MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-10 22:47:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: STS creds without "aud" should be honored with STS checks (#8868)

Browse Source 
Fixes #8865
This commit is contained in:
Harshavardhana 2020-01-22 01:39:46 -08:00 committed by Nitish Tiwari
parent 55063906b5
commit fe5d599802
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cmd/iam.go
View File

@ -1367,8 +1367,13 @@ func (sys *IAMSys) IsAllowed(args iampolicy.Args) bool {
return true return true
} }
// With claims set, we should do STS related checks and validation. // If the credential is temporary, perform STS related checks.
if _, ok := args.Claims["aud"]; ok { ok, err := sys.IsTempUser(args.AccountName)
if err != nil {
logger.LogIf(context.Background(), err)
return false
}
if ok {
return sys.IsAllowedSTS(args) return sys.IsAllowedSTS(args)
} }