From: guce Date: Thu, 23 Jul 2015 01:37:24 +0000 (+0800) Subject: rgw: check subuser illegal access parameter. X-Git-Tag: v9.1.0~475^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F5313%2Fhead;p=ceph.git rgw: check subuser illegal access parameter. Both empty arguments and illegal parameters, can modify the existing configuration to none permissions. It should be modified to: 1.empty parameter modify the existing configuration to none permissions. 2.illegal parameter return an error. test fix: before: subuser create or modify, illegal access parameter can modify the existing configuration. after changes, do the same procedure, can check for illegal access parameters. Signed-off-by: guce --- diff --git a/src/rgw/rgw_acl.h b/src/rgw/rgw_acl.h old mode 100644 new mode 100755 index cb9bedf54462..d4a464343f93 --- a/src/rgw/rgw_acl.h +++ b/src/rgw/rgw_acl.h @@ -12,7 +12,7 @@ using namespace std; - +#define RGW_PERM_NONE 0x00 #define RGW_PERM_READ 0x01 #define RGW_PERM_WRITE 0x02 #define RGW_PERM_READ_ACP 0x04 @@ -22,6 +22,7 @@ using namespace std; #define RGW_PERM_FULL_CONTROL ( RGW_PERM_READ | RGW_PERM_WRITE | \ RGW_PERM_READ_ACP | RGW_PERM_WRITE_ACP ) #define RGW_PERM_ALL_S3 RGW_PERM_FULL_CONTROL +#define RGW_PERM_INVALID 0xFF00 enum ACLGranteeTypeEnum { /* numbers are encoded, should not change */ diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc old mode 100644 new mode 100755 index 3f0e7d99342b..6b5d1eb28696 --- a/src/rgw/rgw_rest_user.cc +++ b/src/rgw/rgw_rest_user.cc @@ -306,6 +306,7 @@ void RGWOp_Subuser_Create::execute() RESTArgs::get_bool(s, "generate-secret", false, &gen_secret); perm_mask = rgw_str_to_perm(perm_str.c_str()); + op_state.set_perm(perm_mask); // FIXME: no double checking if (!uid.empty()) @@ -317,9 +318,6 @@ void RGWOp_Subuser_Create::execute() if (!secret_key.empty()) op_state.set_secret_key(secret_key); - if (perm_mask != 0) - op_state.set_perm(perm_mask); - op_state.set_generate_subuser(gen_subuser); if (gen_secret) @@ -373,6 +371,7 @@ void RGWOp_Subuser_Modify::execute() RESTArgs::get_bool(s, "generate-secret", false, &gen_secret); perm_mask = rgw_str_to_perm(perm_str.c_str()); + op_state.set_perm(perm_mask); // FIXME: no double checking if (!uid.empty()) @@ -387,9 +386,6 @@ void RGWOp_Subuser_Modify::execute() if (gen_secret) op_state.set_gen_secret(); - if (perm_mask != 0) - op_state.set_perm(perm_mask); - if (!key_type_str.empty()) { if (key_type_str.compare("swift") == 0) key_type = KEY_TYPE_SWIFT; diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc old mode 100644 new mode 100755 index 7e6aa277f904..5a5328d8c1b4 --- a/src/rgw/rgw_user.cc +++ b/src/rgw/rgw_user.cc @@ -534,7 +534,9 @@ void rgw_perm_to_str(uint32_t mask, char *buf, int len) uint32_t rgw_str_to_perm(const char *str) { - if (strcasecmp(str, "read") == 0) + if (strcasecmp(str, "") == 0) + return RGW_PERM_NONE; + else if (strcasecmp(str, "read") == 0) return RGW_PERM_READ; else if (strcasecmp(str, "write") == 0) return RGW_PERM_WRITE; @@ -543,7 +545,7 @@ uint32_t rgw_str_to_perm(const char *str) else if (strcasecmp(str, "full") == 0) return RGW_PERM_FULL_CONTROL; - return 0; // better to return no permission + return RGW_PERM_INVALID; } static bool validate_access_key(string& key) @@ -1231,6 +1233,11 @@ int RGWSubUserPool::check_op(RGWUserAdminOpState& op_state, return -EINVAL; } + if (op_state.get_subuser_perm() == RGW_PERM_INVALID) { + set_err_msg(err_msg, "invaild subuser access"); + return -EINVAL; + } + // check if the subuser exists if (!subuser.empty()) existing = exists(subuser); diff --git a/src/rgw/rgw_user.h b/src/rgw/rgw_user.h old mode 100644 new mode 100755 index 1d01d5a81ca8..9446332334fc --- a/src/rgw/rgw_user.h +++ b/src/rgw/rgw_user.h @@ -440,7 +440,7 @@ struct RGWUserAdminOpState { { max_buckets = RGW_DEFAULT_MAX_BUCKETS; key_type = -1; - perm_mask = 0; + perm_mask = RGW_PERM_NONE; suspended = 0; system = 0; exclusive = 0;