luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

backport of commit fb97a459ece4420cdb1237836affbfb40c24ad92 (#23876) 

Co-authored-by: miagilepner <mia.epner@hashicorp.com>
This commit is contained in:
hc-github-team-secure-vault-core 2023-10-27 10:28:07 -04:00 committed by GitHub
parent eb1376dc13
commit 0ca886beaf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/23874.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
core: fix policies with wildcards not matching list operations due to the policy path not having a trailing slash
```

10
vault/acl.go
View File

@ -391,6 +391,16 @@ func (a *ACL) AllowOperation(ctx context.Context, req *logical.Request, capCheck
}
}
// List operations need to check without the trailing slash first, because
// there could be other rules with trailing wildcards that will match the
// path
if op == logical.ListOperation && strings.HasSuffix(path, "/") {
permissions = a.CheckAllowedFromNonExactPaths(strings.TrimSuffix(path, "/"), false)
if permissions != nil {
capabilities = permissions.CapabilitiesBitmap
goto CHECK
}
}
permissions = a.CheckAllowedFromNonExactPaths(path, false)
if permissions != nil {
capabilities = permissions.CapabilitiesBitmap