From: Pritha Srivastava <prsrivas@redhat.com>
Date: Tue, 30 Oct 2018 05:33:40 +0000 (+0530)
Subject: rgw: Adding permission verification to GetSessionToken REST API.
X-Git-Tag: v14.1.0~189^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ddf04bb8de83b4edd1962db678cce5c3407aa722;p=ceph.git

rgw: Adding permission verification to GetSessionToken REST API.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/src/rgw/rgw_rest_sts.cc b/src/rgw/rgw_rest_sts.cc
index bcbd9008c6b7..6b723aae5d5b 100644
--- a/src/rgw/rgw_rest_sts.cc
+++ b/src/rgw/rgw_rest_sts.cc
@@ -169,6 +169,15 @@ void RGWREST_STS::send_response()
 
 int RGWSTSGetSessionToken::verify_permission()
 {
+  rgw::IAM::Partition partition = rgw::IAM::Partition::aws;
+  rgw::IAM::Service service = rgw::IAM::Service::s3;
+  if (!verify_user_permission(this,
+                              s,
+                              rgw::IAM::ARN(partition, service, "", s->user->user_id.tenant, ""),
+                              rgw::IAM::stsGetSessionToken)) {
+    return -EACCES;
+  }
+
   return 0;
 }