From 8a71aea942d2c59e42721eac0ca931cac1054d84 Mon Sep 17 00:00:00 2001 From: Seena Fallah Date: Fri, 16 Aug 2024 11:40:45 +0200 Subject: [PATCH] rgw: load copy source bucket attrs in putobj PutObj is not loading the source bucket's attrs, which prevents the associated policies from being loaded. As a result, the permissions granted to the user to read from the source bucket are not being properly evaluated. Fixes: https://tracker.ceph.com/issues/67590 Signed-off-by: Seena Fallah --- src/rgw/rgw_op.cc | 6 +++--- src/rgw/rgw_op.h | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 399c4602238ab..d393035481ad3 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -3851,6 +3851,7 @@ int RGWPutObj::init_processing(optional_yield y) { return ret; } copy_source_bucket_info = bucket->get_info(); + copy_source_bucket_attrs = bucket->get_attrs(); /* handle x-amz-copy-source-range */ if (copy_source_range) { @@ -3910,7 +3911,6 @@ int RGWPutObj::verify_permission(optional_yield y) RGWAccessControlPolicy cs_acl; boost::optional policy; - map cs_attrs; auto cs_bucket = driver->get_bucket(copy_source_bucket_info); auto cs_object = cs_bucket->get_object(rgw_obj_key(copy_source_object_name, copy_source_version_id)); @@ -3918,7 +3918,7 @@ int RGWPutObj::verify_permission(optional_yield y) cs_object->set_prefetch_data(); /* check source object permissions */ - int ret = read_obj_policy(this, driver, s, copy_source_bucket_info, cs_attrs, cs_acl, nullptr, + int ret = read_obj_policy(this, driver, s, copy_source_bucket_info, copy_source_bucket_attrs, cs_acl, nullptr, policy, cs_bucket.get(), cs_object.get(), y, true); if (ret < 0) { return ret; @@ -3927,7 +3927,7 @@ int RGWPutObj::verify_permission(optional_yield y) RGWAccessControlPolicy cs_bucket_acl; ret = rgw_op_get_bucket_policy_from_attr(this, s->cct, driver, copy_source_bucket_info.owner, - cs_attrs, cs_bucket_acl, y); + copy_source_bucket_attrs, cs_bucket_acl, y); if (ret < 0) { return ret; } diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h index 5801d1a0d11a6..47a4c3da60958 100644 --- a/src/rgw/rgw_op.h +++ b/src/rgw/rgw_op.h @@ -1219,6 +1219,7 @@ protected: std::string copy_source; const char *copy_source_range; RGWBucketInfo copy_source_bucket_info; + rgw::sal::Attrs copy_source_bucket_attrs; std::string copy_source_tenant_name; std::string copy_source_bucket_name; std::string copy_source_object_name; -- 2.39.5