MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-20 09:56:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Honor envs properly for access and secret key. (#3703)

Browse Source 
Also changes the behavior of `secretKeyHash` which is
not necessary to be sent over the network, each node
has its own secretKeyHash to validate.

Fixes #3696
Partial(fix) #3700 (More changes needed with some code cleanup)
This commit is contained in:
Harshavardhana
2017-02-07 12:51:43 -08:00
committed by GitHub
parent fd72c21e0e
commit 31dff87903
19 changed files with 237 additions and 314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
cmd/web-handlers.go
View File

@@ -362,12 +362,21 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
return toJSONError(errAuthentication)
}
// If creds are set through ENV disallow changing credentials.
if globalIsEnvCreds {
return toJSONError(errChangeCredNotAllowed)
}
// As we already validated the authentication, we save given access/secret keys.
creds, err := getCredential(args.AccessKey, args.SecretKey)
if err != nil {
if err := validateAuthKeys(args.AccessKey, args.SecretKey); err != nil {
return toJSONError(err)
}
creds := credential{
AccessKey: args.AccessKey,
SecretKey: args.SecretKey,
}
// Notify all other Minio peers to update credentials
errsMap := updateCredsOnPeers(creds)
@@ -375,7 +384,7 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
serverConfig.SetCredential(creds)
// Persist updated credentials.
if err = serverConfig.Save(); err != nil {
if err := serverConfig.Save(); err != nil {
errsMap[globalMinioAddr] = err
}
@@ -397,7 +406,7 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
}
// As we have updated access/secret key, generate new auth token.
token, err := authenticateWeb(args.AccessKey, args.SecretKey)
token, err := authenticateWeb(creds.AccessKey, creds.SecretKey)
if err != nil {
// Did we have peer errors?
if len(errsMap) > 0 {
@@ -829,8 +838,13 @@ func toWebAPIError(err error) APIError {
HTTPStatusCode: http.StatusBadRequest,
Description: err.Error(),
}
} else if err == errChangeCredNotAllowed {
return APIError{
Code: "MethodNotAllowed",
HTTPStatusCode: http.StatusMethodNotAllowed,
Description: err.Error(),
}
}
// Convert error type to api error code.
var apiErrCode APIErrorCode
switch err.(type) {