#include "common/Clock.h"
#include "common/armor.h"
+#include "common/backport14.h"
#include "common/errno.h"
#include "common/mime.h"
#include "common/utf8.h"
}
if(s->dialect.compare("s3") == 0) {
- s->bucket_acl = new RGWAccessControlPolicy_S3(s->cct);
+ s->bucket_acl = ceph::make_unique<RGWAccessControlPolicy_S3>(s->cct);
} else if(s->dialect.compare("swift") == 0) {
/* We aren't allocating the account policy for those operations using
* the Swift's infrastructure that don't really need req_state::user.
* Typical example here is the implementation of /info. */
if (!s->user->user_id.empty()) {
- s->user_acl = std::unique_ptr<RGWAccessControlPolicy>(
- new RGWAccessControlPolicy_SWIFTAcct(s->cct));
+ s->user_acl = ceph::make_unique<RGWAccessControlPolicy_SWIFTAcct>(s->cct);
}
- s->bucket_acl = new RGWAccessControlPolicy_SWIFT(s->cct);
+ s->bucket_acl = ceph::make_unique<RGWAccessControlPolicy_SWIFT>(s->cct);
} else {
- s->bucket_acl = new RGWAccessControlPolicy(s->cct);
+ s->bucket_acl = ceph::make_unique<RGWAccessControlPolicy>(s->cct);
}
/* check if copy source is within the current domain */
s->bucket = s->bucket_info.bucket;
if (s->bucket_exists) {
- ret = read_bucket_policy(store, s, s->bucket_info, s->bucket_attrs, s->bucket_acl, s->bucket);
+ ret = read_bucket_policy(store, s, s->bucket_info, s->bucket_attrs,
+ s->bucket_acl.get(), s->bucket);
acct_acl_user = {
s->bucket_info.owner,
s->bucket_acl->get_owner().get_display_name(),
if (!s->bucket_exists) {
return -ERR_NO_SUCH_BUCKET;
}
- s->object_acl = new RGWAccessControlPolicy(s->cct);
+ s->object_acl = ceph::make_unique<RGWAccessControlPolicy>(s->cct);
rgw_obj obj(s->bucket, s->object);
if (prefetch_data) {
store->set_prefetch_data(s->obj_ctx, obj);
}
- ret = read_obj_policy(store, s, s->bucket_info, s->bucket_attrs, s->object_acl, s->iam_policy, s->bucket, s->object);
+ ret = read_obj_policy(store, s, s->bucket_info, s->bucket_attrs,
+ s->object_acl.get(), s->iam_policy, s->bucket,
+ s->object);
}
return ret;
} else {
bucket = s->bucket;
pbucket_info = &s->bucket_info;
- bucket_acl = s->bucket_acl;
+ bucket_acl = s->bucket_acl.get();
bucket_policy = &s->iam_policy;
}
}
} else {
bucket = s->bucket;
- bucket_acl = s->bucket_acl;
+ bucket_acl = s->bucket_acl.get();
bucket_policy = s->iam_policy.get_ptr();
}
op_ret = rgw_user_sync_all_stats(store, s->user->user_id);
if (op_ret < 0) {
ldout(store->ctx(), 0) << "ERROR: failed to sync user stats: " << dendl;
+ return;
+ }
+
+ op_ret = rgw_user_get_all_buckets_stats(store, s->user->user_id, buckets_usage);
+ if (op_ret < 0) {
+ cerr << "ERROR: failed to sync user stats: " << std::endl;
return ;
}
-
+
string user_str = s->user->user_id.to_str();
op_ret = store->cls_user_get_header(user_str, &header);
if (op_ret < 0) {
ldout(store->ctx(), 0) << "ERROR: can't read user header: " << dendl;
- return ;
+ return;
}
return;
return;
}
+ const auto& zonegroup = store->get_zonegroup();
+ if (!placement_rule.empty() &&
+ !zonegroup.placement_targets.count(placement_rule)) {
+ ldout(s->cct, 0) << "placement target (" << placement_rule << ")"
+ << " doesn't exist in the placement targets of zonegroup"
+ << " (" << store->get_zonegroup().api_name << ")" << dendl;
+ op_ret = -ERR_INVALID_LOCATION_CONSTRAINT;
+ s->err.message = "The specified placement target does not exist";
+ return;
+ }
+
/* we need to make sure we read bucket info, it's not read before for this
* specific request */
RGWObjectCtx& obj_ctx = *static_cast<RGWObjectCtx *>(s->obj_ctx);
* contain such keys yet. */
if (has_policy) {
if (s->dialect.compare("swift") == 0) {
- auto old_policy = static_cast<RGWAccessControlPolicy_SWIFT*>(s->bucket_acl);
+ auto old_policy = \
+ static_cast<RGWAccessControlPolicy_SWIFT*>(s->bucket_acl.get());
auto new_policy = static_cast<RGWAccessControlPolicy_SWIFT*>(&policy);
new_policy->filter_merge(policy_rw_mask, old_policy);
policy = *new_policy;
void RGWGetACLs::execute()
{
stringstream ss;
- RGWAccessControlPolicy *acl = (!s->object.empty() ? s->object_acl : s->bucket_acl);
- RGWAccessControlPolicy_S3 *s3policy = static_cast<RGWAccessControlPolicy_S3 *>(acl);
+ RGWAccessControlPolicy* const acl = \
+ (!s->object.empty() ? s->object_acl.get() : s->bucket_acl.get());
+ RGWAccessControlPolicy_S3* const s3policy = \
+ static_cast<RGWAccessControlPolicy_S3*>(acl);
s3policy->to_xml(ss);
acls = ss.str();
}
}
- RGWAccessControlPolicy *existing_policy = (s->object.empty() ? s->bucket_acl : s->object_acl);
+ RGWAccessControlPolicy* const existing_policy = \
+ (s->object.empty() ? s->bucket_acl.get() : s->object_acl.get());
owner = existing_policy->get_owner();
op_ret = get_params();
- if (op_ret < 0)
+ if (op_ret < 0) {
+ if (op_ret == -ERANGE) {
+ ldout(s->cct, 4) << "The size of request xml data is larger than the max limitation, data size = "
+ << s->length << dendl;
+ op_ret = -ERR_MALFORMED_XML;
+ s->err.message = "The XML you provided was larger than the maximum " +
+ std::to_string(s->cct->_conf->rgw_max_put_param_size) +
+ " bytes allowed.";
+ }
return;
+ }
ldout(s->cct, 15) << "read len=" << len << " data=" << (data ? data : "") << dendl;
return;
}
+ const RGWAccessControlList& req_acl = policy->get_acl();
+ const multimap<string, ACLGrant>& req_grant_map = req_acl.get_grant_map();
+#define ACL_GRANTS_MAX_NUM 100
+ int max_num = s->cct->_conf->rgw_acl_grants_max_num;
+ if (max_num < 0) {
+ max_num = ACL_GRANTS_MAX_NUM;
+ }
+
+ int grants_num = req_grant_map.size();
+ if (grants_num > max_num) {
+ ldout(s->cct, 4) << "An acl can have up to "
+ << max_num
+ << " grants, request acl grants num: "
+ << grants_num << dendl;
+ op_ret = -ERR_MALFORMED_ACL_ERROR;
+ s->err.message = "The request is rejected, because the acl grants number you requested is larger than the maximum "
+ + std::to_string(max_num)
+ + " grants allowed in an acl.";
+ return;
+ }
+
// forward bucket acl requests to meta master zone
if (s->object.empty() && !store->is_meta_master()) {
bufferlist in_data;