1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #ifndef CEPH_RGW_REST_S3_H
6 #define CEPH_RGW_REST_S3_H
7 #define TIME_BUF_SIZE 128
11 #include <boost/utility/string_view.hpp>
12 #include <boost/container/static_vector.hpp>
14 #include "common/backport14.h"
15 #include "common/sstring.hh"
18 #include "rgw_http_errors.h"
19 #include "rgw_acl_s3.h"
20 #include "rgw_policy_s3.h"
21 #include "rgw_lc_s3.h"
22 #include "rgw_keystone.h"
23 #include "rgw_rest_conn.h"
27 #include "rgw_token.h"
28 #include "include/assert.h"
31 #include "rgw_auth_filters.h"
33 #define RGW_AUTH_GRACE_MINS 15
35 struct rgw_http_error
{
40 void rgw_get_errno_s3(struct rgw_http_error
*e
, int err_no
);
42 class RGWGetObj_ObjStore_S3
: public RGWGetObj_ObjStore
45 // Serving a custom error page from an object is really a 200 response with
46 // just the status line altered.
47 int custom_http_ret
= 0;
48 std::map
<std::string
, std::string
> crypt_http_responses
;
50 RGWGetObj_ObjStore_S3() {}
51 ~RGWGetObj_ObjStore_S3() override
{}
53 int get_params() override
;
54 int send_response_data_error() override
;
55 int send_response_data(bufferlist
& bl
, off_t ofs
, off_t len
) override
;
56 void set_custom_http_response(int http_ret
) { custom_http_ret
= http_ret
; }
57 int get_decrypt_filter(std::unique_ptr
<RGWGetDataCB
>* filter
,
59 bufferlist
* manifest_bl
) override
;
62 class RGWListBuckets_ObjStore_S3
: public RGWListBuckets_ObjStore
{
64 RGWListBuckets_ObjStore_S3() {}
65 ~RGWListBuckets_ObjStore_S3() override
{}
67 int get_params() override
{
68 limit
= -1; /* no limit */
71 void send_response_begin(bool has_buckets
) override
;
72 void send_response_data(RGWUserBuckets
& buckets
) override
;
73 void send_response_end() override
;
76 class RGWGetUsage_ObjStore_S3
: public RGWGetUsage_ObjStore
{
78 RGWGetUsage_ObjStore_S3() {}
79 ~RGWGetUsage_ObjStore_S3() override
{}
81 int get_params() override
;
82 void send_response() override
;
85 class RGWListBucket_ObjStore_S3
: public RGWListBucket_ObjStore
{
88 RGWListBucket_ObjStore_S3() : objs_container(false) {
91 ~RGWListBucket_ObjStore_S3() override
{}
93 int get_params() override
;
94 void send_response() override
;
95 void send_versioned_response();
98 class RGWGetBucketLogging_ObjStore_S3
: public RGWGetBucketLogging
{
100 RGWGetBucketLogging_ObjStore_S3() {}
101 ~RGWGetBucketLogging_ObjStore_S3() override
{}
103 void send_response() override
;
106 class RGWGetBucketLocation_ObjStore_S3
: public RGWGetBucketLocation
{
108 RGWGetBucketLocation_ObjStore_S3() {}
109 ~RGWGetBucketLocation_ObjStore_S3() override
{}
111 void send_response() override
;
114 class RGWGetBucketVersioning_ObjStore_S3
: public RGWGetBucketVersioning
{
116 RGWGetBucketVersioning_ObjStore_S3() {}
117 ~RGWGetBucketVersioning_ObjStore_S3() override
{}
119 void send_response() override
;
122 class RGWSetBucketVersioning_ObjStore_S3
: public RGWSetBucketVersioning
{
124 RGWSetBucketVersioning_ObjStore_S3() {}
125 ~RGWSetBucketVersioning_ObjStore_S3() override
{}
127 int get_params() override
;
128 void send_response() override
;
131 class RGWGetBucketWebsite_ObjStore_S3
: public RGWGetBucketWebsite
{
133 RGWGetBucketWebsite_ObjStore_S3() {}
134 ~RGWGetBucketWebsite_ObjStore_S3() override
{}
136 void send_response() override
;
139 class RGWSetBucketWebsite_ObjStore_S3
: public RGWSetBucketWebsite
{
141 RGWSetBucketWebsite_ObjStore_S3() {}
142 ~RGWSetBucketWebsite_ObjStore_S3() override
{}
144 int get_params() override
;
145 void send_response() override
;
148 class RGWDeleteBucketWebsite_ObjStore_S3
: public RGWDeleteBucketWebsite
{
150 RGWDeleteBucketWebsite_ObjStore_S3() {}
151 ~RGWDeleteBucketWebsite_ObjStore_S3() override
{}
153 void send_response() override
;
156 class RGWStatBucket_ObjStore_S3
: public RGWStatBucket_ObjStore
{
158 RGWStatBucket_ObjStore_S3() {}
159 ~RGWStatBucket_ObjStore_S3() override
{}
161 void send_response() override
;
164 class RGWCreateBucket_ObjStore_S3
: public RGWCreateBucket_ObjStore
{
166 RGWCreateBucket_ObjStore_S3() {}
167 ~RGWCreateBucket_ObjStore_S3() override
{}
169 int get_params() override
;
170 void send_response() override
;
173 class RGWDeleteBucket_ObjStore_S3
: public RGWDeleteBucket_ObjStore
{
175 RGWDeleteBucket_ObjStore_S3() {}
176 ~RGWDeleteBucket_ObjStore_S3() override
{}
178 void send_response() override
;
181 class RGWPutObj_ObjStore_S3
: public RGWPutObj_ObjStore
{
183 std::map
<std::string
, std::string
> crypt_http_responses
;
186 RGWPutObj_ObjStore_S3() {}
187 ~RGWPutObj_ObjStore_S3() override
{}
189 int get_params() override
;
190 int get_data(bufferlist
& bl
) override
;
191 void send_response() override
;
193 int get_encrypt_filter(std::unique_ptr
<RGWPutObjDataProcessor
>* filter
,
194 RGWPutObjDataProcessor
* cb
) override
;
195 int get_decrypt_filter(std::unique_ptr
<RGWGetDataCB
>* filter
,
197 map
<string
, bufferlist
>& attrs
,
198 bufferlist
* manifest_bl
) override
;
201 class RGWPostObj_ObjStore_S3
: public RGWPostObj_ObjStore
{
202 parts_collection_t parts
;
203 std::string filename
;
204 std::string content_type
;
206 RGWPolicy post_policy
;
207 map
<string
, string
> crypt_http_responses
;
209 const rgw::auth::StrategyRegistry
* auth_registry_ptr
= nullptr;
212 void rebuild_key(string
& key
);
214 std::string
get_current_filename() const override
;
215 std::string
get_current_content_type() const override
;
218 RGWPostObj_ObjStore_S3() {}
219 ~RGWPostObj_ObjStore_S3() override
{}
221 int verify_requester(const rgw::auth::StrategyRegistry
& auth_registry
) {
222 auth_registry_ptr
= &auth_registry
;
223 return RGWPostObj_ObjStore::verify_requester(auth_registry
);
226 int get_params() override
;
227 int complete_get_params();
229 void send_response() override
;
230 int get_data(ceph::bufferlist
& bl
, bool& again
) override
;
231 int get_encrypt_filter(std::unique_ptr
<RGWPutObjDataProcessor
>* filter
,
232 RGWPutObjDataProcessor
* cb
) override
;
235 class RGWDeleteObj_ObjStore_S3
: public RGWDeleteObj_ObjStore
{
237 RGWDeleteObj_ObjStore_S3() {}
238 ~RGWDeleteObj_ObjStore_S3() override
{}
240 int get_params() override
;
241 void send_response() override
;
244 class RGWCopyObj_ObjStore_S3
: public RGWCopyObj_ObjStore
{
247 RGWCopyObj_ObjStore_S3() : sent_header(false) {}
248 ~RGWCopyObj_ObjStore_S3() override
{}
250 int init_dest_policy() override
;
251 int get_params() override
;
252 void send_partial_response(off_t ofs
) override
;
253 void send_response() override
;
256 class RGWGetACLs_ObjStore_S3
: public RGWGetACLs_ObjStore
{
258 RGWGetACLs_ObjStore_S3() {}
259 ~RGWGetACLs_ObjStore_S3() override
{}
261 void send_response() override
;
264 class RGWPutACLs_ObjStore_S3
: public RGWPutACLs_ObjStore
{
266 RGWPutACLs_ObjStore_S3() {}
267 ~RGWPutACLs_ObjStore_S3() override
{}
269 int get_policy_from_state(RGWRados
*store
, struct req_state
*s
, stringstream
& ss
) override
;
270 void send_response() override
;
271 int get_params() override
;
274 class RGWGetLC_ObjStore_S3
: public RGWGetLC_ObjStore
{
276 RGWLifecycleConfiguration_S3 config
;
278 RGWGetLC_ObjStore_S3() {}
279 ~RGWGetLC_ObjStore_S3() override
{}
280 void execute() override
;
282 void send_response() override
;
285 class RGWPutLC_ObjStore_S3
: public RGWPutLC_ObjStore
{
287 RGWPutLC_ObjStore_S3() {}
288 ~RGWPutLC_ObjStore_S3() override
{}
290 void send_response() override
;
293 class RGWDeleteLC_ObjStore_S3
: public RGWDeleteLC_ObjStore
{
295 RGWDeleteLC_ObjStore_S3() {}
296 ~RGWDeleteLC_ObjStore_S3() override
{}
298 void send_response() override
;
301 class RGWGetCORS_ObjStore_S3
: public RGWGetCORS_ObjStore
{
303 RGWGetCORS_ObjStore_S3() {}
304 ~RGWGetCORS_ObjStore_S3() override
{}
306 void send_response() override
;
309 class RGWPutCORS_ObjStore_S3
: public RGWPutCORS_ObjStore
{
311 RGWPutCORS_ObjStore_S3() {}
312 ~RGWPutCORS_ObjStore_S3() override
{}
314 int get_params() override
;
315 void send_response() override
;
318 class RGWDeleteCORS_ObjStore_S3
: public RGWDeleteCORS_ObjStore
{
320 RGWDeleteCORS_ObjStore_S3() {}
321 ~RGWDeleteCORS_ObjStore_S3() override
{}
323 void send_response() override
;
326 class RGWOptionsCORS_ObjStore_S3
: public RGWOptionsCORS_ObjStore
{
328 RGWOptionsCORS_ObjStore_S3() {}
329 ~RGWOptionsCORS_ObjStore_S3() override
{}
331 void send_response() override
;
334 class RGWGetRequestPayment_ObjStore_S3
: public RGWGetRequestPayment
{
336 RGWGetRequestPayment_ObjStore_S3() {}
337 ~RGWGetRequestPayment_ObjStore_S3() override
{}
339 void send_response() override
;
342 class RGWSetRequestPayment_ObjStore_S3
: public RGWSetRequestPayment
{
344 RGWSetRequestPayment_ObjStore_S3() {}
345 ~RGWSetRequestPayment_ObjStore_S3() override
{}
347 int get_params() override
;
348 void send_response() override
;
351 class RGWInitMultipart_ObjStore_S3
: public RGWInitMultipart_ObjStore
{
353 std::map
<std::string
, std::string
> crypt_http_responses
;
355 RGWInitMultipart_ObjStore_S3() {}
356 ~RGWInitMultipart_ObjStore_S3() override
{}
358 int get_params() override
;
359 void send_response() override
;
360 int prepare_encryption(map
<string
, bufferlist
>& attrs
) override
;
363 class RGWCompleteMultipart_ObjStore_S3
: public RGWCompleteMultipart_ObjStore
{
365 RGWCompleteMultipart_ObjStore_S3() {}
366 ~RGWCompleteMultipart_ObjStore_S3() override
{}
368 int get_params() override
;
369 void send_response() override
;
372 class RGWAbortMultipart_ObjStore_S3
: public RGWAbortMultipart_ObjStore
{
374 RGWAbortMultipart_ObjStore_S3() {}
375 ~RGWAbortMultipart_ObjStore_S3() override
{}
377 void send_response() override
;
380 class RGWListMultipart_ObjStore_S3
: public RGWListMultipart_ObjStore
{
382 RGWListMultipart_ObjStore_S3() {}
383 ~RGWListMultipart_ObjStore_S3() override
{}
385 void send_response() override
;
388 class RGWListBucketMultiparts_ObjStore_S3
: public RGWListBucketMultiparts_ObjStore
{
390 RGWListBucketMultiparts_ObjStore_S3() {
393 ~RGWListBucketMultiparts_ObjStore_S3() override
{}
395 void send_response() override
;
398 class RGWDeleteMultiObj_ObjStore_S3
: public RGWDeleteMultiObj_ObjStore
{
400 RGWDeleteMultiObj_ObjStore_S3() {}
401 ~RGWDeleteMultiObj_ObjStore_S3() override
{}
403 int get_params() override
;
404 void send_status() override
;
405 void begin_response() override
;
406 void send_partial_response(rgw_obj_key
& key
, bool delete_marker
,
407 const string
& marker_version_id
, int ret
) override
;
408 void end_response() override
;
411 class RGWGetObjLayout_ObjStore_S3
: public RGWGetObjLayout
{
413 RGWGetObjLayout_ObjStore_S3() {}
414 ~RGWGetObjLayout_ObjStore_S3() {}
416 void send_response();
419 class RGWConfigBucketMetaSearch_ObjStore_S3
: public RGWConfigBucketMetaSearch
{
421 RGWConfigBucketMetaSearch_ObjStore_S3() {}
422 ~RGWConfigBucketMetaSearch_ObjStore_S3() {}
424 int get_params() override
;
425 void send_response() override
;
428 class RGWGetBucketMetaSearch_ObjStore_S3
: public RGWGetBucketMetaSearch
{
430 RGWGetBucketMetaSearch_ObjStore_S3() {}
431 ~RGWGetBucketMetaSearch_ObjStore_S3() {}
433 void send_response() override
;
436 class RGWDelBucketMetaSearch_ObjStore_S3
: public RGWDelBucketMetaSearch
{
438 RGWDelBucketMetaSearch_ObjStore_S3() {}
439 ~RGWDelBucketMetaSearch_ObjStore_S3() {}
441 void send_response() override
;
446 static int authorize_v2(RGWRados
*store
,
447 const rgw::auth::StrategyRegistry
& auth_registry
,
448 struct req_state
*s
);
450 static int authorize(RGWRados
*store
,
451 const rgw::auth::StrategyRegistry
& auth_registry
,
452 struct req_state
*s
);
455 class RGWHandler_Auth_S3
: public RGWHandler_REST
{
456 friend class RGWRESTMgr_S3
;
458 const rgw::auth::StrategyRegistry
& auth_registry
;
461 RGWHandler_Auth_S3(const rgw::auth::StrategyRegistry
& auth_registry
)
463 auth_registry(auth_registry
) {
465 ~RGWHandler_Auth_S3() override
= default;
467 static int validate_bucket_name(const string
& bucket
);
468 static int validate_object_name(const string
& bucket
);
470 int init(RGWRados
*store
,
472 rgw::io::BasicClient
*cio
) override
;
473 int authorize() override
{
474 return RGW_Auth_S3::authorize(store
, auth_registry
, s
);
476 int postauth_init() override
{ return 0; }
479 class RGWHandler_REST_S3
: public RGWHandler_REST
{
480 friend class RGWRESTMgr_S3
;
482 const rgw::auth::StrategyRegistry
& auth_registry
;
484 static int init_from_header(struct req_state
*s
, int default_formatter
, bool configurable_format
);
486 RGWHandler_REST_S3(const rgw::auth::StrategyRegistry
& auth_registry
)
488 auth_registry(auth_registry
) {
490 ~RGWHandler_REST_S3() override
= default;
492 int init(RGWRados
*store
,
494 rgw::io::BasicClient
*cio
) override
;
495 int authorize() override
{
496 return RGW_Auth_S3::authorize(store
, auth_registry
, s
);
498 int postauth_init() override
;
501 class RGWHandler_REST_Service_S3
: public RGWHandler_REST_S3
{
504 return s
->info
.args
.exists("usage");
506 RGWOp
*op_get() override
;
507 RGWOp
*op_head() override
;
508 RGWOp
*op_post() override
;
510 using RGWHandler_REST_S3::RGWHandler_REST_S3
;
511 ~RGWHandler_REST_Service_S3() override
= default;
514 class RGWHandler_REST_Bucket_S3
: public RGWHandler_REST_S3
{
517 return s
->info
.args
.exists("acl");
520 return s
->info
.args
.exists("cors");
523 return s
->info
.args
.exists("lifecycle");
525 bool is_obj_update_op() override
{
526 return is_acl_op() || is_cors_op();
528 bool is_request_payment_op() {
529 return s
->info
.args
.exists("requestPayment");
531 bool is_policy_op() {
532 return s
->info
.args
.exists("policy");
534 RGWOp
*get_obj_op(bool get_data
);
536 RGWOp
*op_get() override
;
537 RGWOp
*op_head() override
;
538 RGWOp
*op_put() override
;
539 RGWOp
*op_delete() override
;
540 RGWOp
*op_post() override
;
541 RGWOp
*op_options() override
;
543 using RGWHandler_REST_S3::RGWHandler_REST_S3
;
544 ~RGWHandler_REST_Bucket_S3() override
= default;
547 class RGWHandler_REST_Obj_S3
: public RGWHandler_REST_S3
{
550 return s
->info
.args
.exists("acl");
553 return s
->info
.args
.exists("cors");
555 bool is_obj_update_op() override
{
558 RGWOp
*get_obj_op(bool get_data
);
560 RGWOp
*op_get() override
;
561 RGWOp
*op_head() override
;
562 RGWOp
*op_put() override
;
563 RGWOp
*op_delete() override
;
564 RGWOp
*op_post() override
;
565 RGWOp
*op_options() override
;
567 using RGWHandler_REST_S3::RGWHandler_REST_S3
;
568 ~RGWHandler_REST_Obj_S3() override
= default;
571 class RGWRESTMgr_S3
: public RGWRESTMgr
{
573 bool enable_s3website
;
575 explicit RGWRESTMgr_S3(bool enable_s3website
= false)
576 : enable_s3website(enable_s3website
) {
579 ~RGWRESTMgr_S3() override
= default;
581 RGWHandler_REST
*get_handler(struct req_state
* s
,
582 const rgw::auth::StrategyRegistry
& auth_registry
,
583 const std::string
& frontend_prefix
) override
;
586 class RGWHandler_REST_Obj_S3Website
;
588 static inline bool looks_like_ip_address(const char *bucket
)
591 bool expect_period
= false;
592 for (const char *b
= bucket
; *b
; ++b
) {
599 expect_period
= false;
601 else if (isdigit(*b
)) {
602 expect_period
= true;
608 return (num_periods
== 3);
611 static inline int valid_s3_object_name(const string
& name
) {
612 if (name
.size() > 1024) {
613 return -ERR_INVALID_OBJECT_NAME
;
615 if (check_utf8(name
.c_str(), name
.size())) {
616 return -ERR_INVALID_OBJECT_NAME
;
621 static inline int valid_s3_bucket_name(const string
& name
, bool relaxed
=false)
623 // This function enforces Amazon's spec for bucket names.
624 // (The requirements, not the recommendations.)
625 int len
= name
.size();
628 return -ERR_INVALID_BUCKET_NAME
;
629 } else if (len
> 255) {
631 return -ERR_INVALID_BUCKET_NAME
;
634 // bucket names must start with a number, letter, or underscore
635 if (!(isalpha(name
[0]) || isdigit(name
[0]))) {
637 return -ERR_INVALID_BUCKET_NAME
;
638 else if (!(name
[0] == '_' || name
[0] == '.' || name
[0] == '-'))
639 return -ERR_INVALID_BUCKET_NAME
;
642 for (const char *s
= name
.c_str(); *s
; ++s
) {
644 if (isdigit(c
) || (c
== '.'))
648 if ((c
== '-') || (c
== '_'))
651 return -ERR_INVALID_BUCKET_NAME
;
654 if (looks_like_ip_address(name
.c_str()))
655 return -ERR_INVALID_BUCKET_NAME
;
665 class AWSEngine
: public rgw::auth::Engine
{
667 class VersionAbstractor
{
668 static constexpr size_t DIGEST_SIZE_V2
= CEPH_CRYPTO_HMACSHA1_DIGESTSIZE
;
669 static constexpr size_t DIGEST_SIZE_V4
= CEPH_CRYPTO_HMACSHA256_DIGESTSIZE
;
671 /* Knowing the signature max size allows us to employ the sstring, and thus
672 * avoid dynamic allocations. The multiplier comes from representing digest
673 * in the base64-encoded form. */
674 static constexpr size_t SIGNATURE_MAX_SIZE
= \
675 ceph::max(DIGEST_SIZE_V2
, DIGEST_SIZE_V4
) * 2 + sizeof('\0');
678 virtual ~VersionAbstractor() {};
680 using access_key_id_t
= boost::string_view
;
681 using client_signature_t
= boost::string_view
;
682 using server_signature_t
= basic_sstring
<char, uint16_t, SIGNATURE_MAX_SIZE
>;
683 using string_to_sign_t
= std::string
;
685 /* Transformation for crafting the AWS signature at server side which is
686 * used later to compare with the user-provided one. The methodology for
687 * doing that depends on AWS auth version. */
688 using signature_factory_t
= \
689 std::function
<server_signature_t(CephContext
* cct
,
690 const std::string
& secret_key
,
691 const string_to_sign_t
& string_to_sign
)>;
693 /* Return an instance of Completer for verifying the payload's fingerprint
694 * if necessary. Otherwise caller gets nullptr. Caller may provide secret
696 using completer_factory_t
= \
697 std::function
<rgw::auth::Completer::cmplptr_t(
698 const boost::optional
<std::string
>& secret_key
)>;
700 virtual std::tuple
<access_key_id_t
,
705 get_auth_data(const req_state
* s
) const = 0;
710 const VersionAbstractor
& ver_abstractor
;
712 AWSEngine(CephContext
* const cct
, const VersionAbstractor
& ver_abstractor
)
714 ver_abstractor(ver_abstractor
) {
717 using result_t
= rgw::auth::Engine::result_t
;
718 using string_to_sign_t
= VersionAbstractor::string_to_sign_t
;
719 using signature_factory_t
= VersionAbstractor::signature_factory_t
;
720 using completer_factory_t
= VersionAbstractor::completer_factory_t
;
722 /* TODO(rzarzynski): clean up. We've too many input parameter hee. Also
723 * the signature get_auth_data() of VersionAbstractor is too complicated.
724 * Replace these thing with a simple, dedicated structure. */
725 virtual result_t
authenticate(const boost::string_view
& access_key_id
,
726 const boost::string_view
& signature
,
727 const string_to_sign_t
& string_to_sign
,
728 const signature_factory_t
& signature_factory
,
729 const completer_factory_t
& completer_factory
,
730 const req_state
* s
) const = 0;
733 result_t
authenticate(const req_state
* const s
) const final
;
737 class AWSGeneralAbstractor
: public AWSEngine::VersionAbstractor
{
738 CephContext
* const cct
;
740 bool is_time_skew_ok(const utime_t
& header_time
,
741 const bool qsr
) const;
743 virtual boost::optional
<std::string
>
744 get_v4_canonical_headers(const req_info
& info
,
745 const boost::string_view
& signedheaders
,
746 const bool using_qs
) const;
748 std::tuple
<access_key_id_t
,
753 get_auth_data_v2(const req_state
* s
) const;
755 std::tuple
<access_key_id_t
,
760 get_auth_data_v4(const req_state
* s
, bool using_qs
) const;
763 AWSGeneralAbstractor(CephContext
* const cct
)
767 std::tuple
<access_key_id_t
,
772 get_auth_data(const req_state
* s
) const override
;
775 class AWSGeneralBoto2Abstractor
: public AWSGeneralAbstractor
{
776 boost::optional
<std::string
>
777 get_v4_canonical_headers(const req_info
& info
,
778 const boost::string_view
& signedheaders
,
779 const bool using_qs
) const override
;
782 using AWSGeneralAbstractor::AWSGeneralAbstractor
;
785 class AWSBrowserUploadAbstractor
: public AWSEngine::VersionAbstractor
{
786 static std::string
to_string(ceph::bufferlist bl
) {
787 return std::string(bl
.c_str(),
788 static_cast<std::string::size_type
>(bl
.length()));
791 using auth_data_t
= std::tuple
<access_key_id_t
,
795 completer_factory_t
>;
797 auth_data_t
get_auth_data_v2(const req_state
* s
) const;
798 auth_data_t
get_auth_data_v4(const req_state
* s
) const;
801 AWSBrowserUploadAbstractor(CephContext
*) {
804 std::tuple
<access_key_id_t
,
809 get_auth_data(const req_state
* s
) const override
;
813 class LDAPEngine
: public AWSEngine
{
814 static rgw::LDAPHelper
* ldh
;
815 static std::mutex mtx
;
817 static void init(CephContext
* const cct
);
819 using acl_strategy_t
= rgw::auth::RemoteApplier::acl_strategy_t
;
820 using auth_info_t
= rgw::auth::RemoteApplier::AuthInfo
;
821 using result_t
= rgw::auth::Engine::result_t
;
824 RGWRados
* const store
;
825 const rgw::auth::RemoteApplier::Factory
* const apl_factory
;
827 acl_strategy_t
get_acl_strategy() const;
828 auth_info_t
get_creds_info(const rgw::RGWToken
& token
) const noexcept
;
830 result_t
authenticate(const boost::string_view
& access_key_id
,
831 const boost::string_view
& signature
,
832 const string_to_sign_t
& string_to_sign
,
833 const signature_factory_t
&,
834 const completer_factory_t
& completer_factory
,
835 const req_state
* s
) const override
;
837 LDAPEngine(CephContext
* const cct
,
838 RGWRados
* const store
,
839 const VersionAbstractor
& ver_abstractor
,
840 const rgw::auth::RemoteApplier::Factory
* const apl_factory
)
841 : AWSEngine(cct
, ver_abstractor
),
843 apl_factory(apl_factory
) {
847 using AWSEngine::authenticate
;
849 const char* get_name() const noexcept override
{
850 return "rgw::auth::s3::LDAPEngine";
855 class LocalEngine
: public AWSEngine
{
856 RGWRados
* const store
;
857 const rgw::auth::LocalApplier::Factory
* const apl_factory
;
859 result_t
authenticate(const boost::string_view
& access_key_id
,
860 const boost::string_view
& signature
,
861 const string_to_sign_t
& string_to_sign
,
862 const signature_factory_t
& signature_factory
,
863 const completer_factory_t
& completer_factory
,
864 const req_state
* s
) const override
;
866 LocalEngine(CephContext
* const cct
,
867 RGWRados
* const store
,
868 const VersionAbstractor
& ver_abstractor
,
869 const rgw::auth::LocalApplier::Factory
* const apl_factory
)
870 : AWSEngine(cct
, ver_abstractor
),
872 apl_factory(apl_factory
) {
875 using AWSEngine::authenticate
;
877 const char* get_name() const noexcept override
{
878 return "rgw::auth::s3::LocalEngine";
883 class S3AuthFactory
: public rgw::auth::RemoteApplier::Factory
,
884 public rgw::auth::LocalApplier::Factory
{
885 typedef rgw::auth::IdentityApplier::aplptr_t aplptr_t
;
886 RGWRados
* const store
;
889 S3AuthFactory(RGWRados
* const store
)
893 aplptr_t
create_apl_remote(CephContext
* const cct
,
894 const req_state
* const s
,
895 rgw::auth::RemoteApplier::acl_strategy_t
&& acl_alg
,
896 const rgw::auth::RemoteApplier::AuthInfo info
899 new rgw::auth::RemoteApplier(cct
, store
, std::move(acl_alg
), info
,
900 false /* no implicit tenants */));
903 aplptr_t
create_apl_local(CephContext
* const cct
,
904 const req_state
* const s
,
905 const RGWUserInfo
& user_info
,
906 const std::string
& subuser
) const override
{
908 new rgw::auth::LocalApplier(cct
, user_info
, subuser
));
914 } /* namespace auth */
915 } /* namespace rgw */
918 #endif /* CEPH_RGW_REST_S3_H */