diff options
| author | Yehuda Sadeh <yehuda.sadeh@dreamhost.com> | 2011-12-06 00:19:33 -0800 |
|---|---|---|
| committer | Yehuda Sadeh <yehuda.sadeh@dreamhost.com> | 2011-12-06 00:19:33 -0800 |
| commit | 28d97ac6ac5d8380f605ae973f296ffbb8142145 (patch) | |
| tree | 16f97eefe5ab241aa9a256a81621594e0bfb92d1 | |
| parent | f4e1d549578776325099cf9c0eae6c5dd73b9e6d (diff) | |
| download | ceph-28d97ac6ac5d8380f605ae973f296ffbb8142145.tar.gz | |
rgw: more cleanups
still doesn't compile
| -rw-r--r-- | src/rgw/libradosgw.cc | 23 | ||||
| -rw-r--r-- | src/rgw/libradosgw.hpp | 19 | ||||
| -rw-r--r-- | src/rgw/rgw_acl.cc | 4 | ||||
| -rw-r--r-- | src/rgw/rgw_acl.h | 4 | ||||
| -rw-r--r-- | src/rgw/rgw_common.cc | 14 | ||||
| -rw-r--r-- | src/rgw/rgw_common.h | 8 | ||||
| -rw-r--r-- | src/rgw/rgw_main.cc | 6 | ||||
| -rw-r--r-- | src/rgw/rgw_rest.cc | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_rest.h | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_rest_s3.cc | 6 | ||||
| -rw-r--r-- | src/rgw/rgw_rest_swift.cc | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_swift.cc | 24 | ||||
| -rw-r--r-- | src/rgw/rgw_swift.h | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_swift_auth.cc | 12 | ||||
| -rw-r--r-- | src/rgw/rgw_swift_auth.h | 2 |
15 files changed, 69 insertions, 61 deletions
diff --git a/src/rgw/libradosgw.cc b/src/rgw/libradosgw.cc index 4881b07aa09..e6bfbac0bf6 100644 --- a/src/rgw/libradosgw.cc +++ b/src/rgw/libradosgw.cc @@ -54,12 +54,21 @@ namespace libradosgw { struct AccountImpl : public RefCountedObject { - Account *account; StoreImpl *store; - AccountImpl(Account *a, StoreImpl *s) : account(a), store(s) {} + AccountImpl(StoreImpl *s) : store(s) { + if (store) + store->get(); + } + + ~AccountImpl() { + if (store) + store->put(); + } + - int store_info(); + + int store_info(Account *account); void encode(bufferlist& bl) const { __u32 ver = USER_INFO_VER; @@ -249,7 +258,7 @@ namespace libradosgw { try { ::decode(uid, iter); if (!iter.end()) { - impl = new AccountImpl(&account, this); + impl = new AccountImpl(this); impl->decode(iter); account.impl = impl; } @@ -305,7 +314,7 @@ namespace libradosgw { } - int AccountImpl::store_info() + int AccountImpl::store_info(Account *account) { bufferlist bl; encode(bl); @@ -376,4 +385,8 @@ namespace libradosgw { return ret; } + int Account::store_info() { + return impl->store_info(this); + } + } diff --git a/src/rgw/libradosgw.hpp b/src/rgw/libradosgw.hpp index fceddf108ff..b85332718b7 100644 --- a/src/rgw/libradosgw.hpp +++ b/src/rgw/libradosgw.hpp @@ -113,27 +113,14 @@ namespace libradosgw { ImplContainer& operator=(ImplContainer& c); }; - class User { - friend class UserImpl; - friend class AccountImpl; - - protected: - UserImpl *account; - + struct User { int group; string uid; string display_name; string email; uint64_t auid; - public: - int get_group() { return group; } - void set_group(int g) { group = g; } - bool is_anonymous() { return (group & GROUP_ANONYMOUS) != 0; } - const string& get_uid() { return uid; } - - int store_info(); }; struct ACLs { @@ -275,6 +262,10 @@ namespace libradosgw { int remove_bucket(string& name); int get_bucket(string& name, Bucket& bucket); int create_bucket(string& name, ACLs *acls = NULL); + + std::map<string, AccessKey>& get_access_keys() { return access_keys; } + std::map<string, AccessKey> get_swift_keys() { return swift_keys; } + std::map<string, SubUser> get_subusers() { return subusers; } }; diff --git a/src/rgw/rgw_acl.cc b/src/rgw/rgw_acl.cc index 1ab64194de3..1b81c645a1e 100644 --- a/src/rgw/rgw_acl.cc +++ b/src/rgw/rgw_acl.cc @@ -308,7 +308,7 @@ bool RGWAccessControlList::xml_end(const char *el) { return true; } -int RGWAccessControlList::get_perm(CephContext *cct, string& id, int perm_mask) { +int RGWAccessControlList::get_perm(CephContext *cct, const string& id, int perm_mask) { ldout(cct, 5) << "Searching permissions for uid=" << id << " mask=" << perm_mask << dendl; if (!user_map_initialized) init_user_map(); @@ -379,7 +379,7 @@ bool RGWAccessControlPolicy::xml_end(const char *el) { return true; } -int RGWAccessControlPolicy::get_perm(CephContext *cct, string& id, int perm_mask) { +int RGWAccessControlPolicy::get_perm(CephContext *cct, const string& id, int perm_mask) { int perm = acl.get_perm(cct, id, perm_mask); if (perm == perm_mask) diff --git a/src/rgw/rgw_acl.h b/src/rgw/rgw_acl.h index 424d8487b73..0cc41e7f342 100644 --- a/src/rgw/rgw_acl.h +++ b/src/rgw/rgw_acl.h @@ -188,7 +188,7 @@ public: ~RGWAccessControlList(); bool xml_end(const char *el); - int get_perm(CephContext *cct, string& id, int perm_mask); + int get_perm(CephContext *cct, const string& id, int perm_mask); void encode(bufferlist& bl) const { __u8 struct_v = 1; ::encode(struct_v, bl); @@ -274,7 +274,7 @@ public: bool xml_end(const char *el); - int get_perm(CephContext *cct, string& id, int perm_mask); + int get_perm(CephContext *cct, const string& id, int perm_mask); void encode(bufferlist& bl) const { __u8 struct_v = 1; diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index bec9b359c56..e5745e32c8f 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -85,7 +85,7 @@ is_err() const } -req_state::req_state(struct RGWEnv *e) : acl(NULL), os_auth_token(NULL), os_user(NULL), os_groups(NULL), env(e) +req_state::req_state(struct RGWEnv *e) : acl(NULL), swift_auth_token(NULL), swift_user(NULL), swift_groups(NULL), env(e) { should_log = env->conf->should_log; content_started = false; @@ -93,9 +93,9 @@ req_state::req_state(struct RGWEnv *e) : acl(NULL), os_auth_token(NULL), os_user acl = new RGWAccessControlPolicy; expect_cont = false; - os_auth_token = NULL; - os_user = NULL; - os_groups = NULL; + swift_auth_token = NULL; + swift_user = NULL; + swift_groups = NULL; time = ceph_clock_now(g_ceph_context); perm_mask = 0; content_length = 0; @@ -106,8 +106,8 @@ req_state::req_state(struct RGWEnv *e) : acl(NULL), os_auth_token(NULL), os_user req_state::~req_state() { delete formatter; - free(os_user); - free(os_groups); + free(swift_user); + free(swift_groups); free((void *)object); free((void *)bucket_name); } @@ -330,7 +330,7 @@ string& XMLArgs::get(const char *name) return get(s); } -bool verify_permission(RGWAccessControlPolicy *policy, string& uid, int user_perm_mask, int perm) +bool verify_permission(RGWAccessControlPolicy *policy, const string& uid, int user_perm_mask, int perm) { if (!policy) return false; diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 35419343dca..f8bb081c3b3 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -417,7 +417,7 @@ struct RGWEnv; /** Store all the state necessary to complete and respond to an HTTP request*/ struct req_state { FCGX_Request *fcgx; - libradosgw::Store *store; + libradosgw::Store store; http_op op; bool content_started; int format; @@ -465,9 +465,9 @@ struct req_state { int prot_flags; - const char *os_auth_token; - char *os_user; - char *os_groups; + const char *swift_auth_token; + char *swift_user; + char *swift_groups; utime_t time; diff --git a/src/rgw/rgw_main.cc b/src/rgw/rgw_main.cc index 94076e993d6..998053a0066 100644 --- a/src/rgw/rgw_main.cc +++ b/src/rgw/rgw_main.cc @@ -69,7 +69,7 @@ static void godown_alarm(int signum) class RGWProcess { deque<FCGX_Request *> m_fcgx_queue; ThreadPool m_tp; - libradosgw::Store *store; + libradosgw::Store store; struct RGWWQ : public ThreadPool::WorkQueue<FCGX_Request> { RGWProcess *process; @@ -121,7 +121,7 @@ class RGWProcess { } req_wq; public: - RGWProcess(CephContext *cct, int num_threads, libradosgw::Store *s) + RGWProcess(CephContext *cct, int num_threads, libradosgw::Store& s) : m_tp(cct, "RGWProcess::m_tp", num_threads), store(s), req_wq(this, g_conf->rgw_op_thread_timeout, @@ -310,7 +310,7 @@ int main(int argc, const char **argv) if (r < 0) return 1; - RGWProcess process(g_ceph_context, g_conf->rgw_thread_pool_size, &store); + RGWProcess process(g_ceph_context, g_conf->rgw_thread_pool_size, store); process.run(); diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc index e9ec1dc9554..99b1db56e16 100644 --- a/src/rgw/rgw_rest.cc +++ b/src/rgw/rgw_rest.cc @@ -163,7 +163,7 @@ void dump_time(struct req_state *s, const char *name, time_t *t) s->formatter->dump_format(name, buf); } -void dump_owner(struct req_state *s, string& id, string& name, const char *section) +void dump_owner(struct req_state *s, const string& id, const string& name, const char *section) { if (!section) section = "Owner"; diff --git a/src/rgw/rgw_rest.h b/src/rgw/rgw_rest.h index b711cf87d80..602aa7e082a 100644 --- a/src/rgw/rgw_rest.h +++ b/src/rgw/rgw_rest.h @@ -181,7 +181,7 @@ extern void dump_errno(struct req_state *s, int ret); extern void end_header(struct req_state *s, const char *content_type = NULL); extern void dump_start(struct req_state *s); extern void list_all_buckets_start(struct req_state *s); -extern void dump_owner(struct req_state *s, string& id, string& name, const char *section = NULL); +extern void dump_owner(struct req_state *s, const string& id, const string& name, const char *section = NULL); extern void dump_content_length(struct req_state *s, size_t len); extern void dump_etag(struct req_state *s, const char *etag); extern void dump_last_modified(struct req_state *s, time_t t); diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index faaf9b56cbd..de7b3ac2762 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -98,7 +98,7 @@ void RGWListBuckets_REST_S3::send_response() dump_start(s); list_all_buckets_start(s); - dump_owner(s, s->user.user_id, s->user.display_name); + dump_owner(s, s->user.uid, s->user.display_name); map<string, RGWBucketEnt>& m = buckets.get_buckets(); map<string, RGWBucketEnt>::iterator iter; @@ -433,8 +433,8 @@ void RGWListBucketMultiparts_REST_S3::send_response() s->formatter->open_array_section("Upload"); s->formatter->dump_format("Key", mp.get_key().c_str()); s->formatter->dump_format("UploadId", mp.get_upload_id().c_str()); - dump_owner(s, s->user.user_id, s->user.display_name, "Initiator"); - dump_owner(s, s->user.user_id, s->user.display_name); + dump_owner(s, s->user.uid, s->user.display_name, "Initiator"); + dump_owner(s, s->user.uid, s->user.display_name); s->formatter->dump_format("StorageClass", "STANDARD"); dump_time(s, "Initiated", &iter->obj.mtime); s->formatter->close_section(); diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc index de8b0457713..5b994e0a945 100644 --- a/src/rgw/rgw_rest_swift.cc +++ b/src/rgw/rgw_rest_swift.cc @@ -505,7 +505,7 @@ RGWOp *RGWHandler_REST_SWIFT::get_copy_op() int RGWHandler_REST_SWIFT::authorize() { - bool authorized = rgw_verify_os_token(s); + bool authorized = rgw_verify_swift_token(s); if (!authorized) return -EPERM; diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index 56df8d8547a..4f0b183b24c 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -29,7 +29,7 @@ static size_t read_http_header(void *ptr, size_t size, size_t nmemb, void *_info } if (*s == '\n') { *p = '\0'; - dout(10) << "os_auth:" << line << dendl; + dout(10) << "swift_auth:" << line << dendl; // TODO: fill whatever data required here char *l = line; char *tok = strsep(&l, " \t:"); @@ -81,13 +81,13 @@ static int rgw_swift_validate_token(const char *token, struct rgw_swift_auth_inf return 0; } -bool rgw_verify_os_token(req_state *s) +bool rgw_verify_swift_token(req_state *s) { - if (!s->os_auth_token) + if (!s->swift_auth_token) return false; - if (strncmp(s->os_auth_token, "AUTH_rgwtk", 10) == 0) { - int ret = rgw_swift_verify_signed_token(s->os_auth_token, s->user); + if (strncmp(s->swift_auth_token, "AUTH_rgwtk", 10) == 0) { + int ret = rgw_swift_verify_signed_token(s->swift_auth_token, s->user); if (ret < 0) return false; @@ -100,7 +100,7 @@ bool rgw_verify_os_token(req_state *s) info.status = 401; // start with access denied, validate_token might change that - int ret = rgw_swift_validate_token(s->os_auth_token, &info); + int ret = rgw_swift_validate_token(s->swift_auth_token, &info); if (ret < 0) return ret; @@ -109,19 +109,19 @@ bool rgw_verify_os_token(req_state *s) return false; } - s->os_user = info.user; - s->os_groups = info.auth_groups; + s->swift_user = info.user; + s->swift_groups = info.auth_groups; - string swift_user = s->os_user; + string swift_user = s->swift_user; - dout(10) << "swift user=" << s->os_user << dendl; + dout(10) << "swift user=" << s->swift_user << dendl; - if (rgw_get_user_info_by_swift(swift_user, s->user) < 0) { + if (s->store.user_by_subuser(swift_user, s->user) < 0) { dout(0) << "couldn't map swift user" << dendl; return false; } - dout(10) << "user_id=" << s->user.user_id << dendl; + dout(10) << "user_id=" << s->user.uid << dendl; return true; } diff --git a/src/rgw/rgw_swift.h b/src/rgw/rgw_swift.h index 16204bcb2d9..72d7d5ad856 100644 --- a/src/rgw/rgw_swift.h +++ b/src/rgw/rgw_swift.h @@ -12,7 +12,7 @@ struct rgw_swift_auth_info { long long ttl; }; -bool rgw_verify_os_token(req_state *s); +bool rgw_verify_swift_token(req_state *s); #endif diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc index eb65af04b8b..a4880995e23 100644 --- a/src/rgw/rgw_swift_auth.cc +++ b/src/rgw/rgw_swift_auth.cc @@ -56,7 +56,7 @@ static int encode_token(string& swift_user, string& key, bufferlist& bl) return ret; } -int rgw_swift_verify_signed_token(const char *token, libradosgw::Account& info) +int rgw_swift_verify_signed_token(libradosgw::Store& store, const char *token, libradosgw::User& user) { if (strncmp(token, "AUTH_rgwtk", 10) != 0) return -EINVAL; @@ -96,13 +96,17 @@ int rgw_swift_verify_signed_token(const char *token, libradosgw::Account& info) return -EPERM; } - if ((ret = rgw_get_user_info_by_swift(swift_user, info)) < 0) + libradosgw::Account account; + + if ((ret = store.account_by_subuser(swift_user, account)) < 0) return ret; dout(10) << "swift_user=" << swift_user << dendl; - map<string, RGWAccessKey>::iterator siter = info.swift_keys.find(swift_user); - if (siter == info.swift_keys.end()) + map<string, RGWAccessKey>& swift_keys = account.get_swift_keys(); + + map<string, RGWAccessKey>::iterator siter = swift_keys.find(swift_user); + if (siter == account.swift_keys.end()) return -EPERM; RGWAccessKey& swift_key = siter->second; diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h index 2afd73806bf..589717a5a61 100644 --- a/src/rgw/rgw_swift_auth.h +++ b/src/rgw/rgw_swift_auth.h @@ -6,7 +6,7 @@ #define RGW_SWIFT_TOKEN_EXPIRATION (15 * 60) -extern int rgw_swift_verify_signed_token(const char *token, libradosgw::Account& info); +extern int rgw_swift_verify_signed_token(const char *token, libradosgw::User& user); class RGW_SWIFT_Auth_Get : public RGWOp { public: |