1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab ft=cpp
8 #include <boost/algorithm/string.hpp>
9 #include <boost/tokenizer.hpp>
10 #include "common/Formatter.h"
11 #include "common/HTMLFormatter.h"
12 #include "common/utf8.h"
13 #include "include/str_list.h"
14 #include "rgw_common.h"
15 #include "rgw_rados.h"
17 #include "rgw_auth_s3.h"
18 #include "rgw_formats.h"
21 #include "rgw_rest_swift.h"
22 #include "rgw_rest_s3.h"
23 #include "rgw_swift_auth.h"
24 #include "rgw_cors_s3.h"
25 #include "rgw_perf_counters.h"
27 #include "rgw_client_io.h"
28 #include "rgw_resolve.h"
29 #include "rgw_sal_rados.h"
33 #define dout_subsys ceph_subsys_rgw
35 struct rgw_http_status_code
{
40 const static struct rgw_http_status_code http_codes
[] = {
45 { 204, "No Content" },
46 { 205, "Reset Content" },
47 { 206, "Partial Content" },
48 { 207, "Multi Status" },
49 { 208, "Already Reported" },
50 { 300, "Multiple Choices" },
51 { 301, "Moved Permanently" },
54 { 304, "Not Modified" },
55 { 305, "User Proxy" },
56 { 306, "Switch Proxy" },
57 { 307, "Temporary Redirect" },
58 { 308, "Permanent Redirect" },
59 { 400, "Bad Request" },
60 { 401, "Unauthorized" },
61 { 402, "Payment Required" },
64 { 405, "Method Not Allowed" },
65 { 406, "Not Acceptable" },
66 { 407, "Proxy Authentication Required" },
67 { 408, "Request Timeout" },
70 { 411, "Length Required" },
71 { 412, "Precondition Failed" },
72 { 413, "Request Entity Too Large" },
73 { 414, "Request-URI Too Long" },
74 { 415, "Unsupported Media Type" },
75 { 416, "Requested Range Not Satisfiable" },
76 { 417, "Expectation Failed" },
77 { 422, "Unprocessable Entity" },
78 { 498, "Rate Limited"},
79 { 500, "Internal Server Error" },
80 { 501, "Not Implemented" },
85 struct rgw_http_attr
{
87 const char *http_attr
;
91 * mapping between rgw object attrs and output http fields
93 static const struct rgw_http_attr base_rgw_to_http_attrs
[] = {
94 { RGW_ATTR_CONTENT_LANG
, "Content-Language" },
95 { RGW_ATTR_EXPIRES
, "Expires" },
96 { RGW_ATTR_CACHE_CONTROL
, "Cache-Control" },
97 { RGW_ATTR_CONTENT_DISP
, "Content-Disposition" },
98 { RGW_ATTR_CONTENT_ENC
, "Content-Encoding" },
99 { RGW_ATTR_USER_MANIFEST
, "X-Object-Manifest" },
100 { RGW_ATTR_X_ROBOTS_TAG
, "X-Robots-Tag" },
101 { RGW_ATTR_STORAGE_CLASS
, "X-Amz-Storage-Class" },
102 /* RGW_ATTR_AMZ_WEBSITE_REDIRECT_LOCATION header depends on access mode:
103 * S3 endpoint: x-amz-website-redirect-location
104 * S3Website endpoint: Location
106 { RGW_ATTR_AMZ_WEBSITE_REDIRECT_LOCATION
, "x-amz-website-redirect-location" },
110 struct generic_attr
{
111 const char *http_header
;
112 const char *rgw_attr
;
116 * mapping between http env fields and rgw object attrs
118 static const struct generic_attr generic_attrs
[] = {
119 { "CONTENT_TYPE", RGW_ATTR_CONTENT_TYPE
},
120 { "HTTP_CONTENT_LANGUAGE", RGW_ATTR_CONTENT_LANG
},
121 { "HTTP_EXPIRES", RGW_ATTR_EXPIRES
},
122 { "HTTP_CACHE_CONTROL", RGW_ATTR_CACHE_CONTROL
},
123 { "HTTP_CONTENT_DISPOSITION", RGW_ATTR_CONTENT_DISP
},
124 { "HTTP_CONTENT_ENCODING", RGW_ATTR_CONTENT_ENC
},
125 { "HTTP_X_ROBOTS_TAG", RGW_ATTR_X_ROBOTS_TAG
},
128 map
<string
, string
> rgw_to_http_attrs
;
129 static map
<string
, string
> generic_attrs_map
;
130 map
<int, const char *> http_status_names
;
133 * make attrs look_like_this
134 * converts dashes to underscores
136 string
lowercase_underscore_http_attr(const string
& orig
)
138 const char *s
= orig
.c_str();
139 char buf
[orig
.size() + 1];
140 buf
[orig
.size()] = '\0';
142 for (size_t i
= 0; i
< orig
.size(); ++i
, ++s
) {
148 buf
[i
] = tolower(*s
);
155 * make attrs LOOK_LIKE_THIS
156 * converts dashes to underscores
158 string
uppercase_underscore_http_attr(const string
& orig
)
160 const char *s
= orig
.c_str();
161 char buf
[orig
.size() + 1];
162 buf
[orig
.size()] = '\0';
164 for (size_t i
= 0; i
< orig
.size(); ++i
, ++s
) {
170 buf
[i
] = toupper(*s
);
176 /* avoid duplicate hostnames in hostnames lists */
177 static set
<string
> hostnames_set
;
178 static set
<string
> hostnames_s3website_set
;
180 void rgw_rest_init(CephContext
*cct
, const RGWZoneGroup
& zone_group
)
182 for (const auto& rgw2http
: base_rgw_to_http_attrs
) {
183 rgw_to_http_attrs
[rgw2http
.rgw_attr
] = rgw2http
.http_attr
;
186 for (const auto& http2rgw
: generic_attrs
) {
187 generic_attrs_map
[http2rgw
.http_header
] = http2rgw
.rgw_attr
;
190 list
<string
> extended_http_attrs
;
191 get_str_list(cct
->_conf
->rgw_extended_http_attrs
, extended_http_attrs
);
193 list
<string
>::iterator iter
;
194 for (iter
= extended_http_attrs
.begin(); iter
!= extended_http_attrs
.end(); ++iter
) {
195 string rgw_attr
= RGW_ATTR_PREFIX
;
196 rgw_attr
.append(lowercase_underscore_http_attr(*iter
));
198 rgw_to_http_attrs
[rgw_attr
] = camelcase_dash_http_attr(*iter
);
200 string http_header
= "HTTP_";
201 http_header
.append(uppercase_underscore_http_attr(*iter
));
203 generic_attrs_map
[http_header
] = rgw_attr
;
206 for (const struct rgw_http_status_code
*h
= http_codes
; h
->code
; h
++) {
207 http_status_names
[h
->code
] = h
->name
;
210 hostnames_set
.insert(cct
->_conf
->rgw_dns_name
);
211 hostnames_set
.insert(zone_group
.hostnames
.begin(), zone_group
.hostnames
.end());
212 hostnames_set
.erase(""); // filter out empty hostnames
213 ldout(cct
, 20) << "RGW hostnames: " << hostnames_set
<< dendl
;
214 /* TODO: We should have a sanity check that no hostname matches the end of
215 * any other hostname, otherwise we will get ambigious results from
216 * rgw_find_host_in_domains.
218 * Hostnames: [A, B.A]
219 * Inputs: [Z.A, X.B.A]
220 * Z.A clearly splits to subdomain=Z, domain=Z
221 * X.B.A ambigously splits to both {X, B.A} and {X.B, A}
224 hostnames_s3website_set
.insert(cct
->_conf
->rgw_dns_s3website_name
);
225 hostnames_s3website_set
.insert(zone_group
.hostnames_s3website
.begin(), zone_group
.hostnames_s3website
.end());
226 hostnames_s3website_set
.erase(""); // filter out empty hostnames
227 ldout(cct
, 20) << "RGW S3website hostnames: " << hostnames_s3website_set
<< dendl
;
228 /* TODO: we should repeat the hostnames_set sanity check here
229 * and ALSO decide about overlap, if any
233 static bool str_ends_with_nocase(const string
& s
, const string
& suffix
, size_t *pos
)
235 size_t len
= suffix
.size();
236 if (len
> (size_t)s
.size()) {
240 ssize_t p
= s
.size() - len
;
245 return boost::algorithm::iends_with(s
, suffix
);
248 static bool rgw_find_host_in_domains(const string
& host
, string
*domain
, string
*subdomain
,
249 const set
<string
>& valid_hostnames_set
)
251 set
<string
>::iterator iter
;
252 /** TODO, Future optimization
253 * store hostnames_set elements _reversed_, and look for a prefix match,
254 * which is much faster than a suffix match.
256 for (iter
= valid_hostnames_set
.begin(); iter
!= valid_hostnames_set
.end(); ++iter
) {
258 if (!str_ends_with_nocase(host
, *iter
, &pos
))
265 if (host
[pos
- 1] != '.') {
269 *domain
= host
.substr(pos
);
270 *subdomain
= host
.substr(0, pos
- 1);
277 static void dump_status(struct req_state
*s
, int status
,
278 const char *status_name
)
280 s
->formatter
->set_status(status
, status_name
);
282 RESTFUL_IO(s
)->send_status(status
, status_name
);
283 } catch (rgw::io::Exception
& e
) {
284 ldout(s
->cct
, 0) << "ERROR: s->cio->send_status() returned err="
285 << e
.what() << dendl
;
289 void rgw_flush_formatter_and_reset(struct req_state
*s
, Formatter
*formatter
)
291 std::ostringstream oss
;
292 formatter
->output_footer();
293 formatter
->flush(oss
);
294 std::string
outs(oss
.str());
295 if (!outs
.empty() && s
->op
!= OP_HEAD
) {
299 s
->formatter
->reset();
302 void rgw_flush_formatter(struct req_state
*s
, Formatter
*formatter
)
304 std::ostringstream oss
;
305 formatter
->flush(oss
);
306 std::string
outs(oss
.str());
307 if (!outs
.empty() && s
->op
!= OP_HEAD
) {
312 void dump_errno(int http_ret
, string
& out
) {
315 ss
<< http_ret
<< " " << http_status_names
[http_ret
];
319 void dump_errno(const struct rgw_err
&err
, string
& out
) {
320 dump_errno(err
.http_ret
, out
);
323 void dump_errno(struct req_state
*s
)
325 dump_status(s
, s
->err
.http_ret
, http_status_names
[s
->err
.http_ret
]);
328 void dump_errno(struct req_state
*s
, int http_ret
)
330 dump_status(s
, http_ret
, http_status_names
[http_ret
]);
333 void dump_header(struct req_state
* const s
,
334 const std::string_view
& name
,
335 const std::string_view
& val
)
338 RESTFUL_IO(s
)->send_header(name
, val
);
339 } catch (rgw::io::Exception
& e
) {
340 ldout(s
->cct
, 0) << "ERROR: s->cio->send_header() returned err="
341 << e
.what() << dendl
;
345 void dump_header(struct req_state
* const s
,
346 const std::string_view
& name
,
347 ceph::buffer::list
& bl
)
349 return dump_header(s
, name
, rgw_sanitized_hdrval(bl
));
352 void dump_header(struct req_state
* const s
,
353 const std::string_view
& name
,
357 const auto len
= snprintf(buf
, sizeof(buf
), "%lld", val
);
359 return dump_header(s
, name
, std::string_view(buf
, len
));
362 void dump_header(struct req_state
* const s
,
363 const std::string_view
& name
,
367 const auto len
= snprintf(buf
, sizeof(buf
), "%lld.%05d",
368 static_cast<long long>(ut
.sec()),
369 static_cast<int>(ut
.usec() / 10));
371 return dump_header(s
, name
, std::string_view(buf
, len
));
374 void dump_content_length(struct req_state
* const s
, const uint64_t len
)
377 RESTFUL_IO(s
)->send_content_length(len
);
378 } catch (rgw::io::Exception
& e
) {
379 ldout(s
->cct
, 0) << "ERROR: s->cio->send_content_length() returned err="
380 << e
.what() << dendl
;
382 dump_header(s
, "Accept-Ranges", "bytes");
385 static void dump_chunked_encoding(struct req_state
* const s
)
388 RESTFUL_IO(s
)->send_chunked_transfer_encoding();
389 } catch (rgw::io::Exception
& e
) {
390 ldout(s
->cct
, 0) << "ERROR: RESTFUL_IO(s)->send_chunked_transfer_encoding()"
391 << " returned err=" << e
.what() << dendl
;
395 void dump_etag(struct req_state
* const s
,
396 const std::string_view
& etag
,
403 if (s
->prot_flags
& RGW_REST_SWIFT
&& ! quoted
) {
404 return dump_header(s
, "etag", etag
);
406 return dump_header_quoted(s
, "ETag", etag
);
410 void dump_bucket_from_state(struct req_state
*s
)
412 if (g_conf()->rgw_expose_bucket
&& ! s
->bucket_name
.empty()) {
413 if (! s
->bucket_tenant
.empty()) {
414 dump_header(s
, "Bucket",
415 url_encode(s
->bucket_tenant
+ "/" + s
->bucket_name
));
417 dump_header(s
, "Bucket", url_encode(s
->bucket_name
));
422 void dump_redirect(struct req_state
* const s
, const std::string
& redirect
)
424 return dump_header_if_nonempty(s
, "Location", redirect
);
427 static size_t dump_time_header_impl(char (×tr
)[TIME_BUF_SIZE
],
431 time_t secs
= static_cast<time_t>(ut
.sec());
434 const struct tm
* const tmp
= gmtime_r(&secs
, &result
);
435 if (tmp
== nullptr) {
439 return strftime(timestr
, sizeof(timestr
),
440 "%a, %d %b %Y %H:%M:%S %Z", tmp
);
443 void dump_time_header(struct req_state
*s
, const char *name
, real_time t
)
445 char timestr
[TIME_BUF_SIZE
];
447 const size_t len
= dump_time_header_impl(timestr
, t
);
452 return dump_header(s
, name
, std::string_view(timestr
, len
));
455 std::string
dump_time_to_str(const real_time
& t
)
457 char timestr
[TIME_BUF_SIZE
];
458 dump_time_header_impl(timestr
, t
);
464 void dump_last_modified(struct req_state
*s
, real_time t
)
466 dump_time_header(s
, "Last-Modified", t
);
469 void dump_epoch_header(struct req_state
*s
, const char *name
, real_time t
)
473 const auto len
= snprintf(buf
, sizeof(buf
), "%lld.%09lld",
475 (long long)ut
.nsec());
477 return dump_header(s
, name
, std::string_view(buf
, len
));
480 void dump_time(struct req_state
*s
, const char *name
, real_time
*t
)
482 char buf
[TIME_BUF_SIZE
];
483 rgw_to_iso8601(*t
, buf
, sizeof(buf
));
485 s
->formatter
->dump_string(name
, buf
);
488 void dump_owner(struct req_state
*s
, const rgw_user
& id
, string
& name
,
493 s
->formatter
->open_object_section(section
);
494 s
->formatter
->dump_string("ID", id
.to_str());
495 s
->formatter
->dump_string("DisplayName", name
);
496 s
->formatter
->close_section();
499 void dump_access_control(struct req_state
*s
, const char *origin
,
501 const char *hdr
, const char *exp_hdr
,
503 if (origin
&& (origin
[0] != '\0')) {
504 dump_header(s
, "Access-Control-Allow-Origin", origin
);
505 /* If the server specifies an origin host rather than "*",
506 * then it must also include Origin in the Vary response header
507 * to indicate to clients that server responses will differ
508 * based on the value of the Origin request header.
510 if (strcmp(origin
, "*") != 0) {
511 dump_header(s
, "Vary", "Origin");
514 if (meth
&& (meth
[0] != '\0')) {
515 dump_header(s
, "Access-Control-Allow-Methods", meth
);
517 if (hdr
&& (hdr
[0] != '\0')) {
518 dump_header(s
, "Access-Control-Allow-Headers", hdr
);
520 if (exp_hdr
&& (exp_hdr
[0] != '\0')) {
521 dump_header(s
, "Access-Control-Expose-Headers", exp_hdr
);
523 if (max_age
!= CORS_MAX_AGE_INVALID
) {
524 dump_header(s
, "Access-Control-Max-Age", max_age
);
529 void dump_access_control(req_state
*s
, RGWOp
*op
)
535 unsigned max_age
= CORS_MAX_AGE_INVALID
;
537 if (!op
->generate_cors_headers(origin
, method
, header
, exp_header
, &max_age
))
540 dump_access_control(s
, origin
.c_str(), method
.c_str(), header
.c_str(),
541 exp_header
.c_str(), max_age
);
544 void dump_start(struct req_state
*s
)
546 if (!s
->content_started
) {
547 s
->formatter
->output_header();
548 s
->content_started
= true;
552 void dump_trans_id(req_state
*s
)
554 if (s
->prot_flags
& RGW_REST_SWIFT
) {
555 dump_header(s
, "X-Trans-Id", s
->trans_id
);
556 dump_header(s
, "X-Openstack-Request-Id", s
->trans_id
);
557 } else if (s
->trans_id
.length()) {
558 dump_header(s
, "x-amz-request-id", s
->trans_id
);
562 void end_header(struct req_state
* s
, RGWOp
* op
, const char *content_type
,
563 const int64_t proposed_content_length
, bool force_content_type
,
570 if ((!s
->is_err()) && s
->bucket
&&
571 (s
->bucket
->get_info().owner
!= s
->user
->get_id()) &&
572 (s
->bucket
->get_info().requester_pays
)) {
573 dump_header(s
, "x-amz-request-charged", "requester");
577 dump_access_control(s
, op
);
580 if (s
->prot_flags
& RGW_REST_SWIFT
&& !content_type
) {
581 force_content_type
= true;
584 /* do not send content type if content length is zero
585 and the content type was not set by the user */
586 if (force_content_type
||
587 (!content_type
&& s
->formatter
->get_len() != 0) || s
->is_err()){
590 ctype
= "application/xml";
592 case RGW_FORMAT_JSON
:
593 ctype
= "application/json";
595 case RGW_FORMAT_HTML
:
599 ctype
= "text/plain";
602 if (s
->prot_flags
& RGW_REST_SWIFT
)
603 ctype
.append("; charset=utf-8");
604 content_type
= ctype
.c_str();
606 if (!force_no_error
&& s
->is_err()) {
609 dump_content_length(s
, s
->formatter
->get_len());
611 if (proposed_content_length
== CHUNKED_TRANSFER_ENCODING
) {
612 dump_chunked_encoding(s
);
613 } else if (proposed_content_length
!= NO_CONTENT_LENGTH
) {
614 dump_content_length(s
, proposed_content_length
);
619 dump_header(s
, "Content-Type", content_type
);
621 dump_header_if_nonempty(s
, "Server", g_conf()->rgw_service_provider_name
);
624 RESTFUL_IO(s
)->complete_header();
625 } catch (rgw::io::Exception
& e
) {
626 ldout(s
->cct
, 0) << "ERROR: RESTFUL_IO(s)->complete_header() returned err="
627 << e
.what() << dendl
;
630 ACCOUNTING_IO(s
)->set_account(true);
631 rgw_flush_formatter_and_reset(s
, s
->formatter
);
634 static void build_redirect_url(req_state
*s
, const string
& redirect_base
, string
*redirect_url
)
636 string
& dest_uri
= *redirect_url
;
638 dest_uri
= redirect_base
;
640 * reqest_uri is always start with slash, so we need to remove
641 * the unnecessary slash at the end of dest_uri.
643 if (dest_uri
[dest_uri
.size() - 1] == '/') {
644 dest_uri
= dest_uri
.substr(0, dest_uri
.size() - 1);
646 dest_uri
+= s
->info
.request_uri
;
648 dest_uri
+= s
->info
.request_params
;
651 void abort_early(struct req_state
*s
, RGWOp
* op
, int err_no
,
652 RGWHandler
* handler
, optional_yield y
)
654 string
error_content("");
656 s
->formatter
= new JSONFormatter
;
657 s
->format
= RGW_FORMAT_JSON
;
660 // op->error_handler is responsible for calling it's handler error_handler
663 new_err_no
= op
->error_handler(err_no
, &error_content
, y
);
664 ldout(s
->cct
, 1) << "op->ERRORHANDLER: err_no=" << err_no
665 << " new_err_no=" << new_err_no
<< dendl
;
667 } else if (handler
!= NULL
) {
669 new_err_no
= handler
->error_handler(err_no
, &error_content
, y
);
670 ldout(s
->cct
, 1) << "handler->ERRORHANDLER: err_no=" << err_no
671 << " new_err_no=" << new_err_no
<< dendl
;
675 // If the error handler(s) above dealt with it completely, they should have
676 // returned 0. If non-zero, we need to continue here.
678 // Watch out, we might have a custom error state already set!
679 if (!s
->err
.http_ret
|| s
->err
.http_ret
== 200) {
680 set_req_state_err(s
, err_no
);
683 if (s
->err
.http_ret
== 404 && !s
->redirect_zone_endpoint
.empty()) {
684 s
->err
.http_ret
= 301;
685 err_no
= -ERR_PERMANENT_REDIRECT
;
686 build_redirect_url(s
, s
->redirect_zone_endpoint
, &s
->redirect
);
690 dump_bucket_from_state(s
);
691 if (err_no
== -ERR_PERMANENT_REDIRECT
|| err_no
== -ERR_WEBSITE_REDIRECT
) {
693 if (!s
->redirect
.empty()) {
694 dest_uri
= s
->redirect
;
695 } else if (!s
->zonegroup_endpoint
.empty()) {
696 build_redirect_url(s
, s
->zonegroup_endpoint
, &dest_uri
);
699 if (!dest_uri
.empty()) {
700 dump_redirect(s
, dest_uri
);
704 if (!error_content
.empty()) {
706 * TODO we must add all error entries as headers here:
707 * when having a working errordoc, then the s3 error fields are
708 * rendered as HTTP headers, e.g.:
709 * x-amz-error-code: NoSuchKey
710 * x-amz-error-message: The specified key does not exist.
711 * x-amz-error-detail-Key: foo
713 end_header(s
, op
, NULL
, error_content
.size(), false, true);
714 RESTFUL_IO(s
)->send_body(error_content
.c_str(), error_content
.size());
719 perfcounter
->inc(l_rgw_failed_req
);
722 void dump_continue(struct req_state
* const s
)
725 RESTFUL_IO(s
)->send_100_continue();
726 } catch (rgw::io::Exception
& e
) {
727 ldout(s
->cct
, 0) << "ERROR: RESTFUL_IO(s)->send_100_continue() returned err="
728 << e
.what() << dendl
;
732 void dump_range(struct req_state
* const s
,
735 const uint64_t total
)
737 /* dumping range into temp buffer first, as libfcgi will fail to digest
743 len
= snprintf(range_buf
, sizeof(range_buf
), "bytes */%lld",
744 static_cast<long long>(total
));
746 len
= snprintf(range_buf
, sizeof(range_buf
), "bytes %lld-%lld/%lld",
747 static_cast<long long>(ofs
),
748 static_cast<long long>(end
),
749 static_cast<long long>(total
));
752 return dump_header(s
, "Content-Range", std::string_view(range_buf
, len
));
756 int dump_body(struct req_state
* const s
,
757 const char* const buf
,
761 return RESTFUL_IO(s
)->send_body(buf
, len
);
762 } catch (rgw::io::Exception
& e
) {
763 return -e
.code().value();
767 int dump_body(struct req_state
* const s
, /* const */ ceph::buffer::list
& bl
)
769 return dump_body(s
, bl
.c_str(), bl
.length());
772 int dump_body(struct req_state
* const s
, const std::string
& str
)
774 return dump_body(s
, str
.c_str(), str
.length());
777 int recv_body(struct req_state
* const s
,
782 return RESTFUL_IO(s
)->recv_body(buf
, max
);
783 } catch (rgw::io::Exception
& e
) {
784 return -e
.code().value();
788 int RGWGetObj_ObjStore::get_params(optional_yield y
)
790 range_str
= s
->info
.env
->get("HTTP_RANGE");
791 if_mod
= s
->info
.env
->get("HTTP_IF_MODIFIED_SINCE");
792 if_unmod
= s
->info
.env
->get("HTTP_IF_UNMODIFIED_SINCE");
793 if_match
= s
->info
.env
->get("HTTP_IF_MATCH");
794 if_nomatch
= s
->info
.env
->get("HTTP_IF_NONE_MATCH");
796 if (s
->system_request
) {
797 mod_zone_id
= s
->info
.env
->get_int("HTTP_DEST_ZONE_SHORT_ID", 0);
798 mod_pg_ver
= s
->info
.env
->get_int("HTTP_DEST_PG_VER", 0);
799 rgwx_stat
= s
->info
.args
.exists(RGW_SYS_PARAM_PREFIX
"stat");
800 get_data
&= (!rgwx_stat
);
803 if (s
->info
.args
.exists(GET_TORRENT
)) {
804 return torrent
.get_params();
809 int RESTArgs::get_string(struct req_state
*s
, const string
& name
,
810 const string
& def_val
, string
*val
, bool *existed
)
813 *val
= s
->info
.args
.get(name
, &exists
);
826 int RESTArgs::get_uint64(struct req_state
*s
, const string
& name
,
827 uint64_t def_val
, uint64_t *val
, bool *existed
)
830 string sval
= s
->info
.args
.get(name
, &exists
);
840 int r
= stringtoull(sval
, val
);
847 int RESTArgs::get_int64(struct req_state
*s
, const string
& name
,
848 int64_t def_val
, int64_t *val
, bool *existed
)
851 string sval
= s
->info
.args
.get(name
, &exists
);
861 int r
= stringtoll(sval
, val
);
868 int RESTArgs::get_uint32(struct req_state
*s
, const string
& name
,
869 uint32_t def_val
, uint32_t *val
, bool *existed
)
872 string sval
= s
->info
.args
.get(name
, &exists
);
882 int r
= stringtoul(sval
, val
);
889 int RESTArgs::get_int32(struct req_state
*s
, const string
& name
,
890 int32_t def_val
, int32_t *val
, bool *existed
)
893 string sval
= s
->info
.args
.get(name
, &exists
);
903 int r
= stringtol(sval
, val
);
910 int RESTArgs::get_time(struct req_state
*s
, const string
& name
,
911 const utime_t
& def_val
, utime_t
*val
, bool *existed
)
914 string sval
= s
->info
.args
.get(name
, &exists
);
924 uint64_t epoch
, nsec
;
926 int r
= utime_t::parse_date(sval
, &epoch
, &nsec
);
930 *val
= utime_t(epoch
, nsec
);
935 int RESTArgs::get_epoch(struct req_state
*s
, const string
& name
, uint64_t def_val
, uint64_t *epoch
, bool *existed
)
938 string date
= s
->info
.args
.get(name
, &exists
);
948 int r
= utime_t::parse_date(date
, epoch
, NULL
);
955 int RESTArgs::get_bool(struct req_state
*s
, const string
& name
, bool def_val
, bool *val
, bool *existed
)
958 string sval
= s
->info
.args
.get(name
, &exists
);
968 const char *str
= sval
.c_str();
971 strcasecmp(str
, "true") == 0 ||
972 sval
.compare("1") == 0) {
977 if (strcasecmp(str
, "false") != 0 &&
978 sval
.compare("0") != 0) {
988 void RGWRESTFlusher::do_start(int ret
)
990 set_req_state_err(s
, ret
); /* no going back from here */
994 rgw_flush_formatter_and_reset(s
, s
->formatter
);
997 void RGWRESTFlusher::do_flush()
999 rgw_flush_formatter(s
, s
->formatter
);
1002 int RGWPutObj_ObjStore::verify_params()
1005 off_t len
= atoll(s
->length
);
1006 if (len
> (off_t
)(s
->cct
->_conf
->rgw_max_put_size
)) {
1007 return -ERR_TOO_LARGE
;
1014 int RGWPutObj_ObjStore::get_params(optional_yield y
)
1016 /* start gettorrent */
1017 if (s
->cct
->_conf
->rgw_torrent_flag
)
1020 ret
= torrent
.get_params();
1021 ldout(s
->cct
, 5) << "NOTICE: open produce torrent file " << dendl
;
1026 torrent
.set_info_name(s
->object
->get_name());
1028 /* end gettorrent */
1029 supplied_md5_b64
= s
->info
.env
->get("HTTP_CONTENT_MD5");
1034 int RGWPutObj_ObjStore::get_data(bufferlist
& bl
)
1037 uint64_t chunk_size
= s
->cct
->_conf
->rgw_max_chunk_size
;
1039 cl
= atoll(s
->length
) - ofs
;
1040 if (cl
> chunk_size
)
1048 ACCOUNTING_IO(s
)->set_account(true);
1051 const auto read_len
= recv_body(s
, bp
.c_str(), cl
);
1057 bl
.append(bp
, 0, len
);
1059 ACCOUNTING_IO(s
)->set_account(false);
1062 if ((uint64_t)ofs
+ len
> s
->cct
->_conf
->rgw_max_put_size
) {
1063 return -ERR_TOO_LARGE
;
1071 * parses params in the format: 'first; param1=foo; param2=bar'
1073 void RGWPostObj_ObjStore::parse_boundary_params(const std::string
& params_str
,
1075 std::map
<std::string
,
1076 std::string
>& params
)
1078 size_t pos
= params_str
.find(';');
1079 if (std::string::npos
== pos
) {
1080 first
= rgw_trim_whitespace(params_str
);
1084 first
= rgw_trim_whitespace(params_str
.substr(0, pos
));
1087 while (pos
< params_str
.size()) {
1088 size_t end
= params_str
.find(';', pos
);
1089 if (std::string::npos
== end
) {
1090 end
= params_str
.size();
1093 std::string param
= params_str
.substr(pos
, end
- pos
);
1094 size_t eqpos
= param
.find('=');
1096 if (std::string::npos
!= eqpos
) {
1097 std::string param_name
= rgw_trim_whitespace(param
.substr(0, eqpos
));
1098 std::string val
= rgw_trim_quotes(param
.substr(eqpos
+ 1));
1099 params
[std::move(param_name
)] = std::move(val
);
1101 params
[rgw_trim_whitespace(param
)] = "";
1108 int RGWPostObj_ObjStore::parse_part_field(const std::string
& line
,
1109 std::string
& field_name
, /* out */
1110 post_part_field
& field
) /* out */
1112 size_t pos
= line
.find(':');
1113 if (pos
== string::npos
)
1116 field_name
= line
.substr(0, pos
);
1117 if (pos
>= line
.size() - 1)
1120 parse_boundary_params(line
.substr(pos
+ 1), field
.val
, field
.params
);
1125 static bool is_crlf(const char *s
)
1127 return (*s
== '\r' && *(s
+ 1) == '\n');
1131 * find the index of the boundary, if exists, or optionally the next end of line
1132 * also returns how many bytes to skip
1134 static int index_of(ceph::bufferlist
& bl
,
1136 const std::string
& str
,
1137 const bool check_crlf
,
1138 bool& reached_boundary
,
1141 reached_boundary
= false;
1144 if (str
.size() < 2) // we assume boundary is at least 2 chars (makes it easier with crlf checks)
1147 if (bl
.length() < str
.size())
1150 const char *buf
= bl
.c_str();
1151 const char *s
= str
.c_str();
1153 if (max_len
> bl
.length())
1154 max_len
= bl
.length();
1156 for (uint64_t i
= 0; i
< max_len
; i
++, buf
++) {
1160 return i
+ 1; // skip the crlf
1162 if ((i
< max_len
- str
.size() + 1) &&
1163 (buf
[0] == s
[0] && buf
[1] == s
[1]) &&
1164 (strncmp(buf
, s
, str
.size()) == 0)) {
1165 reached_boundary
= true;
1168 /* oh, great, now we need to swallow the preceding crlf
1183 int RGWPostObj_ObjStore::read_with_boundary(ceph::bufferlist
& bl
,
1185 const bool check_crlf
,
1186 bool& reached_boundary
,
1189 uint64_t cl
= max
+ 2 + boundary
.size();
1191 if (max
> in_data
.length()) {
1192 uint64_t need_to_read
= cl
- in_data
.length();
1194 bufferptr
bp(need_to_read
);
1196 const auto read_len
= recv_body(s
, bp
.c_str(), need_to_read
);
1200 in_data
.append(bp
, 0, read_len
);
1205 const int index
= index_of(in_data
, cl
, boundary
, check_crlf
,
1206 reached_boundary
, skip
);
1211 if (max
> in_data
.length()) {
1212 max
= in_data
.length();
1215 bl
.substr_of(in_data
, 0, max
);
1217 ceph::bufferlist new_read_data
;
1220 * now we need to skip boundary for next time, also skip any crlf, or
1221 * check to see if it's the last final boundary (marked with "--" at the end
1223 if (reached_boundary
) {
1224 int left
= in_data
.length() - max
;
1225 if (left
< skip
+ 2) {
1226 int need
= skip
+ 2 - left
;
1227 bufferptr
boundary_bp(need
);
1228 const int r
= recv_body(s
, boundary_bp
.c_str(), need
);
1232 in_data
.append(boundary_bp
);
1234 max
+= skip
; // skip boundary for next time
1235 if (in_data
.length() >= max
+ 2) {
1236 const char *data
= in_data
.c_str();
1237 if (is_crlf(data
+ max
)) {
1240 if (*(data
+ max
) == '-' &&
1241 *(data
+ max
+ 1) == '-') {
1249 new_read_data
.substr_of(in_data
, max
, in_data
.length() - max
);
1250 in_data
= new_read_data
;
1255 int RGWPostObj_ObjStore::read_line(ceph::bufferlist
& bl
,
1257 bool& reached_boundary
,
1260 return read_with_boundary(bl
, max
, true, reached_boundary
, done
);
1263 int RGWPostObj_ObjStore::read_data(ceph::bufferlist
& bl
,
1265 bool& reached_boundary
,
1268 return read_with_boundary(bl
, max
, false, reached_boundary
, done
);
1272 int RGWPostObj_ObjStore::read_form_part_header(struct post_form_part
* const part
,
1276 bool reached_boundary
;
1277 uint64_t chunk_size
= s
->cct
->_conf
->rgw_max_chunk_size
;
1278 int r
= read_line(bl
, chunk_size
, reached_boundary
, done
);
1287 if (reached_boundary
) { // skip the first boundary
1288 r
= read_line(bl
, chunk_size
, reached_boundary
, done
);
1298 * iterate through fields
1300 std::string line
= rgw_trim_whitespace(string(bl
.c_str(), bl
.length()));
1306 struct post_part_field field
;
1309 r
= parse_part_field(line
, field_name
, field
);
1314 part
->fields
[field_name
] = field
;
1316 if (stringcasecmp(field_name
, "Content-Disposition") == 0) {
1317 part
->name
= field
.params
["name"];
1320 if (reached_boundary
) {
1324 r
= read_line(bl
, chunk_size
, reached_boundary
, done
);
1333 bool RGWPostObj_ObjStore::part_str(parts_collection_t
& parts
,
1334 const std::string
& name
,
1337 const auto iter
= parts
.find(name
);
1338 if (std::end(parts
) == iter
) {
1342 ceph::bufferlist
& data
= iter
->second
.data
;
1343 std::string str
= string(data
.c_str(), data
.length());
1344 *val
= rgw_trim_whitespace(str
);
1348 std::string
RGWPostObj_ObjStore::get_part_str(parts_collection_t
& parts
,
1349 const std::string
& name
,
1350 const std::string
& def_val
)
1354 if (part_str(parts
, name
, &val
)) {
1357 return rgw_trim_whitespace(def_val
);
1361 bool RGWPostObj_ObjStore::part_bl(parts_collection_t
& parts
,
1362 const std::string
& name
,
1363 ceph::bufferlist
* pbl
)
1365 const auto iter
= parts
.find(name
);
1366 if (std::end(parts
) == iter
) {
1370 *pbl
= iter
->second
.data
;
1374 int RGWPostObj_ObjStore::verify_params()
1376 /* check that we have enough memory to store the object
1377 note that this test isn't exact and may fail unintentionally
1378 for large requests is */
1380 return -ERR_LENGTH_REQUIRED
;
1382 off_t len
= atoll(s
->length
);
1383 if (len
> (off_t
)(s
->cct
->_conf
->rgw_max_put_size
)) {
1384 return -ERR_TOO_LARGE
;
1387 supplied_md5_b64
= s
->info
.env
->get("HTTP_CONTENT_MD5");
1392 int RGWPostObj_ObjStore::get_params(optional_yield y
)
1394 if (s
->expect_cont
) {
1395 /* OK, here it really gets ugly. With POST, the params are embedded in the
1396 * request body, so we need to continue before being able to actually look
1397 * at them. This diverts from the usual request flow. */
1399 s
->expect_cont
= false;
1402 std::string req_content_type_str
= s
->info
.env
->get("CONTENT_TYPE", "");
1403 std::string req_content_type
;
1404 std::map
<std::string
, std::string
> params
;
1405 parse_boundary_params(req_content_type_str
, req_content_type
, params
);
1407 if (req_content_type
.compare("multipart/form-data") != 0) {
1408 err_msg
= "Request Content-Type is not multipart/form-data";
1412 if (s
->cct
->_conf
->subsys
.should_gather
<ceph_subsys_rgw
, 20>()) {
1413 ldout(s
->cct
, 20) << "request content_type_str="
1414 << req_content_type_str
<< dendl
;
1415 ldout(s
->cct
, 20) << "request content_type params:" << dendl
;
1417 for (const auto& pair
: params
) {
1418 ldout(s
->cct
, 20) << " " << pair
.first
<< " -> " << pair
.second
1423 const auto iter
= params
.find("boundary");
1424 if (std::end(params
) == iter
) {
1425 err_msg
= "Missing multipart boundary specification";
1429 /* Create the boundary. */
1431 boundary
.append(iter
->second
);
1437 int RGWPutACLs_ObjStore::get_params(optional_yield y
)
1439 const auto max_size
= s
->cct
->_conf
->rgw_max_put_param_size
;
1440 std::tie(op_ret
, data
) = rgw_rest_read_all_input(s
, max_size
, false);
1441 ldout(s
->cct
, 0) << "RGWPutACLs_ObjStore::get_params read data is: " << data
.c_str() << dendl
;
1445 int RGWPutLC_ObjStore::get_params(optional_yield y
)
1447 const auto max_size
= s
->cct
->_conf
->rgw_max_put_param_size
;
1448 std::tie(op_ret
, data
) = rgw_rest_read_all_input(s
, max_size
, false);
1452 int RGWPutBucketObjectLock_ObjStore::get_params(optional_yield y
)
1454 const auto max_size
= s
->cct
->_conf
->rgw_max_put_param_size
;
1455 std::tie(op_ret
, data
) = rgw_rest_read_all_input(s
, max_size
, false);
1459 int RGWPutObjLegalHold_ObjStore::get_params(optional_yield y
)
1461 const auto max_size
= s
->cct
->_conf
->rgw_max_put_param_size
;
1462 std::tie(op_ret
, data
) = rgw_rest_read_all_input(s
, max_size
, false);
1467 static std::tuple
<int, bufferlist
> read_all_chunked_input(req_state
*s
, const uint64_t max_read
)
1469 #define READ_CHUNK 4096
1470 #define MAX_READ_CHUNK (128 * 1024)
1471 int need_to_read
= READ_CHUNK
;
1472 int total
= need_to_read
;
1475 int read_len
= 0, len
= 0;
1477 bufferptr
bp(need_to_read
+ 1);
1478 read_len
= recv_body(s
, bp
.c_str(), need_to_read
);
1480 return std::make_tuple(read_len
, std::move(bl
));
1483 bp
.c_str()[read_len
] = '\0';
1484 bp
.set_length(read_len
);
1488 if (read_len
== need_to_read
) {
1489 if (need_to_read
< MAX_READ_CHUNK
)
1492 if ((unsigned)total
> max_read
) {
1493 return std::make_tuple(-ERANGE
, std::move(bl
));
1495 total
+= need_to_read
;
1501 return std::make_tuple(0, std::move(bl
));
1504 std::tuple
<int, bufferlist
> rgw_rest_read_all_input(struct req_state
*s
,
1505 const uint64_t max_len
,
1506 const bool allow_chunked
)
1513 cl
= atoll(s
->length
);
1514 else if (!allow_chunked
)
1515 return std::make_tuple(-ERR_LENGTH_REQUIRED
, std::move(bl
));
1518 if (cl
> (size_t)max_len
) {
1519 return std::make_tuple(-ERANGE
, std::move(bl
));
1522 bufferptr
bp(cl
+ 1);
1524 len
= recv_body(s
, bp
.c_str(), cl
);
1526 return std::make_tuple(len
, std::move(bl
));
1529 bp
.c_str()[len
] = '\0';
1533 } else if (allow_chunked
&& !s
->length
) {
1534 const char *encoding
= s
->info
.env
->get("HTTP_TRANSFER_ENCODING");
1535 if (!encoding
|| strcmp(encoding
, "chunked") != 0)
1536 return std::make_tuple(-ERR_LENGTH_REQUIRED
, std::move(bl
));
1539 std::tie(ret
, bl
) = read_all_chunked_input(s
, max_len
);
1541 return std::make_tuple(ret
, std::move(bl
));
1544 return std::make_tuple(0, std::move(bl
));
1547 int RGWCompleteMultipart_ObjStore::get_params(optional_yield y
)
1549 upload_id
= s
->info
.args
.get("uploadId");
1551 if (upload_id
.empty()) {
1556 const auto max_size
= s
->cct
->_conf
->rgw_max_put_param_size
;
1557 std::tie(op_ret
, data
) = rgw_rest_read_all_input(s
, max_size
);
1564 int RGWListMultipart_ObjStore::get_params(optional_yield y
)
1566 upload_id
= s
->info
.args
.get("uploadId");
1568 if (upload_id
.empty()) {
1571 string marker_str
= s
->info
.args
.get("part-number-marker");
1573 if (!marker_str
.empty()) {
1575 marker
= strict_strtol(marker_str
.c_str(), 10, &err
);
1577 ldout(s
->cct
, 20) << "bad marker: " << marker
<< dendl
;
1583 string str
= s
->info
.args
.get("max-parts");
1584 op_ret
= parse_value_and_bound(str
, max_parts
, 0,
1585 g_conf().get_val
<uint64_t>("rgw_max_listing_results"),
1591 int RGWListBucketMultiparts_ObjStore::get_params(optional_yield y
)
1593 delimiter
= s
->info
.args
.get("delimiter");
1594 prefix
= s
->info
.args
.get("prefix");
1595 string str
= s
->info
.args
.get("max-uploads");
1596 op_ret
= parse_value_and_bound(str
, max_uploads
, 0,
1597 g_conf().get_val
<uint64_t>("rgw_max_listing_results"),
1603 if (auto encoding_type
= s
->info
.args
.get_optional("encoding-type");
1604 encoding_type
!= boost::none
) {
1605 if (strcasecmp(encoding_type
->c_str(), "url") != 0) {
1607 s
->err
.message
="Invalid Encoding Method specified in Request";
1613 string key_marker
= s
->info
.args
.get("key-marker");
1614 string upload_id_marker
= s
->info
.args
.get("upload-id-marker");
1615 if (!key_marker
.empty())
1616 marker
.init(key_marker
, upload_id_marker
);
1621 int RGWDeleteMultiObj_ObjStore::get_params(optional_yield y
)
1624 if (s
->bucket_name
.empty()) {
1629 // everything is probably fine, set the bucket
1630 bucket
= s
->bucket
.get();
1632 const auto max_size
= s
->cct
->_conf
->rgw_max_put_param_size
;
1633 std::tie(op_ret
, data
) = rgw_rest_read_all_input(s
, max_size
, false);
1638 void RGWRESTOp::send_response()
1640 if (!flusher
.did_start()) {
1641 set_req_state_err(s
, get_ret());
1643 end_header(s
, this);
1648 int RGWRESTOp::verify_permission(optional_yield
)
1650 return check_caps(s
->user
->get_info().caps
);
1653 RGWOp
* RGWHandler_REST::get_op(void)
1683 op
->init(store
, s
, this);
1688 void RGWHandler_REST::put_op(RGWOp
* op
)
1693 int RGWHandler_REST::allocate_formatter(struct req_state
*s
,
1697 s
->format
= -1; // set to invalid value to allocation happens anyway
1698 auto type
= default_type
;
1700 string format_str
= s
->info
.args
.get("format");
1701 if (format_str
.compare("xml") == 0) {
1702 type
= RGW_FORMAT_XML
;
1703 } else if (format_str
.compare("json") == 0) {
1704 type
= RGW_FORMAT_JSON
;
1705 } else if (format_str
.compare("html") == 0) {
1706 type
= RGW_FORMAT_HTML
;
1708 const char *accept
= s
->info
.env
->get("HTTP_ACCEPT");
1710 char format_buf
[64];
1712 for (; i
< sizeof(format_buf
) - 1 && accept
[i
] && accept
[i
] != ';'; ++i
) {
1713 format_buf
[i
] = accept
[i
];
1716 if ((strcmp(format_buf
, "text/xml") == 0) || (strcmp(format_buf
, "application/xml") == 0)) {
1717 type
= RGW_FORMAT_XML
;
1718 } else if (strcmp(format_buf
, "application/json") == 0) {
1719 type
= RGW_FORMAT_JSON
;
1720 } else if (strcmp(format_buf
, "text/html") == 0) {
1721 type
= RGW_FORMAT_HTML
;
1726 return RGWHandler_REST::reallocate_formatter(s
, type
);
1729 int RGWHandler_REST::reallocate_formatter(struct req_state
*s
, int type
)
1731 if (s
->format
== type
) {
1732 // do nothing, just reset
1733 ceph_assert(s
->formatter
);
1734 s
->formatter
->reset();
1738 delete s
->formatter
;
1739 s
->formatter
= nullptr;
1742 const string
& mm
= s
->info
.args
.get("multipart-manifest");
1743 const bool multipart_delete
= (mm
.compare("delete") == 0);
1744 const bool swift_bulkupload
= s
->prot_flags
& RGW_REST_SWIFT
&&
1745 s
->info
.args
.exists("extract-archive");
1746 switch (s
->format
) {
1747 case RGW_FORMAT_PLAIN
:
1749 const bool use_kv_syntax
= s
->info
.args
.exists("bulk-delete") ||
1750 multipart_delete
|| swift_bulkupload
;
1751 s
->formatter
= new RGWFormatter_Plain(use_kv_syntax
);
1754 case RGW_FORMAT_XML
:
1756 const bool lowercase_underscore
= s
->info
.args
.exists("bulk-delete") ||
1757 multipart_delete
|| swift_bulkupload
;
1759 s
->formatter
= new XMLFormatter(false, lowercase_underscore
);
1762 case RGW_FORMAT_JSON
:
1763 s
->formatter
= new JSONFormatter(false);
1765 case RGW_FORMAT_HTML
:
1766 s
->formatter
= new HTMLFormatter(s
->prot_flags
& RGW_REST_WEBSITE
);
1772 //s->formatter->reset(); // All formatters should reset on create already
1776 // This function enforces Amazon's spec for bucket names.
1777 // (The requirements, not the recommendations.)
1778 int RGWHandler_REST::validate_bucket_name(const string
& bucket
)
1780 int len
= bucket
.size();
1783 // This request doesn't specify a bucket at all
1787 return -ERR_INVALID_BUCKET_NAME
;
1789 else if (len
> MAX_BUCKET_NAME_LEN
) {
1791 return -ERR_INVALID_BUCKET_NAME
;
1794 const char *s
= bucket
.c_str();
1795 for (int i
= 0; i
< len
; ++i
, ++s
) {
1796 if (*(unsigned char *)s
== 0xff)
1797 return -ERR_INVALID_BUCKET_NAME
;
1798 if (*(unsigned char *)s
== '/')
1799 return -ERR_INVALID_BUCKET_NAME
;
1805 // "The name for a key is a sequence of Unicode characters whose UTF-8 encoding
1806 // is at most 1024 bytes long."
1807 // However, we can still have control characters and other nasties in there.
1808 // Just as long as they're utf-8 nasties.
1809 int RGWHandler_REST::validate_object_name(const string
& object
)
1811 int len
= object
.size();
1812 if (len
> MAX_OBJ_NAME_LEN
) {
1814 return -ERR_INVALID_OBJECT_NAME
;
1817 if (check_utf8(object
.c_str(), len
)) {
1818 // Object names must be valid UTF-8.
1819 return -ERR_INVALID_OBJECT_NAME
;
1824 static http_op
op_from_method(const char *method
)
1828 if (strcmp(method
, "GET") == 0)
1830 if (strcmp(method
, "PUT") == 0)
1832 if (strcmp(method
, "DELETE") == 0)
1834 if (strcmp(method
, "HEAD") == 0)
1836 if (strcmp(method
, "POST") == 0)
1838 if (strcmp(method
, "COPY") == 0)
1840 if (strcmp(method
, "OPTIONS") == 0)
1846 int RGWHandler_REST::init_permissions(RGWOp
* op
, optional_yield y
)
1848 if (op
->get_type() == RGW_OP_CREATE_BUCKET
) {
1849 // We don't need user policies in case of STS token returned by AssumeRole, hence the check for user type
1850 if (! s
->user
->get_id().empty() && s
->auth
.identity
->get_identity_type() != TYPE_ROLE
) {
1852 map
<string
, bufferlist
> uattrs
;
1853 if (auto ret
= store
->ctl()->user
->get_attrs_by_uid(s
->user
->get_id(), &uattrs
, y
); ! ret
) {
1854 auto user_policies
= get_iam_user_policy_from_attr(s
->cct
, store
, uattrs
, s
->user
->get_tenant());
1855 s
->iam_user_policies
.insert(s
->iam_user_policies
.end(),
1856 std::make_move_iterator(user_policies
.begin()),
1857 std::make_move_iterator(user_policies
.end()));
1860 } catch (const std::exception
& e
) {
1861 lderr(s
->cct
) << "Error reading IAM User Policy: " << e
.what() << dendl
;
1864 rgw_build_iam_environment(store
, s
);
1868 return do_init_permissions(y
);
1871 int RGWHandler_REST::read_permissions(RGWOp
* op_obj
, optional_yield y
)
1873 bool only_bucket
= false;
1878 only_bucket
= false;
1883 /* is it a 'multi-object delete' request? */
1884 if (s
->info
.args
.exists("delete")) {
1888 if (is_obj_update_op()) {
1889 only_bucket
= false;
1892 /* is it a 'create bucket' request? */
1893 if (op_obj
->get_type() == RGW_OP_CREATE_BUCKET
)
1899 if (!s
->info
.args
.exists("tagging")){
1910 return do_read_permissions(op_obj
, only_bucket
, y
);
1913 void RGWRESTMgr::register_resource(string resource
, RGWRESTMgr
*mgr
)
1918 /* do we have a resource manager registered for this entry point? */
1919 map
<string
, RGWRESTMgr
*>::iterator iter
= resource_mgrs
.find(r
);
1920 if (iter
!= resource_mgrs
.end()) {
1921 delete iter
->second
;
1923 resource_mgrs
[r
] = mgr
;
1924 resources_by_size
.insert(pair
<size_t, string
>(r
.size(), r
));
1926 /* now build default resource managers for the path (instead of nested entry points)
1927 * e.g., if the entry point is /auth/v1.0/ then we'd want to create a default
1928 * manager for /auth/
1931 size_t pos
= r
.find('/', 1);
1933 while (pos
!= r
.size() - 1 && pos
!= string::npos
) {
1934 string s
= r
.substr(0, pos
);
1936 iter
= resource_mgrs
.find(s
);
1937 if (iter
== resource_mgrs
.end()) { /* only register it if one does not exist */
1938 resource_mgrs
[s
] = new RGWRESTMgr
; /* a default do-nothing manager */
1939 resources_by_size
.insert(pair
<size_t, string
>(s
.size(), s
));
1942 pos
= r
.find('/', pos
+ 1);
1946 void RGWRESTMgr::register_default_mgr(RGWRESTMgr
*mgr
)
1952 RGWRESTMgr
* RGWRESTMgr::get_resource_mgr(struct req_state
* const s
,
1953 const std::string
& uri
,
1954 std::string
* const out_uri
)
1958 multimap
<size_t, string
>::reverse_iterator iter
;
1960 for (iter
= resources_by_size
.rbegin(); iter
!= resources_by_size
.rend(); ++iter
) {
1961 string
& resource
= iter
->second
;
1962 if (uri
.compare(0, iter
->first
, resource
) == 0 &&
1963 (uri
.size() == iter
->first
||
1964 uri
[iter
->first
] == '/')) {
1965 std::string suffix
= uri
.substr(iter
->first
);
1966 return resource_mgrs
[resource
]->get_resource_mgr(s
, suffix
, out_uri
);
1971 return default_mgr
->get_resource_mgr_as_default(s
, uri
, out_uri
);
1977 void RGWREST::register_x_headers(const string
& s_headers
)
1979 std::vector
<std::string
> hdrs
= get_str_vec(s_headers
);
1980 for (auto& hdr
: hdrs
) {
1981 boost::algorithm::to_upper(hdr
); // XXX
1982 (void) x_headers
.insert(hdr
);
1986 RGWRESTMgr::~RGWRESTMgr()
1988 map
<string
, RGWRESTMgr
*>::iterator iter
;
1989 for (iter
= resource_mgrs
.begin(); iter
!= resource_mgrs
.end(); ++iter
) {
1990 delete iter
->second
;
1995 int64_t parse_content_length(const char *content_length
)
1999 if (*content_length
== '\0') {
2003 len
= strict_strtoll(content_length
, 10, &err
);
2012 int RGWREST::preprocess(struct req_state
*s
, rgw::io::BasicClient
* cio
)
2014 req_info
& info
= s
->info
;
2016 /* save the request uri used to hash on the client side. request_uri may suffer
2017 modifications as part of the bucket encoding in the subdomain calling format.
2018 request_uri_aws4 will be used under aws4 auth */
2019 s
->info
.request_uri_aws4
= s
->info
.request_uri
;
2023 // We need to know if this RGW instance is running the s3website API with a
2024 // higher priority than regular S3 API, or possibly in place of the regular
2026 // Map the listing of rgw_enable_apis in REVERSE order, so that items near
2027 // the front of the list have a higher number assigned (and -1 for items not in the list).
2029 get_str_list(g_conf()->rgw_enable_apis
, apis
);
2030 int api_priority_s3
= -1;
2031 int api_priority_s3website
= -1;
2032 auto api_s3website_priority_rawpos
= std::find(apis
.begin(), apis
.end(), "s3website");
2033 auto api_s3_priority_rawpos
= std::find(apis
.begin(), apis
.end(), "s3");
2034 if (api_s3_priority_rawpos
!= apis
.end()) {
2035 api_priority_s3
= apis
.size() - std::distance(apis
.begin(), api_s3_priority_rawpos
);
2037 if (api_s3website_priority_rawpos
!= apis
.end()) {
2038 api_priority_s3website
= apis
.size() - std::distance(apis
.begin(), api_s3website_priority_rawpos
);
2040 ldout(s
->cct
, 10) << "rgw api priority: s3=" << api_priority_s3
<< " s3website=" << api_priority_s3website
<< dendl
;
2041 bool s3website_enabled
= api_priority_s3website
>= 0;
2043 if (info
.host
.size()) {
2045 if (info
.host
.find('[') == 0) {
2046 pos
= info
.host
.find(']');
2048 info
.host
= info
.host
.substr(1, pos
-1);
2051 pos
= info
.host
.find(':');
2053 info
.host
= info
.host
.substr(0, pos
);
2056 ldout(s
->cct
, 10) << "host=" << info
.host
<< dendl
;
2059 bool in_hosted_domain_s3website
= false;
2060 bool in_hosted_domain
= rgw_find_host_in_domains(info
.host
, &domain
, &subdomain
, hostnames_set
);
2062 string s3website_domain
;
2063 string s3website_subdomain
;
2065 if (s3website_enabled
) {
2066 in_hosted_domain_s3website
= rgw_find_host_in_domains(info
.host
, &s3website_domain
, &s3website_subdomain
, hostnames_s3website_set
);
2067 if (in_hosted_domain_s3website
) {
2068 in_hosted_domain
= true; // TODO: should hostnames be a strict superset of hostnames_s3website?
2069 domain
= s3website_domain
;
2070 subdomain
= s3website_subdomain
;
2075 << "subdomain=" << subdomain
2076 << " domain=" << domain
2077 << " in_hosted_domain=" << in_hosted_domain
2078 << " in_hosted_domain_s3website=" << in_hosted_domain_s3website
2081 if (g_conf()->rgw_resolve_cname
2082 && !in_hosted_domain
2083 && !in_hosted_domain_s3website
) {
2086 int r
= rgw_resolver
->resolve_cname(info
.host
, cname
, &found
);
2089 << "WARNING: rgw_resolver->resolve_cname() returned r=" << r
2094 ldout(s
->cct
, 5) << "resolved host cname " << info
.host
<< " -> "
2097 rgw_find_host_in_domains(cname
, &domain
, &subdomain
, hostnames_set
);
2099 if (s3website_enabled
2100 && !in_hosted_domain_s3website
) {
2101 in_hosted_domain_s3website
=
2102 rgw_find_host_in_domains(cname
, &s3website_domain
,
2103 &s3website_subdomain
,
2104 hostnames_s3website_set
);
2105 if (in_hosted_domain_s3website
) {
2106 in_hosted_domain
= true; // TODO: should hostnames be a
2107 // strict superset of hostnames_s3website?
2108 domain
= s3website_domain
;
2109 subdomain
= s3website_subdomain
;
2114 << "subdomain=" << subdomain
2115 << " domain=" << domain
2116 << " in_hosted_domain=" << in_hosted_domain
2117 << " in_hosted_domain_s3website=" << in_hosted_domain_s3website
2122 // Handle A/CNAME records that point to the RGW storage, but do match the
2123 // CNAME test above, per issue http://tracker.ceph.com/issues/15975
2124 // If BOTH domain & subdomain variables are empty, then none of the above
2125 // cases matched anything, and we should fall back to using the Host header
2126 // directly as the bucket name.
2127 // As additional checks:
2128 // - if the Host header is an IP, we're using path-style access without DNS
2129 // - Also check that the Host header is a valid bucket name before using it.
2130 // - Don't enable virtual hosting if no hostnames are configured
2131 if (subdomain
.empty()
2132 && (domain
.empty() || domain
!= info
.host
)
2133 && !looks_like_ip_address(info
.host
.c_str())
2134 && RGWHandler_REST::validate_bucket_name(info
.host
) == 0
2135 && !(hostnames_set
.empty() && hostnames_s3website_set
.empty())) {
2136 subdomain
.append(info
.host
);
2137 in_hosted_domain
= 1;
2140 if (s3website_enabled
&& api_priority_s3website
> api_priority_s3
) {
2141 in_hosted_domain_s3website
= 1;
2144 if (in_hosted_domain_s3website
) {
2145 s
->prot_flags
|= RGW_REST_WEBSITE
;
2149 if (in_hosted_domain
&& !subdomain
.empty()) {
2150 string encoded_bucket
= "/";
2151 encoded_bucket
.append(subdomain
);
2152 if (s
->info
.request_uri
[0] != '/')
2153 encoded_bucket
.append("/");
2154 encoded_bucket
.append(s
->info
.request_uri
);
2155 s
->info
.request_uri
= encoded_bucket
;
2158 if (!domain
.empty()) {
2159 s
->info
.domain
= domain
;
2163 << "final domain/bucket"
2164 << " subdomain=" << subdomain
2165 << " domain=" << domain
2166 << " in_hosted_domain=" << in_hosted_domain
2167 << " in_hosted_domain_s3website=" << in_hosted_domain_s3website
2168 << " s->info.domain=" << s
->info
.domain
2169 << " s->info.request_uri=" << s
->info
.request_uri
2173 if (s
->info
.domain
.empty()) {
2174 s
->info
.domain
= s
->cct
->_conf
->rgw_dns_name
;
2177 s
->decoded_uri
= url_decode(s
->info
.request_uri
);
2178 /* Validate for being free of the '\0' buried in the middle of the string. */
2179 if (std::strlen(s
->decoded_uri
.c_str()) != s
->decoded_uri
.length()) {
2180 return -ERR_ZERO_IN_URL
;
2183 /* FastCGI specification, section 6.3
2184 * http://www.fastcgi.com/devkit/doc/fcgi-spec.html#S6.3
2186 * The Authorizer application receives HTTP request information from the Web
2187 * server on the FCGI_PARAMS stream, in the same format as a Responder. The
2188 * Web server does not send CONTENT_LENGTH, PATH_INFO, PATH_TRANSLATED, and
2189 * SCRIPT_NAME headers.
2191 * Ergo if we are in Authorizer role, we MUST look at HTTP_CONTENT_LENGTH
2192 * instead of CONTENT_LENGTH for the Content-Length.
2194 * There is one slight wrinkle in this, and that's older versions of
2195 * nginx/lighttpd/apache setting BOTH headers. As a result, we have to check
2196 * both headers and can't always simply pick A or B.
2198 const char* content_length
= info
.env
->get("CONTENT_LENGTH");
2199 const char* http_content_length
= info
.env
->get("HTTP_CONTENT_LENGTH");
2200 if (!http_content_length
!= !content_length
) {
2201 /* Easy case: one or the other is missing */
2202 s
->length
= (content_length
? content_length
: http_content_length
);
2203 } else if (s
->cct
->_conf
->rgw_content_length_compat
&&
2204 content_length
&& http_content_length
) {
2205 /* Hard case: Both are set, we have to disambiguate */
2206 int64_t content_length_i
, http_content_length_i
;
2208 content_length_i
= parse_content_length(content_length
);
2209 http_content_length_i
= parse_content_length(http_content_length
);
2212 if (http_content_length_i
< 0) {
2213 // HTTP_CONTENT_LENGTH is invalid, ignore it
2214 } else if (content_length_i
< 0) {
2215 // CONTENT_LENGTH is invalid, and HTTP_CONTENT_LENGTH is valid
2217 content_length
= http_content_length
;
2219 // both CONTENT_LENGTH and HTTP_CONTENT_LENGTH are valid
2220 // Let's pick the larger size
2221 if (content_length_i
< http_content_length_i
) {
2222 // prefer the larger value
2223 content_length
= http_content_length
;
2226 s
->length
= content_length
;
2227 // End of: else if (s->cct->_conf->rgw_content_length_compat &&
2228 // content_length &&
2229 // http_content_length)
2231 /* no content length was defined */
2236 if (*s
->length
== '\0') {
2237 s
->content_length
= 0;
2240 s
->content_length
= strict_strtoll(s
->length
, 10, &err
);
2242 ldout(s
->cct
, 10) << "bad content length, aborting" << dendl
;
2248 if (s
->content_length
< 0) {
2249 ldout(s
->cct
, 10) << "negative content length, aborting" << dendl
;
2253 map
<string
, string
>::iterator giter
;
2254 for (giter
= generic_attrs_map
.begin(); giter
!= generic_attrs_map
.end();
2256 const char *env
= info
.env
->get(giter
->first
.c_str());
2258 s
->generic_attrs
[giter
->second
] = env
;
2262 if (g_conf()->rgw_print_continue
) {
2263 const char *expect
= info
.env
->get("HTTP_EXPECT");
2264 s
->expect_cont
= (expect
&& !strcasecmp(expect
, "100-continue"));
2266 s
->op
= op_from_method(info
.method
);
2268 info
.init_meta_info(&s
->has_bad_meta
);
2273 RGWHandler_REST
* RGWREST::get_handler(
2274 rgw::sal::RGWRadosStore
* const store
,
2275 struct req_state
* const s
,
2276 const rgw::auth::StrategyRegistry
& auth_registry
,
2277 const std::string
& frontend_prefix
,
2278 RGWRestfulIO
* const rio
,
2279 RGWRESTMgr
** const pmgr
,
2280 int* const init_error
2282 *init_error
= preprocess(s
, rio
);
2283 if (*init_error
< 0) {
2287 RGWRESTMgr
*m
= mgr
.get_manager(s
, frontend_prefix
, s
->decoded_uri
,
2290 *init_error
= -ERR_METHOD_NOT_ALLOWED
;
2298 RGWHandler_REST
* handler
= m
->get_handler(store
, s
, auth_registry
, frontend_prefix
);
2300 *init_error
= -ERR_METHOD_NOT_ALLOWED
;
2303 *init_error
= handler
->init(store
, s
, rio
);
2304 if (*init_error
< 0) {
2305 m
->put_handler(handler
);
2310 } /* get stream handler */