]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
rgw: better tenant id from the uri on anonymous access 47308/head
authorMarcus Watts <mwatts@redhat.com>
Thu, 7 Jul 2022 07:33:31 +0000 (03:33 -0400)
committerMarcus Watts <mwatts@redhat.com>
Wed, 27 Jul 2022 20:59:47 +0000 (16:59 -0400)
When anonymous tries access public bucket, it gets 404,
because rgw doesn't check tenant correctly.

A previous fix for this broke legacy implicit tenants,
because it didn't check for anonymous access.  This version
restricts its behavior to the anonymous user.

Fixes: https://tracker.ceph.com/issues/48001 https://tracker.ceph.com/issues/48382
Original fix by
Author: Rafał Wądołowski <rafal@rafal.net.pl>
Signed-off-by: Rafał Wądołowski <rwadolowski@cloudferro.com>
This fix
Signed-off-by: Marcus Watts <mwatts@redhat.com>
src/rgw/rgw_rest_swift.cc

index 858397079b1bbec280897e05b26bb46eca731f4f..31804afa3252a73ad17fdf81d0be8fea661220f3 100644 (file)
@@ -2805,7 +2805,12 @@ int RGWHandler_REST_SWIFT::postauth_init(optional_yield y)
   struct req_init_state* t = &s->init_state;
 
   /* XXX Stub this until Swift Auth sets account into URL. */
-  s->bucket_tenant = s->user->get_tenant();
+  if (g_conf()->rgw_swift_account_in_url
+      && s->user->get_id().id == RGW_USER_ANON_ID) {
+    s->bucket_tenant = s->account_name;
+  } else {
+    s->bucket_tenant = s->user->get_tenant();
+  }
   s->bucket_name = t->url_bucket;
 
   if (!s->object) {