From patchwork Tue Apr 16 08:55:15 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Wang X-Patchwork-Id: 2448421 Return-Path: X-Original-To: patchwork-ceph-devel@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork2.kernel.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by patchwork2.kernel.org (Postfix) with ESMTP id BA6A8DF230 for ; Tue, 16 Apr 2013 09:04:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754843Ab3DPJEb (ORCPT ); Tue, 16 Apr 2013 05:04:31 -0400 Received: from m199-177.yeah.net ([123.58.177.199]:34119 "EHLO m199-177.yeah.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754824Ab3DPJEa (ORCPT ); Tue, 16 Apr 2013 05:04:30 -0400 X-Greylist: delayed 505 seconds by postgrey-1.27 at vger.kernel.org; Tue, 16 Apr 2013 05:04:29 EDT Received: from localhost.localdomain (unknown [113.246.199.97]) by m199-177.yeah.net (HMail) with ESMTPA id 39E3D11014BE; Tue, 16 Apr 2013 16:56:01 +0800 (CST) From: Li Wang To: Cc: Yehuda Sadeh , Li Wang , Yunchuan Wen Subject: [PATCH] radosgw: receiving unexpected error code while accessing an non-existing object by authorized not-owner user Date: Tue, 16 Apr 2013 16:55:15 +0800 Message-Id: <1366102515-10136-1-git-send-email-liwang@ubuntukylin.com> X-Mailer: git-send-email 1.7.9.5 X-HM-Spam-Status: e1koWUFPN1dZCBgUCR5ZQUhMVUhKSUJCTkJKS01PT05IV1kJDhceCFlBWSgrPSQoND0vPToyNyQy NSQzPjo*PilBTVVKSEJANiMkIj4oJDI1JDM#Oj8#KUFLVUhPSUArLykkNTQkMjUkMz46Pz4pQUlV Q05DQDg0LjUvKSIkODVBS1VJTUNAKT48MjQ1JDooMjpBSFVPT01AKyk0LTI1OD4kMy41OjVBQlVC Sk5APyI1OjYyOCQyKyQ1NCQyNSQzPjo*PilBS1VMQ0JAPzAyNiQ1NDU#QUtVS0ApPjo3JDIrJDI1 JCk5NyQyNSQzPjo*PilBTFVLS0NANi43LzIkKTgrLyQ*Mj09Pik#NS8kMjUkMz46Pz4pQU9VS0tJ QDIrJEokNjI1Li8#JDg1LyRLJEpLQUtVS0AyKyRKJDM0LikkODUvJEskSktLQUtVS0AyKyROJDYy NS4vPiQ4NS8kSyRKS0FLVUtAMiskSEskNjI1Li8#JDg1LyRLJE5LQUtVS0AyKyQvND86IiQ4NS8k SyRKS0tBS1VMSk1AKC45JD5BSlVOTkA9NSQoLjkkPjUsNCk*KCQzNzEkSktLSUtKQUtVSUNZBg++ X-HM-Sender-Digest: e1kSHx4VD1lBWUc6MQg6Cjo4LDo4EDorKjhIOj4qOkMwCjFVSlVKSE1NSktJTk1KTU5PVTMWGhIX VRcSDBoVHDsOGQ4VDw4QAhcSFVUYFBZFWVdZDB4ZWUEdGhcIHgY+ Sender: ceph-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: ceph-devel@vger.kernel.org This patch fixes a bug in radosgw swift compatibility code, that is, if a not-owner but authorized user access a non-existing object in a container, he wiil receive unexpected error code, to repeat this bug, do the following steps, 1 User1 creates a container, and grants the read/write permission to user2 curl -X PUT -i -k -H "X-Auth-Token: $user1_token" $url/$container curl -X POST -i -k -H "X-Auth-Token: $user1_token" -H "X-Container-Read: $user2" -H "X-Container-Write: $user2" $url/$container 2 User2 queries the object 'obj' in the newly created container by using HEAD instruction, note the container currently is empty curl -X HEAD -i -k -H "X-Auth-Token: $user2_token" $url/$container/obj 3 The response received by user2 is '401 Authorization Required', rather than the expected '404 Not Found', the details are as follows, HTTP/1.1 401 Authorization Required Date: Tue, 16 Apr 2013 01:52:49 GMT Server: Apache/2.2.22 (Ubuntu) Accept-Ranges: bytes Content-Length: 12 Vary: Accept-Encoding Content-Type: text/plain; charset=utf-8 Signed-off-by: Yunchuan Wen Signed-off-by: Li Wang --- src/rgw/rgw_acl.cc | 11 +++++++++-- src/rgw/rgw_common.cc | 22 ++-------------------- 2 files changed, 11 insertions(+), 22 deletions(-) diff --git a/src/rgw/rgw_acl.cc b/src/rgw/rgw_acl.cc index 1a90649..a27feec 100644 --- a/src/rgw/rgw_acl.cc +++ b/src/rgw/rgw_acl.cc @@ -93,6 +93,13 @@ int RGWAccessControlPolicy::get_perm(string& id, int perm_mask) { bool RGWAccessControlPolicy::verify_permission(string& uid, int user_perm_mask, int perm) { int test_perm = perm; + + if (test_perm & (RGW_PERM_READ | RGW_PERM_READ_ACP)) { + test_perm |= RGW_PERM_READ_OBJS; + } + if (test_perm & (RGW_PERM_WRITE | RGW_PERM_WRITE_ACP)) { + test_perm |= RGW_PERM_WRITE_OBJS; + } int policy_perm = get_perm(uid, test_perm); @@ -101,10 +108,10 @@ bool RGWAccessControlPolicy::verify_permission(string& uid, int user_perm_mask, buckets, so the swift READ permission on bucket will allow listing the bucket content */ if (policy_perm & RGW_PERM_WRITE_OBJS) { - policy_perm |= (RGW_PERM_WRITE | RGW_PERM_WRITE_ACP); + policy_perm |= (RGW_PERM_WRITE | RGW_PERM_WRITE_ACP) & perm; } if (policy_perm & RGW_PERM_READ_OBJS) { - policy_perm |= (RGW_PERM_READ | RGW_PERM_READ_ACP); + policy_perm |= (RGW_PERM_READ | RGW_PERM_READ_ACP) & perm; } int acl_perm = policy_perm & user_perm_mask; diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index d9c0a80..7b5b6c0 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -515,14 +515,6 @@ bool verify_bucket_permission(struct req_state *s, int perm) if ((perm & (int)s->perm_mask) != perm) return false; - if (s->bucket_acl->verify_permission(s->user.user_id, perm, perm)) - return true; - - if (perm & (RGW_PERM_READ | RGW_PERM_READ_ACP)) - perm |= RGW_PERM_READ_OBJS; - if (perm & RGW_PERM_WRITE) - perm |= RGW_PERM_WRITE_OBJS; - return s->bucket_acl->verify_permission(s->user.user_id, perm, perm); } @@ -540,18 +532,8 @@ bool verify_object_permission(struct req_state *s, RGWAccessControlPolicy *bucke if ((perm & (int)s->perm_mask) != perm) return false; - - int swift_perm = 0; - if (perm & (RGW_PERM_READ | RGW_PERM_READ_ACP)) - swift_perm |= RGW_PERM_READ_OBJS; - if (perm & RGW_PERM_WRITE) - swift_perm |= RGW_PERM_WRITE_OBJS; - - if (!swift_perm) - return false; - /* we already verified the user mask above, so we pass swift_perm as the mask here, - otherwise the mask might not cover the swift permissions bits */ - return bucket_acl->verify_permission(s->user.user_id, swift_perm, swift_perm); + + return bucket_acl->verify_permission(s->user.user_id, s->perm_mask, perm); } bool verify_object_permission(struct req_state *s, int perm)