* ?get the canonical representation of the object's location
*/
static std::string
-get_canon_resource(const char* const request_uri,
+get_canon_resource(const DoutPrefixProvider *dpp, const char* const request_uri,
const std::map<std::string, std::string>& sub_resources)
{
std::string dest;
}
}
- dout(10) << "get_canon_resource(): dest=" << dest << dendl;
+ ldpp_dout(dpp, 10) << "get_canon_resource(): dest=" << dest << dendl;
return dest;
}
* compute a request's signature
*/
void rgw_create_s3_canonical_header(
+ const DoutPrefixProvider *dpp,
const char* const method,
const char* const content_md5,
const char* const content_type,
dest.append(get_canon_amz_hdr(meta_map));
dest.append(get_canon_amz_hdr(qs_map));
- dest.append(get_canon_resource(request_uri, sub_resources));
+ dest.append(get_canon_resource(dpp, request_uri, sub_resources));
dest_str = dest;
}
* get the header authentication information required to
* compute a request's signature
*/
-bool rgw_create_s3_canonical_header(const req_info& info,
+bool rgw_create_s3_canonical_header(const DoutPrefixProvider *dpp,
+ const req_info& info,
utime_t* const header_time,
std::string& dest,
const bool qsr)
if (content_md5) {
for (const char *p = content_md5; *p; p++) {
if (!is_base64_for_content_md5(*p)) {
- dout(0) << "NOTICE: bad content-md5 provided (not base64),"
+ ldpp_dout(dpp, 0) << "NOTICE: bad content-md5 provided (not base64),"
<< " aborting request p=" << *p << " " << (int)*p << dendl;
return false;
}
if (str == NULL) {
req_date = info.env->get("HTTP_DATE");
if (!req_date) {
- dout(0) << "NOTICE: missing date for auth header" << dendl;
+ ldpp_dout(dpp, 0) << "NOTICE: missing date for auth header" << dendl;
return false;
}
date = req_date;
if (header_time) {
struct tm t;
if (!parse_rfc2616(req_date, &t)) {
- dout(0) << "NOTICE: failed to parse date for auth header" << dendl;
+ ldpp_dout(dpp, 0) << "NOTICE: failed to parse date for auth header" << dendl;
return false;
}
if (t.tm_year < 70) {
- dout(0) << "NOTICE: bad date (predates epoch): " << req_date << dendl;
+ ldpp_dout(dpp, 0) << "NOTICE: bad date (predates epoch): " << req_date << dendl;
return false;
}
*header_time = utime_t(internal_timegm(&t), 0);
request_uri = info.effective_uri;
}
- rgw_create_s3_canonical_header(info.method, content_md5, content_type,
+ rgw_create_s3_canonical_header(dpp, info.method, content_md5, content_type,
date.c_str(), meta_map, qs_map,
request_uri.c_str(), sub_resources, dest);
return true;
std::string_view& signedheaders, /* out */
std::string_view& signature, /* out */
std::string_view& date, /* out */
- std::string_view& sessiontoken) /* out */
+ std::string_view& sessiontoken, /* out */
+ const DoutPrefixProvider *dpp)
{
std::string_view input(info.env->get("HTTP_AUTHORIZATION", ""));
try {
} catch (std::out_of_range&) {
/* We should never ever run into this situation as the presence of
* AWS4_HMAC_SHA256_STR had been verified earlier. */
- dout(10) << "credentials string is too short" << dendl;
+ ldpp_dout(dpp, 10) << "credentials string is too short" << dendl;
return -EINVAL;
}
if (parsed_pair) {
kv[parsed_pair->first] = parsed_pair->second;
} else {
- dout(10) << "NOTICE: failed to parse auth header (s=" << s << ")"
+ ldpp_dout(dpp, 10) << "NOTICE: failed to parse auth header (s=" << s << ")"
<< dendl;
return -EINVAL;
}
/* Ensure that the presigned required keys are really there. */
for (const auto& k : required_keys) {
if (kv.find(k) == std::end(kv)) {
- dout(10) << "NOTICE: auth header missing key: " << k << dendl;
+ ldpp_dout(dpp, 10) << "NOTICE: auth header missing key: " << k << dendl;
return -EINVAL;
}
}
signature = kv["Signature"];
/* sig hex str */
- dout(10) << "v4 signature format = " << signature << dendl;
+ ldpp_dout(dpp, 10) << "v4 signature format = " << signature << dendl;
/* ------------------------- handle x-amz-date header */
const char *d = info.env->get("HTTP_X_AMZ_DATE");
struct tm t;
if (!parse_iso8601(d, &t, NULL, false)) {
- dout(10) << "error reading date via http_x_amz_date" << dendl;
+ ldpp_dout(dpp, 10) << "error reading date via http_x_amz_date" << dendl;
return -EACCES;
}
date = d;
std::string_view& signature, /* out */
std::string_view& date, /* out */
std::string_view& session_token, /* out */
- const bool using_qs) /* in */
+ const bool using_qs, /* in */
+ const DoutPrefixProvider *dpp)
{
std::string_view credential;
int ret;
signature, date, session_token);
} else {
ret = parse_v4_auth_header(info, credential, signedheaders,
- signature, date, session_token);
+ signature, date, session_token, dpp);
}
if (ret < 0) {
}
/* access_key/YYYYMMDD/region/service/aws4_request */
- dout(10) << "v4 credential format = " << credential << dendl;
+ ldpp_dout(dpp, 10) << "v4 credential format = " << credential << dendl;
if (std::count(credential.begin(), credential.end(), '/') != 4) {
return -EINVAL;
/* grab access key id */
const size_t pos = credential.find("/");
access_key_id = credential.substr(0, pos);
- dout(10) << "access key id = " << access_key_id << dendl;
+ ldpp_dout(dpp, 10) << "access key id = " << access_key_id << dendl;
/* grab credential scope */
credential_scope = credential.substr(pos + 1);
- dout(10) << "credential scope = " << credential_scope << dendl;
+ ldpp_dout(dpp, 10) << "credential scope = " << credential_scope << dendl;
return 0;
}
const std::string& canonical_qs,
const std::string& canonical_hdrs,
const std::string_view& signed_hdrs,
- const std::string_view& request_payload_hash)
+ const std::string_view& request_payload_hash,
+ const DoutPrefixProvider *dpp)
{
- ldout(cct, 10) << "payload request hash = " << request_payload_hash << dendl;
+ ldpp_dout(dpp, 10) << "payload request hash = " << request_payload_hash << dendl;
const auto canonical_req = string_join_reserve("\n",
http_verb,
const auto canonical_req_hash = calc_hash_sha256(canonical_req);
using sanitize = rgw::crypt_sanitize::log_content;
- ldout(cct, 10) << "canonical request = " << sanitize{canonical_req} << dendl;
- ldout(cct, 10) << "canonical request hash = "
+ ldpp_dout(dpp, 10) << "canonical request = " << sanitize{canonical_req} << dendl;
+ ldpp_dout(dpp, 10) << "canonical request hash = "
<< canonical_req_hash << dendl;
return canonical_req_hash;
const std::string_view& algorithm,
const std::string_view& request_date,
const std::string_view& credential_scope,
- const sha256_digest_t& canonreq_hash)
+ const sha256_digest_t& canonreq_hash,
+ const DoutPrefixProvider *dpp)
{
const auto hexed_cr_hash = canonreq_hash.to_str();
const std::string_view hexed_cr_hash_str(hexed_cr_hash);
credential_scope,
hexed_cr_hash_str);
- ldout(cct, 10) << "string to sign = "
+ ldpp_dout(dpp, 10) << "string to sign = "
<< rgw::crypt_sanitize::log_content{string_to_sign}
<< dendl;
static sha256_digest_t
get_v4_signing_key(CephContext* const cct,
const std::string_view& credential_scope,
- const std::string_view& secret_access_key)
+ const std::string_view& secret_access_key,
+ const DoutPrefixProvider *dpp)
{
std::string_view date, region, service;
std::tie(date, region, service) = parse_cred_scope(credential_scope);
const auto signing_key = calc_hmac_sha256(service_k,
std::string_view("aws4_request"));
- ldout(cct, 10) << "date_k = " << date_k << dendl;
- ldout(cct, 10) << "region_k = " << region_k << dendl;
- ldout(cct, 10) << "service_k = " << service_k << dendl;
- ldout(cct, 10) << "signing_k = " << signing_key << dendl;
+ ldpp_dout(dpp, 10) << "date_k = " << date_k << dendl;
+ ldpp_dout(dpp, 10) << "region_k = " << region_k << dendl;
+ ldpp_dout(dpp, 10) << "service_k = " << service_k << dendl;
+ ldpp_dout(dpp, 10) << "signing_k = " << signing_key << dendl;
return signing_key;
}
get_v4_signature(const std::string_view& credential_scope,
CephContext* const cct,
const std::string_view& secret_key,
- const AWSEngine::VersionAbstractor::string_to_sign_t& string_to_sign)
+ const AWSEngine::VersionAbstractor::string_to_sign_t& string_to_sign,
+ const DoutPrefixProvider *dpp)
{
- auto signing_key = get_v4_signing_key(cct, credential_scope, secret_key);
+ auto signing_key = get_v4_signing_key(cct, credential_scope, secret_key, dpp);
/* The server-side generated digest for comparison. */
const auto digest = calc_hmac_sha256(signing_key, string_to_sign);
digest.SIZE * 2);
buf_to_hex(digest.v, digest.SIZE, signature.begin());
- ldout(cct, 10) << "generated signature = " << signature << dendl;
+ ldpp_dout(dpp, 10) << "generated signature = " << signature << dendl;
return signature;
}
}
const auto signing_key = \
- rgw::auth::s3::get_v4_signing_key(s->cct, credential_scope, *secret_key);
+ rgw::auth::s3::get_v4_signing_key(s->cct, credential_scope, *secret_key, s);
return std::make_shared<AWSv4ComplMulti>(s,
std::move(date),