Actions
Bug #20232
opencan not set more than one refer on bucket policy
Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
when i set
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::test7/*"
],
"Condition": {
"StringLike": {
"aws:Referer": ["http://www.example.com/*","http://example.com/*"]
}
}
}]
}
after set this policy , all op is access deny.
[root@promote policytest]# curl -v 127.0.0.1:8000/test7/1.txt --header "referer: http://www.example.com/1"
* About to connect() to 127.0.0.1 port 8000 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> GET /test7/1.txt HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:8000
> Accept: */*
> referer: http://www.example.com/1
>
< HTTP/1.1 403 Forbidden
< Content-Length: 215
< x-amz-request-id: tx000000000000000000092-00593a3ba2-100c-default
< Accept-Ranges: bytes
< Content-Type: application/xml
< Date: Fri, 09 Jun 2017 06:09:44 GMT
<
* Connection #0 to host 127.0.0.1 left intact
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><BucketName>test7</BucketName><RequestId>tx00000000000000000
[root@promote policytest]# s3cmd ls s3://test7
ERROR: Access to bucket 'test7' was denied
ERROR: S3 error: 403 (AccessDenied)
and i foud it throw out PolicyParseException.
Policy::Policy(CephContext* cct, const string& tenant,
const bufferlist& _text)
: text(_text.to_str()) {
StringStream ss(text.data());
PolicyParser pp(cct, tenant, *this);
auto pr = Reader{}.Parse<kParseNumbersAsStringsFlag |
kParseCommentsFlag>(ss, pp);
if (!pr) {
throw PolicyParseException(std::move(pr)); <===== i found it run into here
}
}
i think it maybe rapidjson bug?
No data to display
Actions