@ -600,20 +600,40 @@ func (sys *IAMSys) ListUsers() (map[string]madmin.UserInfo, error) {
}
for k , v := range sys . iamUsersMap {
users [ k ] = madmin . UserInfo {
PolicyName : sys . iamUserPolicyMap [ k ] . Policy ,
Status : func ( ) madmin . AccountStatus {
if v . IsValid ( ) {
return madmin . AccountEnabled
}
return madmin . AccountDisabled
} ( ) ,
if ! v . IsTemp ( ) {
users [ k ] = madmin . UserInfo {
PolicyName : sys . iamUserPolicyMap [ k ] . Policy ,
Status : func ( ) madmin . AccountStatus {
if v . IsValid ( ) {
return madmin . AccountEnabled
}
return madmin . AccountDisabled
} ( ) ,
}
}
}
return users , nil
}
// IsTempUser - returns if given key is a temporary user.
func ( sys * IAMSys ) IsTempUser ( name string ) ( bool , error ) {
objectAPI := newObjectLayerWithoutSafeModeFn ( )
if objectAPI == nil {
return false , errServerNotInitialized
}
sys . RLock ( )
defer sys . RUnlock ( )
creds , found := sys . iamUsersMap [ name ]
if ! found {
return false , errNoSuchUser
}
return creds . IsTemp ( ) , nil
}
// GetUserInfo - get info on a user.
func ( sys * IAMSys ) GetUserInfo ( name string ) ( u madmin . UserInfo , err error ) {
objectAPI := newObjectLayerWithoutSafeModeFn ( )
@ -636,6 +656,10 @@ func (sys *IAMSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
return u , errNoSuchUser
}
if creds . IsTemp ( ) {
return u , errIAMActionNotAllowed
}
u = madmin . UserInfo {
PolicyName : sys . iamUserPolicyMap [ name ] . Policy ,
Status : func ( ) madmin . AccountStatus {
@ -672,6 +696,10 @@ func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus)
return errNoSuchUser
}
if cred . IsTemp ( ) {
return errIAMActionNotAllowed
}
uinfo := newUserIdentity ( auth . Credentials {
AccessKey : accessKey ,
SecretKey : cred . SecretKey ,
@ -719,9 +747,15 @@ func (sys *IAMSys) SetUser(accessKey string, uinfo madmin.UserInfo) error {
return errServerNotInitialized
}
cr , ok := sys . iamUsersMap [ accessKey ]
if cr . IsTemp ( ) && ok {
return errIAMActionNotAllowed
}
if err := sys . store . saveUserIdentity ( accessKey , false , u ) ; err != nil {
return err
}
sys . iamUsersMap [ accessKey ] = u . Credentials
// Set policy if specified.
@ -794,10 +828,13 @@ func (sys *IAMSys) AddUsersToGroup(group string, members []string) error {
// Validate that all members exist.
for _ , member := range members {
_ , ok := sys . iamUsersMap [ member ]
cr , ok := sys . iamUsersMap [ member ]
if ! ok {
return errNoSuchUser
}
if cr . IsTemp ( ) {
return errIAMActionNotAllowed
}
}
gi , ok := sys . iamGroupsMap [ group ]
@ -856,10 +893,13 @@ func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error {
// Validate that all members exist.
for _ , member := range members {
_ , ok := sys . iamUsersMap [ member ]
cr , ok := sys . iamUsersMap [ member ]
if ! ok {
return errNoSuchUser
}
if cr . IsTemp ( ) {
return errIAMActionNotAllowed
}
}
gi , ok := sys . iamGroupsMap [ group ]