git-server-git.apps.pok.os.sepia.ceph.com Git

author	Casey Bodley <cbodley@redhat.com>
	Fri, 1 Mar 2024 14:36:31 +0000 (09:36 -0500)
committer	Casey Bodley <cbodley@redhat.com>
	Wed, 10 Apr 2024 17:09:17 +0000 (13:09 -0400)
commit	315ded47868de276de644315767d9ea2fab9c845
tree	c2cb31af2d369efea1086a0d15faf763e1aa467c	tree \| snapshot
parent	071e89b506437da511538c23ebee0d37c5d37745	commit \| diff

rgw/auth: object ops use new verify_bucket_permission() overload

several object operations like PutObject, DeleteObject, etc were handling
policy evaluation manually instead of using the helper functions like
verify_user/bucket/object_permission(), so were missing the cross-policy
evaluation rules for account users

these now call the new 'custom arn' overload of verify_bucket_permission()
for equivalent functionality

the eval_identity_or_session_policies() function is no longer exposed by
rgw_common.h to prevent other ops from adding new logic that doesn't
handle cross-account access

Signed-off-by: Casey Bodley <cbodley@redhat.com>

src/rgw/rgw_common.cc		diff \| blob \| history
src/rgw/rgw_common.h		diff \| blob \| history
src/rgw/rgw_op.cc		diff \| blob \| history
src/rgw/rgw_op.h		diff \| blob \| history
src/rgw/rgw_rest_swift.cc		diff \| blob \| history
src/rgw/rgw_rest_swift.h		diff \| blob \| history