X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=ceph%2Fsrc%2Frgw%2Frgw_auth_s3.h;h=9369864259f045a00465cc37f6dee059c24c5fd4;hb=d2e6a577eb19928d58b31d1b6e096ca0f03c4052;hp=b5fc2919213d96f0dc6070d9b3e9202130a057d8;hpb=31f18b776d001752a193a7cec8bb49033c1a904c;p=ceph.git

diff --git a/ceph/src/rgw/rgw_auth_s3.h b/ceph/src/rgw/rgw_auth_s3.h
index b5fc29192..936986425 100644
--- a/ceph/src/rgw/rgw_auth_s3.h
+++ b/ceph/src/rgw/rgw_auth_s3.h
@@ -46,7 +46,7 @@ class ExternalAuthStrategy : public rgw::auth::Strategy,
                             ) const override {
     auto apl = rgw::auth::add_sysreq(cct, store, s,
       rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info,
-                               false /* no implicit tenants */));
+                               cct->_conf->rgw_keystone_implicit_tenants));
     /* TODO(rzarzynski): replace with static_ptr. */
     return aplptr_t(new decltype(apl)(std::move(apl)));
   }
@@ -80,7 +80,8 @@ public:
 };
 
 
-template <class AbstractorT>
+template <class AbstractorT,
+          bool AllowAnonAccessT = false>
 class AWSAuthStrategy : public rgw::auth::Strategy,
                         public rgw::auth::LocalApplier::Factory {
   typedef rgw::auth::IdentityApplier::aplptr_t aplptr_t;
@@ -92,6 +93,7 @@ class AWSAuthStrategy : public rgw::auth::Strategy,
   RGWRados* const store;
   AbstractorT ver_abstractor;
 
+  S3AnonymousEngine anonymous_engine;
   ExternalAuthStrategy external_engines;
   LocalEngine local_engine;
 
@@ -110,10 +112,17 @@ public:
                   RGWRados* const store)
     : store(store),
       ver_abstractor(cct),
+      anonymous_engine(cct,
+                       static_cast<rgw::auth::LocalApplier::Factory*>(this)),
       external_engines(cct, store, &ver_abstractor),
       local_engine(cct, store, ver_abstractor,
                    static_cast<rgw::auth::LocalApplier::Factory*>(this)) {
+    /* The anynoymous auth. */
+    if (AllowAnonAccessT) {
+      add_engine(Control::SUFFICIENT, anonymous_engine);
+    }
 
+    /* The external auth. */
     Control local_engine_mode;
     if (! external_engines.is_empty()) {
       add_engine(Control::SUFFICIENT, external_engines);
@@ -123,6 +132,7 @@ public:
       local_engine_mode = Control::SUFFICIENT;
     }
 
+    /* The local auth. */
     if (cct->_conf->rgw_s3_auth_use_rados) {
       add_engine(local_engine_mode, local_engine);
     }
@@ -316,6 +326,7 @@ namespace auth {
 namespace s3 {
 
 static constexpr char AWS4_HMAC_SHA256_STR[] = "AWS4-HMAC-SHA256";
+static constexpr char AWS4_HMAC_SHA256_PAYLOAD_STR[] = "AWS4-HMAC-SHA256-PAYLOAD";
 
 static constexpr char AWS4_EMPTY_PAYLOAD_HASH[] = \
   "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";