From dd425ed5aad1c60304b5097016e2ac0a0a7db883 Mon Sep 17 00:00:00 2001 From: "cao.leilc" Date: Fri, 13 Aug 2021 10:00:48 +0800 Subject: [PATCH] rgw : add return when access key exist in subuser create Fixes: https://tracker.ceph.com/issues/51559 Signed-off-by: caolei --- src/rgw/rgw_user.cc | 10 ++++++++-- src/rgw/rgw_user.h | 6 ++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc index 9d45170a54c7a..a627bdd9c02c6 100644 --- a/src/rgw/rgw_user.cc +++ b/src/rgw/rgw_user.cc @@ -636,8 +636,9 @@ int RGWAccessKeyPool::check_op(RGWUserAdminOpState& op_state, // don't check for secret key because we may be doing a removal - check_existing_key(op_state); - + if (check_existing_key(op_state)) { + op_state.set_access_key_exist(); + } return 0; } @@ -1180,6 +1181,11 @@ int RGWSubUserPool::add(const DoutPrefixProvider *dpp, RGWUserAdminOpState& op_s return ret; } + if (op_state.get_access_key_exist()) { + set_err_msg(err_msg, "cannot create existing key"); + return -ERR_KEY_EXIST; + } + if (key_type == KEY_TYPE_S3 && op_state.get_access_key().empty()) { op_state.set_gen_access(); } diff --git a/src/rgw/rgw_user.h b/src/rgw/rgw_user.h index 542efc2092561..b40abc6f19b4d 100644 --- a/src/rgw/rgw_user.h +++ b/src/rgw/rgw_user.h @@ -121,6 +121,7 @@ struct RGWUserAdminOpState { std::string id; // access key std::string key; // secret key int32_t key_type{-1}; + bool access_key_exist = false; std::set mfa_ids; @@ -254,6 +255,10 @@ struct RGWUserAdminOpState { type_specified = true; } + void set_access_key_exist() { + access_key_exist = true; + } + void set_suspension(__u8 is_suspended) { suspended = is_suspended; suspension_op = true; @@ -372,6 +377,7 @@ struct RGWUserAdminOpState { void set_generate_subuser(bool flag) { gen_subuser = flag; } __u8 get_suspension_status() { return suspended; } int32_t get_key_type() {return key_type; } + bool get_access_key_exist() {return access_key_exist; } uint32_t get_subuser_perm() { return perm_mask; } int32_t get_max_buckets() { return max_buckets; } uint32_t get_op_mask() { return op_mask; } -- 2.39.5