self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-10-14 11:52:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

do not change targetUser after permission validation

Browse source 
for service accounts make sure that targetUser is
always the one that is presented/validated from
the incoming request, not the parentUser.
This commit is contained in:
Harshavardhana 2021-05-05 16:13:45 -07:00
parent af1b6e3458
commit b8833c2947
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cmd/admin-handlers-users.go
View file

@ -525,12 +525,10 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
} else {
if cred.IsServiceAccount() || cred.IsTemp() {
if cred.ParentUser == "" {
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errors.New("service accounts cannot be generated for temporary credentials without parent")), r.URL)
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx,
errors.New("service accounts cannot be generated for temporary credentials without parent")), r.URL)
return
}
targetUser = cred.ParentUser
} else {
targetUser = cred.AccessKey
}
targetGroups = cred.Groups
}