13207: Rados Gateway: Anonymous user is able to read bucket with authenticated read ACL

Signed-off-by: root <rahul.1aggarwal@gmail.com>
(cherry picked from commit 99ba6610a8f437604cadf68cbe9969def893e870)

diff --git a/src/rgw/rgw_acl_s3.cc b/src/rgw/rgw_acl_s3.cc
index 785324c99872a727c2681e4f35e5fd13c750fef2..5831d723b384f0d6e61277bcc6e26212b4d0e0d9 100644 (file)
--- a/src/rgw/rgw_acl_s3.cc
+++ b/src/rgw/rgw_acl_s3.cc
@@ -540,7 +540,7 @@ bool RGWAccessControlPolicy_S3::compare_group_name(string& id, ACLGroupTypeEnum
 {
   switch (group) {
   case ACL_GROUP_ALL_USERS:
-    return (id.compare(rgw_uri_all_users) == 0);
+    return (id.compare(RGW_USER_ANON_ID) == 0);
   case ACL_GROUP_AUTHENTICATED_USERS:
     return (id.compare(rgw_uri_auth_users) == 0);
   default:

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index ad467100a60f37c5c042d43678f39e6cda47d9df..3e00760ccce881f3e0e2519299e38e670df9087b 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -17,6 +17,7 @@
 #include "rgw_rest.h"
 #include "rgw_acl.h"
 #include "rgw_acl_s3.h"
+#include "rgw_acl_swift.h"
 #include "rgw_user.h"
 #include "rgw_bucket.h"
 #include "rgw_log.h"
@@ -356,7 +357,13 @@ static int rgw_build_policies(RGWRados *store, struct req_state *s, bool only_bu
     }
   }
 
-  s->bucket_acl = new RGWAccessControlPolicy(s->cct);
+  if(s->dialect.compare("s3") == 0) {
+    s->bucket_acl = new RGWAccessControlPolicy_S3(s->cct);
+  } else if(s->dialect.compare("swift")  == 0) {
+    s->bucket_acl = new RGWAccessControlPolicy_SWIFT(s->cct);
+  } else {
+    s->bucket_acl = new RGWAccessControlPolicy(s->cct);
+  }
 
   if (s->copy_source) { /* check if copy source is within the current domain */
     const char *src = s->copy_source;