From: Pritha Srivastava <prsrivas@redhat.com>
Date: Wed, 20 Nov 2019 08:15:13 +0000 (+0530)
Subject: rgw: adding mfa code validation when bucket versioning status is changed.
X-Git-Tag: v14.2.8~78^2~16^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=4131535fa7f7fac1b5d9c31ce7c6c088f4a68855;p=ceph.git

rgw: adding mfa code validation when bucket versioning status is changed.

When the user changes bucket versioning status from Enabled->Suspended
and vice versa, MFA code needs to be validated, if MFA has been enabled
for the bucket.

Fixes tracker issue #42911

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit db89c4af159301710e1cc32dbd6298c1ec24b006)
---

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 9c3c581a419c..0005c9ee30db 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -2451,6 +2451,20 @@ void RGWSetBucketVersioning::execute()
     op_ret = -ERR_MFA_REQUIRED;
     return;
   }
+  //if mfa is enabled for bucket, make sure mfa code is validated in case versioned status gets changed
+  if (cur_mfa_status) {
+    bool req_versioning_status = false;
+    //if requested versioning status is not the same as the one set for the bucket, return error
+    if (versioning_status == VersioningEnabled) {
+      req_versioning_status = (s->bucket_info.flags & BUCKET_VERSIONS_SUSPENDED) != 0;
+    } else if (versioning_status == VersioningSuspended) {
+      req_versioning_status = (s->bucket_info.flags & BUCKET_VERSIONS_SUSPENDED) == 0;
+    }
+    if (req_versioning_status && !s->mfa_verified) {
+      op_ret = -ERR_MFA_REQUIRED;
+      return;
+    }
+  }
 
   if (!store->svc.zone->is_meta_master()) {
     op_ret = forward_request_to_master(s, NULL, store, in_data, nullptr);