Skip to content

Commit

Permalink
Fix: Disallow requests with SSE-KMS headers (minio#6587)
Browse files Browse the repository at this point in the history 
Addresses issue minio#6582. Minio server currently does not
have SSE-KMS support. Reject requests with SSE-KMS headers
with NotImplementedErr
  • Loading branch information
@poornas @kannappanr
poornas authored and kannappanr committed Oct 9, 2018
1 parent e3eec89 commit 110458c
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions cmd/object-handlers.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,10 @@ func (api objectAPIHandlers) SelectObjectContentHandler(w http.ResponseWriter, r
writeErrorResponse(w, ErrServerNotInitialized, r.URL)
return
}

if crypto.S3KMS.IsRequested(r.Header) { // SSE-KMS is not supported
writeErrorResponse(w, ErrNotImplemented, r.URL)
return
}
vars := mux.Vars(r)
bucket := vars["bucket"]
object := vars["object"]
Expand Down Expand Up @@ -620,7 +623,7 @@ func (api objectAPIHandlers) CopyObjectHandler(w http.ResponseWriter, r *http.Re
writeErrorResponse(w, ErrServerNotInitialized, r.URL)
return
}
if !objectAPI.IsEncryptionSupported() && crypto.S3KMS.IsRequested(r.Header) {
if crypto.S3KMS.IsRequested(r.Header) {
writeErrorResponse(w, ErrNotImplemented, r.URL) // SSE-KMS is not supported
return
}
Expand Down Expand Up @@ -966,7 +969,7 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req
writeErrorResponse(w, ErrServerNotInitialized, r.URL)
return
}
if !objectAPI.IsEncryptionSupported() && crypto.S3KMS.IsRequested(r.Header) {
if crypto.S3KMS.IsRequested(r.Header) {
writeErrorResponse(w, ErrNotImplemented, r.URL) // SSE-KMS is not supported
return
}
Expand Down Expand Up @@ -1218,7 +1221,7 @@ func (api objectAPIHandlers) NewMultipartUploadHandler(w http.ResponseWriter, r
writeErrorResponse(w, ErrServerNotInitialized, r.URL)
return
}
if !objectAPI.IsEncryptionSupported() && crypto.S3KMS.IsRequested(r.Header) {
if crypto.S3KMS.IsRequested(r.Header) {
writeErrorResponse(w, ErrNotImplemented, r.URL) // SSE-KMS is not supported
return
}
Expand Down Expand Up @@ -1310,7 +1313,7 @@ func (api objectAPIHandlers) CopyObjectPartHandler(w http.ResponseWriter, r *htt
writeErrorResponse(w, ErrServerNotInitialized, r.URL)
return
}
if !objectAPI.IsEncryptionSupported() && crypto.S3KMS.IsRequested(r.Header) {
if crypto.S3KMS.IsRequested(r.Header) {
writeErrorResponse(w, ErrNotImplemented, r.URL) // SSE-KMS is not supported
return
}
Expand Down Expand Up @@ -1532,7 +1535,7 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http
writeErrorResponse(w, ErrServerNotInitialized, r.URL)
return
}
if !objectAPI.IsEncryptionSupported() && crypto.S3KMS.IsRequested(r.Header) {
if crypto.S3KMS.IsRequested(r.Header) {
writeErrorResponse(w, ErrNotImplemented, r.URL) // SSE-KMS is not supported
return
}
Expand Down

0 comments on commit 110458c

Please sign in to comment.