MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-02-27 13:29:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

do not change targetUser after permission validation

Browse Source 
for service accounts make sure that targetUser is
always the one that is presented/validated from
the incoming request, not the parentUser.
This commit is contained in:
Harshavardhana 2021-05-05 16:13:45 -07:00
parent af1b6e3458
commit b8833c2947
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/admin-handlers-users.go
View File

@ -525,12 +525,10 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
} else { } else {
if cred.IsServiceAccount() || cred.IsTemp() { if cred.IsServiceAccount() || cred.IsTemp() {
if cred.ParentUser == "" { if cred.ParentUser == "" {
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errors.New("service accounts cannot be generated for temporary credentials without parent")), r.URL) writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx,
errors.New("service accounts cannot be generated for temporary credentials without parent")), r.URL)
return return
} }
targetUser = cred.ParentUser
} else {
targetUser = cred.AccessKey
} }
targetGroups = cred.Groups targetGroups = cred.Groups
} }