MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-22 03:24:38 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow LDAP identity to support form body POST (#10468)

Browse Source 
similar to other STS APIs
This commit is contained in:
Harshavardhana 2020-09-11 23:02:32 -07:00 committed by GitHub
parent b70995dd60
commit bda0fe3150
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/signals.go
View File

@ -18,6 +18,8 @@ package cmd
import ( import (
"context" "context"
"errors"
"net/http"
"os" "os"
"strings" "strings"
@ -53,8 +55,10 @@ func handleSignals() {
if httpServer := newHTTPServerFn(); httpServer != nil { if httpServer := newHTTPServerFn(); httpServer != nil {
err = httpServer.Shutdown() err = httpServer.Shutdown()
if !errors.Is(err, http.ErrServerClosed) {
logger.LogIf(context.Background(), err) logger.LogIf(context.Background(), err)
} }
}
if objAPI := newObjectLayerWithoutSafeModeFn(); objAPI != nil { if objAPI := newObjectLayerWithoutSafeModeFn(); objAPI != nil {
oerr = objAPI.Shutdown(context.Background()) oerr = objAPI.Shutdown(context.Background())

13
cmd/sts-handlers.go
View File

@ -88,7 +88,7 @@ func registerSTSRouter(router *mux.Router) {
ctypeOk := wildcard.MatchSimple("application/x-www-form-urlencoded*", r.Header.Get(xhttp.ContentType)) ctypeOk := wildcard.MatchSimple("application/x-www-form-urlencoded*", r.Header.Get(xhttp.ContentType))
noQueries := len(r.URL.Query()) == 0 noQueries := len(r.URL.Query()) == 0
return ctypeOk && noQueries return ctypeOk && noQueries
}).HandlerFunc(httpTraceAll(sts.AssumeRoleWithJWT)) }).HandlerFunc(httpTraceAll(sts.AssumeRoleWithSSO))
// AssumeRoleWithClientGrants // AssumeRoleWithClientGrants
stsRouter.Methods(http.MethodPost).HandlerFunc(httpTraceAll(sts.AssumeRoleWithClientGrants)). stsRouter.Methods(http.MethodPost).HandlerFunc(httpTraceAll(sts.AssumeRoleWithClientGrants)).
@ -258,8 +258,8 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) {
writeSuccessResponseXML(w, encodeResponse(assumeRoleResponse)) writeSuccessResponseXML(w, encodeResponse(assumeRoleResponse))
} }
func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Request) { func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Request) {
ctx := newContext(r, w, "AssumeRoleJWTCommon") ctx := newContext(r, w, "AssumeRoleSSOCommon")
// Parse the incoming form data. // Parse the incoming form data.
if err := r.ParseForm(); err != nil { if err := r.ParseForm(); err != nil {
@ -274,6 +274,9 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ
action := r.Form.Get(stsAction) action := r.Form.Get(stsAction)
switch action { switch action {
case ldapIdentity:
sts.AssumeRoleWithLDAPIdentity(w, r)
return
case clientGrants, webIdentity: case clientGrants, webIdentity:
default: default:
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Unsupported action %s", action)) writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Unsupported action %s", action))
@ -417,7 +420,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ
// Eg:- // Eg:-
// $ curl https://minio:9000/?Action=AssumeRoleWithWebIdentity&WebIdentityToken=<jwt> // $ curl https://minio:9000/?Action=AssumeRoleWithWebIdentity&WebIdentityToken=<jwt>
func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *http.Request) { func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *http.Request) {
sts.AssumeRoleWithJWT(w, r) sts.AssumeRoleWithSSO(w, r)
} }
// AssumeRoleWithClientGrants - implementation of AWS STS extension API supporting // AssumeRoleWithClientGrants - implementation of AWS STS extension API supporting
@ -426,7 +429,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *h
// Eg:- // Eg:-
// $ curl https://minio:9000/?Action=AssumeRoleWithClientGrants&Token=<jwt> // $ curl https://minio:9000/?Action=AssumeRoleWithClientGrants&Token=<jwt>
func (sts *stsAPIHandlers) AssumeRoleWithClientGrants(w http.ResponseWriter, r *http.Request) { func (sts *stsAPIHandlers) AssumeRoleWithClientGrants(w http.ResponseWriter, r *http.Request) {
sts.AssumeRoleWithJWT(w, r) sts.AssumeRoleWithSSO(w, r)
} }
// AssumeRoleWithLDAPIdentity - implements user auth against LDAP server // AssumeRoleWithLDAPIdentity - implements user auth against LDAP server