diff options
| author | Yehuda Sadeh <yehuda.sadeh@dreamhost.com> | 2011-12-06 11:31:34 -0800 |
|---|---|---|
| committer | Yehuda Sadeh <yehuda.sadeh@dreamhost.com> | 2011-12-06 11:31:34 -0800 |
| commit | 54329272e07c1fed7c06493a1ac160553822407c (patch) | |
| tree | 91b9e5a80e38d5cacffb69446b138867382c3628 | |
| parent | 28d97ac6ac5d8380f605ae973f296ffbb8142145 (diff) | |
| download | ceph-54329272e07c1fed7c06493a1ac160553822407c.tar.gz | |
rgw: get most to compile, ready to start working on I/O path
| -rw-r--r-- | src/rgw/libradosgw.cc | 46 | ||||
| -rw-r--r-- | src/rgw/libradosgw.hpp | 27 | ||||
| -rw-r--r-- | src/rgw/rgw_common.cc | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_common.h | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_log.cc | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_main.cc | 4 | ||||
| -rw-r--r-- | src/rgw/rgw_op.cc | 58 | ||||
| -rw-r--r-- | src/rgw/rgw_rest.cc | 14 | ||||
| -rw-r--r-- | src/rgw/rgw_rest.h | 4 | ||||
| -rw-r--r-- | src/rgw/rgw_rest_s3.cc | 24 | ||||
| -rw-r--r-- | src/rgw/rgw_swift.cc | 6 | ||||
| -rw-r--r-- | src/rgw/rgw_swift_auth.cc | 28 | ||||
| -rw-r--r-- | src/rgw/rgw_swift_auth.h | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_user.cc | 58 |
14 files changed, 119 insertions, 158 deletions
diff --git a/src/rgw/libradosgw.cc b/src/rgw/libradosgw.cc index e6bfbac0bf6..b4fe8152aa9 100644 --- a/src/rgw/libradosgw.cc +++ b/src/rgw/libradosgw.cc @@ -56,21 +56,13 @@ namespace libradosgw { { StoreImpl *store; - AccountImpl(StoreImpl *s) : store(s) { - if (store) - store->get(); - } - - ~AccountImpl() { - if (store) - store->put(); - } - + AccountImpl(StoreImpl *s); + ~AccountImpl(); int store_info(Account *account); - void encode(bufferlist& bl) const { + void encode(Account *account, bufferlist& bl) const { __u32 ver = USER_INFO_VER; User& user = account->user; @@ -105,7 +97,7 @@ namespace libradosgw { ::encode(account->suspended, bl); ::encode(account->swift_keys, bl); } - void decode(bufferlist::iterator& bl) { + void decode(Account *account, bufferlist::iterator& bl) { __u32 ver; ::decode(ver, bl); @@ -146,7 +138,6 @@ namespace libradosgw { } } }; - WRITE_CLASS_ENCODER(AccountImpl) class StoreImpl : public RefCountedObject { RGWRados *access; @@ -182,11 +173,11 @@ namespace libradosgw { int put_complete_obj(string& uid, rgw_bucket& bucket, string& oid, const char *data, size_t size); int get_complete_obj(void *ctx, rgw_bucket& bucket, string& key, bufferlist& bl); - int account_by_name(string& name, Account& account) {} + int account_by_uid(string& name, Account& account) {} int account_by_email(string& email, Account& account) {} int account_by_access_key(string& access_key, Account& account) {} int account_by_subuser(string& subuser, Account& account) {} - int user_by_name(string& name, User& user) {} + int user_by_uid(string& name, User& user) {} int user_by_email(string& email, User& user) {} int user_by_access_key(string& access_key, User& user) {} int user_by_subuser(string& subuser, User& user) {} @@ -259,7 +250,7 @@ namespace libradosgw { ::decode(uid, iter); if (!iter.end()) { impl = new AccountImpl(this); - impl->decode(iter); + impl->decode(&account, iter); account.impl = impl; } } catch (buffer::error& err) { @@ -281,8 +272,8 @@ namespace libradosgw { impl->put(); } - int Store::account_by_name(string& name, Account& account) { - return impl->account_by_name(name, account); + int Store::account_by_uid(string& name, Account& account) { + return impl->account_by_uid(name, account); } int Store::account_by_email(string& email, Account& account) { @@ -297,8 +288,8 @@ namespace libradosgw { return impl->account_by_subuser(access_key, account); } - int Store::user_by_name(string& name, User& user) { - return impl->user_by_name(name, user); + int Store::user_by_uid(string& name, User& user) { + return impl->user_by_uid(name, user); } int Store::user_by_email(string& email, User& user) { @@ -313,11 +304,20 @@ namespace libradosgw { return impl->user_by_subuser(access_key, user); } + AccountImpl::AccountImpl(StoreImpl *s) : store(s) { + if (store) + store->get(); + } + + AccountImpl::~AccountImpl() { + if (store) + store->put(); + } int AccountImpl::store_info(Account *account) { bufferlist bl; - encode(bl); + encode(account, bl); string md5; int ret; map<string,bufferlist> attrs; @@ -352,7 +352,7 @@ namespace libradosgw { bufferlist uid_bl; ::encode(user.uid, uid_bl); - encode(uid_bl); + encode(account, uid_bl); ret = store->put_complete_obj(user.uid, ui_uid_bucket, user.uid, uid_bl.c_str(), uid_bl.length()); if (ret < 0) @@ -385,6 +385,8 @@ namespace libradosgw { return ret; } + User User::Anonymous(true); + int Account::store_info() { return impl->store_info(this); } diff --git a/src/rgw/libradosgw.hpp b/src/rgw/libradosgw.hpp index b85332718b7..86b8c0b5a7c 100644 --- a/src/rgw/libradosgw.hpp +++ b/src/rgw/libradosgw.hpp @@ -32,7 +32,7 @@ namespace libradosgw { ObjRef(RefCountedObject *o = NULL) : obj(o) {} ObjRef(ObjRef<T>& src) { - obj = src; + obj = src.obj; if (obj) obj->get(); } @@ -120,7 +120,17 @@ namespace libradosgw { string email; uint64_t auid; + User(bool anon = false) { + group = 0; + if (anon) { + group |= GROUP_ANONYMOUS; + } + } + bool is_anonymous() { return (group & GROUP_ANONYMOUS) != 0; } + bool is_authenticated() { return !is_anonymous(); } + + static User Anonymous; }; struct ACLs { @@ -245,7 +255,6 @@ namespace libradosgw { protected: ObjRef<AccountImpl> impl; - User user; std::map<string, AccessKey> access_keys; std::map<string, AccessKey> swift_keys; std::map<string, SubUser> subusers; @@ -256,6 +265,8 @@ namespace libradosgw { Account(); ~Account(); + User user; + AccountIterator buckets_begin(); const AccountIterator& buckets_end(); @@ -263,9 +274,13 @@ namespace libradosgw { int get_bucket(string& name, Bucket& bucket); int create_bucket(string& name, ACLs *acls = NULL); + bool is_suspended() { return suspended; } + std::map<string, AccessKey>& get_access_keys() { return access_keys; } - std::map<string, AccessKey> get_swift_keys() { return swift_keys; } - std::map<string, SubUser> get_subusers() { return subusers; } + std::map<string, AccessKey>& get_swift_keys() { return swift_keys; } + std::map<string, SubUser>& get_subusers() { return subusers; } + + int store_info(); }; @@ -278,12 +293,12 @@ namespace libradosgw { int init(CephContext *cct); void shutdown(); - int account_by_name(string& name, Account& account); + int account_by_uid(string& uid, Account& account); int account_by_email(string& email, Account& account); int account_by_access_key(string& access_key, Account& account); int account_by_subuser(string& subuser, Account& account); - int user_by_name(string& name, User& user); + int user_by_uid(string& uid, User& user); int user_by_email(string& email, User& user); int user_by_access_key(string& access_key, User& user); int user_by_subuser(string& subuser, User& user); diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index e5745e32c8f..d4bcdd8021d 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -345,7 +345,7 @@ bool verify_permission(RGWAccessControlPolicy *policy, const string& uid, int us bool verify_permission(struct req_state *s, int perm) { - return verify_permission(s->acl, s->user.uid, s->perm_mask, perm); + return verify_permission(s->acl, s->account.user.uid, s->perm_mask, perm); } static char hex_to_num(char c) diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index f8bb081c3b3..53f14f78e02 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -456,7 +456,7 @@ struct req_state { map<string, string> x_meta_map; bool has_bad_meta; - libradosgw::User user; + libradosgw::Account account; RGWAccessControlPolicy *acl; string canned_acl; diff --git a/src/rgw/rgw_log.cc b/src/rgw/rgw_log.cc index 738d08cf69b..4a3ac5f88e2 100644 --- a/src/rgw/rgw_log.cc +++ b/src/rgw/rgw_log.cc @@ -119,7 +119,7 @@ int rgw_log_op(struct req_state *s) set_param_str(s, "REQUEST_URI", entry.uri); set_param_str(s, "REQUEST_METHOD", entry.op); - entry.user = s->user.user_id; + entry.user = s->account.user.uid; if (s->acl) entry.object_owner = s->acl->get_owner().get_id(); entry.bucket_owner = s->bucket_owner; diff --git a/src/rgw/rgw_main.cc b/src/rgw/rgw_main.cc index 998053a0066..19d6d957037 100644 --- a/src/rgw/rgw_main.cc +++ b/src/rgw/rgw_main.cc @@ -208,8 +208,8 @@ void RGWProcess::handle_request(FCGX_Request *fcgx) abort_early(s, ret); goto done; } - if (s->user.suspended) { - dout(10) << "user is suspended, uid=" << s->user.user_id << dendl; + if (s->account.is_suspended()) { + dout(10) << "user is suspended, uid=" << s->account.user.uid << dendl; abort_early(s, -ERR_USER_SUSPENDED); goto done; } diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 976bf6930eb..5e192b981a6 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -226,7 +226,7 @@ static int read_acls(struct req_state *s, RGWBucketInfo& bucket_info, RGWAccessC if (ret < 0) return ret; - if (!verify_permission(&bucket_policy, s->user.user_id, s->perm_mask, RGW_PERM_READ)) + if (!verify_permission(&bucket_policy, s->account.user.uid, s->perm_mask, RGW_PERM_READ)) ret = -EACCES; else ret = -ENOENT; @@ -373,11 +373,11 @@ void RGWListBuckets::execute() if (ret < 0) goto done; - ret = rgw_read_user_buckets(s->user.user_id, buckets, !!(s->prot_flags & RGW_REST_SWIFT)); + ret = rgw_read_user_buckets(s->account.user.uid, buckets, !!(s->prot_flags & RGW_REST_SWIFT)); if (ret < 0) { /* hmm.. something wrong here.. the user was authenticated, so it should exist, just try to recreate */ - dout(10) << "WARNING: failed on rgw_get_user_buckets uid=" << s->user.user_id << dendl; + dout(10) << "WARNING: failed on rgw_get_user_buckets uid=" << s->account.user.uid << dendl; /* @@ -402,11 +402,11 @@ void RGWStatAccount::execute() { RGWUserBuckets buckets; - ret = rgw_read_user_buckets(s->user.user_id, buckets, true); + ret = rgw_read_user_buckets(s->account.user.uid, buckets, true); if (ret < 0) { /* hmm.. something wrong here.. the user was authenticated, so it should exist, just try to recreate */ - dout(10) << "WARNING: failed on rgw_get_user_buckets uid=" << s->user.user_id << dendl; + dout(10) << "WARNING: failed on rgw_get_user_buckets uid=" << s->account.user.uid << dendl; /* @@ -505,7 +505,7 @@ done: int RGWCreateBucket::verify_permission() { - if (!rgw_user_is_authenticated(s->user)) + if (!s->account.user.is_authenticated()) return -EACCES; return 0; @@ -521,16 +521,16 @@ void RGWCreateBucket::execute() rgw_obj obj(rgw_root_bucket, s->bucket_name_str); - s->bucket_owner = s->user.user_id; + s->bucket_owner = s->account.user.uid; int r = get_policy_from_attr(s->obj_ctx, &old_policy, obj); if (r >= 0) { - if (old_policy.get_owner().get_id().compare(s->user.user_id) != 0) { + if (old_policy.get_owner().get_id().compare(s->account.user.uid) != 0) { ret = -EEXIST; goto done; } } - pol_ret = policy.create_canned(s->user.user_id, s->user.display_name, s->canned_acl); + pol_ret = policy.create_canned(s->account.user.uid, s->account.user.display_name, s->canned_acl); if (!pol_ret) { ret = -EINVAL; goto done; @@ -540,8 +540,8 @@ void RGWCreateBucket::execute() attrs[RGW_ATTR_ACL] = aclbl; s->bucket.name = s->bucket_name_str; - ret = rgwstore->create_bucket(s->user.user_id, s->bucket, attrs, false, - true, s->user.auid); + ret = rgwstore->create_bucket(s->account.user.uid, s->bucket, attrs, false, + true, s->account.user.auid); /* continue if EEXIST and create_bucket will fail below. this way we can recover * from a partial create by retrying it. */ dout(0) << "rgw_create_bucket returned ret=" << ret << " bucket=" << s->bucket << dendl; @@ -551,9 +551,9 @@ void RGWCreateBucket::execute() existed = (ret == -EEXIST); - ret = rgw_add_bucket(s->user.user_id, s->bucket); + ret = rgw_add_bucket(s->account.user.uid, s->bucket); if (ret && !existed && ret != -EEXIST) /* if it exists (or previously existed), don't remove it! */ - rgw_unlink_bucket(s->user.user_id, s->bucket); + rgw_unlink_bucket(s->account.user.uid, s->bucket); if (ret == -EEXIST) ret = -ERR_BUCKET_EXISTS; @@ -578,7 +578,7 @@ void RGWDeleteBucket::execute() ret = rgwstore->delete_bucket(s->bucket); if (ret == 0) { - ret = rgw_unlink_bucket(s->user.user_id, s->bucket); + ret = rgw_unlink_bucket(s->account.user.uid, s->bucket); if (ret < 0) { dout(0) << "WARNING: failed to remove bucket: ret=" << ret << dendl; } @@ -667,7 +667,7 @@ void RGWPutObj::execute() RGWAccessControlPolicy policy; - ret = policy.create_canned(s->user.user_id, s->user.display_name, s->canned_acl); + ret = policy.create_canned(s->account.user.uid, s->account.user.display_name, s->canned_acl); if (!ret) { ret = -EINVAL; goto done; @@ -976,7 +976,7 @@ int RGWCopyObj::verify_permission() if (ret < 0) return ret; - if (!::verify_permission(&src_policy, s->user.user_id, s->perm_mask, RGW_PERM_READ)) + if (!::verify_permission(&src_policy, s->account.user.uid, s->perm_mask, RGW_PERM_READ)) return -EACCES; RGWAccessControlPolicy dest_bucket_policy; @@ -986,13 +986,13 @@ int RGWCopyObj::verify_permission() if (ret < 0) return ret; - if (!::verify_permission(&dest_bucket_policy, s->user.user_id, s->perm_mask, RGW_PERM_WRITE)) + if (!::verify_permission(&dest_bucket_policy, s->account.user.uid, s->perm_mask, RGW_PERM_WRITE)) return -EACCES; /* build a polict for the target object */ RGWAccessControlPolicy dest_policy; - ret = dest_policy.create_canned(s->user.user_id, s->user.display_name, s->canned_acl); + ret = dest_policy.create_canned(s->account.user.uid, s->account.user.display_name, s->canned_acl); if (!ret) return -EINVAL; @@ -1075,7 +1075,7 @@ void RGWGetACLs::execute() send_response(); } -static int rebuild_policy(ACLOwner *owner, RGWAccessControlPolicy& src, RGWAccessControlPolicy& dest) +static int rebuild_policy(libradosgw::Store& store, ACLOwner *owner, RGWAccessControlPolicy& src, RGWAccessControlPolicy& dest) { if (!owner) return -EINVAL; @@ -1085,8 +1085,8 @@ static int rebuild_policy(ACLOwner *owner, RGWAccessControlPolicy& src, RGWAcces return -EPERM; } - RGWUserInfo owner_info; - if (rgw_get_user_info_by_uid(owner->get_id(), owner_info) < 0) { + libradosgw::User owner_info; + if (store.user_by_uid(owner->get_id(), owner_info) < 0) { dout(10) << "owner info does not exist" << dendl; return -EINVAL; } @@ -1107,24 +1107,24 @@ static int rebuild_policy(ACLOwner *owner, RGWAccessControlPolicy& src, RGWAcces ACLGrant new_grant; bool grant_ok = false; string uid; - RGWUserInfo grant_user; + libradosgw::User grant_user; switch (type.get_type()) { case ACL_TYPE_EMAIL_USER: { string email = src_grant->get_id(); dout(10) << "grant user email=" << email << dendl; - if (rgw_get_user_info_by_email(email, grant_user) < 0) { + if (store.user_by_email(email, grant_user) < 0) { dout(10) << "grant user email not found or other error" << dendl; return -ERR_UNRESOLVABLE_EMAIL; } - uid = grant_user.user_id; + uid = grant_user.uid; } case ACL_TYPE_CANON_USER: { if (type.get_type() == ACL_TYPE_CANON_USER) uid = src_grant->get_id(); - if (grant_user.user_id.empty() && rgw_get_user_info_by_uid(uid, grant_user) < 0) { + if (grant_user.uid.empty() && store.user_by_uid(uid, grant_user) < 0) { dout(10) << "grant user does not exist:" << uid << dendl; return -EINVAL; } else { @@ -1194,8 +1194,8 @@ void RGWPutACLs::execute() ret = -ENOMEM; goto done; } - owner.set_id(s->user.user_id); - owner.set_name(s->user.display_name); + owner.set_id(s->account.user.uid); + owner.set_name(s->account.user.display_name); } else { owner = s->acl->get_owner(); } @@ -1239,7 +1239,7 @@ void RGWPutACLs::execute() *_dout << dendl; } - ret = rebuild_policy(&owner, *policy, new_policy); + ret = rebuild_policy(s->store, &owner, *policy, new_policy); if (ret < 0) goto done; @@ -1283,7 +1283,7 @@ void RGWInitMultipart::execute() if (!s->object) goto done; - ret = policy.create_canned(s->user.user_id, s->user.display_name, s->canned_acl); + ret = policy.create_canned(s->account.user.uid, s->account.user.display_name, s->canned_acl); if (!ret) { ret = -EINVAL; goto done; diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc index 99b1db56e16..55f5f10075e 100644 --- a/src/rgw/rgw_rest.cc +++ b/src/rgw/rgw_rest.cc @@ -500,7 +500,7 @@ static int init_entities_from_header(struct req_state *s) next_tok(req, ver, '/'); dout(10) << "ver=" << ver << dendl; - s->os_auth_token = s->env->get("HTTP_X_AUTH_TOKEN"); + s->swift_auth_token = s->env->get("HTTP_X_AUTH_TOKEN"); next_tok(req, first, '/'); dout(10) << "ver=" << ver << " first=" << first << " req=" << req << dendl; @@ -884,15 +884,15 @@ RGWOp *RGWHandler_REST::get_op() RGWRESTMgr::RGWRESTMgr() { - m_os_handler = new RGWHandler_REST_SWIFT; - m_os_auth_handler = new RGWHandler_SWIFT_Auth; + m_swift_handler = new RGWHandler_REST_SWIFT; + m_swift_auth_handler = new RGWHandler_SWIFT_Auth; m_s3_handler = new RGWHandler_REST_S3; } RGWRESTMgr::~RGWRESTMgr() { - delete m_os_handler; - delete m_os_auth_handler; + delete m_swift_handler; + delete m_swift_auth_handler; delete m_s3_handler; } @@ -904,9 +904,9 @@ RGWHandler *RGWRESTMgr::get_handler(struct req_state *s, FCGX_Request *fcgx, *init_error = RGWHandler_REST::preprocess(s, fcgx); if (s->prot_flags & RGW_REST_SWIFT) - handler = m_os_handler; + handler = m_swift_handler; else if (s->prot_flags & RGW_REST_SWIFT_AUTH) - handler = m_os_auth_handler; + handler = m_swift_auth_handler; else handler = m_s3_handler; diff --git a/src/rgw/rgw_rest.h b/src/rgw/rgw_rest.h index 602aa7e082a..a0c753eadfb 100644 --- a/src/rgw/rgw_rest.h +++ b/src/rgw/rgw_rest.h @@ -164,8 +164,8 @@ class RGWHandler_SWIFT_Auth; class RGWHandler_REST_S3; class RGWRESTMgr { - RGWHandler_REST_SWIFT *m_os_handler; - RGWHandler_SWIFT_Auth *m_os_auth_handler; + RGWHandler_REST_SWIFT *m_swift_handler; + RGWHandler_SWIFT_Auth *m_swift_auth_handler; RGWHandler_REST_S3 *m_s3_handler; public: diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index de7b3ac2762..f164436835f 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -98,7 +98,7 @@ void RGWListBuckets_REST_S3::send_response() dump_start(s); list_all_buckets_start(s); - dump_owner(s, s->user.uid, s->user.display_name); + dump_owner(s, s->account.user.uid, s->account.user.display_name); map<string, RGWBucketEnt>& m = buckets.get_buckets(); map<string, RGWBucketEnt>::iterator iter; @@ -433,8 +433,8 @@ void RGWListBucketMultiparts_REST_S3::send_response() s->formatter->open_array_section("Upload"); s->formatter->dump_format("Key", mp.get_key().c_str()); s->formatter->dump_format("UploadId", mp.get_upload_id().c_str()); - dump_owner(s, s->user.uid, s->user.display_name, "Initiator"); - dump_owner(s, s->user.uid, s->user.display_name); + dump_owner(s, s->account.user.uid, s->account.user.display_name, "Initiator"); + dump_owner(s, s->account.user.uid, s->account.user.display_name); s->formatter->dump_format("StorageClass", "STANDARD"); dump_time(s, "Initiated", &iter->obj.mtime); s->formatter->close_section(); @@ -684,7 +684,7 @@ int RGWHandler_REST_S3::authorize() qsr = true; } else { /* anonymous access */ - rgw_get_anon_user(s->user); + s->account.user = libradosgw::User::Anonymous; s->perm_mask = RGW_PERM_FULL_CONTROL; return 0; } @@ -701,7 +701,7 @@ int RGWHandler_REST_S3::authorize() } /* first get the user info */ - if (rgw_get_user_info_by_access_key(auth_id, s->user) < 0) { + if (s->store.account_by_access_key(auth_id, s->account) < 0) { dout(5) << "error reading user info, uid=" << auth_id << " can't authenticate" << dendl; return -EPERM; } @@ -723,22 +723,24 @@ int RGWHandler_REST_S3::authorize() return -ERR_REQUEST_TIME_SKEWED; } - map<string, RGWAccessKey>::iterator iter = s->user.access_keys.find(auth_id); - if (iter == s->user.access_keys.end()) { + const map<string, libradosgw::AccessKey>& access_keys = s->account.get_access_keys(); + map<string, libradosgw::AccessKey>::const_iterator iter = access_keys.find(auth_id); + if (iter == access_keys.end()) { dout(0) << "ERROR: access key not encoded in user info" << dendl; return -EPERM; } - RGWAccessKey& k = iter->second; + const libradosgw::AccessKey& k = iter->second; const char *key = k.key.c_str(); int key_len = k.key.size(); if (!k.subuser.empty()) { - map<string, RGWSubUser>::iterator uiter = s->user.subusers.find(k.subuser); - if (uiter == s->user.subusers.end()) { + const map<string, libradosgw::SubUser>& subusers = s->account.get_subusers(); + map<string, libradosgw::SubUser>::const_iterator uiter = subusers.find(k.subuser); + if (uiter == subusers.end()) { dout(0) << "ERROR: could not find subuser: " << k.subuser << dendl; return -EPERM; } - RGWSubUser& subuser = uiter->second; + const libradosgw::SubUser& subuser = uiter->second; s->perm_mask = subuser.perm_mask; } else s->perm_mask = RGW_PERM_FULL_CONTROL; diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index 4f0b183b24c..d6b25609d3e 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -87,7 +87,7 @@ bool rgw_verify_swift_token(req_state *s) return false; if (strncmp(s->swift_auth_token, "AUTH_rgwtk", 10) == 0) { - int ret = rgw_swift_verify_signed_token(s->swift_auth_token, s->user); + int ret = rgw_swift_verify_signed_token(s->swift_auth_token, s->account); if (ret < 0) return false; @@ -116,12 +116,12 @@ bool rgw_verify_swift_token(req_state *s) dout(10) << "swift user=" << s->swift_user << dendl; - if (s->store.user_by_subuser(swift_user, s->user) < 0) { + if (s->store.account_by_subuser(swift_user, s->account) < 0) { dout(0) << "couldn't map swift user" << dendl; return false; } - dout(10) << "user_id=" << s->user.uid << dendl; + dout(10) << "user_id=" << s->account.user.uid << dendl; return true; } diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc index a4880995e23..a2b53515ab1 100644 --- a/src/rgw/rgw_swift_auth.cc +++ b/src/rgw/rgw_swift_auth.cc @@ -14,7 +14,7 @@ using namespace ceph::crypto; static RGW_SWIFT_Auth_Get rgw_swift_auth_get; -static int build_token(string& swift_user, string& key, uint64_t nonce, utime_t& expiration, bufferlist& bl) +static int build_token(const string& swift_user, const string& key, uint64_t nonce, utime_t& expiration, bufferlist& bl) { ::encode(swift_user, bl); ::encode(nonce, bl); @@ -56,7 +56,7 @@ static int encode_token(string& swift_user, string& key, bufferlist& bl) return ret; } -int rgw_swift_verify_signed_token(libradosgw::Store& store, const char *token, libradosgw::User& user) +int rgw_swift_verify_signed_token(libradosgw::Store& store, const char *token, libradosgw::Account& account) { if (strncmp(token, "AUTH_rgwtk", 10) != 0) return -EINVAL; @@ -96,19 +96,17 @@ int rgw_swift_verify_signed_token(libradosgw::Store& store, const char *token, l return -EPERM; } - libradosgw::Account account; - if ((ret = store.account_by_subuser(swift_user, account)) < 0) return ret; dout(10) << "swift_user=" << swift_user << dendl; - map<string, RGWAccessKey>& swift_keys = account.get_swift_keys(); + const map<string, libradosgw::AccessKey>& swift_keys = account.get_swift_keys(); - map<string, RGWAccessKey>::iterator siter = swift_keys.find(swift_user); - if (siter == account.swift_keys.end()) + map<string, libradosgw::AccessKey>::const_iterator siter = swift_keys.find(swift_user); + if (siter == swift_keys.end()) return -EPERM; - RGWAccessKey& swift_key = siter->second; + const libradosgw::AccessKey& swift_key = siter->second; bufferlist tok; ret = build_token(swift_user, swift_key.key, nonce, expiration, tok); @@ -140,10 +138,11 @@ void RGW_SWIFT_Auth_Get::execute() const char *user = s->env->get("HTTP_X_AUTH_USER"); string user_str; - RGWUserInfo info; + libradosgw::Account account; bufferlist bl; - RGWAccessKey *swift_key; - map<string, RGWAccessKey>::iterator siter; + libradosgw::AccessKey *swift_key; + map<string, libradosgw::AccessKey> *swift_keys; + map<string, libradosgw::AccessKey>::iterator siter; string swift_url = g_conf->rgw_swift_url; string swift_prefix = g_conf->rgw_swift_url_prefix; @@ -185,11 +184,12 @@ void RGW_SWIFT_Auth_Get::execute() user_str = user; - if ((ret = rgw_get_user_info_by_swift(user_str, info)) < 0) + if ((ret = s->store.account_by_subuser(user_str, account)) < 0) goto done; - siter = info.swift_keys.find(user_str); - if (siter == info.swift_keys.end()) { + swift_keys = &account.get_swift_keys(); + siter = swift_keys->find(user_str); + if (siter == swift_keys->end()) { ret = -EPERM; goto done; } diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h index 589717a5a61..c1929f7f687 100644 --- a/src/rgw/rgw_swift_auth.h +++ b/src/rgw/rgw_swift_auth.h @@ -6,7 +6,7 @@ #define RGW_SWIFT_TOKEN_EXPIRATION (15 * 60) -extern int rgw_swift_verify_signed_token(const char *token, libradosgw::User& user); +extern int rgw_swift_verify_signed_token(const char *token, libradosgw::Account& account); class RGW_SWIFT_Auth_Get : public RGWOp { public: diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc index 5e7cf79eee2..88dd0b8e0f3 100644 --- a/src/rgw/rgw_user.cc +++ b/src/rgw/rgw_user.cc @@ -14,64 +14,6 @@ using namespace std; -int rgw_get_user_info_from_index(string& key, rgw_bucket& bucket, RGWUserInfo& info) -{ - bufferlist bl; - RGWUID uid; - - int ret = rgw_get_obj(rgwstore, NULL, bucket, key, bl); - if (ret < 0) - return ret; - - bufferlist::iterator iter = bl.begin(); - try { - ::decode(uid, iter); - if (!iter.end()) - info.decode(iter); - } catch (buffer::error& err) { - dout(0) << "ERROR: failed to decode user info, caught buffer::error" << dendl; - return -EIO; - } - - return 0; -} - -/** - * Given an email, finds the user info associated with it. - * returns: 0 on success, -ERR# on failure (including nonexistence) - */ -int rgw_get_user_info_by_uid(string& uid, RGWUserInfo& info) -{ - return rgw_get_user_info_from_index(uid, ui_uid_bucket, info); -} - -/** - * Given an email, finds the user info associated with it. - * returns: 0 on success, -ERR# on failure (including nonexistence) - */ -int rgw_get_user_info_by_email(string& email, RGWUserInfo& info) -{ - return rgw_get_user_info_from_index(email, ui_email_bucket, info); -} - -/** - * Given an swift username, finds the user_info associated with it. - * returns: 0 on success, -ERR# on failure (including nonexistence) - */ -extern int rgw_get_user_info_by_swift(string& swift_name, RGWUserInfo& info) -{ - return rgw_get_user_info_from_index(swift_name, ui_swift_bucket, info); -} - -/** - * Given an access key, finds the user info associated with it. - * returns: 0 on success, -ERR# on failure (including nonexistence) - */ -extern int rgw_get_user_info_by_access_key(string& access_key, RGWUserInfo& info) -{ - return rgw_get_user_info_from_index(access_key, ui_key_bucket, info); -} - static void get_buckets_obj(string& user_id, string& buckets_obj_id) { buckets_obj_id = user_id; |