Merge pull request #899 from harshavardhana/fix-signature-v4-bugs

Fix some bugs in controller rpc
9 years ago · 2f5fa394ce
parent 05de60a598 7cde4577d0
commit 2f5fa394ce
4 changed files with 15 additions and 14 deletions
--- a/controller-main.go
+++ b/controller-main.go
@ -194,6 +194,7 @@ func getControllerConfig(c *cli.Context) minioConfig {
 		CertFile:          certFile,
 		KeyFile:           keyFile,
 		RateLimit:         c.GlobalInt("ratelimit"),
+		Anonymous:         c.GlobalBool("anonymous"),
 	}
 }

--- a/controller-rpc-signature-handler.go
+++ b/controller-rpc-signature-handler.go
@ -20,6 +20,7 @@ import (
 	"bytes"
 	"encoding/hex"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"sort"
 	"strings"
@ -35,7 +36,7 @@ type rpcSignatureHandler struct {

 // RPCSignatureHandler to validate authorization header for the incoming request.
 func RPCSignatureHandler(h http.Handler) http.Handler {
-	return signatureHandler{h}
+	return rpcSignatureHandler{h}
 }

 type rpcSignature struct {
@ -114,7 +115,7 @@ func (r rpcSignature) extractSignedHeaders() map[string][]string {
 //  <HashedPayload>
 //
 func (r *rpcSignature) getCanonicalRequest() string {
-	payload := r.Request.Header.Get(http.CanonicalHeaderKey("x-amz-content-sha256"))
+	payload := r.Request.Header.Get(http.CanonicalHeaderKey("x-minio-content-sha256"))
 	r.Request.URL.RawQuery = strings.Replace(r.Request.URL.Query().Encode(), "+", "%20", -1)
 	encodedPath := getURLEncodedName(r.Request.URL.Path)
 	// convert any space strings back to "+"
@ -143,7 +144,7 @@ func (r rpcSignature) getScope(t time.Time) string {

 // getStringToSign a string based on selected query values
 func (r rpcSignature) getStringToSign(canonicalRequest string, t time.Time) string {
-	stringToSign := authHeaderPrefix + "\n" + t.Format(iso8601Format) + "\n"
+	stringToSign := rpcAuthHeaderPrefix + "\n" + t.Format(iso8601Format) + "\n"
 	stringToSign = stringToSign + r.getScope(t) + "\n"
 	stringToSign = stringToSign + hex.EncodeToString(sha256.Sum256([]byte(canonicalRequest)))
 	return stringToSign
@ -236,8 +237,10 @@ func (s rpcSignatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path)
 			return
 		}
+		// Copy the buffer back into request body to be read by the RPC service callers
+		r.Body = ioutil.NopCloser(buffer)
 		s.handler.ServeHTTP(w, r)
-		return
+	} else {
+		writeErrorResponse(w, r, AccessDenied, r.URL.Path)
 	}
-	writeErrorResponse(w, r, AccessDenied, r.URL.Path)
 }
--- a/controller-rpc-signature.go
+++ b/controller-rpc-signature.go
@ -78,25 +78,24 @@ func isValidRPCRegion(authHeaderValue string) *probe.Error {

 // stripRPCAccessKeyID - strip only access key id from auth header
 func stripRPCAccessKeyID(authHeaderValue string) (string, *probe.Error) {
-	if err := isValidRegion(authHeaderValue); err != nil {
+	if err := isValidRPCRegion(authHeaderValue); err != nil {
 		return "", err.Trace()
 	}
 	credentialElements, err := getRPCCredentialsFromAuth(authHeaderValue)
 	if err != nil {
 		return "", err.Trace()
 	}
-	accessKeyID := credentialElements[0]
-	if !IsValidAccessKey(accessKeyID) {
+	if credentialElements[0] != "admin" {
 		return "", probe.NewError(errAccessKeyIDInvalid)
 	}
-	return accessKeyID, nil
+	return credentialElements[0], nil
 }

 // initSignatureRPC initializing rpc signature verification
 func initSignatureRPC(req *http.Request) (*rpcSignature, *probe.Error) {
 	// strip auth from authorization header
 	authHeaderValue := req.Header.Get("Authorization")
-	accessKeyID, err := stripAccessKeyID(authHeaderValue)
+	accessKeyID, err := stripRPCAccessKeyID(authHeaderValue)
 	if err != nil {
 		return nil, err.Trace()
 	}
--- a/rpc-client.go
+++ b/rpc-client.go
@ -19,7 +19,6 @@ package main
 import (
 	"bytes"
 	"encoding/hex"
-	"fmt"
 	"net/http"
 	"sort"
 	"strings"
@ -64,7 +63,7 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht

 	hashedPayload := hash()
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("x-amz-content-sha256", hashedPayload)
+	req.Header.Set("x-minio-content-sha256", hashedPayload)

 	var headers []string
 	vals := make(map[string][]string)
@ -133,7 +132,6 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht
 	stringToSign = stringToSign + scope + "\n"
 	stringToSign = stringToSign + hex.EncodeToString(sum256([]byte(canonicalRequest)))

-	fmt.Println(config)
 	date := sumHMAC([]byte("MINIO"+config.Users["admin"].SecretAccessKey), []byte(t.Format(yyyymmdd)))
 	region := sumHMAC(date, []byte("milkyway"))
 	service := sumHMAC(region, []byte("rpc"))
@ -143,7 +141,7 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht

 	// final Authorization header
 	parts := []string{
-		rpcAuthHeaderPrefix + " Credential=" + config.Users["admin"].AccessKeyID + "/" + scope,
+		rpcAuthHeaderPrefix + " Credential=admin/" + scope,
 		"SignedHeaders=" + signedHeaders,
 		"Signature=" + signature,
 	}