From eb13f2d4b60c031f16139f7cc4237c012644dd78 Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Fri, 27 Feb 2015 15:32:50 -0800 Subject: [PATCH] rgw: don't overwrite bucket / object owner when setting acls Fixes: #10978 Backport: hammer, firefly Signed-off-by: Yehuda Sadeh --- src/rgw/rgw_op.cc | 7 ++++--- src/rgw/rgw_op.h | 1 + src/rgw/rgw_rest_s3.cc | 16 ++++++++-------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index 87710fc744ab..c8a08fa153ba 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -2445,7 +2445,6 @@ void RGWPutACLs::execute() RGWAccessControlPolicy_S3 new_policy(s->cct); stringstream ss; char *new_data = NULL; - ACLOwner owner; rgw_obj obj; ret = 0; @@ -2455,8 +2454,10 @@ void RGWPutACLs::execute() return; } - owner.set_id(s->user.user_id); - owner.set_name(s->user.display_name); + + RGWAccessControlPolicy *existing_policy = (s->object.empty() ? s->bucket_acl : s->object_acl); + + owner = existing_policy->get_owner(); ret = get_params(); if (ret < 0) diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h index a24b328192da..4a735769827f 100644 --- a/src/rgw/rgw_op.h +++ b/src/rgw/rgw_op.h @@ -664,6 +664,7 @@ protected: int ret; size_t len; char *data; + ACLOwner owner; public: RGWPutACLs() { diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 9479601e4358..dc71aa9477e0 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -495,16 +495,16 @@ void RGWStatBucket_ObjStore_S3::send_response() dump_start(s); } -static int create_s3_policy(struct req_state *s, RGWRados *store, RGWAccessControlPolicy_S3& s3policy) +static int create_s3_policy(struct req_state *s, RGWRados *store, RGWAccessControlPolicy_S3& s3policy, ACLOwner& owner) { if (s->has_acl_header) { if (!s->canned_acl.empty()) return -ERR_INVALID_REQUEST; - return s3policy.create_from_headers(store, s->info.env, s->owner); + return s3policy.create_from_headers(store, s->info.env, owner); } - return s3policy.create_canned(s->owner, s->bucket_owner, s->canned_acl); + return s3policy.create_canned(owner, s->bucket_owner, s->canned_acl); } class RGWLocationConstraint : public XMLObj @@ -560,7 +560,7 @@ int RGWCreateBucket_ObjStore_S3::get_params() { RGWAccessControlPolicy_S3 s3policy(s->cct); - int r = create_s3_policy(s, store, s3policy); + int r = create_s3_policy(s, store, s3policy, s->owner); if (r < 0) return r; @@ -661,7 +661,7 @@ int RGWPutObj_ObjStore_S3::get_params() if (!s->length) return -ERR_LENGTH_REQUIRED; - int r = create_s3_policy(s, store, s3policy); + int r = create_s3_policy(s, store, s3policy, s->owner); if (r < 0) return r; @@ -1411,7 +1411,7 @@ int RGWCopyObj_ObjStore_S3::init_dest_policy() RGWAccessControlPolicy_S3 s3policy(s->cct); /* build a policy for the target object */ - int r = create_s3_policy(s, store, s3policy); + int r = create_s3_policy(s, store, s3policy, s->owner); if (r < 0) return r; @@ -1528,7 +1528,7 @@ int RGWPutACLs_ObjStore_S3::get_policy_from_state(RGWRados *store, struct req_st s->canned_acl.clear(); } - int r = create_s3_policy(s, store, s3policy); + int r = create_s3_policy(s, store, s3policy, owner); if (r < 0) return r; @@ -1670,7 +1670,7 @@ void RGWOptionsCORS_ObjStore_S3::send_response() int RGWInitMultipart_ObjStore_S3::get_params() { RGWAccessControlPolicy_S3 s3policy(s->cct); - ret = create_s3_policy(s, store, s3policy); + ret = create_s3_policy(s, store, s3policy, s->owner); if (ret < 0) return ret; -- 2.47.3