oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix: STS creds without "aud" should be honored with STS checks (#8868)

Browse Source 
Fixes #8865
master
Harshavardhana 5 years ago committed by Nitish Tiwari
parent 55063906b5
commit fe5d599802
1 changed files with 7 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      cmd/iam.go

9
cmd/iam.go
Unescape View File

@ -1367,8 +1367,13 @@ func (sys *IAMSys) IsAllowed(args iampolicy.Args) bool {
return true return true
} }
// With claims set, we should do STS related checks and validation. // If the credential is temporary, perform STS related checks.
if _, ok := args.Claims["aud"]; ok { ok, err := sys.IsTempUser(args.AccountName)
if err != nil {
logger.LogIf(context.Background(), err)
return false
}
if ok {
return sys.IsAllowedSTS(args) return sys.IsAllowedSTS(args)
} }

Write Preview
Loading…
Cancel
Save