fix: missing user policy enforcement in PostPolicyHandler (#11682)

2025-11-07 12:52:58 -05:00 · 2021-03-03 08:47:08 -08:00
parent c6a120df0e
commit 039f59b552
6 changed files with 63 additions and 24 deletions
--- a/cmd/signature-v2.go
+++ b/cmd/signature-v2.go
@@ -75,20 +75,18 @@ const (

 // AWS S3 Signature V2 calculation rule is give here:
 // http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationStringToSign
-
-func doesPolicySignatureV2Match(formValues http.Header) APIErrorCode {
-	cred := globalActiveCred
+func doesPolicySignatureV2Match(formValues http.Header) (auth.Credentials, APIErrorCode) {
 	accessKey := formValues.Get(xhttp.AmzAccessKeyID)
 	cred, _, s3Err := checkKeyValid(accessKey)
 	if s3Err != ErrNone {
-		return s3Err
+		return cred, s3Err
 	}
 	policy := formValues.Get("Policy")
 	signature := formValues.Get(xhttp.AmzSignatureV2)
 	if !compareSignatureV2(signature, calculateSignatureV2(policy, cred.SecretKey)) {
-		return ErrSignatureDoesNotMatch
+		return cred, ErrSignatureDoesNotMatch
 	}
-	return ErrNone
+	return cred, ErrNone
 }

 // Escape encodedQuery string into unescaped list of query params, returns error