MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 13:39:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: temp credentials shouldn't allow policy/group changes (#8675)

Browse Source 
This PR fixes the issue where we might allow policy changes
for temporary credentials out of band, this situation allows
privilege escalation for those temporary credentials. We
should disallow any external actions on temporary creds
as a practice and we should clearly differentiate which
are static and which are temporary credentials.

Refer #8667
This commit is contained in:
Harshavardhana
2019-12-19 14:21:21 -08:00
committed by kannappanr
parent d140074773
commit 586614c73f
3 changed files with 77 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/auth/credentials.go
View File

@@ -117,6 +117,11 @@ func (cred Credentials) IsExpired() bool {
return cred.Expiration.Before(time.Now().UTC())
}
// IsTemp - returns whether credential is temporary or not.
func (cred Credentials) IsTemp() bool {
return cred.SessionToken != ""
}
// IsValid - returns whether credential is valid or not.
func (cred Credentials) IsValid() bool {
// Verify credentials if its enabled or not set.