From c4482cb6c66aaaf7b55ffd089e3835951b7fd056 Mon Sep 17 00:00:00 2001
From: Zhang Shaowen <zhangshaowen@cmss.chinamobile.com>
Date: Tue, 1 Nov 2016 18:27:24 +0800
Subject: [PATCH] rgw: Anonymous users shouldn't be able to access requester
 pays buckets.

Fixes: http://tracker.ceph.com/issues/17175

Signed-off-by: Zhang Shaowen <zhangshaowen@cmss.chinamobile.com>
---
 src/rgw/rgw_common.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index 50c3b90b7d3a..ca911b87c338 100644
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -899,6 +899,10 @@ bool verify_requester_payer_permission(struct req_state *s)
 
   if (s->auth_identity->is_owner_of(s->bucket_info.owner))
     return true;
+  
+  if (s->auth_identity->is_anonymous()) {
+    return false;
+  }
 
   const char *request_payer = s->info.env->get("HTTP_X_AMZ_REQUEST_PAYER");
   if (!request_payer) {
-- 
2.47.3