RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-02-21 18:06:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

rgw: Check bucket versioning operations in policy

Browse Source 
Add code to check s3:GetBucketVersioning and s3:PutBucketVersioning
operations against bucket policy.

Fixes: http://tracker.ceph.com/issues/21389
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1490278

Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
This commit is contained in:
Adam C. Emerson 2017-09-27 14:35:59 -04:00
parent f9d1ae1d15
commit 16de0fc1c5
1 changed files with 18 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/rgw/rgw_op.cc
View File

@ -2019,11 +2019,16 @@ void RGWStatAccount::execute()
int RGWGetBucketVersioning::verify_permission()
{
if (false == s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return -EACCES;
if (s->iam_policy) {
if (s->iam_policy->eval(s->env, *s->auth.identity,
rgw::IAM::s3GetBucketVersioning,
ARN(s->bucket)) == Effect::Allow) {
return 0;
}
} else if (s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return 0;
}
return 0;
return -EACCES;
}
void RGWGetBucketVersioning::pre_exec()
@ -2039,11 +2044,16 @@ void RGWGetBucketVersioning::execute()
int RGWSetBucketVersioning::verify_permission()
{
if (false == s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return -EACCES;
if (s->iam_policy) {
if (s->iam_policy->eval(s->env, *s->auth.identity,
rgw::IAM::s3PutBucketVersioning,
ARN(s->bucket)) == Effect::Allow) {
return 0;
}
} else if (s->auth.identity->is_owner_of(s->bucket_owner.get_id())) {
return 0;
}
return 0;
return -EACCES;
}
void RGWSetBucketVersioning::pre_exec()