From 0d154871d50d9a88511b383bc4c96581bc46b659 Mon Sep 17 00:00:00 2001 From: poornas Date: Thu, 7 Sep 2017 11:16:13 -0700 Subject: [PATCH] Admin: Raise error if config and env credentials mismatch (#4870) --- cmd/admin-handlers.go | 18 ++++++++++++++++++ cmd/api-errors.go | 6 ++++++ 2 files changed, 24 insertions(+) diff --git a/cmd/admin-handlers.go b/cmd/admin-handlers.go index 074591057..d55923275 100644 --- a/cmd/admin-handlers.go +++ b/cmd/admin-handlers.go @@ -979,6 +979,24 @@ func (adminAPI adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http return } + var config serverConfigV19 + err = json.Unmarshal(configBytes, &config) + + if err != nil { + errorIf(err, "Failed to unmarshal config from request body.") + writeErrorResponse(w, toAPIErrorCode(err), r.URL) + return + } + + if globalIsEnvCreds { + creds := serverConfig.GetCredential() + if config.Credential.AccessKey != creds.AccessKey || + config.Credential.SecretKey != creds.SecretKey { + writeErrorResponse(w, ErrAdminCredentialsMismatch, r.URL) + return + } + } + // Write config received from request onto a temporary file on // all nodes. tmpFileName := fmt.Sprintf(minioConfigTmpFormat, mustGetUUID()) diff --git a/cmd/api-errors.go b/cmd/api-errors.go index 3394e9a26..b7a95d7a3 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -153,6 +153,7 @@ const ( ErrAdminInvalidAccessKey ErrAdminInvalidSecretKey ErrAdminConfigNoQuorum + ErrAdminCredentialsMismatch ErrInsecureClientRequest ) @@ -633,6 +634,11 @@ var errorCodeResponse = map[APIErrorCode]APIError{ Description: "Configuration update failed because server quorum was not met", HTTPStatusCode: http.StatusServiceUnavailable, }, + ErrAdminCredentialsMismatch: { + Code: "XMinioAdminCredentialsMismatch", + Description: "Credentials in config mismatch with server environment variables", + HTTPStatusCode: http.StatusServiceUnavailable, + }, ErrInsecureClientRequest: { Code: "XMinioInsecureClientRequest", Description: "Cannot respond to plain-text request from TLS-encrypted server",