RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-20 10:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

rgw: enforce swift acls

Browse Source 
doesn't work yet, but almost.

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>
This commit is contained in:
Yehuda Sadeh 2012-02-23 17:22:53 -08:00
parent f5bf9d9c7f
commit 4dfec574ef
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/common/config_opts.h
View File

@ -354,6 +354,7 @@ OPTION(rgw_socket_path, OPT_STR, "") // path to unix domain socket, if not spe
OPTION(rgw_dns_name, OPT_STR, "")
OPTION(rgw_swift_url, OPT_STR, "") //
OPTION(rgw_swift_url_prefix, OPT_STR, "swift") //
OPTION(rgw_enforce_swift_acls, OPT_BOOL, true)
OPTION(rgw_print_continue, OPT_BOOL, true) // enable if 100-Continue works
OPTION(rgw_remote_addr_param, OPT_STR, "REMOTE_ADDR") // e.g. X-Forwarded-For, if you have a reverse proxy
OPTION(rgw_op_thread_timeout, OPT_INT, 10*60)

21
src/rgw/rgw_common.cc
View File

@ -355,7 +355,26 @@ bool verify_object_permission(struct req_state *s, int perm)
if (!s->object_acl)
return false;
return s->object_acl->verify_permission(s->user.user_id, s->perm_mask, perm);
bool ret = s->object_acl->verify_permission(s->user.user_id, s->perm_mask, perm);
if (ret)
return true;
if (!g_conf->rgw_enforce_swift_acls)
return ret;
if ((perm & (int)s->perm_mask) != perm)
return false;
int swift_perm = 0;
if (perm & (RGW_PERM_READ || RGW_PERM_READ_ACP))
swift_perm |= RGW_PERM_READ_OBJS;
if (perm & (RGW_PERM_WRITE || RGW_PERM_WRITE_ACP))
swift_perm |= RGW_PERM_WRITE_OBJS;
if (!swift_perm)
return false;
return s->bucket_acl->verify_permission(s->user.user_id, s->perm_mask, swift_perm);
}
static char hex_to_num(char c)