RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2024-12-28 06:23:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

rgw: honor PublicAccessBlockConfiguration for put object

Browse Source 
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
This commit is contained in:
Abhishek Lekshmanan 2019-09-24 16:40:41 +02:00
parent 11f92eab4c
commit 9fc16df7ed
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
src/rgw/rgw_op.cc
View File

@ -86,6 +86,7 @@ using rgw::IAM::Effect;
using rgw::IAM::Policy;
using rgw::IAM::Policy;
using rgw::IAM::PublicAccessConfiguration;
static string mp_ns = RGW_OBJ_NS_MULTIPART;
static string shadow_ns = RGW_OBJ_NS_SHADOW;
@ -294,6 +295,24 @@ static boost::optional<Policy> get_iam_policy_from_attr(CephContext* cct,
}
}
static boost::optional<PublicAccessConfiguration>
get_public_access_conf_from_attr(const map<string, bufferlist>& attrs)
{
if (auto aiter = attrs.find(RGW_ATTR_PUBLIC_ACCESS);
aiter != attrs.end())
{
bufferlist::const_iterator iter{&aiter->second};
PublicAccessConfiguration access_conf;
try {
access_conf.decode(iter);
} catch (const buffer::error& e) {
return boost::none;
}
return access_conf;
}
return boost::none;
}
vector<Policy> get_iam_user_policy_from_attr(CephContext* cct,
rgw::sal::RGWRadosStore* store,
map<string, bufferlist>& attrs,
@ -3615,6 +3634,14 @@ int RGWPutObj::verify_permission()
}
}
auto access_conf = get_public_access_conf_from_attr(s->bucket_attrs);
if (access_conf && access_conf->block_public_acls()) {
if (s->canned_acl.compare("public-read") ||
s->canned_acl.compare("public-read-write") ||
s->canned_acl.compare("authenticated-read"))
return -EACCES;
}
auto op_ret = get_params();
if (op_ret < 0) {
ldpp_dout(this, 20) << "get_params() returned ret=" << op_ret << dendl;