RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-02-24 11:37:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #37770 from pritha-srivastava/wip-sts-47871

Browse Source 
rgw/sts: fix for validating path in role arn in assume role api.
This commit is contained in:
Matt Benjamin 2020-11-12 07:58:27 -05:00 committed by GitHub
commit eb484de915
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/rgw/rgw_sts.cc
View File

@ -289,6 +289,18 @@ std::tuple<int, RGWRole> STSService::getRoleInfo(const string& arn)
}
return make_tuple(ret, this->role);
} else {
auto path_pos = r_arn->resource.find('/');
string path;
if (path_pos == pos) {
path = "/";
} else {
path = r_arn->resource.substr(path_pos, ((pos - path_pos) + 1));
}
string r_path = role.get_path();
if (path != r_path) {
ldout(cct, 0) << "Invalid Role ARN: Path in ARN does not match with the role path: " << path << " " << r_path << dendl;
return make_tuple(-EACCES, this->role);
}
this->role = std::move(role);
return make_tuple(0, this->role);
}