From: Radoslaw Zarzynski Date: Mon, 18 Jan 2016 12:34:58 +0000 (+0100) Subject: rgw: use Swift account name in TempURL. X-Git-Tag: v10.1.0~163^2~4 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c6f48ff03f9f4336fe689435e09653f788454d95;p=ceph.git rgw: use Swift account name in TempURL. Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index 92b0c3844ac4..54e598c7e3f3 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -551,14 +551,29 @@ int authenticate_temp_url(RGWRados *store, req_state *s) if (temp_url_expires.empty()) return -EPERM; - /* need to get user info of bucket owner */ - RGWBucketInfo bucket_info; + /* TempURL case is completely different than the Keystone auth - you may + * get account name only through extraction from URL. In turn, knowledge + * about account is neccessary to obtain its bucket tenant. Without that, + * the access would be limited to accounts with empty tenant. */ + string bucket_tenant; + if (!s->account_name.empty()) { + RGWUserInfo uinfo; + + if (rgw_get_user_info_by_uid(store, s->account_name, uinfo) < 0) { + return -EPERM; + } + bucket_tenant = uinfo.user_id.tenant; + } + + /* Need to get user info of bucket owner. */ + RGWBucketInfo bucket_info; int ret = store->get_bucket_info(*static_cast(s->obj_ctx), - s->bucket_tenant, s->bucket_name, + bucket_tenant, s->bucket_name, bucket_info, NULL); - if (ret < 0) + if (ret < 0) { return -EPERM; + } dout(20) << "temp url user (bucket owner): " << bucket_info.owner << dendl; if (rgw_get_user_info_by_uid(store, bucket_info.owner, *(s->user)) < 0) { @@ -570,8 +585,9 @@ int authenticate_temp_url(RGWRados *store, req_state *s) return -EPERM; } - if (!s->info.method) + if (!s->info.method) { return -EPERM; + } utime_t now = ceph_clock_now(g_ceph_context);