From b53164de859dddc3a694ae39e42065b4ebf6e04a Mon Sep 17 00:00:00 2001 From: Saksham Bhalla Date: Tue, 14 Jan 2025 15:29:38 -0800 Subject: [PATCH 1/2] Revert "fix: check bucket owner permission" This reverts commit 51d06a18f5ec510282b1a15764109d7116df68e5. --- api/src/gmsa_service.cpp | 27 ++++++--------------------- auth/kerberos/src/krb.cpp | 2 +- common/daemon.h | 1 + 3 files changed, 8 insertions(+), 22 deletions(-) diff --git a/api/src/gmsa_service.cpp b/api/src/gmsa_service.cpp index 65e4474d..dd5aee51 100644 --- a/api/src/gmsa_service.cpp +++ b/api/src/gmsa_service.cpp @@ -2695,27 +2695,13 @@ std::string retrieve_credspec_from_s3( std::string s3_arn, std::string region, std::cerr << objectName; return dummy_credspec; } - - // regex for callerId - std::regex callerIdRegex( "^\\d{12}$" ); - std::string callerId = get_caller_id( region, creds ); - if ( callerId.empty() && !std::regex_match( callerId, callerIdRegex ) ) - { - std::cerr << Util::getCurrentTime() << '\t' - << "ERROR: Unable to get caller information" << std::endl; - return std::string( "" ); - } - - Aws::S3::S3Client s3Client( - credentials, - Aws::MakeShared( Aws::S3::S3Client::ALLOCATION_TAG ), - clientConfig ); + Aws::S3::S3Client s3Client (credentials,Aws::MakeShared + (Aws::S3::S3Client::ALLOCATION_TAG), clientConfig); Aws::S3::Model::GetObjectRequest request; - request.SetExpectedBucketOwner( callerId ); - request.SetBucket( s3Bucket ); - request.SetKey( objectName ); - Aws::S3::Model::GetObjectOutcome outcome = s3Client.GetObject( request ); - + request.SetBucket(s3Bucket); + request.SetKey(objectName); + Aws::S3::Model::GetObjectOutcome outcome = + s3Client.GetObject(request); if ( !outcome.IsSuccess() ) { const Aws::S3::S3Error& err = outcome.GetError(); @@ -2824,5 +2810,4 @@ retrieve_credspec_from_secrets_manager( std::string sm_arn, std::string region, } return { "", "", "", "" }; } - #endif diff --git a/auth/kerberos/src/krb.cpp b/auth/kerberos/src/krb.cpp index 17bae4f1..f6f10af3 100644 --- a/auth/kerberos/src/krb.cpp +++ b/auth/kerberos/src/krb.cpp @@ -631,4 +631,4 @@ std::vector delete_krb_tickets( std::string krb_files_dir, std::str return delete_krb_ticket_paths; } return delete_krb_ticket_paths; -} +} \ No newline at end of file diff --git a/common/daemon.h b/common/daemon.h index 1f725555..70208666 100644 --- a/common/daemon.h +++ b/common/daemon.h @@ -257,6 +257,7 @@ std::string generate_lease_id(); void clearString( std::string& str ); + #if AMAZON_LINUX_DISTRO std::string retrieve_credspec_from_s3( std::string s3_arn, std::string region, From 681bf929d71c74c16dc7335b540250ff5fb6f985 Mon Sep 17 00:00:00 2001 From: Saksham Bhalla Date: Tue, 14 Jan 2025 15:33:41 -0800 Subject: [PATCH 2/2] fix whitespace diffs after manual merge conflict --- auth/kerberos/src/krb.cpp | 2 +- common/daemon.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/auth/kerberos/src/krb.cpp b/auth/kerberos/src/krb.cpp index f6f10af3..17bae4f1 100644 --- a/auth/kerberos/src/krb.cpp +++ b/auth/kerberos/src/krb.cpp @@ -631,4 +631,4 @@ std::vector delete_krb_tickets( std::string krb_files_dir, std::str return delete_krb_ticket_paths; } return delete_krb_ticket_paths; -} \ No newline at end of file +} diff --git a/common/daemon.h b/common/daemon.h index 70208666..1f725555 100644 --- a/common/daemon.h +++ b/common/daemon.h @@ -257,7 +257,6 @@ std::string generate_lease_id(); void clearString( std::string& str ); - #if AMAZON_LINUX_DISTRO std::string retrieve_credspec_from_s3( std::string s3_arn, std::string region,