From 33a7fa014940c9c3ac6aefd4b509c42819c7a772 Mon Sep 17 00:00:00 2001 From: Seena Fallah Date: Mon, 24 Feb 2025 23:33:45 +0100 Subject: [PATCH] rgw: only allow system override if identity is not impersonating Since multisite now delegates permission checks for source objects to the source zone (a3f40b4), we need to avoid allowing system-level overrides when the request is impersonating another identity. SysReqApplier should only grant override permission if the request is truly system-authenticated and not acting on behalf of another user or role (i.e., no rgwx-perm-check-uid or rgwx-perm-check-role in the request). Signed-off-by: Seena Fallah (cherry picked from commit 2a0cb65076fa63439a5d4b7c8876fb551d7ab8ec) --- src/rgw/rgw_process.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/rgw/rgw_process.cc b/src/rgw/rgw_process.cc index fe1ff8c6e30b1..37d5ac0f6ab93 100644 --- a/src/rgw/rgw_process.cc +++ b/src/rgw/rgw_process.cc @@ -227,9 +227,9 @@ int rgw_process_authenticated(RGWHandler_REST * const handler, std::swap(span, s->trace); } if (ret < 0) { - if (s->system_request) { - dout(2) << "overriding permissions due to system operation" << dendl; - } else if (s->auth.identity->is_admin_of(s->user->get_id())) { + // system requests may impersonate another user/role for permission checks + // so only rely on is_admin_of() to override permissions + if (s->auth.identity->is_admin_of(s->user->get_id())) { dout(2) << "overriding permissions due to admin operation" << dendl; } else { return ret; -- 2.39.5