rgw: accepted access key chars should be url safe

Signed-off-by: Yehuda Sadeh <yehuda@hq.newdream.net>

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index cbcca744932f37b4249c2b7cee3721b978bc73ea..e975fcf47e82829e164f3b133cf7765965638deb 100644 (file)
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -430,6 +430,33 @@ static void remove_old_indexes(RGWUserInfo& old_info, RGWUserInfo new_info)
     cerr << "ERROR: this should be fixed manually!" << std::endl;
 }
 
+static bool char_is_unreserved_url(char c)
+{
+  if (isalnum(c))
+    return true;
+
+  switch (c) {
+  case '-':
+  case '.':
+  case '_':
+  case '~':
+    return true;
+  default:
+    return false;
+  }
+}
+
+static bool validate_access_key(string& key)
+{
+  const char *p = key.c_str();
+  while (*p) {
+    if (!char_is_unreserved_url(*p))
+      return false;
+    p++;
+  }
+  return true;
+}
+
 int bucket_stats(rgw_bucket& bucket, Formatter *formatter)
 {
   RGWBucketInfo bucket_info;
@@ -810,6 +837,10 @@ int main(int argc, char **argv)
       access_key.append(subuser);
     }
     if ((!access_key.empty()) && (!secret_key.empty())) {
+      if (key_type == KEY_TYPE_S3 && !validate_access_key(access_key)) {
+        cerr << "access key contains illegal characters" << std::endl;
+        return 1;
+      }
       RGWAccessKey k;
       k.id = access_key;
       k.key = secret_key;