creds: Secretkey should be generated upto 40 characters in length. (#4471)

Current code allowed it wrongly to generate secret key upto 100 we should only use 100 as a value to validate but for generating it should be 40. Fixes #4470
8 years ago · 1c3f244fc5
parent 986aa8fabf
commit 1c3f244fc5
4 changed files with 31 additions and 18 deletions
--- a/cmd/credential.go
+++ b/cmd/credential.go
@ -25,19 +25,35 @@ import (
 )
 const (
-	accessKeyMinLen       = 5
+	// Minimum length for Minio access key.
-	accessKeyMaxLen       = 20
+	accessKeyMinLen = 5
-	secretKeyMinLen       = 8
+
-	secretKeyMaxLenAmazon = 100
+	// Maximum length for Minio access key.
-	alphaNumericTable     = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	accessKeyMaxLen = 20
-	alphaNumericTableLen  = byte(len(alphaNumericTable))
+
 	// Minimum length for Minio secret key for both server and gateway mode.
 	secretKeyMinLen = 8
 	// Maximum secret key length for Minio, this
 	// is used when autogenerating new credentials.
 	secretKeyMaxLenMinio = 40
 	// Maximum secret key length allowed from client side
 	// caters for both server and gateway mode.
 	secretKeyMaxLen = 100
 	// Alpha numeric table used for generating access keys.
 	alphaNumericTable = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
 	// Total length of the alpha numeric table.
 	alphaNumericTableLen = byte(len(alphaNumericTable))
 )
 // Common errors generated for access and secret key validation.
 var (
 	errInvalidAccessKeyLength = errors.New("Invalid access key, access key should be 5 to 20 characters in length")
 	errInvalidSecretKeyLength = errors.New("Invalid secret key, secret key should be 8 to 100 characters in length")
 )
 var secretKeyMaxLen = secretKeyMaxLenAmazon
 // isAccessKeyValid - validate access key for right length.
 func isAccessKeyValid(accessKey string) bool {
@ -111,10 +127,10 @@ func mustGetNewCredential() credential {
 	accessKey := string(keyBytes)
 	// Generate secret key.
-	keyBytes = make([]byte, secretKeyMaxLen)
+	keyBytes = make([]byte, secretKeyMaxLenMinio)
 	_, err = rand.Read(keyBytes)
 	fatalIf(err, "Unable to generate secret key.")
-	secretKey := string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen])
+	secretKey := string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLenMinio])
 	cred, err := createCredential(accessKey, secretKey)
 	fatalIf(err, "Unable to generate new credential.")
--- a/cmd/credential_test.go
+++ b/cmd/credential_test.go
@ -23,6 +23,9 @@ func TestMustGetNewCredential(t *testing.T) {
 	if !cred.IsValid() {
 		t.Fatalf("Failed to get new valid credential")
 	}
 	if len(cred.SecretKey) != secretKeyMaxLenMinio {
 		t.Fatalf("Invalid length %d of the secretKey credential generated, expected %d", len(cred.SecretKey), secretKeyMaxLenMinio)
 	}
 }
 func TestCreateCredential(t *testing.T) {
--- a/cmd/gateway-main.go
+++ b/cmd/gateway-main.go
@ -19,11 +19,12 @@ package cmd
 import (
 	"errors"
 	"fmt"
 	"github.com/gorilla/mux"
 	"github.com/minio/cli"
 	"net/url"
 	"os"
 	"strings"
 	"github.com/gorilla/mux"
 	"github.com/minio/cli"
 )
 var gatewayTemplate = `NAME:
--- a/cmd/server_test.go
+++ b/cmd/server_test.go
@ -93,13 +93,6 @@ func (s *TestSuiteCommon) TearDownSuite(c *C) {
 	s.testServer.Stop()
 }
 func (s *TestSuiteCommon) TestAuth(c *C) {
 	cred := mustGetNewCredential()
 	c.Assert(len(cred.AccessKey), Equals, accessKeyMaxLen)
 	c.Assert(len(cred.SecretKey), Equals, secretKeyMaxLen)
 }
 func (s *TestSuiteCommon) TestBucketSQSNotificationWebHook(c *C) {
 	// Sample bucket notification.
 	bucketNotificationBuf := `<NotificationConfiguration><QueueConfiguration><Event>s3:ObjectCreated:Put</Event><Filter><S3Key><FilterRule><Name>prefix</Name><Value>images/</Value></FilterRule></S3Key></Filter><Id>1</Id><Queue>arn:minio:sqs:us-east-1:444455556666:webhook</Queue></QueueConfiguration></NotificationConfiguration>`