Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pacific: rgw: Avoid segfault when OPA authz is enabled #46106

Merged
merged 1 commit into from Nov 28, 2023
Merged

pacific: rgw: Avoid segfault when OPA authz is enabled #46106

merged 1 commit into from Nov 28, 2023

Conversation

BenoitKnecht
Copy link
Contributor

backport tracker: https://tracker.ceph.com/issues/55500

backport of #45873
parent tracker: https://tracker.ceph.com/issues/55286

this backport was staged using ceph-backport.sh version 16.0.0.6848
find the latest version at https://github.com/ceph/ceph/blob/master/src/script/ceph-backport.sh

@github-actions github-actions bot added the rgw label May 2, 2022
@github-actions github-actions bot added this to the pacific milestone May 2, 2022
@BenoitKnecht BenoitKnecht requested review from a team as code owners May 16, 2022 18:49
@BenoitKnecht BenoitKnecht requested review from pereman2 and nizamial09 and removed request for a team May 16, 2022 18:49
@cbodley
Copy link
Contributor

cbodley commented Oct 4, 2022

looks like this needs a rebase

@rkachach rkachach removed the request for review from a team May 25, 2023 11:54
@cbodley
Copy link
Contributor

cbodley commented Oct 24, 2023

@BenoitKnecht please rebase so there's only the single commit from #45873 on top of the current pacific branch. this currently includes lots of merge commits and other unrelated changes

@BenoitKnecht
rgw: Avoid segfault when OPA authz is enabled
3cecb88 
When `rgw_use_opa_authz=true`, radosgw would segfault on any request that
didn't target a specific object or bucket, because `s->object` or `s->bucket`
would be `nullptr` in that case, but that code path would try to dereference
them anyway.

This commit only adds the `object_name`, `subuser`, `user_info` and
`bucket_info` JSON objects if the corresponding `s->X` object is defined,
thereby avoiding segfaults in radosgw when Open Policy Agent authorization is
enabled.

Fixes: https://tracker.ceph.com/issues/55286
Signed-off-by: Benoît Knecht <bknecht@protonmail.ch>
(cherry picked from commit ac71916)
@BenoitKnecht
Copy link
Contributor Author

@cbodley Done.

@cbodley cbodley requested review from a team and removed request for a team, pereman2 and nizamial09 October 31, 2023 14:16
@cfsnyder cfsnyder modified the milestones: pacific, v16.2.15 Nov 13, 2023
@yuriw yuriw merged commit c657f99 into ceph:pacific Nov 28, 2023
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smanjara smanjara smanjara approved these changes

Assignees
No one assigned
Labels
needs-qa rgw wip-yuri8-testing
Projects
None yet
Milestone
v16.2.15
5 participants
@BenoitKnecht @cbodley @smanjara @yuriw @cfsnyder