From 99ba6610a8f437604cadf68cbe9969def893e870 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Sep 2015 00:21:13 +0530 Subject: [PATCH] 13207: Rados Gateway: Anonymous user is able to read bucket with authenticated read ACL Signed-off-by: root --- src/rgw/rgw_acl_s3.cc | 2 +- src/rgw/rgw_op.cc | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/rgw/rgw_acl_s3.cc b/src/rgw/rgw_acl_s3.cc index f0ed08118dfaa..490bf98221aa3 100644 --- a/src/rgw/rgw_acl_s3.cc +++ b/src/rgw/rgw_acl_s3.cc @@ -568,7 +568,7 @@ bool RGWAccessControlPolicy_S3::compare_group_name(string& id, ACLGroupTypeEnum { switch (group) { case ACL_GROUP_ALL_USERS: - return (id.compare(rgw_uri_all_users) == 0); + return (id.compare(RGW_USER_ANON_ID) == 0); case ACL_GROUP_AUTHENTICATED_USERS: return (id.compare(rgw_uri_auth_users) == 0); default: diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc index ff84aba0b064e..91f5229c6cbe9 100644 --- a/src/rgw/rgw_op.cc +++ b/src/rgw/rgw_op.cc @@ -17,6 +17,7 @@ #include "rgw_rest.h" #include "rgw_acl.h" #include "rgw_acl_s3.h" +#include "rgw_acl_swift.h" #include "rgw_user.h" #include "rgw_bucket.h" #include "rgw_log.h" @@ -356,7 +357,13 @@ static int rgw_build_policies(RGWRados *store, struct req_state *s, bool only_bu } } - s->bucket_acl = new RGWAccessControlPolicy(s->cct); + if(s->dialect.compare("s3") == 0) { + s->bucket_acl = new RGWAccessControlPolicy_S3(s->cct); + } else if(s->dialect.compare("swift") == 0) { + s->bucket_acl = new RGWAccessControlPolicy_SWIFT(s->cct); + } else { + s->bucket_acl = new RGWAccessControlPolicy(s->cct); + } if (s->copy_source) { /* check if copy source is within the current domain */ const char *src = s->copy_source;