From: Seena Fallah <seenafallah@gmail.com>
Date: Fri, 14 Feb 2025 11:39:54 +0000 (+0100)
Subject: rgw: prevent data sync from replicating to buckets not owned by the user
X-Git-Tag: v20.3.0~390^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7e53cf7013ae2c920427fb3ba8b423d4ae218378;p=ceph.git

rgw: prevent data sync from replicating to buckets not owned by the user

Issue https://tracker.ceph.com/issues/68884 revealed that because
user_acl is initialized by default in RGWUserPermHandler::Init with
the same identity, calling verify_bucket_permission_no_policy()
would mistakenly allow the request since the user ACL matches the
identity. Removing the default creation of user_acl would align the
behavior with other S3 operations to prevent unauthorized data replication.

Fixes: https://tracker.ceph.com/issues/69972
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---

diff --git a/src/rgw/driver/rados/rgw_data_sync.cc b/src/rgw/driver/rados/rgw_data_sync.cc
index e63fdfae395..7eb8db38088 100644
--- a/src/rgw/driver/rados/rgw_data_sync.cc
+++ b/src/rgw/driver/rados/rgw_data_sync.cc
@@ -2694,8 +2694,8 @@ class RGWUserPermHandler {
 
       ret = RGWUserPermHandler::policy_from_attrs(
           sync_env->cct, user->get_attrs(), &info->user_acl);
-      if (ret == -ENOENT) {
-        info->user_acl.create_default(uid, user->get_display_name());
+      if (ret < 0 && ret != -ENOENT) {
+        return ret;
       }
 
       return 0;