From: Seena Fallah <seenafallah@gmail.com>
Date: Fri, 28 Mar 2025 20:55:20 +0000 (+0100)
Subject: rgw: remote copy obj pass rgwx-perm-check-uid for perm evaluation
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=3c83520d3338e85e2219e34e77d1149033533a71;p=ceph.git

rgw: remote copy obj pass rgwx-perm-check-uid for perm evaluation

When copying object from remote source (bucket from another zonegroup)
the perms of the source is not evaluated resulting in reading from
unauthorized buckets.
passing `rgwx-perm-check-uid` will let the source zone evaluates the
perm and close this bug.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---

diff --git a/src/rgw/driver/rados/rgw_rados.cc b/src/rgw/driver/rados/rgw_rados.cc
index 06d64538ed34d..08731ab69cd6f 100644
--- a/src/rgw/driver/rados/rgw_rados.cc
+++ b/src/rgw/driver/rados/rgw_rados.cc
@@ -4891,7 +4891,7 @@ int RGWRados::copy_obj(RGWObjectCtx& src_obj_ctx,
     // that only one thread tries to suspend that coroutine
     const req_context rctx{dpp, null_yield, nullptr};
     const rgw_owner remote_user_owner(remote_user);
-    return fetch_remote_obj(dest_obj_ctx, &remote_user_owner, nullptr, info, source_zone,
+    return fetch_remote_obj(dest_obj_ctx, &remote_user_owner, &remote_user, info, source_zone,
                dest_obj, src_obj, dest_bucket_info, &src_bucket_info,
                dest_placement, src_mtime, mtime, mod_ptr,
                unmod_ptr, high_precision_time,