From: Mark Houghton Date: Tue, 3 Nov 2020 11:10:04 +0000 (+0000) Subject: rgw: fix RGWDeleteMultiObj::verify_permission X-Git-Tag: v15.2.14~92^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=228b37b6c0e08d86d2c3916f853325fe67fba2c9;p=ceph.git rgw: fix RGWDeleteMultiObj::verify_permission Signed-off-by: Mark Houghton (cherry picked from commit ba23750bea89a0e9818887abe62db0efef02fe3a) Conflicts: src/rgw/rgw_op.cc: s->object.empty() vs rgw::sal::RGWObject::empty(s->object.get()) s->object.instance.empty() vs s->object->get_instance().empty() --- diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 78e35339c8a..2996a461bf6 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -6469,6 +6469,11 @@ void RGWGetHealthCheck::execute() int RGWDeleteMultiObj::verify_permission() { + int op_ret = get_params(); + if (op_ret) { + return op_ret; + } + if (s->iam_policy || ! s->iam_user_policies.empty()) { if (s->bucket_info.obj_lock_enabled() && bypass_governance_mode) { auto r = eval_user_policies(s->iam_user_policies, s->env, boost::none, @@ -6483,9 +6488,12 @@ int RGWDeleteMultiObj::verify_permission() } } } + + bool empty = s->object.empty() || s->object.instance.empty(); + auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env, boost::none, - s->object.instance.empty() ? + empty ? rgw::IAM::s3DeleteObject : rgw::IAM::s3DeleteObjectVersion, ARN(s->bucket)); @@ -6496,7 +6504,7 @@ int RGWDeleteMultiObj::verify_permission() rgw::IAM::Effect r = Effect::Pass; if (s->iam_policy) { r = s->iam_policy->eval(s->env, *s->auth.identity, - s->object.instance.empty() ? + empty ? rgw::IAM::s3DeleteObject : rgw::IAM::s3DeleteObjectVersion, ARN(s->bucket)); @@ -6529,11 +6537,6 @@ void RGWDeleteMultiObj::execute() RGWObjectCtx *obj_ctx = static_cast(s->obj_ctx); char* buf; - op_ret = get_params(); - if (op_ret < 0) { - goto error; - } - buf = data.c_str(); if (!buf) { op_ret = -EINVAL;