Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 14 for IsTemp (0.06 sec)

  1. cmd/auth-handler.go

    	}
    
    	if token == "" && cred.IsTemp() && !cred.IsServiceAccount() {
    		// Temporary credentials should always have x-amz-security-token
    		return nil, ErrInvalidToken
    	}
    
    	if token != "" && !cred.IsTemp() {
    		// x-amz-security-token should not present for static credentials.
    		return nil, ErrInvalidToken
    	}
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 17 16:45:46 UTC 2024
    - 26.1K bytes
    - Viewed (0)
  2. cmd/iam-store.go

    		// non-empty session tokens.
    		if !(cred.IsServiceAccount() || cred.IsTemp()) ||
    			cred.SessionToken == "" {
    			continue
    		}
    
    		var (
    			err    error
    			claims *jwt.MapClaims
    		)
    
    		if cred.IsServiceAccount() {
    			claims, err = getClaimsFromTokenWithSecret(cred.SessionToken, cred.SecretKey)
    		} else if cred.IsTemp() {
    			var secretKey string
    			secretKey, err = getTokenSigningKey()
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Mon Oct 14 16:35:37 UTC 2024
    - 83.2K bytes
    - Viewed (0)
  3. cmd/jwt.go

    				if u.Credentials.Status == auth.AccountOff {
    					return nil, errAccessKeyDisabled
    				}
    				return nil, errInvalidAccessKeyID
    			}
    			cred := u.Credentials
    			// Expired credentials return error.
    			if cred.IsTemp() && cred.IsExpired() {
    				return nil, errInvalidAccessKeyID
    			}
    			return []byte(cred.SecretKey), nil
    		} // this means claims.AccessKey == rootAccessKey
    		if !globalAPIConfig.permitRootAccess() {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Mon Jul 22 07:04:48 UTC 2024
    - 4.5K bytes
    - Viewed (0)
  4. internal/auth/credentials.go

    	if cred.Expiration.IsZero() || cred.Expiration.Equal(timeSentinel) {
    		return false
    	}
    
    	return cred.Expiration.Before(time.Now().UTC())
    }
    
    // IsTemp - returns whether credential is temporary or not.
    func (cred Credentials) IsTemp() bool {
    	return cred.SessionToken != "" && !cred.Expiration.IsZero() && !cred.Expiration.Equal(timeSentinel)
    }
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 28 17:14:16 UTC 2024
    - 12K bytes
    - Viewed (0)
  5. cmd/ftp-server-driver.go

    			Creds:     mcreds,
    			Secure:    globalIsTLS,
    			Transport: globalRemoteFTPClientTransport,
    		})
    	}
    
    	// ok == true - at this point
    
    	if ui.Credentials.IsTemp() {
    		// Temporary credentials are not allowed.
    		return nil, errAuthentication
    	}
    
    	return minio.New(driver.endpoint, &minio.Options{
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Aug 14 17:11:51 UTC 2024
    - 14K bytes
    - Viewed (0)
  6. cmd/sftp-server.go

    		if ui.Credentials.IsTemp() {
    			return nil, errAuthentication
    		}
    		if subtle.ConstantTimeCompare([]byte(ui.Credentials.SecretKey), pass) != 1 {
    			return nil, errAuthentication
    		}
    
    	}
    
    	copts := map[string]string{
    		"AccessKey": ui.Credentials.AccessKey,
    		"SecretKey": ui.Credentials.SecretKey,
    	}
    	if ui.Credentials.IsTemp() {
    		copts["SessionToken"] = ui.Credentials.SessionToken
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Aug 20 20:00:29 UTC 2024
    - 16K bytes
    - Viewed (0)
  7. cmd/iam.go

    	}
    
    	if isGroup {
    		_, err = sys.GetGroupDescription(userOrGroup)
    		if err != nil {
    			return
    		}
    	} else {
    		var isTemp bool
    		isTemp, _, err = sys.IsTempUser(userOrGroup)
    		if err != nil && err != errNoSuchUser {
    			return
    		}
    		if isTemp {
    			err = errIAMActionNotAllowed
    			return
    		}
    
    		// When the user is root credential you are not allowed to
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Oct 29 16:01:48 UTC 2024
    - 74.6K bytes
    - Viewed (0)
  8. cmd/bucket-policy.go

    	currTime := UTCNow()
    
    	var (
    		username = cred.AccessKey
    		claims   = cred.Claims
    		groups   = cred.Groups
    	)
    
    	if cred.IsTemp() || cred.IsServiceAccount() {
    		// For derived credentials, check the parent user's permissions.
    		username = cred.ParentUser
    	}
    
    	principalType := "Anonymous"
    	if username != "" {
    		principalType = "User"
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 8K bytes
    - Viewed (0)
  9. cmd/admin-handlers-users.go

    	user, exists := globalIAMSys.GetUser(ctx, accessKey)
    	if exists && (user.Credentials.IsTemp() || user.Credentials.IsServiceAccount()) {
    		// Updating STS credential is not allowed, and this API does not
    		// support updating service accounts.
    		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
    		return
    	}
    
    	if (cred.IsTemp() || cred.IsServiceAccount()) && cred.ParentUser == accessKey {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Oct 03 23:11:02 UTC 2024
    - 85.1K bytes
    - Viewed (0)
  10. cmd/iam-etcd-store.go

    		return nil
    	}
    	if u.Credentials.AccessKey == "" {
    		u.Credentials.AccessKey = user
    	}
    	if u.Credentials.SessionToken != "" {
    		jwtClaims, err := extractJWTClaims(u)
    		if err != nil {
    			if u.Credentials.IsTemp() {
    				// We should delete such that the client can re-request
    				// for the expiring credentials.
    				deleteKeyEtcd(ctx, ies.client, getUserIdentityPath(user, userType))
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Aug 15 01:29:20 UTC 2024
    - 14K bytes
    - Viewed (0)
Back to top