From 1c3f244fc52f9d27d0767d9cb4799020ac8dc815 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Mon, 5 Jun 2017 15:18:03 -0700 Subject: [PATCH] creds: Secretkey should be generated upto 40 characters in length. (#4471) Current code allowed it wrongly to generate secret key upto 100 we should only use 100 as a value to validate but for generating it should be 40. Fixes #4470 --- cmd/credential.go | 34 +++++++++++++++++++++++++--------- cmd/credential_test.go | 3 +++ cmd/gateway-main.go | 5 +++-- cmd/server_test.go | 7 ------- 4 files changed, 31 insertions(+), 18 deletions(-) diff --git a/cmd/credential.go b/cmd/credential.go index 769707d84..d3ff0c618 100644 --- a/cmd/credential.go +++ b/cmd/credential.go @@ -25,19 +25,35 @@ import ( ) const ( - accessKeyMinLen = 5 - accessKeyMaxLen = 20 - secretKeyMinLen = 8 - secretKeyMaxLenAmazon = 100 - alphaNumericTable = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" - alphaNumericTableLen = byte(len(alphaNumericTable)) + // Minimum length for Minio access key. + accessKeyMinLen = 5 + + // Maximum length for Minio access key. + accessKeyMaxLen = 20 + + // Minimum length for Minio secret key for both server and gateway mode. + secretKeyMinLen = 8 + + // Maximum secret key length for Minio, this + // is used when autogenerating new credentials. + secretKeyMaxLenMinio = 40 + + // Maximum secret key length allowed from client side + // caters for both server and gateway mode. + secretKeyMaxLen = 100 + + // Alpha numeric table used for generating access keys. + alphaNumericTable = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" + + // Total length of the alpha numeric table. + alphaNumericTableLen = byte(len(alphaNumericTable)) ) +// Common errors generated for access and secret key validation. var ( errInvalidAccessKeyLength = errors.New("Invalid access key, access key should be 5 to 20 characters in length") errInvalidSecretKeyLength = errors.New("Invalid secret key, secret key should be 8 to 100 characters in length") ) -var secretKeyMaxLen = secretKeyMaxLenAmazon // isAccessKeyValid - validate access key for right length. func isAccessKeyValid(accessKey string) bool { @@ -111,10 +127,10 @@ func mustGetNewCredential() credential { accessKey := string(keyBytes) // Generate secret key. - keyBytes = make([]byte, secretKeyMaxLen) + keyBytes = make([]byte, secretKeyMaxLenMinio) _, err = rand.Read(keyBytes) fatalIf(err, "Unable to generate secret key.") - secretKey := string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen]) + secretKey := string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLenMinio]) cred, err := createCredential(accessKey, secretKey) fatalIf(err, "Unable to generate new credential.") diff --git a/cmd/credential_test.go b/cmd/credential_test.go index b35d703de..ebf19e787 100644 --- a/cmd/credential_test.go +++ b/cmd/credential_test.go @@ -23,6 +23,9 @@ func TestMustGetNewCredential(t *testing.T) { if !cred.IsValid() { t.Fatalf("Failed to get new valid credential") } + if len(cred.SecretKey) != secretKeyMaxLenMinio { + t.Fatalf("Invalid length %d of the secretKey credential generated, expected %d", len(cred.SecretKey), secretKeyMaxLenMinio) + } } func TestCreateCredential(t *testing.T) { diff --git a/cmd/gateway-main.go b/cmd/gateway-main.go index 254d02ec9..eb896d337 100644 --- a/cmd/gateway-main.go +++ b/cmd/gateway-main.go @@ -19,11 +19,12 @@ package cmd import ( "errors" "fmt" - "github.com/gorilla/mux" - "github.com/minio/cli" "net/url" "os" "strings" + + "github.com/gorilla/mux" + "github.com/minio/cli" ) var gatewayTemplate = `NAME: diff --git a/cmd/server_test.go b/cmd/server_test.go index 8f607c142..097f1f9cf 100644 --- a/cmd/server_test.go +++ b/cmd/server_test.go @@ -93,13 +93,6 @@ func (s *TestSuiteCommon) TearDownSuite(c *C) { s.testServer.Stop() } -func (s *TestSuiteCommon) TestAuth(c *C) { - cred := mustGetNewCredential() - - c.Assert(len(cred.AccessKey), Equals, accessKeyMaxLen) - c.Assert(len(cred.SecretKey), Equals, secretKeyMaxLen) -} - func (s *TestSuiteCommon) TestBucketSQSNotificationWebHook(c *C) { // Sample bucket notification. bucketNotificationBuf := `s3:ObjectCreated:Putprefiximages/1arn:minio:sqs:us-east-1:444455556666:webhook`