MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-29 21:33:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate secret key before updating service accounts

Browse Source
This commit is contained in:
Harshavardhana
2021-05-05 16:36:39 -07:00
parent b8833c2947
commit f4623ea8dc
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
cmd/iam.go
View File

@@ -1203,6 +1203,10 @@ func (sys *IAMSys) UpdateServiceAccount(ctx context.Context, accessKey string, o
return errNoSuchServiceAccount return errNoSuchServiceAccount
} }
if !auth.IsSecretKeyValid(opts.secretKey) {
return auth.ErrInvalidSecretKeyLength
}
if opts.secretKey != "" { if opts.secretKey != "" {
cr.SecretKey = opts.secretKey cr.SecretKey = opts.secretKey
} }
@@ -1346,6 +1350,14 @@ func (sys *IAMSys) CreateUser(accessKey string, uinfo madmin.UserInfo) error {
return errIAMActionNotAllowed return errIAMActionNotAllowed
} }
if !auth.IsAccessKeyValid(accessKey) {
return auth.ErrInvalidAccessKeyLength
}
if !auth.IsSecretKeyValid(uinfo.SecretKey) {
return auth.ErrInvalidSecretKeyLength
}
sys.store.lock() sys.store.lock()
defer sys.store.unlock() defer sys.store.unlock()
@@ -1388,6 +1400,14 @@ func (sys *IAMSys) SetUserSecretKey(accessKey string, secretKey string) error {
return errIAMActionNotAllowed return errIAMActionNotAllowed
} }
if !auth.IsAccessKeyValid(accessKey) {
return auth.ErrInvalidAccessKeyLength
}
if !auth.IsSecretKeyValid(secretKey) {
return auth.ErrInvalidSecretKeyLength
}
sys.store.lock() sys.store.lock()
defer sys.store.unlock() defer sys.store.unlock()