return 0;
}
- int res = 0;
std::unique_ptr<BlockCrypt> block_crypt;
- res = rgw_s3_prepare_decrypt(s, attrs, &block_crypt, crypt_http_responses);
- if (res == 0) {
- if (block_crypt != nullptr) {
- auto f = std::make_unique<RGWGetObj_BlockDecrypt>(s, s->cct, cb, std::move(block_crypt));
- if (manifest_bl != nullptr) {
- res = f->read_manifest(this, *manifest_bl);
- if (res == 0) {
- *filter = std::move(f);
- }
- }
+ int res = rgw_s3_prepare_decrypt(s, attrs, &block_crypt, crypt_http_responses);
+ if (res < 0) {
+ return res;
+ }
+ if (block_crypt == nullptr) {
+ return 0;
+ }
+
+ // in case of a multipart upload, we need to know the part lengths to
+ // correctly decrypt across part boundaries
+ std::vector<size_t> parts_len;
+
+ // for replicated objects, the original part lengths are preserved in an xattr
+ if (auto i = attrs.find(RGW_ATTR_CRYPT_PARTS); i != attrs.end()) {
+ try {
+ auto p = i->second.cbegin();
+ using ceph::decode;
+ decode(parts_len, p);
+ } catch (const buffer::error&) {
+ ldpp_dout(this, 1) << "failed to decode RGW_ATTR_CRYPT_PARTS" << dendl;
+ return -EIO;
+ }
+ } else if (manifest_bl) {
+ // otherwise, we read the part lengths from the manifest
+ res = RGWGetObj_BlockDecrypt::read_manifest_parts(this, *manifest_bl,
+ parts_len);
+ if (res < 0) {
+ return res;
}
}
- return res;
+
+ *filter = std::make_unique<RGWGetObj_BlockDecrypt>(
+ s, s->cct, cb, std::move(block_crypt),
+ std::move(parts_len));
+ return 0;
}
int RGWGetObj_ObjStore_S3::verify_requester(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y)
{
s->formatter->dump_string("StorageClass", storage_class.c_str());
}
if (fetchOwner == true) {
- dump_owner(s, s->user->get_id(), s->user->get_display_name());
+ dump_owner(s, rgw_user(iter->meta.owner), iter->meta.owner_display_name);
}
s->formatter->close_section();
}
auto& storage_class = rgw_placement_rule::get_canonical_storage_class(iter->meta.storage_class);
s->formatter->dump_string("StorageClass", storage_class.c_str());
if (fetchOwner == true) {
- dump_owner(s, s->user->get_id(), s->user->get_display_name());
+ dump_owner(s, rgw_user(iter->meta.owner), iter->meta.owner_display_name);
}
if (s->system_request) {
s->formatter->dump_string("RgwxTag", iter->tag);
// only bucket's owner is allowed to get the quota settings of the account
if (bucket->is_owner(s->user.get())) {
auto user_info = s->user->get_info();
+ auto bucket_quota = s->bucket->get_info().quota; // bucket quota
dump_header(s, "X-RGW-Quota-User-Size", static_cast<long long>(user_info.quota.user_quota.max_size));
dump_header(s, "X-RGW-Quota-User-Objects", static_cast<long long>(user_info.quota.user_quota.max_objects));
dump_header(s, "X-RGW-Quota-Max-Buckets", static_cast<long long>(user_info.max_buckets));
- dump_header(s, "X-RGW-Quota-Bucket-Size", static_cast<long long>(user_info.quota.bucket_quota.max_size));
- dump_header(s, "X-RGW-Quota-Bucket-Objects", static_cast<long long>(user_info.quota.bucket_quota.max_objects));
+ dump_header(s, "X-RGW-Quota-Bucket-Size", static_cast<long long>(bucket_quota.max_size));
+ dump_header(s, "X-RGW-Quota-Bucket-Objects", static_cast<long long>(bucket_quota.max_objects));
}
}
{
std::map<std::string, std::string> crypt_http_responses_unused;
- int res = 0;
std::unique_ptr<BlockCrypt> block_crypt;
- res = rgw_s3_prepare_decrypt(s, attrs, &block_crypt, crypt_http_responses_unused);
- if (res == 0) {
- if (block_crypt != nullptr) {
- auto f = std::unique_ptr<RGWGetObj_BlockDecrypt>(new RGWGetObj_BlockDecrypt(s, s->cct, cb, std::move(block_crypt)));
- //RGWGetObj_BlockDecrypt* f = new RGWGetObj_BlockDecrypt(s->cct, cb, std::move(block_crypt));
- if (f != nullptr) {
- if (manifest_bl != nullptr) {
- res = f->read_manifest(this, *manifest_bl);
- if (res == 0) {
- *filter = std::move(f);
- }
- }
- }
+ int res = rgw_s3_prepare_decrypt(s, attrs, &block_crypt, crypt_http_responses_unused);
+ if (res < 0) {
+ return res;
+ }
+ if (block_crypt == nullptr) {
+ return 0;
+ }
+
+ // in case of a multipart upload, we need to know the part lengths to
+ // correctly decrypt across part boundaries
+ std::vector<size_t> parts_len;
+
+ // for replicated objects, the original part lengths are preserved in an xattr
+ if (auto i = attrs.find(RGW_ATTR_CRYPT_PARTS); i != attrs.end()) {
+ try {
+ auto p = i->second.cbegin();
+ using ceph::decode;
+ decode(parts_len, p);
+ } catch (const buffer::error&) {
+ ldpp_dout(this, 1) << "failed to decode RGW_ATTR_CRYPT_PARTS" << dendl;
+ return -EIO;
+ }
+ } else if (manifest_bl) {
+ // otherwise, we read the part lengths from the manifest
+ res = RGWGetObj_BlockDecrypt::read_manifest_parts(this, *manifest_bl,
+ parts_len);
+ if (res < 0) {
+ return res;
}
}
- return res;
+
+ *filter = std::make_unique<RGWGetObj_BlockDecrypt>(
+ s, s->cct, cb, std::move(block_crypt),
+ std::move(parts_len));
+ return 0;
}
int RGWPutObj_ObjStore_S3::get_encrypt_filter(
map_qs_metadata(s, false);
- ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
- << dendl;
- env.add_var("bucket", s->bucket->get_name());
-
bool done;
do {
struct post_form_part part;
return r;
}
+ ldpp_dout(this, 20) << "adding bucket to policy env: " << s->bucket->get_name()
+ << dendl;
+ env.add_var("bucket", s->bucket->get_name());
+
string object_str;
if (!part_str(parts, "key", &object_str)) {
err_msg = "Key not specified";
s->info.args.get_bool(RGW_SYS_PARAM_PREFIX "copy-if-newer", ©_if_newer, false);
}
- copy_source = s->info.env->get("HTTP_X_AMZ_COPY_SOURCE");
+ const char *copy_source_temp = s->info.env->get("HTTP_X_AMZ_COPY_SOURCE");
+ if (copy_source_temp) {
+ copy_source = copy_source_temp;
+ }
auto tmp_md_d = s->info.env->get("HTTP_X_AMZ_METADATA_DIRECTIVE");
if (tmp_md_d) {
if (strcasecmp(tmp_md_d, "COPY") == 0) {
std::unique_ptr<rgw::sal::Object> obj = s->bucket->get_object(rgw_obj_key(subdir_name));
obj->set_atomic();
- obj->set_prefetch_data();
RGWObjState* state = nullptr;
if (obj->get_obj_state(s, &state, s->yield) < 0) {
/* Craft canonical query string. std::moving later so non-const here. */
auto canonical_qs = rgw::auth::s3::get_v4_canonical_qs(s->info, using_qs);
+ /* Craft canonical method. */
+ auto canonical_method = rgw::auth::s3::get_v4_canonical_method(s);
+
/* Craft canonical request. */
auto canonical_req_hash = \
rgw::auth::s3::get_v4_canon_req_hash(s->cct,
- s->info.method,
+ std::move(canonical_method),
std::move(canonical_uri),
std::move(canonical_qs),
std::move(*canonical_headers),
signature = auth_str.substr(pos + 1);
}
- if (s->info.env->exists("HTTP_X_AMZ_SECURITY_TOKEN")) {
- session_token = s->info.env->get("HTTP_X_AMZ_SECURITY_TOKEN");
+ auto token = s->info.env->get_optional("HTTP_X_AMZ_SECURITY_TOKEN");
+ if (token) {
+ session_token = *token;
if (session_token.size() == 0) {
throw -EPERM;
}
bool rgw::auth::s3::S3AnonymousEngine::is_applicable(
const req_state* s
) const noexcept {
- if (s->op == OP_OPTIONS) {
- return true;
- }
-
AwsVersion version;
AwsRoute route;
std::tie(version, route) = discover_aws_flavour(s->info);
+ /* If HTTP OPTIONS and no authentication provided using the
+ * anonymous engine is applicable */
+ if (s->op == OP_OPTIONS && version == AwsVersion::UNKNOWN) {
+ return true;
+ }
+
return route == AwsRoute::QUERY_STRING && version == AwsVersion::UNKNOWN;
}
-