RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-02-20 17:37:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #31879 from joke-lee/rgw-sts-post-upload-auth

Browse Source 
rgw: use STSEngine::authenticate when post upload with x_amz_security_token
This commit is contained in:
Daniel Gryniewicz 2020-01-29 07:48:10 -05:00 committed by GitHub
commit c1b88a9c15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/rgw/rgw_common.h
View File

@ -1258,6 +1258,7 @@ namespace rgw {
namespace auth {
namespace s3 {
class AWSBrowserUploadAbstractor;
class STSEngine;
}
class Completer;
}
@ -1667,6 +1668,7 @@ struct req_state : DoutPrefixProvider {
friend class RGWPostObj_ObjStore_S3;
/* Reader. */
friend class rgw::auth::s3::AWSBrowserUploadAbstractor;
friend class rgw::auth::s3::STSEngine;
std::string access_key;
std::string signature;

10
src/rgw/rgw_rest_s3.cc
View File

@ -2885,7 +2885,12 @@ int RGWPostObj_ObjStore_S3::get_policy()
}
}
part_str(parts, "x-amz-security-token", &s->auth.s3_postobj_creds.x_amz_security_token);
if (part_str(parts, "x-amz-security-token", &s->auth.s3_postobj_creds.x_amz_security_token)) {
if (s->auth.s3_postobj_creds.x_amz_security_token.size() == 0) {
err_msg = "Invalid token";
return -EINVAL;
}
}
/* FIXME: this is a makeshift solution. The browser upload authentication will be
* handled by an instance of rgw::auth::Completer spawned in Handler's authorize()
@ -5696,7 +5701,8 @@ rgw::auth::s3::STSEngine::authenticate(
const req_state* const s) const
{
if (! s->info.args.exists("X-Amz-Security-Token") &&
! s->info.env->exists("HTTP_X_AMZ_SECURITY_TOKEN")) {
! s->info.env->exists("HTTP_X_AMZ_SECURITY_TOKEN") &&
s->auth.s3_postobj_creds.x_amz_security_token.empty()) {
return result_t::deny();
}