~ubuntu-branches/ubuntu/raring/ceph/raring

« back to all changes in this revision

Viewing changes to src/rgw/rgw_swift_auth.cc

Committer: Package Import Robot
Author(s): Laszlo Boszormenyi (GCS)
Date: 2012-02-05 10:07:38 UTC
mfrom: (1.1.7) (0.1.11 sid)
Revision ID: package-import@ubuntu.com-20120205100738-00s0bxx93mamy8tk

Tags: 0.41-1

New upstream release.

files added:
debian/ceph-resource-agents.install

m4/acx_pthread.m4

src/common/ipaddr.cc

src/common/pick_address.cc

src/common/pick_address.h

src/common/xattr.c

src/common/xattr.h

src/include/cmp.h

src/include/compat.h

src/include/ipaddr.h

src/include/uuid.h

src/messages/MMonJoin.h

src/messages/MMonProbe.h

src/messages/MOSDPGBackfill.h

src/messages/MOSDPGScan.h

src/ocf

src/ocf/Makefile.am

src/ocf/Makefile.in

src/ocf/ceph.in

src/os/ObjectStore.cc

src/test/libcephfs

src/test/libcephfs/readdir_r_cb.cc

src/test/osd/Object.h

src/test/osd/TestOpStat.h

src/test/osd/TestRados.cc

src/test/system/st_rados_delete_objs.h

src/test/system/st_rados_delete_pool.h

src/test/system/st_rados_notify.h

src/test/system/st_rados_watch.h

src/test/test_ipaddr.cc

files removed:
src/test/TestIntervalTree.cc

src/test/ceph-pybind-rgw-test.py

src/test/ceph-pybind-test.py

src/test/osd/TestReadWrite.cc

src/test/osd/TestSnaps.cc

files modified:
COPYING

Makefile.in

aclocal.m4

ceph.spec

ceph.spec.in

compile

configure

configure.ac

debian/changelog

debian/control

debian/copyright

debian/rules

depcomp

install-sh

ltmain.sh *

man/Makefile.in

man/ceph-authtool.8

man/mount.ceph.8

man/radosgw.8

man/rbd.8

missing

py-compile

src/.git_version

src/Makefile.am

src/Makefile.in

src/acconfig.h.in

src/auth/AuthSupported.cc

src/auth/AuthSupported.h

src/auth/Crypto.cc

src/auth/Crypto.h

src/auth/KeyRing.cc

src/auth/KeyRing.h

src/auth/cephx/CephxKeyServer.h

src/bash_completion/rbd

src/ceph-rbdnamer

src/ceph_authtool.cc

src/ceph_mds.cc

src/ceph_mon.cc

src/ceph_osd.cc

src/ceph_syn.cc

src/check_version

src/client/Client.cc

src/client/Client.h

src/client/SyntheticClient.cc

src/client/fuse_ll.cc

src/client/hadoop/CephFSInterface.cc

src/client/hadoop/CephFSInterface.h

src/client/ioctl.h

src/common/DoutStreambuf.cc

src/common/HeartbeatMap.cc

src/common/MemoryModel.cc

src/common/Mutex.h

src/common/Thread.cc

src/common/Timer.cc

src/common/admin_socket.cc

src/common/admin_socket.h

src/common/admin_socket_client.cc

src/common/admin_socket_client.h

src/common/armor.c

src/common/assert.cc

src/common/buffer.cc

src/common/ceph_context.cc

src/common/ceph_context.h

src/common/ceph_crypto.cc

src/common/code_environment.cc

src/common/common_init.cc

src/common/common_init.h

src/common/config.cc

src/common/config.h

src/common/config_opts.h

src/common/errno.cc

src/common/fiemap.cc

src/common/lockdep.cc

src/common/perf_counters.cc

src/common/perf_counters.h

src/common/pipe.c

src/common/sctp_crc32.c

src/common/secret.c

src/common/secret.h

src/common/str_list.cc

src/common/sync_filesystem.h

src/crush/CrushWrapper.cc

src/crush/CrushWrapper.h

src/crush/builder.c

src/crush/crush.c

src/crush/crush.h

src/crush/grammar.h

src/crush/hash.c

src/crush/mapper.c

src/crush/mapper.h

src/crushtool.cc

src/global/global_init.cc

src/global/global_init.h

src/global/pidfile.cc

src/global/signal_handler.cc

src/gtest/Makefile.in

src/gtest/aclocal.m4

src/gtest/build-aux/config.h.in

src/gtest/build-aux/depcomp

src/gtest/build-aux/install-sh

src/gtest/build-aux/ltmain.sh *

src/gtest/build-aux/missing

src/gtest/configure

src/include/addr_parsing.c

src/include/assert.h

src/include/buffer.h

src/include/byteorder.h

src/include/ceph_fs.h

src/include/ceph_strings.cc

src/include/cephfs/libcephfs.h

src/include/encoding.h

src/include/fiemap.h

src/include/frag.h

src/include/interval_set.h

src/include/inttypes.h

src/include/linux_fiemap.h

src/include/object.h

src/include/page.h

src/include/rados.h

src/include/rados/buffer.h

src/include/rados/librados.h

src/include/rados/librados.hpp

src/include/rados/page.h

src/include/rbd/librbd.h

src/include/rbd_types.h

src/include/str_list.h

src/include/types.h

src/init-ceph.in

src/init-radosgw

src/libcephfs.cc

src/librados.cc

src/librbd.cc

src/make_version

src/mds/CInode.cc

src/mds/Dumper.cc

src/mds/MDBalancer.cc

src/mds/MDCache.cc

src/mds/MDCache.h

src/mds/MDLog.cc

src/mds/MDS.cc

src/mds/MDS.h

src/mds/MDSMap.h

src/mds/Migrator.cc

src/mds/Server.cc

src/mds/locks.c

src/mds/mdstypes.h

src/messages/MAuth.h

src/messages/MClientLease.h

src/messages/MCommand.h

src/messages/MGetPoolStats.h

src/messages/MGetPoolStatsReply.h

src/messages/MLog.h

src/messages/MLogAck.h

src/messages/MMDSBeacon.h

src/messages/MMDSMap.h

src/messages/MMonCommand.h

src/messages/MMonElection.h

src/messages/MMonObserve.h

src/messages/MMonObserveNotify.h

src/messages/MMonSubscribeAck.h

src/messages/MOSDFailure.h

src/messages/MOSDMap.h

src/messages/MOSDOp.h

src/messages/MOSDOpReply.h

src/messages/MOSDPGQuery.h

src/messages/MOSDPing.h

src/messages/MOSDRepScrub.h

src/messages/MOSDScrub.h

src/messages/MOSDSubOp.h

src/messages/MPGStats.h

src/messages/MPoolOp.h

src/messages/MPoolOpReply.h

src/messages/MStatfs.h

src/messages/MStatfsReply.h

src/mon/AuthMonitor.cc

src/mon/AuthMonitor.h

src/mon/Elector.cc

src/mon/Elector.h

src/mon/LogMonitor.cc

src/mon/LogMonitor.h

src/mon/MDSMonitor.cc

src/mon/MDSMonitor.h

src/mon/MonClient.cc

src/mon/MonClient.h

src/mon/MonMap.cc

src/mon/MonMap.h

src/mon/Monitor.cc

src/mon/Monitor.h

src/mon/MonitorStore.cc

src/mon/MonmapMonitor.cc

src/mon/MonmapMonitor.h

src/mon/OSDMonitor.cc

src/mon/OSDMonitor.h

src/mon/PGMap.cc

src/mon/PGMonitor.cc

src/mon/PGMonitor.h

src/mon/Paxos.cc

src/mon/Paxos.h

src/mon/PaxosService.cc

src/mon/PaxosService.h

src/mon/Session.h

src/monmaptool.cc

src/mount/mount.ceph.c

src/msg/Message.cc

src/msg/Message.h

src/msg/SimpleMessenger.cc

src/msg/SimpleMessenger.h

src/msg/msg_types.cc

src/msg/msg_types.h

src/msg/tcp.cc

src/msg/tcp.h

src/objclass/class_api.cc

src/obsync/obsync

src/os/CollectionIndex.h

src/os/FileJournal.cc

src/os/FileJournal.h

src/os/FileStore.cc

src/os/FileStore.h

src/os/FlatIndex.cc

src/os/FlatIndex.h

src/os/HashIndex.cc

src/os/HashIndex.h

src/os/IndexManager.cc

src/os/Journal.h

src/os/JournalingObjectStore.cc

src/os/JournalingObjectStore.h

src/os/LFNIndex.cc

src/os/LFNIndex.h

src/os/ObjectStore.h

src/os/btrfs_ioctl.h

src/osd/Ager.cc

src/osd/ClassHandler.cc

src/osd/OSD.cc

src/osd/OSD.h

src/osd/OSDMap.cc

src/osd/OSDMap.h

src/osd/PG.cc

src/osd/PG.h

src/osd/PGLS.h

src/osd/ReplicatedPG.cc

src/osd/ReplicatedPG.h

src/osd/osd_types.cc

src/osd/osd_types.h

src/osdc/Journaler.cc

src/osdc/Objecter.cc

src/osdc/Objecter.h

src/osdmaptool.cc

src/pybind/rados.py

src/pybind/rbd.py

src/rados.cc

src/rados_export.cc

src/rados_import.cc

src/rados_sync.cc

src/rbd.cc

src/rgw/rgw_access.h

src/rgw/rgw_admin.cc

src/rgw/rgw_cache.cc

src/rgw/rgw_cache.h

src/rgw/rgw_common.cc

src/rgw/rgw_common.h

src/rgw/rgw_formats.cc

src/rgw/rgw_fs.cc

src/rgw/rgw_fs.h

src/rgw/rgw_log.cc

src/rgw/rgw_main.cc

src/rgw/rgw_op.cc

src/rgw/rgw_op.h

src/rgw/rgw_rados.cc

src/rgw/rgw_rados.h

src/rgw/rgw_rest.cc

src/rgw/rgw_rest.h

src/rgw/rgw_rest_s3.cc

src/rgw/rgw_rest_s3.h

src/rgw/rgw_rest_swift.cc

src/rgw/rgw_rest_swift.h

src/rgw/rgw_swift.cc

src/rgw/rgw_swift_auth.cc

src/rgw/rgw_swift_auth.h

src/rgw/rgw_tools.cc

src/rgw/rgw_tools.h

src/rgw/rgw_user.cc

src/rgw/rgw_user.h

src/rgw/rgw_xml.cc

src/scratchtool.c

src/test/admin_socket.cc

src/test/cli/cauthtool/add-key.t

src/test/cli/cauthtool/cap.t

src/test/cli/cauthtool/create-gen-list-bin.t

src/test/cli/cauthtool/create-gen-list.t

src/test/cli/cauthtool/list-nonexistent-bin.t

src/test/cli/cauthtool/list-nonexistent.t

src/test/cli/cauthtool/manpage.t

src/test/cli/monmaptool/add-exists.t

src/test/cli/monmaptool/add-many.t

src/test/cli/monmaptool/clobber.t

src/test/cli/monmaptool/create-print.t

src/test/cli/monmaptool/create-with-add.t

src/test/cli/monmaptool/rm-nonexistent.t

src/test/cli/monmaptool/rm.t

src/test/cli/osdmaptool/print-nonexistent.t

src/test/cli/radosgw-admin/help.t

src/test/cli/rbd/help.t

src/test/cli/rbd/invalid-snap-usage.t

src/test/osd/RadosModel.cc

src/test/osd/RadosModel.h

src/test/perf_counters.cc

src/test/rados-api/list.cc

src/test/run_cmd.cc

src/test/store_test.cc

src/test/system/st_rados_list_objects.cc

src/test/system/systest_runnable.cc

src/test/test_filestore_idempotent.cc

src/test/test_str_list.cc

src/testmsgr.cc

src/tools/ceph.cc

src/tools/common.cc

src/tools/gui.cc

src/vstart.sh

udev/50-rbd.rules

Show diffs side-by-side

added added

removed removed

src/rgw/rgw_swift_auth.cc

#define DOUT_SUBSYS rgw

#define DEFAULT_SWIFT_PREFIX "swift"

using namespace ceph::crypto;

static RGW_SWIFT_Auth_Get rgw_swift_auth_get;

int len = strlen(token);

if (len & 1) {

dout(0) << "failed to verify token: invalid token length len=" << len << dendl;

dout(0) << "NOTICE: failed to verify token: invalid token length len=" << len << dendl;

return -EINVAL;

}

::decode(nonce, iter);

::decode(expiration, iter);

} catch (buffer::error& err) {

dout(0) << "failed to decode token: caught exception" << dendl;

dout(0) << "NOTICE: failed to decode token: caught exception" << dendl;

return -EINVAL;

}

if (expiration < ceph_clock_now(g_ceph_context)) {

dout(0) << "old timed out token was used now=" << ceph_clock_now(g_ceph_context) << " token.expiration=" << expiration << dendl;

dout(0) << "NOTICE: old timed out token was used now=" << ceph_clock_now(g_ceph_context) << " token.expiration=" << expiration << dendl;

return -EPERM;

}

110

112

return ret;

111

113

112

114

if (tok.length() != bl.length()) {

113

dout(0) << "tokens length mismatch: bl.length()=" << bl.length() << " tok.length()=" << tok.length() << dendl;

115

dout(0) << "NOTICE: tokens length mismatch: bl.length()=" << bl.length() << " tok.length()=" << tok.length() << dendl;

114

116

return -EPERM;

115

117

}

116

118

117

119

if (memcmp(tok.c_str(), bl.c_str(), tok.length()) != 0) {

118

120

char buf[tok.length() * 2 + 1];

119

121

buf_to_hex((const unsigned char *)tok.c_str(), tok.length(), buf);

120

dout(0) << "WARNING: tokens mismatch tok=" << buf << dendl;

122

dout(0) << "NOTICE: tokens mismatch tok=" << buf << dendl;

121

123

return -EPERM;

122

124

}

123

125

128

130

{

129

131

int ret = -EPERM;

130

132

131

dout(20) << "RGW_SWIFT_Auth_Get::execute()" << dendl;

132

133

const char *key = s->env->get("HTTP_X_AUTH_KEY");

134

const char *user = s->env->get("HTTP_X_AUTH_USER");

135

136

string user_str = user;

136

string user_str;

137

RGWUserInfo info;

138

bufferlist bl;

139

RGWAccessKey *swift_key;

140

map<string, RGWAccessKey>::iterator siter;

141

142

if (g_conf->rgw_swift_url.length() == 0 ||

143

g_conf->rgw_swift_url_prefix.length() == 0) {

144

dout(0) << "server is misconfigured, missing rgw_swift_url_prefix or rgw_swift_url" << dendl;

145

ret = -EINVAL;

146

goto done;

147

}

142

string swift_url = g_conf->rgw_swift_url;

143

string swift_prefix = g_conf->rgw_swift_url_prefix;

144

145

if (swift_prefix.size() == 0) {

146

swift_prefix = DEFAULT_SWIFT_PREFIX;

147

}

148

149

if (swift_url.size() == 0) {

150

bool add_port = false;

151

const char *server_port = s->env->get("SERVER_PORT_SECURE");

152

const char *protocol;

153

if (server_port) {

154

add_port = (strcmp(server_port, "443") != 0);

155

protocol = "https";

156

} else {

157

server_port = s->env->get("SERVER_PORT");

158

add_port = (strcmp(server_port, "80") != 0);

159

protocol = "http";

160

}

161

const char *host = s->env->get("HTTP_HOST");

162

if (!host) {

163

dout(0) << "NOTICE: server is misconfigured, missing rgw_swift_url_prefix or rgw_swift_url, HTTP_HOST is not set" << dendl;

164

ret = -EINVAL;

165

goto done;

166

}

167

swift_url = protocol;

168

swift_url.append("://");

169

swift_url.append(host);

170

if (add_port) {

171

swift_url.append(":");

172

swift_url.append(server_port);

173

}

174

}

175

148

176

149

177

if (!key || !user)

150

178

goto done;

151

179

180

user_str = user;

181

152

182

if ((ret = rgw_get_user_info_by_swift(user_str, info)) < 0)

153

183

goto done;

154

184

160

190

swift_key = &siter->second;

161

191

162

192

if (swift_key->key.compare(key) != 0) {

163

dout(0) << "RGW_SWIFT_Auth_Get::execute(): bad swift key" << dendl;

193

dout(0) << "NOTICE: RGW_SWIFT_Auth_Get::execute(): bad swift key" << dendl;

164

194

ret = -EPERM;

165

195

goto done;

166

196

}

167

197

168

CGI_PRINTF(s, "X-Storage-Url: %s/%s/v1\n", g_conf->rgw_swift_url.c_str(),

169

g_conf->rgw_swift_url_prefix.c_str());

198

CGI_PRINTF(s, "X-Storage-Url: %s/%s/v1\n", swift_url.c_str(),

199

swift_prefix.c_str());

170

200

171

201

if ((ret = encode_token(swift_key->id, swift_key->key, bl)) < 0)

172

202

goto done;

175

205

char buf[bl.length() * 2 + 1];

176

206

buf_to_hex((const unsigned char *)bl.c_str(), bl.length(), buf);

177

207

178

CGI_PRINTF(s, "X-Storage-Token: AUTH_rgwtk%s\n", buf);

208

CGI_PRINTF(s, "X-Auth-Token: AUTH_rgwtk%s\n", buf);

179

209

}

180

210

181

211

ret = STATUS_NO_CONTENT;

186

216

end_header(s);

187

217

}

188

218

219

int RGWHandler_SWIFT_Auth::init(struct req_state *state, FCGX_Request *fcgx)

220

{

221

state->dialect = "swift-auth";

222

223

return RGWHandler::init(state, fcgx);

224

}

225

189

226

int RGWHandler_SWIFT_Auth::authorize()

190

227

{

191

228

return 0;

Older »