From 5cc23ae0526d28874f25b100c1477b476ec39e26 Mon Sep 17 00:00:00 2001
From: Poorna Krishnamoorthy <poornas@users.noreply.github.com>
Date: Tue, 20 Oct 2020 21:28:24 -0700
Subject: [PATCH] validate if iam store is initialized (#10719)

Fixes panic - regression from d6d770c1b16670771640d606690f05d63c5dbea4
---
 cmd/iam.go | 55 ++++++++++++++++++++++++++++--------------------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/cmd/iam.go b/cmd/iam.go
index 109198952..dad194ef0 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -386,7 +386,7 @@ func (sys *IAMSys) LoadUser(objAPI ObjectLayer, accessKey string, userType IAMUs
 
 // LoadServiceAccount - reloads a specific service account from backend disks or etcd.
 func (sys *IAMSys) LoadServiceAccount(accessKey string) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -505,7 +505,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer) {
 
 // DeletePolicy - deletes a canned policy from backend or etcd.
 func (sys *IAMSys) DeletePolicy(policyName string) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -557,7 +557,7 @@ func (sys *IAMSys) DeletePolicy(policyName string) error {
 
 // InfoPolicy - expands the canned policy into its JSON structure.
 func (sys *IAMSys) InfoPolicy(policyName string) (iampolicy.Policy, error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return iampolicy.Policy{}, errServerNotInitialized
 	}
 
@@ -574,7 +574,7 @@ func (sys *IAMSys) InfoPolicy(policyName string) (iampolicy.Policy, error) {
 
 // ListPolicies - lists all canned policies.
 func (sys *IAMSys) ListPolicies() (map[string]iampolicy.Policy, error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return nil, errServerNotInitialized
 	}
 
@@ -595,7 +595,7 @@ func (sys *IAMSys) ListPolicies() (map[string]iampolicy.Policy, error) {
 
 // SetPolicy - sets a new name policy.
 func (sys *IAMSys) SetPolicy(policyName string, p iampolicy.Policy) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -616,7 +616,7 @@ func (sys *IAMSys) SetPolicy(policyName string, p iampolicy.Policy) error {
 
 // DeleteUser - delete user (only for long-term users not STS users).
 func (sys *IAMSys) DeleteUser(accessKey string) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -669,6 +669,9 @@ func (sys *IAMSys) DeleteUser(accessKey string) error {
 // after validating if there are any current policies which exist
 // on MinIO corresponding to the input.
 func (sys *IAMSys) currentPolicies(policyName string) string {
+	if sys.store == nil {
+		return ""
+	}
 	sys.store.rlock()
 	defer sys.store.runlock()
 
@@ -685,7 +688,7 @@ func (sys *IAMSys) currentPolicies(policyName string) string {
 
 // SetTempUser - set temporary user credentials, these credentials have an expiry.
 func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials, policyName string) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -734,7 +737,7 @@ func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials, policyNa
 
 // ListUsers - list all users.
 func (sys *IAMSys) ListUsers() (map[string]madmin.UserInfo, error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return nil, errServerNotInitialized
 	}
 
@@ -770,7 +773,7 @@ func (sys *IAMSys) ListUsers() (map[string]madmin.UserInfo, error) {
 
 // IsTempUser - returns if given key is a temporary user.
 func (sys *IAMSys) IsTempUser(name string) (bool, error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return false, errServerNotInitialized
 	}
 
@@ -787,7 +790,7 @@ func (sys *IAMSys) IsTempUser(name string) (bool, error) {
 
 // IsServiceAccount - returns if given key is a service account
 func (sys *IAMSys) IsServiceAccount(name string) (bool, string, error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return false, "", errServerNotInitialized
 	}
 
@@ -808,7 +811,7 @@ func (sys *IAMSys) IsServiceAccount(name string) (bool, string, error) {
 
 // GetUserInfo - get info on a user.
 func (sys *IAMSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return u, errServerNotInitialized
 	}
 
@@ -854,7 +857,7 @@ func (sys *IAMSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
 // SetUserStatus - sets current user status, supports disabled or enabled.
 func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus) error {
 
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -900,7 +903,7 @@ func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus)
 // NewServiceAccount - create a new service account
 func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, sessionPolicy *iampolicy.Policy) (auth.Credentials, error) {
 
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return auth.Credentials{}, errServerNotInitialized
 	}
 
@@ -967,7 +970,7 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, ses
 // ListServiceAccounts - lists all services accounts associated to a specific user
 func (sys *IAMSys) ListServiceAccounts(ctx context.Context, accessKey string) ([]string, error) {
 
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return nil, errServerNotInitialized
 	}
 
@@ -992,7 +995,7 @@ func (sys *IAMSys) ListServiceAccounts(ctx context.Context, accessKey string) ([
 // GetServiceAccountParent - gets information about a service account
 func (sys *IAMSys) GetServiceAccountParent(ctx context.Context, accessKey string) (string, error) {
 
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return "", errServerNotInitialized
 	}
 
@@ -1009,7 +1012,7 @@ func (sys *IAMSys) GetServiceAccountParent(ctx context.Context, accessKey string
 // DeleteServiceAccount - delete a service account
 func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string) error {
 
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -1038,7 +1041,7 @@ func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string) e
 // SetUser - set user credentials and policy.
 func (sys *IAMSys) SetUser(accessKey string, uinfo madmin.UserInfo) error {
 
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -1076,7 +1079,7 @@ func (sys *IAMSys) SetUser(accessKey string, uinfo madmin.UserInfo) error {
 // SetUserSecretKey - sets user secret key
 func (sys *IAMSys) SetUserSecretKey(accessKey string, secretKey string) error {
 
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -1104,7 +1107,7 @@ func (sys *IAMSys) SetUserSecretKey(accessKey string, secretKey string) error {
 
 // GetUser - get user credentials
 func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return cred, false
 	}
 
@@ -1170,7 +1173,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
 // AddUsersToGroup - adds users to a group, creating the group if
 // needed. No error if user(s) already are in the group.
 func (sys *IAMSys) AddUsersToGroup(group string, members []string) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -1230,7 +1233,7 @@ func (sys *IAMSys) AddUsersToGroup(group string, members []string) error {
 // RemoveUsersFromGroup - remove users from group. If no users are
 // given, and the group is empty, deletes the group as well.
 func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -1310,7 +1313,7 @@ func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error {
 
 // SetGroupStatus - enable/disabled a group
 func (sys *IAMSys) SetGroupStatus(group string, enabled bool) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -1345,7 +1348,7 @@ func (sys *IAMSys) SetGroupStatus(group string, enabled bool) error {
 
 // GetGroupDescription - builds up group description
 func (sys *IAMSys) GetGroupDescription(group string) (gd madmin.GroupDesc, err error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return gd, errServerNotInitialized
 	}
 
@@ -1385,7 +1388,7 @@ func (sys *IAMSys) GetGroupDescription(group string) (gd madmin.GroupDesc, err e
 
 // ListGroups - lists groups.
 func (sys *IAMSys) ListGroups() (r []string, err error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return r, errServerNotInitialized
 	}
 
@@ -1408,7 +1411,7 @@ func (sys *IAMSys) ListGroups() (r []string, err error) {
 
 // PolicyDBSet - sets a policy for a user or group in the PolicyDB.
 func (sys *IAMSys) PolicyDBSet(name, policy string, isGroup bool) error {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return errServerNotInitialized
 	}
 
@@ -1474,7 +1477,7 @@ func (sys *IAMSys) policyDBSet(name, policyName string, userType IAMUserType, is
 // be a member of multiple groups, this function returns an array of
 // applicable policies (each group is mapped to at most one policy).
 func (sys *IAMSys) PolicyDBGet(name string, isGroup bool) ([]string, error) {
-	if sys == nil {
+	if sys == nil || sys.store == nil {
 		return nil, errServerNotInitialized
 	}