From: yuliyang <yuliyang@cmss.chinamobile.com>
Date: Tue, 20 Nov 2018 09:19:38 +0000 (+0800)
Subject: rgw: get or set realm zonegroup zone need check user's caps
X-Git-Tag: v12.2.13~247^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f8973f244adeb9058b71e3e8a5fe74aeaad79c62;p=ceph.git

rgw: get or set realm zonegroup zone need check user's caps

fix: https://tracker.ceph.com/issues/37352

Signed-off-by: yuliyang <yuliyang@cmss.chinamobile.com>
(cherry picked from commit 6ecaec926fb81810f6be43744cd5c48d6ccfaf5a)

Conflicts: RGWOp::name() returns std::string
	src/rgw/rgw_rest_config.h
	src/rgw/rgw_rest_realm.cc
---

diff --git a/src/rgw/rgw_rest_config.h b/src/rgw/rgw_rest_config.h
index 5751f8b0687..2b9c2d6cf65 100644
--- a/src/rgw/rgw_rest_config.h
+++ b/src/rgw/rgw_rest_config.h
@@ -22,8 +22,11 @@ public:
   RGWOp_ZoneGroupMap_Get(bool _old_format):old_format(_old_format) {}
   ~RGWOp_ZoneGroupMap_Get() override {}
 
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
   int verify_permission() override {
-    return 0; 
+    return check_caps(s->user->caps);
   }
   void execute() override;
   void send_response() override;
@@ -41,8 +44,8 @@ class RGWOp_ZoneConfig_Get : public RGWRESTOp {
 public:
   RGWOp_ZoneConfig_Get() {}
 
-  int check_caps(RGWUserCaps& caps) {
-    return caps.check_cap("admin", RGW_CAP_READ);
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
   }
   int verify_permission() {
     return check_caps(s->user->caps);
diff --git a/src/rgw/rgw_rest_realm.cc b/src/rgw/rgw_rest_realm.cc
index 7289d138952..a97aaf52526 100644
--- a/src/rgw/rgw_rest_realm.cc
+++ b/src/rgw/rgw_rest_realm.cc
@@ -47,6 +47,12 @@ void RGWOp_Period_Base::send_response()
 class RGWOp_Period_Get : public RGWOp_Period_Base {
  public:
   void execute() override;
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   const string name() override { return "get_period"; }
 };
 
@@ -71,6 +77,12 @@ void RGWOp_Period_Get::execute()
 class RGWOp_Period_Post : public RGWOp_Period_Base {
  public:
   void execute() override;
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_WRITE);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   const string name() override { return "post_period"; }
 };
 
@@ -240,7 +252,12 @@ class RGWRESTMgr_Period : public RGWRESTMgr {
 class RGWOp_Realm_Get : public RGWRESTOp {
   std::unique_ptr<RGWRealm> realm;
 public:
-  int verify_permission() override { return 0; }
+  int check_caps(RGWUserCaps& caps) override {
+    return caps.check_cap("zone", RGW_CAP_READ);
+  }
+  int verify_permission() override {
+    return check_caps(s->user->caps);
+  }
   void execute() override;
   void send_response() override;
   const string name() override { return "get_realm"; }