From: Zengran Zhang <zhangzengran@h3c.com>
Date: Mon, 1 Feb 2016 04:58:58 +0000 (-0500)
Subject: rgw: fix the condition of authenticated user's permit check
X-Git-Tag: v10.0.4~95^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F6562%2Fhead;p=ceph.git

rgw: fix the condition of authenticated user's permit check

before fix:
put a bucket under one user with authenticated-read permit
> ./s3curl.pl http://myobs.com/mybucket --put --H "x-amz-acl: authenticated-read"
GET the bucket with anonymous user
> curl http://myobs.com/mybucket -X GET

> successed!

after fix:
anonymous cant GET the authenticated-read bucket
other users who authenticated could GET it

Signed-off-by: Zengran Zhang <zhangzengran@h3c.com>
---

diff --git a/src/rgw/rgw_acl.cc b/src/rgw/rgw_acl.cc
index d117caa64df..8c0066ec326 100644
--- a/src/rgw/rgw_acl.cc
+++ b/src/rgw/rgw_acl.cc
@@ -82,7 +82,7 @@ int RGWAccessControlPolicy::get_perm(rgw_user& id, int perm_mask) {
   if ((perm & perm_mask) != perm_mask) {
     perm |= acl.get_group_perm(ACL_GROUP_ALL_USERS, perm_mask);
 
-    if (!compare_group_name(id.id, ACL_GROUP_ALL_USERS)) {
+    if (id.compare(RGW_USER_ANON_ID)) {
       /* this is not the anonymous user */
       perm |= acl.get_group_perm(ACL_GROUP_AUTHENTICATED_USERS, perm_mask);
     }