aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/s3api_bucket_handlers.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/s3api_bucket_handlers.go')
-rw-r--r--weed/s3api/s3api_bucket_handlers.go12
1 files changed, 9 insertions, 3 deletions
diff --git a/weed/s3api/s3api_bucket_handlers.go b/weed/s3api/s3api_bucket_handlers.go
index 151bdaca5..12d2c0432 100644
--- a/weed/s3api/s3api_bucket_handlers.go
+++ b/weed/s3api/s3api_bucket_handlers.go
@@ -6,14 +6,15 @@ import (
"encoding/xml"
"errors"
"fmt"
- "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
- "github.com/seaweedfs/seaweedfs/weed/s3api/s3bucket"
- "github.com/seaweedfs/seaweedfs/weed/util"
"math"
"net/http"
"strings"
"time"
+ "github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil"
+ "github.com/seaweedfs/seaweedfs/weed/s3api/s3bucket"
+ "github.com/seaweedfs/seaweedfs/weed/util"
+
"github.com/seaweedfs/seaweedfs/weed/filer"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/storage/needle"
@@ -218,6 +219,10 @@ func (s3a *S3ApiServer) checkBucket(r *http.Request, bucket string) s3err.ErrorC
return s3err.ErrNoSuchBucket
}
+ //if iam is enabled, the access was already checked before
+ if s3a.iam.isEnabled() {
+ return s3err.ErrNone
+ }
if !s3a.hasAccess(r, entry) {
return s3err.ErrAccessDenied
}
@@ -236,6 +241,7 @@ func (s3a *S3ApiServer) hasAccess(r *http.Request, entry *filer_pb.Entry) bool {
identityId := r.Header.Get(s3_constants.AmzIdentityId)
if id, ok := entry.Extended[s3_constants.AmzIdentityId]; ok {
if identityId != string(id) {
+ glog.V(3).Infof("hasAccess: %s != %s (entry.Extended = %v)", identityId, id, entry.Extended)
return false
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 11:28:34 +0000