From: Yuval Lifshitz <ylifshit@redhat.com>
Date: Thu, 8 Dec 2022 18:30:58 +0000 (+0000)
Subject: rgw/notifications: prevent anonymous topic operations
X-Git-Tag: v18.1.0~334^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=5bb78abf8643ea58f753f45f356002e359a3d8cd;p=ceph.git

rgw/notifications: prevent anonymous topic operations

fixes: https://tracker.ceph.com/issues/58167

Signed-off-by: Yuval Lifshitz <ylifshit@redhat.com>
---

diff --git a/src/rgw/driver/rados/rgw_rest_pubsub.cc b/src/rgw/driver/rados/rgw_rest_pubsub.cc
index 86c18bf74397..6d37002c9f13 100644
--- a/src/rgw/driver/rados/rgw_rest_pubsub.cc
+++ b/src/rgw/driver/rados/rgw_rest_pubsub.cc
@@ -510,7 +510,15 @@ RGWOp *RGWHandler_REST_PSTopic_AWS::op_post()
 }
 
 int RGWHandler_REST_PSTopic_AWS::authorize(const DoutPrefixProvider* dpp, optional_yield y) {
-  return RGW_Auth_S3::authorize(dpp, driver, auth_registry, s, y);
+  const auto rc = RGW_Auth_S3::authorize(dpp, driver, auth_registry, s, y);
+  if (rc < 0) {
+    return rc;
+  }
+  if (s->auth.identity->is_anonymous()) {
+    ldpp_dout(dpp, 1) << "anonymous user not allowed in topic operations" << dendl;
+    return -ERR_INVALID_REQUEST;
+  }
+  return 0;
 }
 
 namespace {