From f2bb6fe919bdf77a4e75b2fb2c4f708ccef69dde Mon Sep 17 00:00:00 2001
From: Seena Fallah <seenafallah@gmail.com>
Date: Fri, 16 Aug 2024 11:40:45 +0200
Subject: [PATCH] rgw: load copy source bucket attrs in putobj

PutObj is not loading the source bucket's attrs, which prevents
the associated policies from being loaded. As a result, the
permissions granted to the user to read from the source bucket are
not being properly evaluated.

Fixes: https://tracker.ceph.com/issues/67590
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 8a71aea942d2c59e42721eac0ca931cac1054d84)
---
 src/rgw/rgw_op.cc | 4 ++--
 src/rgw/rgw_op.h  | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 8d95fee080ce7..04a55ccc8ff26 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -3644,6 +3644,7 @@ int RGWPutObj::init_processing(optional_yield y) {
       return ret;
     }
     copy_source_bucket_info = bucket->get_info();
+    copy_source_bucket_attrs = bucket->get_attrs();
 
     /* handle x-amz-copy-source-range */
     if (copy_source_range) {
@@ -3689,7 +3690,6 @@ int RGWPutObj::verify_permission(optional_yield y)
 
     RGWAccessControlPolicy cs_acl(s->cct);
     boost::optional<Policy> policy;
-    map<string, bufferlist> cs_attrs;
     std::unique_ptr<rgw::sal::Bucket> cs_bucket;
     int ret = driver->get_bucket(NULL, copy_source_bucket_info, &cs_bucket);
     if (ret < 0)
@@ -3702,7 +3702,7 @@ int RGWPutObj::verify_permission(optional_yield y)
     cs_object->set_prefetch_data();
 
     /* check source object permissions */
-    if (ret = read_obj_policy(this, driver, s, copy_source_bucket_info, cs_attrs, &cs_acl, nullptr,
+    if (ret = read_obj_policy(this, driver, s, copy_source_bucket_info, copy_source_bucket_attrs, &cs_acl, nullptr,
 			policy, cs_bucket.get(), cs_object.get(), y, true); ret < 0) {
       return ret;
     }
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index 16d894f3d09ca..1474d7720fb34 100644
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -1200,6 +1200,7 @@ protected:
   std::string copy_source;
   const char *copy_source_range;
   RGWBucketInfo copy_source_bucket_info;
+  rgw::sal::Attrs copy_source_bucket_attrs;
   std::string copy_source_tenant_name;
   std::string copy_source_bucket_name;
   std::string copy_source_object_name;
-- 
2.39.5