** Description changed:

  [Impact]
  If a user tries to access a non-existent bucket, it should get a 
'NoSuchBucket' error message (404)
  But if there is such a bucket which is belonged to another user, radosgw will 
return 'AccessDenied' error (403)
  This is an incorrect error message, radosgw should return 404
- 
  
  [Test Case]
  Create a user by radosgw-admin, then create a bucket through S3 by this user
  Create another user and try to access the bucket created by the above user
  The error message must be 'NoSuchBucket', not 'AccessDenied'
  
  [Regression Potential]
- Low
+ Low, this patch checks 
+ 1. 'is_admin_of' and 'verify_permission' separately instead of 'and' the 
results of them
+ 2. if the bucket policy allow the user to access this bucket
+ to make sure it returns the correct error code, so basically it checks the 
same thing as before but in the correct order
  
  [Other Information]
  Backport Ceph issue 38638 to Luminous.
  
  If a user different from the owner (or even an anonymous user) does a
  GetObject/HeadObject on a non existing object, Radosgw returns status
  code 403, rather than the correct status 404.
  
  A version of this was merged into Ceph master:
  https://tracker.ceph.com/issues/38638
  https://github.com/ceph/ceph/commit/5eb50b7d10da51db72f705807c87775562b79b63
  
  And backported to luminous has been accepted:
  https://tracker.ceph.com/issues/39272
  https://github.com/ceph/ceph/commit/a752b21f549cc83745e35324387b85b3d039dfd2

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847544

Title:
  backport: S3 policy evaluated incorrectly

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1847544/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to