op_ret = -ERR_MFA_REQUIRED;
return;
}
+ //if mfa is enabled for bucket, make sure mfa code is validated in case versioned status gets changed
+ if (cur_mfa_status) {
+ bool req_versioning_status = false;
+ //if requested versioning status is not the same as the one set for the bucket, return error
+ if (versioning_status == VersioningEnabled) {
+ req_versioning_status = (s->bucket_info.flags & BUCKET_VERSIONS_SUSPENDED) != 0;
+ } else if (versioning_status == VersioningSuspended) {
+ req_versioning_status = (s->bucket_info.flags & BUCKET_VERSIONS_SUSPENDED) == 0;
+ }
+ if (req_versioning_status && !s->mfa_verified) {
+ op_ret = -ERR_MFA_REQUIRED;
+ return;
+ }
+ }
if (!store->svc.zone->is_meta_master()) {
op_ret = forward_request_to_master(s, NULL, store, in_data, nullptr);
RGW_PERM_WRITE)){
return -EACCES;
}
+ } else if (! dest_bucket_policy.verify_permission(this, *s->auth.identity, s->perm_mask,
+ RGW_PERM_WRITE)) {
+ return -EACCES;
}
- } else if (! dest_bucket_policy.verify_permission(this, *s->auth.identity, s->perm_mask,
- RGW_PERM_WRITE)) {
- return -EACCES;
+
}
op_ret = init_dest_policy();