From 717a39e23ea20cb24f20af3b8163855ead7e6830 Mon Sep 17 00:00:00 2001 From: IrekFasikhov Date: Thu, 14 Mar 2019 10:33:22 +0300 Subject: [PATCH] rgw: fix RGWDeleteMultiObj::verify_permission() for master Fixes: https://tracker.ceph.com/issues/38722 Signed-off-by: Irek Fasikhov --- src/rgw/rgw_op.cc | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index e0d339e6946..e53e2e092b7 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -6027,8 +6027,35 @@ void RGWGetHealthCheck::execute() int RGWDeleteMultiObj::verify_permission() { + if (s->iam_policy || ! s->iam_user_policies.empty()) { + auto usr_policy_res = eval_user_policies(s->iam_user_policies, s->env, + boost::none, + s->object.instance.empty() ? + rgw::IAM::s3DeleteObject : + rgw::IAM::s3DeleteObjectVersion, + ARN(s->bucket)); + if (usr_policy_res == Effect::Deny) { + return -EACCES; + } + + rgw::IAM::Effect r = Effect::Pass; + if (s->iam_policy) { + r = s->iam_policy->eval(s->env, *s->auth.identity, + s->object.instance.empty() ? + rgw::IAM::s3DeleteObject : + rgw::IAM::s3DeleteObjectVersion, + ARN(s->bucket)); + } + if (r == Effect::Allow) + return 0; + else if (r == Effect::Deny) + return -EACCES; + else if (usr_policy_res == Effect::Allow) + return 0; + } + acl_allowed = verify_bucket_permission_no_policy(this, s, RGW_PERM_WRITE); - if (!acl_allowed && !s->iam_policy && s->iam_user_policies.empty()) + if (!acl_allowed) return -EACCES; return 0; @@ -6118,7 +6145,7 @@ void RGWDeleteMultiObj::execute() iter->instance.empty() ? rgw::IAM::s3DeleteObject : rgw::IAM::s3DeleteObjectVersion, - obj); + ARN(obj)); if (usr_policy_res == Effect::Deny) { send_partial_response(*iter, false, "", -EACCES); continue; @@ -6131,7 +6158,7 @@ void RGWDeleteMultiObj::execute() iter->instance.empty() ? rgw::IAM::s3DeleteObject : rgw::IAM::s3DeleteObjectVersion, - obj); + ARN(obj)); } if ((e == Effect::Deny) || (usr_policy_res == Effect::Pass && e == Effect::Pass && !acl_allowed)) { -- 2.39.5