Merge pull request #899 from harshavardhana/fix-signature-v4-bugs

Fix some bugs in controller rpc
This commit is contained in:
Harshavardhana 2015-10-10 19:07:28 -07:00
commit 2f5fa394ce
4 changed files with 15 additions and 14 deletions

View File

@ -194,6 +194,7 @@ func getControllerConfig(c *cli.Context) minioConfig {
CertFile: certFile,
KeyFile: keyFile,
RateLimit: c.GlobalInt("ratelimit"),
Anonymous: c.GlobalBool("anonymous"),
}
}

View File

@ -20,6 +20,7 @@ import (
"bytes"
"encoding/hex"
"io"
"io/ioutil"
"net/http"
"sort"
"strings"
@ -35,7 +36,7 @@ type rpcSignatureHandler struct {
// RPCSignatureHandler to validate authorization header for the incoming request.
func RPCSignatureHandler(h http.Handler) http.Handler {
return signatureHandler{h}
return rpcSignatureHandler{h}
}
type rpcSignature struct {
@ -114,7 +115,7 @@ func (r rpcSignature) extractSignedHeaders() map[string][]string {
// <HashedPayload>
//
func (r *rpcSignature) getCanonicalRequest() string {
payload := r.Request.Header.Get(http.CanonicalHeaderKey("x-amz-content-sha256"))
payload := r.Request.Header.Get(http.CanonicalHeaderKey("x-minio-content-sha256"))
r.Request.URL.RawQuery = strings.Replace(r.Request.URL.Query().Encode(), "+", "%20", -1)
encodedPath := getURLEncodedName(r.Request.URL.Path)
// convert any space strings back to "+"
@ -143,7 +144,7 @@ func (r rpcSignature) getScope(t time.Time) string {
// getStringToSign a string based on selected query values
func (r rpcSignature) getStringToSign(canonicalRequest string, t time.Time) string {
stringToSign := authHeaderPrefix + "\n" + t.Format(iso8601Format) + "\n"
stringToSign := rpcAuthHeaderPrefix + "\n" + t.Format(iso8601Format) + "\n"
stringToSign = stringToSign + r.getScope(t) + "\n"
stringToSign = stringToSign + hex.EncodeToString(sha256.Sum256([]byte(canonicalRequest)))
return stringToSign
@ -236,8 +237,10 @@ func (s rpcSignatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path)
return
}
// Copy the buffer back into request body to be read by the RPC service callers
r.Body = ioutil.NopCloser(buffer)
s.handler.ServeHTTP(w, r)
return
} else {
writeErrorResponse(w, r, AccessDenied, r.URL.Path)
}
writeErrorResponse(w, r, AccessDenied, r.URL.Path)
}

View File

@ -78,25 +78,24 @@ func isValidRPCRegion(authHeaderValue string) *probe.Error {
// stripRPCAccessKeyID - strip only access key id from auth header
func stripRPCAccessKeyID(authHeaderValue string) (string, *probe.Error) {
if err := isValidRegion(authHeaderValue); err != nil {
if err := isValidRPCRegion(authHeaderValue); err != nil {
return "", err.Trace()
}
credentialElements, err := getRPCCredentialsFromAuth(authHeaderValue)
if err != nil {
return "", err.Trace()
}
accessKeyID := credentialElements[0]
if !IsValidAccessKey(accessKeyID) {
if credentialElements[0] != "admin" {
return "", probe.NewError(errAccessKeyIDInvalid)
}
return accessKeyID, nil
return credentialElements[0], nil
}
// initSignatureRPC initializing rpc signature verification
func initSignatureRPC(req *http.Request) (*rpcSignature, *probe.Error) {
// strip auth from authorization header
authHeaderValue := req.Header.Get("Authorization")
accessKeyID, err := stripAccessKeyID(authHeaderValue)
accessKeyID, err := stripRPCAccessKeyID(authHeaderValue)
if err != nil {
return nil, err.Trace()
}

View File

@ -19,7 +19,6 @@ package main
import (
"bytes"
"encoding/hex"
"fmt"
"net/http"
"sort"
"strings"
@ -64,7 +63,7 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht
hashedPayload := hash()
req.Header.Set("Content-Type", "application/json")
req.Header.Set("x-amz-content-sha256", hashedPayload)
req.Header.Set("x-minio-content-sha256", hashedPayload)
var headers []string
vals := make(map[string][]string)
@ -133,7 +132,6 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht
stringToSign = stringToSign + scope + "\n"
stringToSign = stringToSign + hex.EncodeToString(sum256([]byte(canonicalRequest)))
fmt.Println(config)
date := sumHMAC([]byte("MINIO"+config.Users["admin"].SecretAccessKey), []byte(t.Format(yyyymmdd)))
region := sumHMAC(date, []byte("milkyway"))
service := sumHMAC(region, []byte("rpc"))
@ -143,7 +141,7 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht
// final Authorization header
parts := []string{
rpcAuthHeaderPrefix + " Credential=" + config.Users["admin"].AccessKeyID + "/" + scope,
rpcAuthHeaderPrefix + " Credential=admin/" + scope,
"SignedHeaders=" + signedHeaders,
"Signature=" + signature,
}