From: Pritha Srivastava <prsrivas@redhat.com>
Date: Wed, 12 Sep 2018 15:36:25 +0000 (+0530)
Subject: rgw: Check for Access Key during STS Auth.
X-Git-Tag: v14.0.1~113^2~5
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=e96c574cd13acf04bb6e141324c6f34e88324b0a;p=ceph.git

rgw: Check for Access Key during STS Auth.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 44ff01f730f6..f9ec11c03259 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -4410,6 +4410,11 @@ rgw::auth::s3::STSEngine::authenticate(
     return result_t::reject(ret);
   }
   //Authentication
+  //Check if access key is not the same passed in by client
+  if (token.access_key_id != _access_key_id) {
+    ldout(cct, 0) << "Invalid access key" << dendl;
+    return result_t::reject(-EPERM);
+  }
   //Check if the token has expired
   if (! token.expiration.empty()) {
     std::string expiration = token.expiration;