From: Casey Bodley <cbodley@redhat.com>
Date: Mon, 4 Mar 2024 21:46:52 +0000 (-0500)
Subject: rgw: validate account user names
X-Git-Tag: v20.0.0~2159^2~38
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=119a768ddf6f865d94775bf813c9fa5a25c58956;p=ceph.git

rgw: validate account user names

iam apis have specific requirements for the UserName field. enforce
these requirements for 'user create' and 'user modify' admin ops for
account users

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---

diff --git a/src/rgw/driver/rados/rgw_user.cc b/src/rgw/driver/rados/rgw_user.cc
index b7067ca9c3c8..ff68f03ba6a1 100644
--- a/src/rgw/driver/rados/rgw_user.cc
+++ b/src/rgw/driver/rados/rgw_user.cc
@@ -8,6 +8,7 @@
 #include "rgw_account.h"
 #include "rgw_bucket.h"
 #include "rgw_quota.h"
+#include "rgw_rest_iam.h" // validate_iam_user_name()
 
 #include "services/svc_user.h"
 #include "services/svc_meta.h"
@@ -1821,6 +1822,15 @@ int RGWUser::execute_add(const DoutPrefixProvider *dpp, RGWUserAdminOpState& op_
     user_info.type = TYPE_ROOT;
   }
 
+  if (!user_info.account_id.empty()) {
+    // validate user name according to iam api
+    std::string err;
+    if (!validate_iam_user_name(user_info.display_name, err)) {
+      set_err_msg(err_msg, err);
+      return -EINVAL;
+    }
+  }
+
   if (!op_state.path.empty()) {
     user_info.path = op_state.path;
   } else {
@@ -2155,6 +2165,15 @@ int RGWUser::execute_modify(const DoutPrefixProvider *dpp, RGWUserAdminOpState&
     user_info.type = op_state.account_root ? TYPE_ROOT : TYPE_RGW;
   }
 
+  if (!user_info.account_id.empty()) {
+    // validate user name according to iam api
+    std::string err;
+    if (!validate_iam_user_name(user_info.display_name, err)) {
+      set_err_msg(err_msg, err);
+      return -EINVAL;
+    }
+  }
+
   if (!op_state.path.empty()) {
     user_info.path = op_state.path;
   }