From 30922148fbb5f0238701fb17642689199e5a2880 Mon Sep 17 00:00:00 2001
From: poornas <poornas@users.noreply.github.com>
Date: Mon, 13 Jan 2020 17:29:31 -0800
Subject: [PATCH] Fix bug preventing overwrite of object if (#8796)

object lock config is enabled for a bucket.

Creating a bucket with object lock configuration
enabled does not automatically cause WORM protection
to be applied. PUT operation needs to specifically
request object locking or bucket has to have default
retention settings configured.

Fixes regression introduced in #8657
---
 cmd/fs-v1-multipart.go | 2 +-
 cmd/fs-v1.go           | 2 +-
 cmd/object-handlers.go | 2 +-
 cmd/object-lock.go     | 5 ++---
 cmd/utils.go           | 9 +++------
 cmd/xl-v1-multipart.go | 2 +-
 cmd/xl-v1-object.go    | 2 +-
 7 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/cmd/fs-v1-multipart.go b/cmd/fs-v1-multipart.go
index 11216cd4e..38df236d8 100644
--- a/cmd/fs-v1-multipart.go
+++ b/cmd/fs-v1-multipart.go
@@ -683,7 +683,7 @@ func (fs *FSObjects) CompleteMultipartUpload(ctx context.Context, bucket string,
 	}
 
 	// Deny if WORM is enabled
-	if _, ok := isWORMEnabled(bucket); ok {
+	if isWORMEnabled(bucket) {
 		if _, err := fsStatFile(ctx, pathJoin(fs.fsPath, bucket, object)); err == nil {
 			return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object}
 		}
diff --git a/cmd/fs-v1.go b/cmd/fs-v1.go
index aec0a4d14..9c6fa013b 100644
--- a/cmd/fs-v1.go
+++ b/cmd/fs-v1.go
@@ -1032,7 +1032,7 @@ func (fs *FSObjects) putObject(ctx context.Context, bucket string, object string
 	// Entire object was written to the temp location, now it's safe to rename it to the actual location.
 	fsNSObjPath := pathJoin(fs.fsPath, bucket, object)
 	// Deny if WORM is enabled
-	if _, ok := isWORMEnabled(bucket); ok {
+	if isWORMEnabled(bucket) {
 		if _, err := fsStatFile(ctx, fsNSObjPath); err == nil {
 			return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object}
 		}
diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go
index e81cc5787..57a990d49 100644
--- a/cmd/object-handlers.go
+++ b/cmd/object-handlers.go
@@ -2563,7 +2563,7 @@ func (api objectAPIHandlers) PutObjectRetentionHandler(w http.ResponseWriter, r
 		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidDigest), r.URL, guessIsBrowserReq(r))
 		return
 	}
-	if _, isWORMBucket := isWORMEnabled(bucket); !isWORMBucket {
+	if _, ok := globalBucketObjectLockConfig.Get(bucket); !ok {
 		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrInvalidBucketObjectLockConfiguration), r.URL, guessIsBrowserReq(r))
 		return
 	}
diff --git a/cmd/object-lock.go b/cmd/object-lock.go
index 896f58ec6..84d60f44a 100644
--- a/cmd/object-lock.go
+++ b/cmd/object-lock.go
@@ -477,8 +477,7 @@ func enforceRetentionBypassForPut(ctx context.Context, r *http.Request, bucket,
 	ret := getObjectRetentionMeta(oi.UserDefined)
 	// no retention metadata on object
 	if ret.Mode == Invalid {
-		_, isWORMBucket := isWORMEnabled(bucket)
-		if !isWORMBucket {
+		if _, isWORMBucket := globalBucketObjectLockConfig.Get(bucket); !isWORMBucket {
 			return oi, ErrInvalidBucketObjectLockConfiguration
 		}
 		return oi, ErrNone
@@ -527,7 +526,7 @@ func checkPutObjectRetentionAllowed(ctx context.Context, r *http.Request, bucket
 	var mode RetentionMode
 	var retainDate RetentionDate
 
-	retention, isWORMBucket := isWORMEnabled(bucket)
+	retention, isWORMBucket := globalBucketObjectLockConfig.Get(bucket)
 
 	retentionRequested := isObjectLockRequested(r.Header)
 
diff --git a/cmd/utils.go b/cmd/utils.go
index 754fa0e36..c891f3fd4 100644
--- a/cmd/utils.go
+++ b/cmd/utils.go
@@ -579,12 +579,9 @@ func iamPolicyClaimName() string {
 	return globalOpenIDConfig.ClaimPrefix + globalOpenIDConfig.ClaimName
 }
 
-func isWORMEnabled(bucket string) (Retention, bool) {
+func isWORMEnabled(bucket string) bool {
 	if isMinioMetaBucketName(bucket) {
-		return Retention{}, false
+		return false
 	}
-	if globalWORMEnabled {
-		return Retention{}, true
-	}
-	return globalBucketObjectLockConfig.Get(bucket)
+	return globalWORMEnabled
 }
diff --git a/cmd/xl-v1-multipart.go b/cmd/xl-v1-multipart.go
index a6b7c6f55..bdc502984 100644
--- a/cmd/xl-v1-multipart.go
+++ b/cmd/xl-v1-multipart.go
@@ -708,7 +708,7 @@ func (xl xlObjects) CompleteMultipartUpload(ctx context.Context, bucket string,
 
 	if xl.isObject(bucket, object) {
 		// Deny if WORM is enabled
-		if _, ok := isWORMEnabled(bucket); ok {
+		if isWORMEnabled(bucket) {
 			if _, err := xl.getObjectInfo(ctx, bucket, object); err == nil {
 				return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object}
 			}
diff --git a/cmd/xl-v1-object.go b/cmd/xl-v1-object.go
index 51bd79339..1744aa637 100644
--- a/cmd/xl-v1-object.go
+++ b/cmd/xl-v1-object.go
@@ -611,7 +611,7 @@ func (xl xlObjects) putObject(ctx context.Context, bucket string, object string,
 
 	if xl.isObject(bucket, object) {
 		// Deny if WORM is enabled
-		if _, ok := isWORMEnabled(bucket); ok {
+		if isWORMEnabled(bucket) {
 			if _, err := xl.getObjectInfo(ctx, bucket, object); err == nil {
 				return ObjectInfo{}, ObjectAlreadyExists{Bucket: bucket, Object: object}
 			}