From: Yehuda Sadeh <yehuda@redhat.com>
Date: Mon, 29 Feb 2016 22:59:50 +0000 (-0800)
Subject: rgw: fix permission check for request payer
X-Git-Tag: v10.1.0~169^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ff8305a97303074899a19339834707b4fb139e96;p=ceph.git

rgw: fix permission check for request payer

If request_payer auth check returns false, we need to abort.

Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
---

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index 7ad748478ead..794f5992ce1a 100644
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -839,9 +839,6 @@ static inline bool check_deferred_bucket_acl(struct req_state * const s,
                                              const uint8_t deferred_check,
                                              const int perm)
 {
-  if (!verify_requester_payer_permission(s))
-    return false;
-
   return (s->defer_to_bucket_acls == deferred_check \
               && verify_bucket_permission(s, bucket_acl, perm));
 }
@@ -851,6 +848,9 @@ bool verify_object_permission(struct req_state * const s,
                               RGWAccessControlPolicy * const object_acl,
                               const int perm)
 {
+  if (!verify_requester_payer_permission(s))
+    return false;
+
   if (check_deferred_bucket_acl(s, bucket_acl, RGW_DEFER_TO_BUCKET_ACLS_RECURSE, perm) ||
       check_deferred_bucket_acl(s, bucket_acl, RGW_DEFER_TO_BUCKET_ACLS_FULL_CONTROL, RGW_PERM_FULL_CONTROL)) {
     return true;