diff --git a/src/rgw/rgw_json_enc.cc b/src/rgw/rgw_json_enc.cc index 57c76770adc..5acc3eb653a 100644 --- a/src/rgw/rgw_json_enc.cc +++ b/src/rgw/rgw_json_enc.cc @@ -1219,34 +1219,33 @@ void KeystoneAdminTokenRequestVer2::dump(Formatter * const f) const void KeystoneAdminTokenRequestVer3::dump(Formatter * const f) const { f->open_object_section("token_request"); - f->open_object_section("auth"); - f->open_object_section("identity"); - f->open_array_section("methods"); - f->dump_string("", "password"); + f->open_object_section("auth"); + f->open_object_section("identity"); + f->open_array_section("methods"); + f->dump_string("", "password"); + f->close_section(); + f->open_object_section("password"); + f->open_object_section("user"); + f->open_object_section("domain"); + encode_json("name", cct->_conf->rgw_keystone_admin_domain, f); + f->close_section(); + encode_json("name", cct->_conf->rgw_keystone_admin_user, f); + encode_json("password", cct->_conf->rgw_keystone_admin_password, f); + f->close_section(); + f->close_section(); f->close_section(); - f->open_object_section("password"); - f->open_object_section("user"); + f->open_object_section("scope"); + f->open_object_section("project"); + if (!cct->_conf->rgw_keystone_admin_project.empty()) { + encode_json("name", cct->_conf->rgw_keystone_admin_project, f); + } else { + encode_json("name", cct->_conf->rgw_keystone_admin_tenant, f); + } f->open_object_section("domain"); encode_json("name", cct->_conf->rgw_keystone_admin_domain, f); f->close_section(); - encode_json("name", cct->_conf->rgw_keystone_admin_user, f); - encode_json("password", cct->_conf->rgw_keystone_admin_password, f); f->close_section(); f->close_section(); f->close_section(); - f->open_object_section("scope"); - f->open_object_section("project"); - if (!cct->_conf->rgw_keystone_admin_project.empty()) { - encode_json("name", cct->_conf->rgw_keystone_admin_project, f); - } - else { - encode_json("name", cct->_conf->rgw_keystone_admin_tenant, f); - } - f->open_object_section("domain"); - encode_json("name", cct->_conf->rgw_keystone_admin_domain, f); - f->close_section(); - f->close_section(); - f->close_section(); - f->close_section(); f->close_section(); } diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 3a0203eae3f..41118414c81 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -2670,13 +2670,13 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token( const string& auth_id, const string& auth_token, const string& auth_sign) { /* prepare keystone url */ string keystone_url = cct->_conf->rgw_keystone_url; - string keystone_version = cct->_conf->rgw_keystone_api_version; - if (keystone_url[keystone_url.size() - 1] != '/') + if (keystone_url[keystone_url.size() - 1] != '/') { keystone_url.append("/"); + } + if (KeystoneService::get_api_version() == KeystoneApiVersion::VER_3) { keystone_url.append("v3/s3tokens"); - } - else { + } else { keystone_url.append("v2.0/s3tokens"); } @@ -2742,7 +2742,9 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token( } /* everything seems fine, continue with this user */ - ldout(cct, 5) << "s3 keystone: validated token: " << response.get_project_name() << ":" << response.get_user_name() << " expires: " << response.get_expires() << dendl; + ldout(cct, 5) << "s3 keystone: validated token: " << response.get_project_name() + << ":" << response.get_user_name() + << " expires: " << response.get_expires() << dendl; return 0; } diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index 3dd51e6b1c8..d9b0d03538f 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -153,16 +153,18 @@ public: char *l = line; char *tok = strsep(&l, " \t:"); if (tok) { - while (l && *l == ' ') + while (l && *l == ' ') { l++; + } if (strcasecmp(tok, "X-Subject-Token") == 0) { subject_token = l; } } } - if (s != end) + if (s != end) { *p++ = *s++; + } } return 0; } @@ -333,10 +335,12 @@ int RGWSwift::check_revoked() bufferlist bl; RGWGetRevokedTokens req(cct, &bl); - if (get_keystone_admin_token(token) < 0) + if (get_keystone_admin_token(token) < 0) { return -EINVAL; - if (get_keystone_url(url) < 0) + } + if (get_keystone_url(url) < 0) { return -EINVAL; + } req.append_header("X-Auth-Token", token); const auto keystone_version = KeystoneService::get_api_version(); @@ -345,10 +349,12 @@ int RGWSwift::check_revoked() } else if (keystone_version == KeystoneApiVersion::VER_3) { url.append("v3/auth/tokens/OS-PKI/revoked"); } + req.set_send_length(0); int ret = req.process(url.c_str()); - if (ret < 0) + if (ret < 0) { return ret; + } bl.append((char)0); // NULL terminate for debug output @@ -441,11 +447,14 @@ int RGWSwift::parse_keystone_token_response(const string& token, bufferlist& bl, } if (!found) { - ldout(cct, 0) << "user does not hold a matching role; required roles: " << g_conf->rgw_keystone_accepted_roles << dendl; + ldout(cct, 0) << "user does not hold a matching role; required roles: " + << g_conf->rgw_keystone_accepted_roles << dendl; return -EPERM; } - ldout(cct, 0) << "validated token: " << t.get_project_name() << ":" << t.get_user_name() << " expires: " << t.get_expires() << dendl; + ldout(cct, 0) << "validated token: " << t.get_project_name() + << ":" << t.get_user_name() + << " expires: " << t.get_expires() << dendl; rgw_set_keystone_token_auth_info(t, info); @@ -581,7 +590,9 @@ int RGWSwift::validate_keystone_token(RGWRados *store, const string& token, stru return ret; if (t.expired()) { - ldout(cct, 0) << "got expired token: " << t.get_project_name() << ":" << t.get_user_name() << " expired: " << t.get_expires() << dendl; + ldout(cct, 0) << "got expired token: " << t.get_project_name() + << ":" << t.get_user_name() + << " expired: " << t.get_expires() << dendl; return -EPERM; }