rgw: validate account user names

iam apis have specific requirements for the UserName field. enforce
these requirements for 'user create' and 'user modify' admin ops for
account users

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 119a768ddf6f865d94775bf813c9fa5a25c58956)

diff --git a/src/rgw/driver/rados/rgw_user.cc b/src/rgw/driver/rados/rgw_user.cc
index efaea81ce2929a239c8026437b520c28ab743993..c71eed93767cf02e06954402adecfb00e4612405 100644 (file)
--- a/src/rgw/driver/rados/rgw_user.cc
+++ b/src/rgw/driver/rados/rgw_user.cc
@@ -8,6 +8,7 @@
 #include "rgw_account.h"
 #include "rgw_bucket.h"
 #include "rgw_quota.h"
+#include "rgw_rest_iam.h" // validate_iam_user_name()
 
 #include "services/svc_user.h"
 #include "services/svc_meta.h"
@@ -1817,6 +1818,15 @@ int RGWUser::execute_add(const DoutPrefixProvider *dpp, RGWUserAdminOpState& op_
     user_info.type = TYPE_ROOT;
   }
 
+  if (!user_info.account_id.empty()) {
+    // validate user name according to iam api
+    std::string err;
+    if (!validate_iam_user_name(user_info.display_name, err)) {
+      set_err_msg(err_msg, err);
+      return -EINVAL;
+    }
+  }
+
   if (!op_state.path.empty()) {
     user_info.path = op_state.path;
   } else {
@@ -2151,6 +2161,15 @@ int RGWUser::execute_modify(const DoutPrefixProvider *dpp, RGWUserAdminOpState&
     user_info.type = op_state.account_root ? TYPE_ROOT : TYPE_RGW;
   }
 
+  if (!user_info.account_id.empty()) {
+    // validate user name according to iam api
+    std::string err;
+    if (!validate_iam_user_name(user_info.display_name, err)) {
+      set_err_msg(err_msg, err);
+      return -EINVAL;
+    }
+  }
+
   if (!op_state.path.empty()) {
     user_info.path = op_state.path;
   }