From 5cdcc73bd5c3b3461274e009f435f502988a09f0 Mon Sep 17 00:00:00 2001 From: Aditya Manthramurthy Date: Thu, 25 Jan 2018 05:54:00 -0800 Subject: [PATCH] Admin API auth and heal related fixes (#5445) - Fetch region for auth from global state - Fix SHA256 handling for empty body in heal API --- cmd/admin-handlers.go | 20 ++++++++++---------- pkg/madmin/heal-commands.go | 1 + 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/cmd/admin-handlers.go b/cmd/admin-handlers.go index fb9d42840..d3f541333 100644 --- a/cmd/admin-handlers.go +++ b/cmd/admin-handlers.go @@ -60,7 +60,7 @@ var ( // Returns Administration API version func (a adminAPIHandlers) VersionHandler(w http.ResponseWriter, r *http.Request) { - adminAPIErr := checkRequestAuthType(r, "", "", "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponse(w, adminAPIErr, r.URL) return @@ -80,7 +80,7 @@ func (a adminAPIHandlers) VersionHandler(w http.ResponseWriter, r *http.Request) // ---------- // Returns server version and uptime. func (a adminAPIHandlers) ServiceStatusHandler(w http.ResponseWriter, r *http.Request) { - adminAPIErr := checkAdminRequestAuthType(r, "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponseJSON(w, adminAPIErr, r.URL) return @@ -125,7 +125,7 @@ func (a adminAPIHandlers) ServiceStatusHandler(w http.ResponseWriter, r *http.Re // Restarts/Stops minio server gracefully. In a distributed setup, // restarts all the servers in the cluster. func (a adminAPIHandlers) ServiceStopNRestartHandler(w http.ResponseWriter, r *http.Request) { - adminAPIErr := checkAdminRequestAuthType(r, "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponseJSON(w, adminAPIErr, r.URL) return @@ -217,7 +217,7 @@ type ServerInfo struct { // Get server information func (a adminAPIHandlers) ServerInfoHandler(w http.ResponseWriter, r *http.Request) { // Authenticate request - adminAPIErr := checkAdminRequestAuthType(r, "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponseJSON(w, adminAPIErr, r.URL) return @@ -304,7 +304,7 @@ func validateLockQueryParams(vars url.Values) (string, string, time.Duration, // Lists locks held on a given bucket, prefix and duration it was held for. func (a adminAPIHandlers) ListLocksHandler(w http.ResponseWriter, r *http.Request) { - adminAPIErr := checkAdminRequestAuthType(r, "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponseJSON(w, adminAPIErr, r.URL) return @@ -347,7 +347,7 @@ func (a adminAPIHandlers) ListLocksHandler(w http.ResponseWriter, r *http.Reques // Clear locks held on a given bucket, prefix and duration it was held for. func (a adminAPIHandlers) ClearLocksHandler(w http.ResponseWriter, r *http.Request) { - adminAPIErr := checkRequestAuthType(r, "", "", "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponseJSON(w, adminAPIErr, r.URL) return @@ -453,7 +453,7 @@ func (a adminAPIHandlers) HealHandler(w http.ResponseWriter, r *http.Request) { } // Validate request signature. - adminAPIErr := checkAdminRequestAuthType(r, "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponseJSON(w, adminAPIErr, r.URL) return @@ -563,7 +563,7 @@ func (a adminAPIHandlers) HealHandler(w http.ResponseWriter, r *http.Request) { func (a adminAPIHandlers) GetConfigHandler(w http.ResponseWriter, r *http.Request) { // Validate request signature. - adminAPIErr := checkAdminRequestAuthType(r, "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponseJSON(w, adminAPIErr, r.URL) return @@ -669,7 +669,7 @@ func (a adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http.Reques } // Validate request signature. - adminAPIErr := checkAdminRequestAuthType(r, "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponseJSON(w, adminAPIErr, r.URL) return @@ -766,7 +766,7 @@ func (a adminAPIHandlers) UpdateCredentialsHandler(w http.ResponseWriter, r *http.Request) { // Authenticate request - adminAPIErr := checkAdminRequestAuthType(r, "") + adminAPIErr := checkAdminRequestAuthType(r, globalServerConfig.GetRegion()) if adminAPIErr != ErrNone { writeErrorResponse(w, adminAPIErr, r.URL) return diff --git a/pkg/madmin/heal-commands.go b/pkg/madmin/heal-commands.go index c77182ad1..dc7cbb54c 100644 --- a/pkg/madmin/heal-commands.go +++ b/pkg/madmin/heal-commands.go @@ -138,6 +138,7 @@ func (adm *AdminClient) Heal(bucket, prefix string, healOpts HealOpts, var contentBody io.Reader if clientToken != "" { queryVals.Set("clientToken", clientToken) + body = []byte{} } else { // Set a body only if clientToken is not given contentBody = bytes.NewReader(body)