gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2427 from Bl1tz23/master

Browse source 
Fix: potencial iam identities data race
This commit is contained in:
Chris Lu 2021-11-09 08:53:48 -08:00 committed by GitHub
parent 1d4a61af5e c683409e92
commit a7eee8b14b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
weed/s3api/auth_credentials.go
View file

@ -5,6 +5,7 @@ import (
"net/http"
"os"
"strings"
"sync"
"github.com/chrislusf/seaweedfs/weed/filer"
"github.com/chrislusf/seaweedfs/weed/glog"
@ -23,6 +24,8 @@ type Iam interface {
}
type IdentityAccessManagement struct {
m sync.RWMutex
identities []*Identity
domain string
}
@ -131,19 +134,23 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
}
identities = append(identities, t)
}
iam.m.Lock()
// atomically switch
iam.identities = identities
iam.m.Unlock()
return nil
}
func (iam *IdentityAccessManagement) isEnabled() bool {
iam.m.RLock()
defer iam.m.RUnlock()
return len(iam.identities) > 0
}
func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identity *Identity, cred *Credential, found bool) {
iam.m.RLock()
defer iam.m.RUnlock()
for _, ident := range iam.identities {
for _, cred := range ident.Credentials {
// println("checking", ident.Name, cred.AccessKey)
@ -157,7 +164,8 @@ func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identi
}
func (iam *IdentityAccessManagement) lookupAnonymous() (identity *Identity, found bool) {
iam.m.RLock()
defer iam.m.RUnlock()
for _, ident := range iam.identities {
if ident.Name == "anonymous" {
return ident, true