Skip to content

Commit

Permalink
Replace usage of root auth with cbox or daemon
Browse files Browse the repository at this point in the history
  • Loading branch information
Jesse Geens committed Nov 29, 2024
1 parent ec03606 commit d604057
Show file tree
Hide file tree
Showing 4 changed files with 81 additions and 220 deletions.
15 changes: 6 additions & 9 deletions pkg/eosclient/eosgrpc/eosgrpc.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ import (
"github.com/cs3org/reva/pkg/eosclient"
"github.com/cs3org/reva/pkg/errtypes"
"github.com/cs3org/reva/pkg/storage/utils/acl"
"github.com/cs3org/reva/pkg/utils"
"github.com/google/uuid"
"github.com/pkg/errors"
"github.com/rs/zerolog"
Expand Down Expand Up @@ -230,14 +231,13 @@ func (c *Client) getRespError(rsp *erpc.NSResponse, err error) error {

// Common code to create and initialize a NSRequest.
func (c *Client) initNSRequest(ctx context.Context, auth eosclient.Authorization, app string) (*erpc.NSRequest, error) {
// Stuff filename, uid, gid into the MDRequest type

log := appctx.GetLogger(ctx)
log.Debug().Str("(uid,gid)", "("+auth.Role.UID+","+auth.Role.GID+")").Msg("New grpcNS req")

rq := new(erpc.NSRequest)
rq.Role = new(erpc.RoleId)

// Let's put in the authentication info
if auth.Token != "" {
// Map to owner using EOSAUTHZ token
// We do not become cbox
Expand All @@ -261,6 +261,7 @@ func (c *Client) initNSRequest(ctx context.Context, auth eosclient.Authorization
}
}

// For NS operations, specifically for locking, we also need to provide the app
if app != "" {
rq.Role.App = app
}
Expand Down Expand Up @@ -737,7 +738,7 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, userAuth eosclient.Autho
log := appctx.GetLogger(ctx)
log.Debug().Str("func", "GetFileInfoByPath").Str("uid,gid", userAuth.Role.UID+","+userAuth.Role.GID).Str("path", path).Msg("entering")

daemonAuth := getDaemonAuth()
daemonAuth := utils.GetDaemonAuth()

// Initialize the common fields of the MDReq
// We do this as the daemon account, because the user may not have access to the file
Expand Down Expand Up @@ -790,7 +791,7 @@ func (c *Client) GetFileInfoByPath(ctx context.Context, userAuth eosclient.Autho

// In case the user is a lightweight / ... account, aka he has no UID, we impersonate the owner of the file
var userOrImpersonated eosclient.Authorization
if u.Id.Type == userpb.UserType_USER_TYPE_GUEST || u.Id.Type == userpb.UserType_USER_TYPE_FEDERATED {
if utils.IsLightweightUser(u) {
userOrImpersonated = eosclient.Authorization{
Role: eosclient.Role{
UID: strconv.FormatUint(info.UID, 10),
Expand Down Expand Up @@ -1253,7 +1254,7 @@ func (c *Client) List(ctx context.Context, userAuth eosclient.Authorization, dpa

var auth eosclient.Authorization
if userAuth.Role.UID == "" || userAuth.Role.GID == "" {
auth = getDaemonAuth()
auth = utils.GetDaemonAuth()
} else {
auth = userAuth
}
Expand Down Expand Up @@ -1839,7 +1840,3 @@ func aclAttrToAclStruct(aclAttr string) *acl.ACLs {

return acl
}

func getDaemonAuth() eosclient.Authorization {
return eosclient.Authorization{Role: eosclient.Role{UID: "2", GID: "2"}}
}
8 changes: 0 additions & 8 deletions pkg/eosclient/eosgrpc/eoshttp.go
Original file line number Diff line number Diff line change
Expand Up @@ -429,14 +429,6 @@ func (c *EOSHTTPClient) PUTFile(ctx context.Context, remoteuser string, auth eos
log.Debug().Str("func", "PUTFile").Int64("Content-Length", length).Msg("setting header")
req.Header.Set("Content-Length", strconv.FormatInt(length, 10))
}
if err != nil {
log.Error().Str("func", "PUTFile").Str("url", loc.String()).Str("err", err.Error()).Msg("can't create redirected request")
return err
}
if length >= 0 {
log.Debug().Str("func", "PUTFile").Int64("Content-Length", length).Msg("setting header")
req.Header.Set("Content-Length", strconv.FormatInt(length, 10))
}

log.Debug().Str("func", "PUTFile").Str("location", loc.String()).Msg("redirection")
nredirs++
Expand Down
Loading

0 comments on commit d604057

Please sign in to comment.