From c138272d6356f3189ac35bd03d2504da35fd49d3 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Sat, 23 May 2020 10:01:01 -0700
Subject: [PATCH] reject object lock requests on existing buckets (#9684)

a regression was introduced fix it to ensure that we
do not allow object locking settings on existing buckets
without object locking
---
 cmd/bucket-handlers.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmd/bucket-handlers.go b/cmd/bucket-handlers.go
index 37dddff25..d6ae21bea 100644
--- a/cmd/bucket-handlers.go
+++ b/cmd/bucket-handlers.go
@@ -1032,6 +1032,12 @@ func (api objectAPIHandlers) PutBucketObjectLockConfigHandler(w http.ResponseWri
 		return
 	}
 
+	// Deny object locking configuration settings on existing buckets without object lock enabled.
+	if _, err = globalBucketMetadataSys.GetObjectLockConfig(bucket); err != nil {
+		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL, guessIsBrowserReq(r))
+		return
+	}
+
 	if err = globalBucketMetadataSys.Update(bucket, objectLockConfig, configData); err != nil {
 		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL, guessIsBrowserReq(r))
 		return