Harshavardhana
8f2a3efa85
disallow sub-credentials based on root credentials to gain priviledges ( #12947 )
...
This happens because of a change added where any sub-credential
with parentUser == rootCredential i.e (MINIO_ROOT_USER) will
always be an owner, you cannot generate credentials with lower
session policy to restrict their access.
This doesn't affect user service accounts created with regular
users, LDAP or OpenID
2021-08-12 18:07:08 -07:00
Harshavardhana
a2cd3c9a1d
use ParseForm() to allow query param lookups once ( #12900 )
...
```
cpu: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
BenchmarkURLQueryForm
BenchmarkURLQueryForm-4 247099363 4.809 ns/op 0 B/op 0 allocs/op
BenchmarkURLQuery
BenchmarkURLQuery-4 2517624 462.1 ns/op 432 B/op 4 allocs/op
PASS
ok github.com/minio/minio/cmd 3.848s
```
2021-08-07 22:43:01 -07:00
Harshavardhana
1f262daf6f
rename all remaining packages to internal/ ( #12418 )
...
This is to ensure that there are no projects
that try to import `minio/minio/pkg` into
their own repo. Any such common packages should
go to `https://github.com/minio/pkg `
2021-06-01 14:59:40 -07:00
Harshavardhana
069432566f
update license change for MinIO
...
Signed-off-by: Harshavardhana <harsha@minio.io>
2021-04-23 11:58:53 -07:00
Harshavardhana
11aa393ba7
Allow region errors to be dynamic ( #10323 )
...
remove other FIXMEs as we are not planning to fix these,
instead we will add dynamism case by case basis.
fixes #10250
2020-08-23 22:06:22 -07:00
KevinSmile
0ebb73ee2e
use const instead of literals ( #10292 )
2020-08-19 16:43:52 -07:00
Harshavardhana
09d35d3b4c
fix: sts to return appropriate errors ( #9161 )
2020-03-18 17:25:45 -07:00
Ashish Kumar Sinha
fa5a1cebd9
support space character in access key ( #8335 )
2019-10-01 02:25:37 +05:30
Harshavardhana
e6d8e272ce
Use const slashSeparator instead of "/" everywhere ( #8028 )
2019-08-06 12:08:58 -07:00
kannappanr
5ecac91a55
Replace Minio refs in docs with MinIO and links ( #7494 )
2019-04-09 11:39:42 -07:00
poornas
1011d21416
Fix credential parsing in signature v4 ( #7377 )
...
Fixes #7376
2019-03-16 22:45:42 -07:00
Harshavardhana
c3ca954684
Implement AssumeRole API for Minio users ( #7267 )
...
For actual API reference read here
https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
Documentation is added and updated as well at docs/sts/assume-role.md
Fixes #6381
2019-02-27 17:46:55 -08:00
Harshavardhana
df35d7db9d
Introduce staticcheck for stricter builds ( #7035 )
2019-02-13 18:29:36 +05:30
Harshavardhana
bf414068a3
Parse and return proper errors with x-amz-security-token ( #6766 )
...
This PR also simplifies the token and access key validation
across our signature handling.
2018-11-07 20:10:03 +05:30
Harshavardhana
54ae364def
Introduce STS client grants API and OPA policy integration ( #6168 )
...
This PR introduces two new features
- AWS STS compatible STS API named AssumeRoleWithClientGrants
```
POST /?Action=AssumeRoleWithClientGrants&Token=<jwt>
```
This API endpoint returns temporary access credentials, access
tokens signature types supported by this API
- RSA keys
- ECDSA keys
Fetches the required public key from the JWKS endpoints, provides
them as rsa or ecdsa public keys.
- External policy engine support, in this case OPA policy engine
- Credentials are stored on disks
2018-10-09 14:00:01 -07:00
Andreas Auernhammer
267a0a3dfa
fix X-Amz-Credential
parsing for V4 policy signature ( #6451 )
...
This commit fixes an AWS S3 incompatibility issue.
The AccessKeyID may contain one or more `/` which caused
the server to interpret parts of the AccessKeyID as
other `X-Amz-Credential` parameters (like date, region, ...)
This commit fixes this by allowing 5 or more
`X-Amz-Credential` parameter strings and only interpreting
the last 5.
Fixes #6443
2018-09-11 11:17:23 -07:00
Harshavardhana
d90985b6d8
Return authHeaderMalformed for an incorrect region in signature ( #5618 )
2018-03-09 18:18:57 -08:00
kannappanr
f460eceb6d
Check for value > 7 days in X-Amz-Expires header. ( #5163 )
...
Add a check to see if the X-Amz-Expires header in the presigned URL is less than 7 days.
Fixes #5162
2017-11-13 12:54:03 -08:00
Bala FA
32c6b62932
move credentials as separate package ( #5115 )
2017-10-31 11:54:32 -07:00
Frank Wessels
46897b1100
Name return values to prevent the need (and unnecessary code bloat) ( #4576 )
...
This is done to explicitly instantiate objects for every return statement.
2017-06-21 19:53:09 -07:00
Krishna Srinivas
5db1e9f3dd
signature: use region from Auth header if server's region not configured ( #4329 )
2017-05-15 18:17:02 -07:00
Krishna Srinivas
45d9cfa0c5
signature-v4: stringToSign and signingKey should use Scope's date. ( #3688 )
...
fixes #3676
2017-02-06 13:09:09 -08:00
Bala FA
e8ce3b64ed
Generate and use access/secret keys properly ( #3498 )
2016-12-26 10:21:23 -08:00
Harshavardhana
a8ab02a73a
v4/presign: Fix presign requests when there are more signed headers. ( #3222 )
...
This fix removes a wrong logic which fails for requests which
have more signed headers in a presign request.
Fixes #3217
2016-11-10 21:57:15 -08:00
Harshavardhana
9161016962
tests: Improve coverage on signature v4 tests. ( #3188 )
...
Fixes #3065
2016-11-06 11:47:16 -08:00
Harshavardhana
d9674f7524
Improve coverage of web-handlers.go ( #3157 )
...
This patch additionally relaxes the requirement for
accesskeys to be in a regexy set of values.
Fixes #3063
2016-11-02 14:45:11 -07:00
Harshavardhana
bccf549463
server: Move all the top level files into cmd folder. ( #2490 )
...
This change brings a change which was done for the 'mc'
package to allow for clean repo and have a cleaner
github drop in experience.
2016-08-18 16:23:42 -07:00