Skip to content

Instantly share code, notes, and snippets.

@notmyname

notmyname/patch.diff Secret

Last active June 13, 2016 23:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save notmyname/a3cbb534b2d49c2813cbf6da0634d135 to your computer and use it in GitHub Desktop.
Save notmyname/a3cbb534b2d49c2813cbf6da0634d135 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
patch.diff
diff --git a/swift/common/middleware/decrypter.py b/swift/common/middleware/decrypter.py
index c0cb6f0..70787e6 100644
--- a/swift/common/middleware/decrypter.py
+++ b/swift/common/middleware/decrypter.py
@@ -29,7 +29,7 @@ from swift.common.request_helpers import strip_user_meta_prefix, is_user_meta,\
from swift.common.swob import Request, HTTPException, HTTPInternalServerError
from swift.common.utils import get_logger, config_true_value, \
parse_content_range, closing_if_possible, parse_content_type, \
- FileLikeIter, multipart_byteranges_to_document_iters
+ FileLikeIter, multipart_byteranges_to_document_iters, public
DECRYPT_CHUNK_SIZE = 65536
@@ -272,6 +272,7 @@ class DecrypterObjContext(BaseDecrypterContext):
for chunk in resp:
yield decrypt_ctxt.update(chunk)
+ @public
def GET(self, req, start_response):
app_resp = self._app_call(req.environ)
@@ -326,6 +327,7 @@ class DecrypterObjContext(BaseDecrypterContext):
return resp_iter
+ @public
def HEAD(self, req, start_response):
app_resp = self._app_call(req.environ)
@@ -349,6 +351,7 @@ class DecrypterContContext(BaseDecrypterContext):
super(DecrypterContContext, self).__init__(
decrypter, 'container', logger)
+ @public
def GET(self, req, start_response):
app_resp = self._app_call(req.environ)
@@ -433,21 +436,22 @@ class Decrypter(object):
except ValueError:
return self.app(env, start_response)
- if parts[3] and hasattr(DecrypterObjContext, req.method):
- dec_context = DecrypterObjContext(self, self.logger)
- elif parts[2] and hasattr(DecrypterContContext, req.method):
- dec_context = DecrypterContContext(self, self.logger)
+ if parts[3]:
+ dec_context = DecrypterObjContext
+ elif parts[2]:
+ dec_context = DecrypterContContext
else:
- # url and/or request verb is not handled by decrypter
- dec_context = None
-
- if dec_context:
- try:
- return getattr(dec_context, req.method)(req, start_response)
- except HTTPException as err_resp:
- return err_resp(env, start_response)
-
- return self.app(env, start_response)
+ # pass through
+ return self.app(env, start_response)
+ handler = getattr(dec_context, req.method, None)
+ if handler is None or \
+ getattr(handler, 'publicly_accessible', False) is not True:
+ # pass through, don't return/raise an error
+ return self.app(env, start_response)
+ try:
+ return handler(dec_context(self, self.logger), req, start_response)
+ except HTTPException as err_resp:
+ return err_resp(env, start_response)
def filter_factory(global_conf, **local_conf):
diff --git a/swift/common/middleware/encrypter.py b/swift/common/middleware/encrypter.py
index e486205..64bef69 100644
--- a/swift/common/middleware/encrypter.py
+++ b/swift/common/middleware/encrypter.py
@@ -24,7 +24,7 @@ from swift.common.request_helpers import get_object_transient_sysmeta, \
strip_user_meta_prefix, is_user_meta, update_etag_is_at_header
from swift.common.swob import Request, Match, HTTPException, \
HTTPUnprocessableEntity
-from swift.common.utils import get_logger, config_true_value
+from swift.common.utils import get_logger, config_true_value, public
def encrypt_header_val(crypto, value, key, iv_base=None):
@@ -211,6 +211,7 @@ class EncrypterObjContext(CryptoWSGIContext):
short_name = strip_user_meta_prefix(self.server_type, name)
req.headers[prefix + short_name] = dump_crypto_meta(meta)
+ @public
def PUT(self, req, start_response):
self._check_headers(req)
keys = self.get_keys(req.environ, required=['object', 'container'])
@@ -234,6 +235,7 @@ class EncrypterObjContext(CryptoWSGIContext):
self._response_exc_info)
return resp
+ @public
def POST(self, req, start_response):
"""
Encrypt the new object headers with a new iv and the current crypto.
@@ -282,9 +284,11 @@ class EncrypterObjContext(CryptoWSGIContext):
self._response_exc_info)
return resp
+ @public
def HEAD(self, req, start_response):
return self.handle_get_or_head(req, start_response)
+ @public
def GET(self, req, start_response):
return self.handle_get_or_head(req, start_response)
@@ -313,16 +317,16 @@ class Encrypter(object):
except ValueError:
return self.app(env, start_response)
- if hasattr(EncrypterObjContext, req.method):
- # handle only those request methods that may require keys
- enc_context = EncrypterObjContext(self, self.logger)
- try:
- return getattr(enc_context, req.method)(req, start_response)
- except HTTPException as err_resp:
- return err_resp(env, start_response)
-
- # anything else
- return self.app(env, start_response)
+ enc_context = EncrypterObjContext
+ handler = getattr(enc_context, req.method, None)
+ if handler is None or \
+ getattr(handler, 'publicly_accessible', False) is not True:
+ # pass through, don't return/raise an error
+ return self.app(env, start_response)
+ try:
+ return handler(enc_context(self, self.logger), req, start_response)
+ except HTTPException as err_resp:
+ return err_resp(env, start_response)
def filter_factory(global_conf, **local_conf):
diff --git a/swift/common/middleware/keymaster.py b/swift/common/middleware/keymaster.py
index eec2dce..cc8a3c3 100644
--- a/swift/common/middleware/keymaster.py
+++ b/swift/common/middleware/keymaster.py
@@ -30,6 +30,7 @@ import os
from swift.common.middleware.crypto_utils import CRYPTO_KEY_CALLBACK
from swift.common.swob import Request, HTTPException
+from swift.common.utils import public
from swift.common.wsgi import WSGIContext
@@ -95,15 +96,19 @@ class KeyMasterContext(WSGIContext):
self._response_exc_info)
return resp
+ @public
def PUT(self, req, start_response):
return self._handle_request(req, start_response)
+ @public
def POST(self, req, start_response):
return self._handle_request(req, start_response)
+ @public
def GET(self, req, start_response):
return self._handle_request(req, start_response)
+ @public
def HEAD(self, req, start_response):
return self._handle_request(req, start_response)
@@ -130,16 +135,17 @@ class KeyMaster(object):
except ValueError:
return self.app(env, start_response)
- if hasattr(KeyMasterContext, req.method):
- # handle only those request methods that may require keys
- km_context = KeyMasterContext(self, *parts[1:])
- try:
- return getattr(km_context, req.method)(req, start_response)
- except HTTPException as err_resp:
- return err_resp(env, start_response)
-
- # anything else
- return self.app(env, start_response)
+ # handle only those request methods that may require keys
+ km_context = KeyMasterContext
+ handler = getattr(km_context, req.method, None)
+ if handler is None or \
+ getattr(handler, 'publicly_accessible', False) is not True:
+ # pass through, don't return/raise an error
+ return self.app(env, start_response)
+ try:
+ return handler(km_context(self, *parts[1:]), req, start_response)
+ except HTTPException as err_resp:
+ return err_resp(env, start_response)
def create_key(self, key_id):
return hmac.new(self.root_secret, key_id,
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment