From: Casey Bodley <cbodley@redhat.com>
Date: Tue, 12 Mar 2024 22:53:05 +0000 (-0400)
Subject: rgw: reject user tenant that looks like an account id
X-Git-Tag: v20.0.0~2159^2~32
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=4180724b5a38d560cddfb6cf04b0baa23915e4a6;p=ceph.git

rgw: reject user tenant that looks like an account id

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---

diff --git a/src/rgw/driver/rados/rgw_user.cc b/src/rgw/driver/rados/rgw_user.cc
index 43951559520a..e154813aac1c 100644
--- a/src/rgw/driver/rados/rgw_user.cc
+++ b/src/rgw/driver/rados/rgw_user.cc
@@ -1753,6 +1753,12 @@ int RGWUser::execute_add(const DoutPrefixProvider *dpp, RGWUserAdminOpState& op_
   user_info.display_name = display_name;
   user_info.type = TYPE_RGW;
 
+  // tenant must not look like a valid account id
+  if (rgw::account::validate_id(uid.tenant)) {
+    set_err_msg(err_msg, "tenant must not be formatted as an account id");
+    return -EINVAL;
+  }
+
   if (!user_email.empty())
     user_info.user_email = user_email;