Browse Source

S3 authorization: StreamingSigned enforces access control

fix https://github.com/chrislusf/seaweedfs/issues/2180
pull/2182/head
Chris Lu 4 years ago
parent
commit
d39b2689a5
  1. 8
      weed/s3api/chunked_reader_v4.go

8
weed/s3api/chunked_reader_v4.go

@ -85,11 +85,17 @@ func (iam *IdentityAccessManagement) calculateSeedSignature(r *http.Request) (cr
return nil, "", "", time.Time{}, errCode return nil, "", "", time.Time{}, errCode
} }
// Verify if the access key id matches. // Verify if the access key id matches.
_, cred, found := iam.lookupByAccessKey(signV4Values.Credential.accessKey)
identity, cred, found := iam.lookupByAccessKey(signV4Values.Credential.accessKey)
if !found { if !found {
return nil, "", "", time.Time{}, s3err.ErrInvalidAccessKeyID return nil, "", "", time.Time{}, s3err.ErrInvalidAccessKeyID
} }
bucket, _ := getBucketAndObject(r)
if !identity.canDo("Write", bucket) {
errCode = s3err.ErrAccessDenied
return
}
// Verify if region is valid. // Verify if region is valid.
region = signV4Values.Credential.scope.region region = signV4Values.Credential.scope.region

Loading…
Cancel
Save