rgw: fix the bug that the s3cmd abortmp operation may delete the bucket by mistake.

[qwer506]

Fixes: https://tracker.ceph.com/issues/48727

Signed-off-by: houfei houfei@chinatelecom.cn

[qwer506]

@mattbenjamin @cbodley Please take a review. Thanks

[ofriedma]

@houfei001 Thank you for your contribution.
Can you please squash it into 1 commit.
I don't think this is a complete solution for this bug, It may happen if someone will send DELETE //?versions for exapmle too, I think we need to cover all those cases.
It looks like we fallback immediately to bucket although we got arg that match only to object context, so maybe we should check that the args we send to bucket are part of the bucket context.

if (s->init_state.url_bucket.empty()) { handler = new RGWHandler_REST_Service_S3(auth_registry, enable_sts, enable_iam, enable_pubsub); } else if (rgw::sal::RGWObject::empty(s->object.get())) { handler = new RGWHandler_REST_Bucket_S3(auth_registry, enable_pubsub); } else { handler = new RGWHandler_REST_Obj_S3(auth_registry); } }

Maybe add else if (rgw::sal::RGWObject::empty(s->object.get())) to this section a check that it will verify the args so it will not go to the bucket code path.

@houfei001 what do you think?

[qwer506]

@ofriedma That's a good point. I'll try to deal with it.

[BryceCao]

@ofriedma this is a complete solution for this bug #38741

[qwer506]

@ofriedma Happy New Year.
Well in my opinion, if the request_uri does not include the object, the request should naturally go to the bucket path. We don't need to check the args in else if (rgw::sal::RGWObject::empty(s->object.get())), since that's not elegant. Naturally, we should filter out illegal args after going to the bucket path.
@ofriedma Please take a review. Thanks!

[qwer506]

@ofriedma Happy New Year.
Well in my opinion, if the request_uri does not include the object, the request should naturally go to the bucket path. We don't need to check the args in else if (rgw::sal::RGWObject::empty(s->object.get())), since that's not elegant. Naturally, we should filter out illegal args after going to the bucket path.
@ofriedma Please take a review. Thanks!

In other words, we only allow legal args to pass through.

[qwer506]

I've tested it, it's OK, and this modification has minimal impact on the existing code. Would you mind to take a review again. @ofriedma

[BryceCao]

@houfei001 nice work when illegal args exist, maybe It's better to add this check for object delete handler as well.

[stale]

This pull request has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs for another 30 days.
If you are a maintainer or core committer, please follow-up on this pull request to identify what steps should be taken by the author to move this proposed change forward.
If you are the author of this pull request, thank you for your proposed contribution. If you believe this change is still appropriate, please ensure that any feedback has been addressed and ask for a code review.

[github-actions]

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

[stale]

This pull request has been automatically closed because there has been no activity for 90 days. Please feel free to reopen this pull request (or open a new one) if the proposed change is still appropriate. Thank you for your contribution!