From ce2a181834cf60f9d03bbcf849ae72a740bb10a9 Mon Sep 17 00:00:00 2001 From: Jiaying Ren Date: Thu, 10 Aug 2017 10:57:13 +0800 Subject: [PATCH] rgw: fix obj copied from remote gateway acl full_control issue This part of the code is commit in ea3efca When copy a object to a remote gateway, the check processing which is done by "Bitwise And" between source object's acl elements and grants_headers_def array elements will be done to produce the target object's acl elements. So when the full_control is the first element of grants_headers_def, no matter the source object's acl element permission field is write or read, the result of bitwise and will always be true, then call grants_by_type_add_one_grant with check_perm which is full_control, all of the permission field of the target object's acl elements will be full_control. Fixes: http://tracker.ceph.com/issues/20658 Signed-off-by: Enming Zhang (cherry picked from commit 6bb2ed24ad175005e7ebd187166bb8735761493c) --- src/rgw/rgw_rest_client.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rgw/rgw_rest_client.cc b/src/rgw/rgw_rest_client.cc index fb61f326bd2f..22bbfe80f363 100644 --- a/src/rgw/rgw_rest_client.cc +++ b/src/rgw/rgw_rest_client.cc @@ -391,7 +391,7 @@ struct grant_type_to_header grants_headers_def[] = { static bool grants_by_type_check_perm(map& grants_by_type, int perm, ACLGrant& grant, int check_perm) { - if ((perm & check_perm) == perm) { + if ((perm & check_perm) == check_perm) { grants_by_type_add_one_grant(grants_by_type, check_perm, grant); return true; } -- 2.47.3