1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #include "rgw_common.h"
5 #include "rgw_rest_client.h"
6 #include "rgw_auth_s3.h"
7 #include "rgw_http_errors.h"
10 #include "common/ceph_crypto_cms.h"
11 #include "common/armor.h"
12 #include "common/strtol.h"
13 #include "include/str_list.h"
14 #include "rgw_crypt_sanitize.h"
16 #define dout_context g_ceph_context
17 #define dout_subsys ceph_subsys_rgw
19 int RGWRESTSimpleRequest::get_status()
21 int retcode
= get_req_retcode();
28 int RGWRESTSimpleRequest::handle_header(const string
& name
, const string
& val
)
30 if (name
== "CONTENT_LENGTH") {
32 long len
= strict_strtol(val
.c_str(), 10, &err
);
34 ldout(cct
, 0) << "ERROR: failed converting content length (" << val
<< ") to int " << dendl
;
44 int RGWRESTSimpleRequest::receive_header(void *ptr
, size_t len
)
48 char *s
= (char *)ptr
, *end
= (char *)ptr
+ len
;
50 ldout(cct
, 10) << "receive_http_header" << dendl
;
59 ldout(cct
, 10) << "received header:" << line
<< dendl
;
60 // TODO: fill whatever data required here
62 char *tok
= strsep(&l
, " \t:");
67 if (strcmp(tok
, "HTTP") == 0 || strncmp(tok
, "HTTP/", 5) == 0) {
68 http_status
= atoi(l
);
69 if (http_status
== 100) /* 100-continue response */
71 status
= rgw_http_error_to_errno(http_status
);
73 /* convert header field name to upper case */
77 for (i
= 0; i
< len
&& *src
; ++i
, ++src
) {
83 buf
[i
] = toupper(*src
);
88 int r
= handle_header(buf
, l
);
100 static void get_new_date_str(string
& date_str
)
102 utime_t tm
= ceph_clock_now();
108 int RGWRESTSimpleRequest::execute(RGWAccessKey
& key
, const char *method
, const char *resource
)
110 string new_url
= url
;
111 string new_resource
= resource
;
113 if (new_url
[new_url
.size() - 1] == '/' && resource
[0] == '/') {
114 new_url
= new_url
.substr(0, new_url
.size() - 1);
115 } else if (resource
[0] != '/') {
117 new_resource
.append(resource
);
119 new_url
.append(new_resource
);
122 get_new_date_str(date_str
);
123 headers
.push_back(pair
<string
, string
>("HTTP_DATE", date_str
));
125 string canonical_header
;
126 map
<string
, string
> meta_map
;
127 map
<string
, string
> sub_resources
;
128 rgw_create_s3_canonical_header(method
, NULL
, NULL
, date_str
.c_str(),
129 meta_map
, new_url
.c_str(), sub_resources
,
134 digest
= rgw::auth::s3::get_v2_signature(cct
, key
.key
, canonical_header
);
139 string auth_hdr
= "AWS " + key
.id
+ ":" + digest
;
141 ldout(cct
, 15) << "generated auth header: " << auth_hdr
<< dendl
;
143 headers
.push_back(pair
<string
, string
>("AUTHORIZATION", auth_hdr
));
144 int r
= process(method
, new_url
.c_str());
151 int RGWRESTSimpleRequest::send_data(void *ptr
, size_t len
)
156 if (len
> send_iter
->get_remaining())
157 len
= send_iter
->get_remaining();
159 send_iter
->copy(len
, (char *)ptr
);
164 int RGWRESTSimpleRequest::receive_data(void *ptr
, size_t len
)
166 size_t cp_len
, left_len
;
168 left_len
= max_response
> response
.length() ? (max_response
- response
.length()) : 0;
170 return 0; /* don't read extra data */
172 cp_len
= (len
> left_len
) ? left_len
: len
;
173 bufferptr
p((char *)ptr
, cp_len
);
181 void RGWRESTSimpleRequest::append_param(string
& dest
, const string
& name
, const string
& val
)
189 url_encode(name
, url_name
);
190 dest
.append(url_name
);
194 url_encode(val
, url_val
);
196 dest
.append(url_val
);
200 void RGWRESTSimpleRequest::get_params_str(map
<string
, string
>& extra_args
, string
& dest
)
202 map
<string
, string
>::iterator miter
;
203 for (miter
= extra_args
.begin(); miter
!= extra_args
.end(); ++miter
) {
204 append_param(dest
, miter
->first
, miter
->second
);
206 param_vec_t::iterator iter
;
207 for (iter
= params
.begin(); iter
!= params
.end(); ++iter
) {
208 append_param(dest
, iter
->first
, iter
->second
);
212 int RGWRESTSimpleRequest::sign_request(RGWAccessKey
& key
, RGWEnv
& env
, req_info
& info
)
214 /* don't sign if no key is provided */
215 if (key
.key
.empty()) {
219 if (cct
->_conf
->subsys
.should_gather(ceph_subsys_rgw
, 20)) {
220 for (const auto& i
: env
.get_map()) {
221 ldout(cct
, 20) << "> " << i
.first
<< " -> " << rgw::crypt_sanitize::x_meta_map
{i
.first
, i
.second
} << dendl
;
225 string canonical_header
;
226 if (!rgw_create_s3_canonical_header(info
, NULL
, canonical_header
, false)) {
227 ldout(cct
, 0) << "failed to create canonical s3 header" << dendl
;
231 ldout(cct
, 10) << "generated canonical header: " << canonical_header
<< dendl
;
235 digest
= rgw::auth::s3::get_v2_signature(cct
, key
.key
, canonical_header
);
240 string auth_hdr
= "AWS " + key
.id
+ ":" + digest
;
241 ldout(cct
, 15) << "generated auth header: " << auth_hdr
<< dendl
;
243 env
.set("AUTHORIZATION", auth_hdr
);
248 int RGWRESTSimpleRequest::forward_request(RGWAccessKey
& key
, req_info
& info
, size_t max_response
, bufferlist
*inbl
, bufferlist
*outbl
)
252 get_new_date_str(date_str
);
255 req_info
new_info(cct
, &new_env
);
256 new_info
.rebuild_from(info
);
258 new_env
.set("HTTP_DATE", date_str
.c_str());
260 int ret
= sign_request(key
, new_env
, new_info
);
262 ldout(cct
, 0) << "ERROR: failed to sign request" << dendl
;
266 for (const auto& kv
: new_env
.get_map()) {
267 headers
.emplace_back(kv
);
270 map
<string
, string
>& meta_map
= new_info
.x_meta_map
;
271 for (const auto& kv
: meta_map
) {
272 headers
.emplace_back(kv
);
276 get_params_str(info
.args
.get_params(), params_str
);
278 string new_url
= url
;
279 string
& resource
= new_info
.request_uri
;
280 string new_resource
= resource
;
281 if (new_url
[new_url
.size() - 1] == '/' && resource
[0] == '/') {
282 new_url
= new_url
.substr(0, new_url
.size() - 1);
283 } else if (resource
[0] != '/') {
285 new_resource
.append(resource
);
287 new_url
.append(new_resource
+ params_str
);
289 bufferlist::iterator bliter
;
292 bliter
= inbl
->begin();
295 set_send_length(inbl
->length());
298 int r
= process(new_info
.method
, new_url
.c_str());
301 // curl_easy has errored, generally means the service is not available
302 r
= -ERR_SERVICE_UNAVAILABLE
;
307 response
.append((char)0); /* NULL terminate response */
310 outbl
->claim(response
);
316 class RGWRESTStreamOutCB
: public RGWGetDataCB
{
317 RGWRESTStreamWriteRequest
*req
;
319 explicit RGWRESTStreamOutCB(RGWRESTStreamWriteRequest
*_req
) : req(_req
) {}
320 int handle_data(bufferlist
& bl
, off_t bl_ofs
, off_t bl_len
) override
; /* callback for object iteration when sending data */
323 int RGWRESTStreamOutCB::handle_data(bufferlist
& bl
, off_t bl_ofs
, off_t bl_len
)
325 dout(20) << "RGWRESTStreamOutCB::handle_data bl.length()=" << bl
.length() << " bl_ofs=" << bl_ofs
<< " bl_len=" << bl_len
<< dendl
;
326 if (!bl_ofs
&& bl_len
== bl
.length()) {
327 return req
->add_output_data(bl
);
330 bufferptr
bp(bl
.c_str() + bl_ofs
, bl_len
);
332 new_bl
.push_back(bp
);
334 return req
->add_output_data(new_bl
);
337 RGWRESTStreamWriteRequest::~RGWRESTStreamWriteRequest()
342 int RGWRESTStreamWriteRequest::add_output_data(bufferlist
& bl
)
350 pending_send
.push_back(bl
);
354 return http_manager
.process_requests(false, &done
);
357 static void grants_by_type_add_one_grant(map
<int, string
>& grants_by_type
, int perm
, ACLGrant
& grant
)
359 string
& s
= grants_by_type
[perm
];
365 ACLGranteeType
& type
= grant
.get_type();
366 switch (type
.get_type()) {
370 case ACL_TYPE_EMAIL_USER
:
371 id_type_str
= "emailAddress";
378 s
.append(id_type_str
+ "=\"" + id
.to_str() + "\"");
381 struct grant_type_to_header
{
386 struct grant_type_to_header grants_headers_def
[] = {
387 { RGW_PERM_FULL_CONTROL
, "x-amz-grant-full-control"},
388 { RGW_PERM_READ
, "x-amz-grant-read"},
389 { RGW_PERM_WRITE
, "x-amz-grant-write"},
390 { RGW_PERM_READ_ACP
, "x-amz-grant-read-acp"},
391 { RGW_PERM_WRITE_ACP
, "x-amz-grant-write-acp"},
395 static bool grants_by_type_check_perm(map
<int, string
>& grants_by_type
, int perm
, ACLGrant
& grant
, int check_perm
)
397 if ((perm
& check_perm
) == perm
) {
398 grants_by_type_add_one_grant(grants_by_type
, check_perm
, grant
);
404 static void grants_by_type_add_perm(map
<int, string
>& grants_by_type
, int perm
, ACLGrant
& grant
)
406 struct grant_type_to_header
*t
;
408 for (t
= grants_headers_def
; t
->header
; t
++) {
409 if (grants_by_type_check_perm(grants_by_type
, perm
, grant
, t
->type
))
414 static void add_grants_headers(map
<int, string
>& grants
, RGWEnv
& env
, map
<string
, string
>& meta_map
)
416 struct grant_type_to_header
*t
;
418 for (t
= grants_headers_def
; t
->header
; t
++) {
419 map
<int, string
>::iterator iter
= grants
.find(t
->type
);
420 if (iter
!= grants
.end()) {
421 env
.set(t
->header
,iter
->second
);
422 meta_map
[t
->header
] = iter
->second
;
427 int RGWRESTStreamWriteRequest::put_obj_init(RGWAccessKey
& key
, rgw_obj
& obj
, uint64_t obj_size
, map
<string
, bufferlist
>& attrs
)
429 string resource
= obj
.bucket
.name
+ "/" + obj
.get_oid();
430 string new_url
= url
;
431 if (new_url
[new_url
.size() - 1] != '/')
435 get_new_date_str(date_str
);
438 req_info
new_info(cct
, &new_env
);
441 map
<string
, string
>& args
= new_info
.args
.get_params();
442 get_params_str(args
, params_str
);
444 new_url
.append(resource
+ params_str
);
446 new_env
.set("HTTP_DATE", date_str
.c_str());
448 new_info
.method
= "PUT";
450 new_info
.script_uri
= "/";
451 new_info
.script_uri
.append(resource
);
452 new_info
.request_uri
= new_info
.script_uri
;
454 /* merge send headers */
455 for (auto& attr
: attrs
) {
456 bufferlist
& bl
= attr
.second
;
457 const string
& name
= attr
.first
;
458 string val
= bl
.c_str();
459 if (name
.compare(0, sizeof(RGW_ATTR_META_PREFIX
) - 1, RGW_ATTR_META_PREFIX
) == 0) {
460 string header_name
= RGW_AMZ_META_PREFIX
;
461 header_name
.append(name
.substr(sizeof(RGW_ATTR_META_PREFIX
) - 1));
462 new_env
.set(header_name
, val
);
463 new_info
.x_meta_map
[header_name
] = val
;
466 RGWAccessControlPolicy policy
;
467 int ret
= rgw_policy_from_attrset(cct
, attrs
, &policy
);
469 ldout(cct
, 0) << "ERROR: couldn't get policy ret=" << ret
<< dendl
;
473 /* update acl headers */
474 RGWAccessControlList
& acl
= policy
.get_acl();
475 multimap
<string
, ACLGrant
>& grant_map
= acl
.get_grant_map();
476 multimap
<string
, ACLGrant
>::iterator giter
;
477 map
<int, string
> grants_by_type
;
478 for (giter
= grant_map
.begin(); giter
!= grant_map
.end(); ++giter
) {
479 ACLGrant
& grant
= giter
->second
;
480 ACLPermission
& perm
= grant
.get_permission();
481 grants_by_type_add_perm(grants_by_type
, perm
.get_permissions(), grant
);
483 add_grants_headers(grants_by_type
, new_env
, new_info
.x_meta_map
);
484 ret
= sign_request(key
, new_env
, new_info
);
486 ldout(cct
, 0) << "ERROR: failed to sign request" << dendl
;
490 for (const auto& kv
: new_env
.get_map()) {
491 headers
.emplace_back(kv
);
494 cb
= new RGWRESTStreamOutCB(this);
496 set_send_length(obj_size
);
498 int r
= http_manager
.add_request(this, new_info
.method
, new_url
.c_str());
505 int RGWRESTStreamWriteRequest::send_data(void *ptr
, size_t len
)
509 dout(20) << "RGWRESTStreamWriteRequest::send_data()" << dendl
;
511 if (pending_send
.empty() || status
< 0) {
516 list
<bufferlist
>::iterator iter
= pending_send
.begin();
517 while (iter
!= pending_send
.end() && len
> 0) {
518 bufferlist
& bl
= *iter
;
520 list
<bufferlist
>::iterator next_iter
= iter
;
524 uint64_t send_len
= min(len
, (size_t)bl
.length());
526 memcpy(ptr
, bl
.c_str(), send_len
);
528 ptr
= (char *)ptr
+ send_len
;
535 if (bl
.length() > send_len
) {
536 bufferptr
bp(bl
.c_str() + send_len
, bl
.length() - send_len
);
539 pending_send
.pop_front(); /* need to do this after we copy data from bl */
540 if (new_bl
.length()) {
541 pending_send
.push_front(new_bl
);
551 void set_str_from_headers(map
<string
, string
>& out_headers
, const string
& header_name
, string
& str
)
553 map
<string
, string
>::iterator iter
= out_headers
.find(header_name
);
554 if (iter
!= out_headers
.end()) {
561 static int parse_rgwx_mtime(CephContext
*cct
, const string
& s
, ceph::real_time
*rt
)
566 get_str_vec(s
, ".", vec
);
572 long secs
= strict_strtol(vec
[0].c_str(), 10, &err
);
575 ldout(cct
, 0) << "ERROR: failed converting mtime (" << s
<< ") to real_time " << dendl
;
579 if (vec
.size() > 1) {
580 nsecs
= strict_strtol(vec
[1].c_str(), 10, &err
);
582 ldout(cct
, 0) << "ERROR: failed converting mtime (" << s
<< ") to real_time " << dendl
;
587 *rt
= utime_t(secs
, nsecs
).to_real_time();
592 int RGWRESTStreamWriteRequest::complete(string
& etag
, real_time
*mtime
)
594 int ret
= http_manager
.complete_requests();
598 set_str_from_headers(out_headers
, "ETAG", etag
);
602 set_str_from_headers(out_headers
, "RGWX_MTIME", mtime_str
);
604 ret
= parse_rgwx_mtime(cct
, mtime_str
, mtime
);
612 int RGWRESTStreamRWRequest::send_request(RGWAccessKey
& key
, map
<string
, string
>& extra_headers
, rgw_obj
& obj
, RGWHTTPManager
*mgr
)
614 string urlsafe_bucket
, urlsafe_object
;
615 url_encode(obj
.bucket
.get_key(':', 0), urlsafe_bucket
);
616 url_encode(obj
.key
.name
, urlsafe_object
);
617 string resource
= urlsafe_bucket
+ "/" + urlsafe_object
;
619 return send_request(&key
, extra_headers
, resource
, nullptr, mgr
);
622 int RGWRESTStreamRWRequest::send_request(RGWAccessKey
*key
, map
<string
, string
>& extra_headers
, const string
& resource
,
623 bufferlist
*send_data
, RGWHTTPManager
*mgr
)
625 string new_url
= url
;
626 if (new_url
[new_url
.size() - 1] != '/')
630 get_new_date_str(date_str
);
633 req_info
new_info(cct
, &new_env
);
636 map
<string
, string
>& args
= new_info
.args
.get_params();
637 get_params_str(args
, params_str
);
639 /* merge params with extra args so that we can sign correctly */
640 for (param_vec_t::iterator iter
= params
.begin(); iter
!= params
.end(); ++iter
) {
641 new_info
.args
.append(iter
->first
, iter
->second
);
645 if (resource
[0] == '/') {
646 new_resource
= resource
.substr(1);
648 new_resource
= resource
;
651 new_url
.append(new_resource
+ params_str
);
653 new_env
.set("HTTP_DATE", date_str
.c_str());
655 for (map
<string
, string
>::iterator iter
= extra_headers
.begin();
656 iter
!= extra_headers
.end(); ++iter
) {
657 new_env
.set(iter
->first
.c_str(), iter
->second
.c_str());
660 new_info
.method
= method
;
662 new_info
.script_uri
= "/";
663 new_info
.script_uri
.append(new_resource
);
664 new_info
.request_uri
= new_info
.script_uri
;
666 new_info
.init_meta_info(NULL
);
669 int ret
= sign_request(*key
, new_env
, new_info
);
671 ldout(cct
, 0) << "ERROR: failed to sign request" << dendl
;
676 for (const auto& kv
: new_env
.get_map()) {
677 headers
.emplace_back(kv
);
680 bool send_data_hint
= false;
682 outbl
.claim(*send_data
);
683 send_data_hint
= true;
686 RGWHTTPManager
*pmanager
= &http_manager
;
691 int r
= pmanager
->add_request(this, new_info
.method
, new_url
.c_str(), send_data_hint
);
696 r
= pmanager
->complete_requests();
704 int RGWRESTStreamRWRequest::complete_request(string
& etag
, real_time
*mtime
, uint64_t *psize
, map
<string
, string
>& attrs
)
706 set_str_from_headers(out_headers
, "ETAG", etag
);
710 set_str_from_headers(out_headers
, "RGWX_MTIME", mtime_str
);
711 if (!mtime_str
.empty()) {
712 int ret
= parse_rgwx_mtime(cct
, mtime_str
, mtime
);
717 *mtime
= real_time();
722 set_str_from_headers(out_headers
, "RGWX_OBJECT_SIZE", size_str
);
724 *psize
= strict_strtoll(size_str
.c_str(), 10, &err
);
726 ldout(cct
, 0) << "ERROR: failed parsing embedded metadata object size (" << size_str
<< ") to int " << dendl
;
732 map
<string
, string
>::iterator iter
;
733 for (iter
= out_headers
.begin(); iter
!= out_headers
.end(); ++iter
) {
734 const string
& attr_name
= iter
->first
;
735 if (attr_name
.compare(0, sizeof(RGW_HTTP_RGWX_ATTR_PREFIX
) - 1, RGW_HTTP_RGWX_ATTR_PREFIX
) == 0) {
736 string name
= attr_name
.substr(sizeof(RGW_HTTP_RGWX_ATTR_PREFIX
) - 1);
737 const char *src
= name
.c_str();
738 char buf
[name
.size() + 1];
740 for (; *src
; ++src
, ++dest
) {
746 *dest
= tolower(*src
);
750 attrs
[buf
] = iter
->second
;
756 int RGWRESTStreamRWRequest::handle_header(const string
& name
, const string
& val
)
758 if (name
== "RGWX_EMBEDDED_METADATA_LEN") {
760 long len
= strict_strtol(val
.c_str(), 10, &err
);
762 ldout(cct
, 0) << "ERROR: failed converting embedded metadata len (" << val
<< ") to int " << dendl
;
766 cb
->set_extra_data_len(len
);
771 int RGWRESTStreamRWRequest::receive_data(void *ptr
, size_t len
)
773 bufferptr
bp((const char *)ptr
, len
);
776 int ret
= cb
->handle_data(bl
, ofs
, len
);
783 int RGWRESTStreamRWRequest::send_data(void *ptr
, size_t len
)
785 if (outbl
.length() == 0) {
789 uint64_t send_size
= min(len
, (size_t)(outbl
.length() - write_ofs
));
791 memcpy(ptr
, outbl
.c_str() + write_ofs
, send_size
);
792 write_ofs
+= send_size
;
797 class StreamIntoBufferlist
: public RGWGetDataCB
{
800 StreamIntoBufferlist(bufferlist
& _bl
) : bl(_bl
) {}
801 int handle_data(bufferlist
& inbl
, off_t bl_ofs
, off_t bl_len
) override
{
802 bl
.claim_append(inbl
);