gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

S3 authorization: StreamingSigned enforces access control

Browse Source 
fix https://github.com/chrislusf/seaweedfs/issues/2180
This commit is contained in:
Chris Lu
2021-07-03 14:50:53 -07:00
parent 3986601ee8
commit d39b2689a5
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
weed/s3api/chunked_reader_v4.go
View File

@@ -85,11 +85,17 @@ func (iam *IdentityAccessManagement) calculateSeedSignature(r *http.Request) (cr
return nil, "", "", time.Time{}, errCode return nil, "", "", time.Time{}, errCode
} }
// Verify if the access key id matches. // Verify if the access key id matches.
_, cred, found := iam.lookupByAccessKey(signV4Values.Credential.accessKey) identity, cred, found := iam.lookupByAccessKey(signV4Values.Credential.accessKey)
if !found { if !found {
return nil, "", "", time.Time{}, s3err.ErrInvalidAccessKeyID return nil, "", "", time.Time{}, s3err.ErrInvalidAccessKeyID
} }
bucket, _ := getBucketAndObject(r)
if !identity.canDo("Write", bucket) {
errCode = s3err.ErrAccessDenied
return
}
// Verify if region is valid. // Verify if region is valid.
region = signV4Values.Credential.scope.region region = signV4Values.Credential.scope.region