From f831bb70958896a572fb42e805351472a6e08fa7 Mon Sep 17 00:00:00 2001 From: Casey Bodley Date: Tue, 12 Mar 2024 18:53:05 -0400 Subject: [PATCH] rgw: reject user tenant that looks like an account id Signed-off-by: Casey Bodley (cherry picked from commit 4180724b5a38d560cddfb6cf04b0baa23915e4a6) --- src/rgw/driver/rados/rgw_user.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/rgw/driver/rados/rgw_user.cc b/src/rgw/driver/rados/rgw_user.cc index d764bd6c181..5fe57c65147 100644 --- a/src/rgw/driver/rados/rgw_user.cc +++ b/src/rgw/driver/rados/rgw_user.cc @@ -1749,6 +1749,12 @@ int RGWUser::execute_add(const DoutPrefixProvider *dpp, RGWUserAdminOpState& op_ user_info.display_name = display_name; user_info.type = TYPE_RGW; + // tenant must not look like a valid account id + if (rgw::account::validate_id(uid.tenant)) { + set_err_msg(err_msg, "tenant must not be formatted as an account id"); + return -EINVAL; + } + if (!user_email.empty()) user_info.user_email = user_email; -- 2.39.5