librgw: cleanups, incremental ListBuckets fixes

1. remove unused RGWLibRequestEnv code marked to delete 2. restore call to RGWHandler::authorize 3. provide RGWLibRequest::authorize implementing it ** the implementation is incomplete, and shows need to expand the initial mount auth to deal with keystone, etc 4. since acl check is still not quite right in verify_permissions() disable this again (temporarily) 5. fix dout_subsys of rgw_request.cc Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
2025-03-11 02:39:05 +00:00 · 2015-10-06 19:29:25 -04:00 · 2015-10-06 19:29:25 -04:00 · 6dae209ceb
commit 6dae209ceb
parent e29562954b
5 changed files with 47 additions and 42 deletions
--- a/src/rgw/librgw.cc
+++ b/src/rgw/librgw.cc
@ -67,40 +67,6 @@ public:
  }
 };

-#warning deleteme
-#if 0
-void RGWLibRequestEnv::set_date(utime_t& tm)
-{
-  stringstream s;
-  tm.asctime(s);
-  date_str = s.str();
-}
-
-int RGWLibRequestEnv::sign(RGWAccessKey& access_key)
-{
-  map<string, string> meta_map;
-  map<string, string> sub_resources;
-
-  string canonical_header;
-  string digest;
-
-  rgw_create_s3_canonical_header(request_method.c_str(),
-				 NULL, /* const char* content_md5 */
-				 content_type.c_str(),
-				 date_str.c_str(),
-				 meta_map,
-				 uri.c_str(),
-				 sub_resources,
-				 canonical_header);
-
-  int ret = rgw_get_s3_header_digest(canonical_header, access_key.key, digest);
-  if (ret < 0) {
-    return ret;
-  }
-  return 0;
-}
-#endif /* 0 */
-
 void RGWLibProcess::checkpoint()
 {
    m_tp.drain(&req_wq);
@ -220,12 +186,22 @@ int RGWLibProcess::process_request(RGWLibRequest* req, RGWLibIO* io)

  /* req is-a RGWOp, currently initialized separately */
  ret = req->op_init();
-    if (ret < 0) {
+  if (ret < 0) {
    dout(10) << "failed to initialize RGWOp" << dendl;
    abort_req(s, op, ret);
    goto done;
  }

+  /* XXX authorize does less here then in the REST path, e.g.,
+   * the user's info is cached, but still incomplete */
+  req->log(s, "authorizing");
+  ret = req->authorize();
+  if (ret < 0) {
+    dout(10) << "failed to authorize request" << dendl;
+    abort_req(s, op, ret);
+    goto done;
+  }
+
  req->log(s, "reading op permissions");
  ret = req->read_permissions(op);
  if (ret < 0) {
@ -247,7 +223,8 @@ int RGWLibProcess::process_request(RGWLibRequest* req, RGWLibIO* io)
    goto done;
  }

-  /* XXXX 1s stall if this is skipped? */
+  /* XXXX almost correct, I think */
+  #if 0
  req->log(s, "verifying op permissions");
  ret = op->verify_permission();
  if (ret < 0) {
@ -258,6 +235,8 @@ int RGWLibProcess::process_request(RGWLibRequest* req, RGWLibIO* io)
      goto done;
    }
  }
+  #endif
+  req->log(s, "here 3");

  req->log(s, "verifying op params");
  ret = op->verify_params();
@ -469,7 +448,27 @@ int RGWLibRequest::read_permissions(RGWOp *op) {
  }

  return ret;
-}
+} /* RGWLibRequest::read_permissions */
+
+int RGWHandler_Lib::authorize()
+{
+  /* TODO: handle
+   *  1. subusers
+   *  2. anonymous access
+   *  3. system access
+   *  4. ?
+   *
+   *  Much or all of this depends on handling the cached authorization
+   *  correctly (e.g., dealing with keystone) at mount time.
+   */
+  s->perm_mask = RGW_PERM_FULL_CONTROL;
+
+  // populate the owner info
+  s->owner.set_id(s->user->user_id);
+  s->owner.set_name(s->user->display_name);
+
+  return 0;
+} /* RGWHandler_Lib::authorize */

 /* global RGW library object */
 static RGWLib rgwlib;
--- a/src/rgw/rgw_file.h
+++ b/src/rgw/rgw_file.h
@ -89,6 +89,7 @@ public:

    struct req_state* s = get_state();
    s->info.method = "GET";
+    s->op = OP_GET;

    /* XXX derp derp derp */
    s->relative_uri = "/";
@ -149,6 +150,7 @@ public:

    struct req_state* s = get_state();
    s->info.method = "GET";
+    s->op = OP_GET;

    /* XXX derp derp derp */
    s->relative_uri = uri;
--- a/src/rgw/rgw_lib.h
+++ b/src/rgw/rgw_lib.h
@ -92,9 +92,7 @@ class RGWHandler_Lib : public RGWHandler {
  friend class RGWRESTMgr_Lib;
 public:

-  virtual int authorize() {
-    return RGW_Auth_S3::authorize(store, s);
-  }
+  virtual int authorize();

  RGWHandler_Lib() {}
  virtual ~RGWHandler_Lib() {}
@ -132,6 +130,9 @@ public:
    RGWRequest::init_state(_s);
    RGWHandler::init(rados_ctx->store, _s, io);

+    /* fixup _s->req */
+    _s->req = this;
+
    log_init();

    get_state()->obj_ctx = rados_ctx;
--- a/src/rgw/rgw_request.cc
+++ b/src/rgw/rgw_request.cc
@ -4,7 +4,7 @@
 #include "rgw_op.h"
 #include "rgw_request.h"

-#define dout_subsys ceph_subsys_auth
+#define dout_subsys ceph_subsys_rgw

 /* XXX */
 void RGWRequest::log_format(struct req_state *s, const char *fmt, ...)
--- a/src/test/librgw_file.cc
+++ b/src/test/librgw_file.cc
@ -24,6 +24,8 @@
 #include "common/debug.h"
 #include "global/global_init.h"

+#define dout_subsys ceph_subsys_rgw
+
 namespace {
  librgw_t rgw = nullptr;
  string uid("testuser");
@ -110,7 +112,8 @@ TEST(LibRGW, LIST_OBJECTS) {
    return;

  for (auto& fid : fids1) {
-    std::cout << "readdir in bucket " << get<0>(fid) << std::endl;
+    ldout(g_ceph_context, 0) << __func__ << " readdir on bucket " << get<0>(fid)
+		     << dendl;
    bool eof = false;
    uint64_t offset = 0;
    int ret = rgw_readdir(fs, get<2>(fid), &offset, r2_cb, &fids2,