From 664f4cb5171aed2303e230ba08cb466c8b84b873 Mon Sep 17 00:00:00 2001 From: yuliyang Date: Tue, 20 Nov 2018 17:19:38 +0800 Subject: [PATCH] rgw: get or set realm zonegroup zone need check user's caps fix: https://tracker.ceph.com/issues/37352 Signed-off-by: yuliyang (cherry picked from commit 6ecaec926fb81810f6be43744cd5c48d6ccfaf5a) Conflicts: src/rgw/rgw_rest_config.h src/rgw/rgw_rest_realm.cc - mimic lacks "override" in some places --- src/rgw/rgw_rest_config.h | 7 +++++-- src/rgw/rgw_rest_realm.cc | 19 ++++++++++++++++++- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/rgw/rgw_rest_config.h b/src/rgw/rgw_rest_config.h index 5751f8b0687fe..ecac93ae5c896 100644 --- a/src/rgw/rgw_rest_config.h +++ b/src/rgw/rgw_rest_config.h @@ -22,8 +22,11 @@ public: RGWOp_ZoneGroupMap_Get(bool _old_format):old_format(_old_format) {} ~RGWOp_ZoneGroupMap_Get() override {} + int check_caps(RGWUserCaps& caps) override { + return caps.check_cap("zone", RGW_CAP_READ); + } int verify_permission() override { - return 0; + return check_caps(s->user->caps); } void execute() override; void send_response() override; @@ -42,7 +45,7 @@ public: RGWOp_ZoneConfig_Get() {} int check_caps(RGWUserCaps& caps) { - return caps.check_cap("admin", RGW_CAP_READ); + return caps.check_cap("zone", RGW_CAP_READ); } int verify_permission() { return check_caps(s->user->caps); diff --git a/src/rgw/rgw_rest_realm.cc b/src/rgw/rgw_rest_realm.cc index 7289d1389526a..a97aaf5252664 100644 --- a/src/rgw/rgw_rest_realm.cc +++ b/src/rgw/rgw_rest_realm.cc @@ -47,6 +47,12 @@ void RGWOp_Period_Base::send_response() class RGWOp_Period_Get : public RGWOp_Period_Base { public: void execute() override; + int check_caps(RGWUserCaps& caps) override { + return caps.check_cap("zone", RGW_CAP_READ); + } + int verify_permission() override { + return check_caps(s->user->caps); + } const string name() override { return "get_period"; } }; @@ -71,6 +77,12 @@ void RGWOp_Period_Get::execute() class RGWOp_Period_Post : public RGWOp_Period_Base { public: void execute() override; + int check_caps(RGWUserCaps& caps) override { + return caps.check_cap("zone", RGW_CAP_WRITE); + } + int verify_permission() override { + return check_caps(s->user->caps); + } const string name() override { return "post_period"; } }; @@ -240,7 +252,12 @@ class RGWRESTMgr_Period : public RGWRESTMgr { class RGWOp_Realm_Get : public RGWRESTOp { std::unique_ptr realm; public: - int verify_permission() override { return 0; } + int check_caps(RGWUserCaps& caps) override { + return caps.check_cap("zone", RGW_CAP_READ); + } + int verify_permission() override { + return check_caps(s->user->caps); + } void execute() override; void send_response() override; const string name() override { return "get_realm"; } -- 2.39.5