432 return -EACCES;
8433 }
8434 op_ret = get_params(y);
8435 if (op_ret) {
8436 return op_ret;
8437 }
8438 if (bypass_governance_mode) {
8439 bypass_perm = verify_object_permission(this, s, rgw::IAM::s3BypassGovernanceRetention);
8440 }
8441 return 0;
8442 }
8443
8444 void RGWPutObjRetention::pre_exec()
8445 {
8446 rgw_bucket_object_pre_exec(s);
8447 }
8448
8449 void RGWPutObjRetention::execute(optional_yield y)
8450 {
8451 if (!s->bucket->get_info().obj_lock_enabled()) {
8452 s->err.message = "object retention can't be set if bucket object lock not configured";
8453 ldpp_dout(this, 4) << "ERROR: " << s->err.message << dendl;
8454 op_ret = -ERR_INVALID_REQUEST;
8455 return;
8456 }
8457
8458 RGWXMLDecoder::XMLParser parser;
8459 if (!parser.init()) {
8460 ldpp_dout(this, 0) << "ERROR: failed to initialize parser" << dendl;
8461 op_ret = -EINVAL;
8462 return;
8463 }
8464
8465 if (!parser.parse(data.c_str(), data.length(), 1)) {
8466 op_ret = -ERR_MALFORMED_XML;
8467 return;
8468 }
8469
8470 try {
8471 RGWXMLDecoder::decode_xml("Retention", obj_retention, &parser, true);
8472 } catch (RGWXMLDecoder::err& err) {
8473 ldpp_dout(this, 5) << "unexpected xml:" << err << dendl;
8474 op_ret = -ERR_MALFORMED_XML;
8475 return;
8476 }
8477
8478 if (ceph::real_clock::to_time_t(obj_retention.get_retain_until_date()) < ceph_clock_now()) {
8479 s->err.message = "the retain-until date must be in the future";
8480 ldpp_dout(this, 0) << "ERROR: " << s->err.message << dendl;
8481 op_ret = -EINVAL;
8482 return;
8483 }
8484 bufferlist bl;
8485 obj_retention.encode(bl);
8486
8487 //check old retention
8488 op_ret = s->object->get_obj_attrs(s->yield, this);
8489 if (op_ret < 0) {
8490 ldpp_dout(this, 0) << "ERROR: get obj attr error"<< dendl;
8491 return;
8492 }
8493 rgw::sal::Attrs attrs = s->object->get_attrs();
8494 auto aiter = attrs.find(RGW_ATTR_OBJECT_RETENTION);
8495 if (aiter != attrs.end()) {
8496 RGWObjectRetention old_obj_retention;
8497 try {
8498 decode(old_obj_retention, aiter->second);
8499 } catch (buffer::error& err) {
8500 ldpp_dout(this, 0) << "ERROR: failed to decode RGWObjectRetention" << dendl;
8501 op_ret = -EIO;
8502 return;
8503 }
8504 if (ceph::real_clock::to_time_t(obj_retention.get_retain_until_date()) < ceph::real_clock::to_time_t(old_obj_retention.get_retain_until_date())) {
8505 if (old_obj_retention.get_mode().compare("GOVERNANCE") != 0 || !bypass_perm || !bypass_governance_mode) {
8506 s->err.message = "proposed retain-until date shortens an existing retention period and governance bypass check failed";
8507 op_ret = -EACCES;
8508 return;
8509 }
8510 } else if (old_obj_retention.get_mode() == obj_retention.get_mode()) {
8511 // ok if retention mode doesn't change
8512 } else if (obj_retention.get_mode() == "GOVERNANCE") {
8513 s->err.message = "can't change retention mode from COMPLIANCE to GOVERNANCE";
8514 op_ret = -EACCES;
8515 return;
8516 } else if (!bypass_perm || !bypass_governance_mode) {
8517 s->err.message = "can't change retention mode from GOVERNANCE without governance bypass";
8518 op_ret = -EACCES;
8519 return;
8520 }
8521 }
8522
8523 op_ret = s->object->modify_obj_attrs(RGW_ATTR_OBJECT_RETENTION, bl, s->yield, this);
8524
8525 return;
8526 }
8527
8528 int RGWGetObjRetention::verify_permission(optional_yield y)
8529 {
8530 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
8531 if (has_s3_existing_tag || has_s3_resource_tag)
8532 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
8533
8534 if (!verify_object_permission(this, s, rgw::IAM::s3GetObjectRetention)) {
8535 return -EACCES;
8536 }
8537 return 0;
8538 }
8539
8540 void RGWGetObjRetention::pre_exec()
8541 {
8542 rgw_bucket_object_pre_exec(s);
8543 }
8544
8545 void RGWGetObjRetention::execute(optional_yield y)
8546 {
8547 if (!s->bucket->get_info().obj_lock_enabled()) {
8548 s->err.message = "bucket object lock not configured";
8549 ldpp_dout(this, 4) << "ERROR: " << s->err.message << dendl;
8550 op_ret = -ERR_INVALID_REQUEST;
8551 return;
8552 }
8553 op_ret = s->object->get_obj_attrs(s->yield, this);
8554 if (op_ret < 0) {
8555 ldpp_dout(this, 0) << "ERROR: failed to get obj attrs, obj=" << s->object
8556 << " ret=" << op_ret << dendl;
8557 return;
8558 }
8559 rgw::sal::Attrs attrs = s->object->get_attrs();
8560 auto aiter = attrs.find(RGW_ATTR_OBJECT_RETENTION);
8561 if (aiter == attrs.end()) {
8562 op_ret = -ERR_NO_SUCH_OBJECT_LOCK_CONFIGURATION;
8563 return;
8564 }
8565
8566 bufferlist::const_iterator iter{&aiter->second};
8567 try {
8568 obj_retention.decode(iter);
8569 } catch (const buffer::error& e) {
8570 ldpp_dout(this, 0) << __func__ << "decode object retention config failed" << dendl;
8571 op_ret = -EIO;
8572 return;
8573 }
8574 return;
8575 }
8576
8577 int RGWPutObjLegalHold::verify_permission(optional_yield y)
8578 {
8579 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
8580 if (has_s3_existing_tag || has_s3_resource_tag)
8581 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
8582
8583 if (!verify_object_permission(this, s, rgw::IAM::s3PutObjectLegalHold)) {
8584 return -EACCES;
8585 }
8586 return 0;
8587 }
8588
8589 void RGWPutObjLegalHold::pre_exec()
8590 {
8591 rgw_bucket_object_pre_exec(s);
8592 }
8593
8594 void RGWPutObjLegalHold::execute(optional_yield y) {
8595 if (!s->bucket->get_info().obj_lock_enabled()) {
8596 s->err.message = "object legal hold can't be set if bucket object lock not enabled";
8597 ldpp_dout(this, 4) << "ERROR: " << s->err.message << dendl;
8598 op_ret = -ERR_INVALID_REQUEST;
8599 return;
8600 }
8601
8602 RGWXMLDecoder::XMLParser parser;
8603 if (!parser.init()) {
8604 ldpp_dout(this, 0) << "ERROR: failed to initialize parser" << dendl;
8605 op_ret = -EINVAL;
8606 return;
8607 }
8608
8609 op_ret = get_params(y);
8610 if (op_ret < 0)
8611 return;
8612
8613 if (!parser.parse(data.c_str(), data.length(), 1)) {
8614 op_ret = -ERR_MALFORMED_XML;
8615 return;
8616 }
8617
8618 try {
8619 RGWXMLDecoder::decode_xml("LegalHold", obj_legal_hold, &parser, true);
8620 } catch (RGWXMLDecoder::err &err) {
8621 ldpp_dout(this, 5) << "unexpected xml:" << err << dendl;
8622 op_ret = -ERR_MALFORMED_XML;
8623 return;
8624 }
8625 bufferlist bl;
8626 obj_legal_hold.encode(bl);
8627 //if instance is empty, we should modify the latest object
8628 op_ret = s->object->modify_obj_attrs(RGW_ATTR_OBJECT_LEGAL_HOLD, bl, s->yield, this);
8629 return;
8630 }
8631
8632 int RGWGetObjLegalHold::verify_permission(optional_yield y)
8633 {
8634 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s);
8635 if (has_s3_existing_tag || has_s3_resource_tag)
8636 rgw_iam_add_objtags(this, s, has_s3_existing_tag, has_s3_resource_tag);
8637
8638 if (!verify_object_permission(this, s, rgw::IAM::s3GetObjectLegalHold)) {
8639 return -EACCES;
8640 }
8641 return 0;
8642 }
8643
8644 void RGWGetObjLegalHold::pre_exec()
8645 {
8646 rgw_bucket_object_pre_exec(s);
8647 }
8648
8649 void RGWGetObjLegalHold::execute(optional_yield y)
8650 {
8651 if (!s->bucket->get_info().obj_lock_enabled()) {
8652 s->err.message = "bucket object lock not configured";
8653 ldpp_dout(this, 4) << "ERROR: " << s->err.message << dendl;
8654 op_ret = -ERR_INVALID_REQUEST;
8655 return;
8656 }
8657 map<string, bufferlist> attrs;
8658 op_ret = s->object->get_obj_attrs(s->yield, this);
8659 if (op_ret < 0) {
8660 ldpp_dout(this, 0) << "ERROR: failed to get obj attrs, obj=" << s->object
8661 << " ret=" << op_ret << dendl;
8662 return;
8663 }
8664 auto aiter = s->object->get_attrs().find(RGW_ATTR_OBJECT_LEGAL_HOLD);
8665 if (aiter == s->object->get_attrs().end()) {
8666 op_ret = -ERR_NO_SUCH_OBJECT_LOCK_CONFIGURATION;
8667 return;
8668 }
8669
8670 bufferlist::const_iterator iter{&aiter->second};
8671 try {
8672 obj_legal_hold.decode(iter);
8673 } catch (const buffer::error& e) {
8674 ldpp_dout(this, 0) << __func__ << "decode object legal hold config failed" << dendl;
8675 op_ret = -EIO;
8676 return;
8677 }
8678 return;
8679 }
8680
8681 void RGWGetClusterStat::execute(optional_yield y)
8682 {
8683 op_ret = driver->cluster_stat(stats_op);
8684 }
8685
8686 int RGWGetBucketPolicyStatus::verify_permission(optional_yield y)
8687 {
8688 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8689 if (has_s3_resource_tag)
8690 rgw_iam_add_buckettags(this, s);
8691
8692 if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketPolicyStatus)) {
8693 return -EACCES;
8694 }
8695
8696 return 0;
8697 }
8698
8699 void RGWGetBucketPolicyStatus::execute(optional_yield y)
8700 {
8701 isPublic = (s->iam_policy && rgw::IAM::is_public(*s->iam_policy)) || s->bucket_acl->is_public(this);
8702 }
8703
8704 int RGWPutBucketPublicAccessBlock::verify_permission(optional_yield y)
8705 {
8706 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8707 if (has_s3_resource_tag)
8708 rgw_iam_add_buckettags(this, s);
8709
8710 if (!verify_bucket_permission(this, s, rgw::IAM::s3PutBucketPublicAccessBlock)) {
8711 return -EACCES;
8712 }
8713
8714 return 0;
8715 }
8716
8717 int RGWPutBucketPublicAccessBlock::get_params(optional_yield y)
8718 {
8719 const auto max_size = s->cct->_conf->rgw_max_put_param_size;
8720 std::tie(op_ret, data) = read_all_input(s, max_size, false);
8721 return op_ret;
8722 }
8723
8724 void RGWPutBucketPublicAccessBlock::execute(optional_yield y)
8725 {
8726 RGWXMLDecoder::XMLParser parser;
8727 if (!parser.init()) {
8728 ldpp_dout(this, 0) << "ERROR: failed to initialize parser" << dendl;
8729 op_ret = -EINVAL;
8730 return;
8731 }
8732
8733 op_ret = get_params(y);
8734 if (op_ret < 0)
8735 return;
8736
8737 if (!parser.parse(data.c_str(), data.length(), 1)) {
8738 ldpp_dout(this, 0) << "ERROR: malformed XML" << dendl;
8739 op_ret = -ERR_MALFORMED_XML;
8740 return;
8741 }
8742
8743 try {
8744 RGWXMLDecoder::decode_xml("PublicAccessBlockConfiguration", access_conf, &parser, true);
8745 } catch (RGWXMLDecoder::err &err) {
8746 ldpp_dout(this, 5) << "unexpected xml:" << err << dendl;
8747 op_ret = -ERR_MALFORMED_XML;
8748 return;
8749 }
8750
8751 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
8752 if (op_ret < 0) {
8753 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
8754 return;
8755 }
8756
8757 bufferlist bl;
8758 access_conf.encode(bl);
8759 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, &bl] {
8760 rgw::sal::Attrs attrs(s->bucket_attrs);
8761 attrs[RGW_ATTR_PUBLIC_ACCESS] = bl;
8762 return s->bucket->merge_and_store_attrs(this, attrs, s->yield);
8763 });
8764
8765 }
8766
8767 int RGWGetBucketPublicAccessBlock::verify_permission(optional_yield y)
8768 {
8769 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8770 if (has_s3_resource_tag)
8771 rgw_iam_add_buckettags(this, s);
8772
8773 if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketPolicy)) {
8774 return -EACCES;
8775 }
8776
8777 return 0;
8778 }
8779
8780 void RGWGetBucketPublicAccessBlock::execute(optional_yield y)
8781 {
8782 auto attrs = s->bucket_attrs;
8783 if (auto aiter = attrs.find(RGW_ATTR_PUBLIC_ACCESS);
8784 aiter == attrs.end()) {
8785 ldpp_dout(this, 0) << "can't find bucket IAM POLICY attr bucket_name = "
8786 << s->bucket_name << dendl;
8787 // return the default;
8788 return;
8789 } else {
8790 bufferlist::const_iterator iter{&aiter->second};
8791 try {
8792 access_conf.decode(iter);
8793 } catch (const buffer::error& e) {
8794 ldpp_dout(this, 0) << __func__ << "decode access_conf failed" << dendl;
8795 op_ret = -EIO;
8796 return;
8797 }
8798 }
8799 }
8800
8801
8802 void RGWDeleteBucketPublicAccessBlock::send_response()
8803 {
8804 if (op_ret) {
8805 set_req_state_err(s, op_ret);
8806 }
8807 dump_errno(s);
8808 end_header(s);
8809 }
8810
8811 int RGWDeleteBucketPublicAccessBlock::verify_permission(optional_yield y)
8812 {
8813 auto [has_s3_existing_tag, has_s3_resource_tag] = rgw_check_policy_condition(this, s, false);
8814 if (has_s3_resource_tag)
8815 rgw_iam_add_buckettags(this, s);
8816
8817 if (!verify_bucket_permission(this, s, rgw::IAM::s3PutBucketPublicAccessBlock)) {
8818 return -EACCES;
8819 }
8820
8821 return 0;
8822 }
8823
8824 void RGWDeleteBucketPublicAccessBlock::execute(optional_yield y)
8825 {
8826 bufferlist data;
8827 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
8828 if (op_ret < 0) {
8829 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
8830 return;
8831 }
8832
8833 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this] {
8834 rgw::sal::Attrs attrs(s->bucket_attrs);
8835 attrs.erase(RGW_ATTR_PUBLIC_ACCESS);
8836 op_ret = s->bucket->merge_and_store_attrs(this, attrs, s->yield);
8837 return op_ret;
8838 });
8839 }
8840
8841 int RGWPutBucketEncryption::get_params(optional_yield y)
8842 {
8843 const auto max_size = s->cct->_conf->rgw_max_put_param_size;
8844 std::tie(op_ret, data) = read_all_input(s, max_size, false);
8845 return op_ret;
8846 }
8847
8848 int RGWPutBucketEncryption::verify_permission(optional_yield y)
8849 {
8850 if (!verify_bucket_permission(this, s, rgw::IAM::s3PutBucketEncryption)) {
8851 return -EACCES;
8852 }
8853 return 0;
8854 }
8855
8856 void RGWPutBucketEncryption::execute(optional_yield y)
8857 {
8858 RGWXMLDecoder::XMLParser parser;
8859 if (!parser.init()) {
8860 ldpp_dout(this, 0) << "ERROR: failed to initialize parser" << dendl;
8861 op_ret = -EINVAL;
8862 return;
8863 }
8864 op_ret = get_params(y);
8865 if (op_ret < 0) {
8866 return;
8867 }
8868 if (!parser.parse(data.c_str(), data.length(), 1)) {
8869 ldpp_dout(this, 0) << "ERROR: malformed XML" << dendl;
8870 op_ret = -ERR_MALFORMED_XML;
8871 return;
8872 }
8873
8874 try {
8875 RGWXMLDecoder::decode_xml("ServerSideEncryptionConfiguration", bucket_encryption_conf, &parser, true);
8876 } catch (RGWXMLDecoder::err& err) {
8877 ldpp_dout(this, 5) << "unexpected xml:" << err << dendl;
8878 op_ret = -ERR_MALFORMED_XML;
8879 return;
8880 }
8881
8882 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
8883 if (op_ret < 0) {
8884 ldpp_dout(this, 20) << "forward_request_to_master returned ret=" << op_ret << dendl;
8885 return;
8886 }
8887
8888 bufferlist conf_bl;
8889 bucket_encryption_conf.encode(conf_bl);
8890 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, y, &conf_bl] {
8891 rgw::sal::Attrs attrs = s->bucket->get_attrs();
8892 attrs[RGW_ATTR_BUCKET_ENCRYPTION_POLICY] = conf_bl;
8893 return s->bucket->merge_and_store_attrs(this, attrs, y);
8894 });
8895 }
8896
8897 int RGWGetBucketEncryption::verify_permission(optional_yield y)
8898 {
8899 if (!verify_bucket_permission(this, s, rgw::IAM::s3GetBucketEncryption)) {
8900 return -EACCES;
8901 }
8902 return 0;
8903 }
8904
8905 void RGWGetBucketEncryption::execute(optional_yield y)
8906 {
8907 const auto& attrs = s->bucket_attrs;
8908 if (auto aiter = attrs.find(RGW_ATTR_BUCKET_ENCRYPTION_POLICY);
8909 aiter == attrs.end()) {
8910 ldpp_dout(this, 0) << "can't find BUCKET ENCRYPTION attr for bucket_name = " << s->bucket_name << dendl;
8911 op_ret = -ENOENT;
8912 s->err.message = "The server side encryption configuration was not found";
8913 return;
8914 } else {
8915 bufferlist::const_iterator iter{&aiter->second};
8916 try {
8917 bucket_encryption_conf.decode(iter);
8918 } catch (const buffer::error& e) {
8919 ldpp_dout(this, 0) << __func__ << "decode bucket_encryption_conf failed" << dendl;
8920 op_ret = -EIO;
8921 return;
8922 }
8923 }
8924 }
8925
8926 int RGWDeleteBucketEncryption::verify_permission(optional_yield y)
8927 {
8928 if (!verify_bucket_permission(this, s, rgw::IAM::s3PutBucketEncryption)) {
8929 return -EACCES;
8930 }
8931 return 0;
8932 }
8933
8934 void RGWDeleteBucketEncryption::execute(optional_yield y)
8935 {
8936 bufferlist data;
8937 op_ret = driver->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
8938 if (op_ret < 0) {
8939 ldpp_dout(this, 0) << "forward_request_to_master returned ret=" << op_ret << dendl;
8940 return;
8941 }
8942
8943 op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, y] {
8944 rgw::sal::Attrs attrs = s->bucket->get_attrs();
8945 attrs.erase(RGW_ATTR_BUCKET_ENCRYPTION_POLICY);
8946 attrs.erase(RGW_ATTR_BUCKET_ENCRYPTION_KEY_ID);
8947 op_ret = s->bucket->merge_and_store_attrs(this, attrs, y);
8948 return op_ret;
8949 });
8950 }
8951
8952 void rgw_slo_entry::decode_json(JSONObj *obj)
8953 {
8954 JSONDecoder::decode_json("path", path, obj);
8955 JSONDecoder::decode_json("etag", etag, obj);
8956 JSONDecoder::decode_json("size_bytes", size_bytes, obj);
8957 };
8958
Ceph