RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-02-25 03:52:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

rgw: validate account user names

Browse Source 
iam apis have specific requirements for the UserName field. enforce
these requirements for 'user create' and 'user modify' admin ops for
account users

Signed-off-by: Casey Bodley <cbodley@redhat.com>
This commit is contained in:
Casey Bodley 2024-03-04 16:46:52 -05:00
parent 272a7660ca
commit 119a768ddf
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/rgw/driver/rados/rgw_user.cc
View File

@ -8,6 +8,7 @@
#include "rgw_account.h"
#include "rgw_bucket.h"
#include "rgw_quota.h"
#include "rgw_rest_iam.h" // validate_iam_user_name()
#include "services/svc_user.h"
#include "services/svc_meta.h"
@ -1821,6 +1822,15 @@ int RGWUser::execute_add(const DoutPrefixProvider *dpp, RGWUserAdminOpState& op_
user_info.type = TYPE_ROOT;
}
if (!user_info.account_id.empty()) {
// validate user name according to iam api
std::string err;
if (!validate_iam_user_name(user_info.display_name, err)) {
set_err_msg(err_msg, err);
return -EINVAL;
}
}
if (!op_state.path.empty()) {
user_info.path = op_state.path;
} else {
@ -2155,6 +2165,15 @@ int RGWUser::execute_modify(const DoutPrefixProvider *dpp, RGWUserAdminOpState&
user_info.type = op_state.account_root ? TYPE_ROOT : TYPE_RGW;
}
if (!user_info.account_id.empty()) {
// validate user name according to iam api
std::string err;
if (!validate_iam_user_name(user_info.display_name, err)) {
set_err_msg(err_msg, err);
return -EINVAL;
}
}
if (!op_state.path.empty()) {
user_info.path = op_state.path;
}