From db0f401b3db8ebed5343ecb067991a48cfe3627a Mon Sep 17 00:00:00 2001
From: Radoslaw Zarzynski <rzarzyns@redhat.com>
Date: Fri, 28 Jul 2017 10:37:07 -0400
Subject: [PATCH] rgw: TempURL should not allow PUTs with the
 X-Object-Manifest.

Fixes: http://tracker.ceph.com/issues/20797
Signed-off-by: Radoslaw Zarzynski <rzarzyns@redhat.com>
(cherry picked from commit 40e602bc3866598952eb0dd68ecec947dd7b70d6)
---
 src/rgw/rgw_swift_auth.cc | 21 ++++++++++++++++++++-
 src/rgw/rgw_swift_auth.h  |  1 +
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc
index d73b6d51d963..3e70392672b5 100644
--- a/src/rgw/rgw_swift_auth.cc
+++ b/src/rgw/rgw_swift_auth.cc
@@ -2,6 +2,7 @@
 // vim: ts=8 sw=2 smarttab
 
 #include <array>
+#include <algorithm>
 
 #include <boost/utility/string_view.hpp>
 #include <boost/container/static_vector.hpp>
@@ -140,7 +141,20 @@ bool TempURLEngine::is_expired(const std::string& expires) const
   return false;
 }
 
-std::string extract_swift_subuser(const std::string& swift_user_name) {
+bool TempURLEngine::is_disallowed_header_present(const req_info& info) const
+{
+  static const auto headers = {
+    "HTTP_X_OBJECT_MANIFEST",
+  };
+
+  return std::any_of(std::begin(headers), std::end(headers),
+                     [&info](const char* header) {
+                       return info.env->exists(header);
+                     });
+}
+
+std::string extract_swift_subuser(const std::string& swift_user_name)
+{
   size_t pos = swift_user_name.find(':');
   if (std::string::npos == pos) {
     return swift_user_name;
@@ -284,6 +298,11 @@ TempURLEngine::authenticate(const req_state* const s) const
     return result_t::reject(-EPERM);
   }
 
+  if (is_disallowed_header_present(s->info)) {
+    ldout(cct, 5) << "temp url rejected due to disallowed header" << dendl;
+    return result_t::reject(-EINVAL);
+  }
+
   /* We need to verify two paths because of compliance with Swift, Tempest
    * and old versions of RadosGW. The second item will have the prefix
    * of Swift API entry point removed. */
diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h
index 49685068ee6a..b1fbbe52d74d 100644
--- a/src/rgw/rgw_swift_auth.h
+++ b/src/rgw/rgw_swift_auth.h
@@ -47,6 +47,7 @@ class TempURLEngine : public rgw::auth::Engine {
                       RGWUserInfo& owner_info) const;
   bool is_applicable(const req_state* s) const noexcept;
   bool is_expired(const std::string& expires) const;
+  bool is_disallowed_header_present(const req_info& info) const;
 
   class SignatureHelper;
   class PrefixableSignatureHelper;
-- 
2.47.3