rgw: Check for Access Key during STS Auth.

author Pritha Srivastava <prsrivas@redhat.com>

Wed, 12 Sep 2018 15:36:25 +0000 (21:06 +0530)

committer Pritha Srivastava <prsrivas@redhat.com>

Fri, 21 Sep 2018 05:39:33 +0000 (11:09 +0530)
author Pritha Srivastava <prsrivas@redhat.com>
Wed, 12 Sep 2018 15:36:25 +0000 (21:06 +0530)
committer Pritha Srivastava <prsrivas@redhat.com>
Fri, 21 Sep 2018 05:39:33 +0000 (11:09 +0530)
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc

index 44ff01f730f6037fa6a891aa0ae6dc8088672c64..f9ec11c0325977775e5b782f25500958f2615b2e 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -4410,6 +4410,11 @@ rgw::auth::s3::STSEngine::authenticate(
      return result_t::reject(ret);
    }
    //Authentication
+  //Check if access key is not the same passed in by client
+  if (token.access_key_id != _access_key_id) {
+    ldout(cct, 0) << "Invalid access key" << dendl;
+    return result_t::reject(-EPERM);
+  }
    //Check if the token has expired
    if (! token.expiration.empty()) {
      std::string expiration = token.expiration;
author	Pritha Srivastava <prsrivas@redhat.com>
	Wed, 12 Sep 2018 15:36:25 +0000 (21:06 +0530)
committer	Pritha Srivastava <prsrivas@redhat.com>
	Fri, 21 Sep 2018 05:39:33 +0000 (11:09 +0530)