From: Jiaying Ren <jiaying.ren@umcloud.com>
Date: Thu, 10 Aug 2017 02:57:13 +0000 (+0800)
Subject: rgw: fix obj copied from remote gateway acl full_control issue
X-Git-Tag: v12.2.1~37^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ce2a181834cf60f9d03bbcf849ae72a740bb10a9;p=ceph.git

rgw: fix obj copied from remote gateway acl full_control issue

This part of the code is commit in
ea3efca

When copy a object to a remote gateway, the check processing which is
done by
"Bitwise And" between source object's acl elements and
grants_headers_def array elements
will be done to produce the target object's acl elements.

So when the full_control is the first element of grants_headers_def, no
matter the
source object's acl element permission field is write or read, the
result of
bitwise and will always be true, then call grants_by_type_add_one_grant
with
check_perm which is full_control, all of the permission field of the
target object's
acl elements will be full_control.

Fixes: http://tracker.ceph.com/issues/20658

Signed-off-by: Enming Zhang <enming.zhang@umcloud.com>
(cherry picked from commit 6bb2ed24ad175005e7ebd187166bb8735761493c)
---

diff --git a/src/rgw/rgw_rest_client.cc b/src/rgw/rgw_rest_client.cc
index fb61f326bd2f..22bbfe80f363 100644
--- a/src/rgw/rgw_rest_client.cc
+++ b/src/rgw/rgw_rest_client.cc
@@ -391,7 +391,7 @@ struct grant_type_to_header grants_headers_def[] = {
 
 static bool grants_by_type_check_perm(map<int, string>& grants_by_type, int perm, ACLGrant& grant, int check_perm)
 {
-  if ((perm & check_perm) == perm) {
+  if ((perm & check_perm) == check_perm) {
     grants_by_type_add_one_grant(grants_by_type, check_perm, grant);
     return true;
   }