|
|
@ -17,7 +17,10 @@ |
|
|
|
package rpc |
|
|
|
package rpc |
|
|
|
|
|
|
|
|
|
|
|
import ( |
|
|
|
import ( |
|
|
|
|
|
|
|
"errors" |
|
|
|
"net/http" |
|
|
|
"net/http" |
|
|
|
|
|
|
|
"os" |
|
|
|
|
|
|
|
"strings" |
|
|
|
|
|
|
|
|
|
|
|
"github.com/minio/minio/pkg/auth" |
|
|
|
"github.com/minio/minio/pkg/auth" |
|
|
|
"github.com/minio/minio/pkg/probe" |
|
|
|
"github.com/minio/minio/pkg/probe" |
|
|
@ -26,29 +29,126 @@ import ( |
|
|
|
// AuthService auth service
|
|
|
|
// AuthService auth service
|
|
|
|
type AuthService struct{} |
|
|
|
type AuthService struct{} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// AuthArgs auth params
|
|
|
|
|
|
|
|
type AuthArgs struct { |
|
|
|
|
|
|
|
User string `json:"user"` |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// AuthReply reply with new access keys and secret ids
|
|
|
|
// AuthReply reply with new access keys and secret ids
|
|
|
|
type AuthReply struct { |
|
|
|
type AuthReply struct { |
|
|
|
AccessKeyID string `json:"accesskey"` |
|
|
|
Name string `json:"name"` |
|
|
|
SecretAccessKey string `json:"secretaccesskey"` |
|
|
|
AccessKeyID string `json:"accessKeyId"` |
|
|
|
|
|
|
|
SecretAccessKey string `json:"secretAccessKey"` |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
func getAuth(reply *AuthReply) *probe.Error { |
|
|
|
// generateAuth generate new auth keys for a user
|
|
|
|
accessID, err := auth.GenerateAccessKeyID() |
|
|
|
func generateAuth(args *AuthArgs, reply *AuthReply) *probe.Error { |
|
|
|
|
|
|
|
config, err := auth.LoadConfig() |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
if os.IsNotExist(err.ToGoError()) { |
|
|
|
|
|
|
|
// Initialize new config, since config file doesn't exist yet
|
|
|
|
|
|
|
|
config = &auth.Config{} |
|
|
|
|
|
|
|
config.Version = "0.0.1" |
|
|
|
|
|
|
|
config.Users = make(map[string]*auth.User) |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
return err.Trace() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if _, ok := config.Users[args.User]; ok { |
|
|
|
|
|
|
|
return probe.NewError(errors.New("Credentials already set, if you wish to change this invoke Reset() method")) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
accessKeyID, err := auth.GenerateAccessKeyID() |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err.Trace() |
|
|
|
return err.Trace() |
|
|
|
} |
|
|
|
} |
|
|
|
reply.AccessKeyID = string(accessID) |
|
|
|
reply.AccessKeyID = string(accessKeyID) |
|
|
|
secretID, err := auth.GenerateSecretAccessKey() |
|
|
|
|
|
|
|
|
|
|
|
secretAccessKey, err := auth.GenerateSecretAccessKey() |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return err.Trace() |
|
|
|
return err.Trace() |
|
|
|
} |
|
|
|
} |
|
|
|
reply.SecretAccessKey = string(secretID) |
|
|
|
reply.SecretAccessKey = string(secretAccessKey) |
|
|
|
|
|
|
|
config.Users[args.User] = &auth.User{ |
|
|
|
|
|
|
|
Name: args.User, |
|
|
|
|
|
|
|
AccessKeyID: string(accessKeyID), |
|
|
|
|
|
|
|
SecretAccessKey: string(secretAccessKey), |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if err := auth.SaveConfig(config); err != nil { |
|
|
|
|
|
|
|
return err.Trace() |
|
|
|
|
|
|
|
} |
|
|
|
return nil |
|
|
|
return nil |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Get auth keys
|
|
|
|
// fetchAuth fetch auth keys for a user
|
|
|
|
func (s *AuthService) Get(r *http.Request, args *Args, reply *AuthReply) error { |
|
|
|
func fetchAuth(args *AuthArgs, reply *AuthReply) *probe.Error { |
|
|
|
if err := getAuth(reply); err != nil { |
|
|
|
config, err := auth.LoadConfig() |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return err.Trace() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if _, ok := config.Users[args.User]; !ok { |
|
|
|
|
|
|
|
return probe.NewError(errors.New("User not found")) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
reply.AccessKeyID = config.Users[args.User].AccessKeyID |
|
|
|
|
|
|
|
reply.SecretAccessKey = config.Users[args.User].SecretAccessKey |
|
|
|
|
|
|
|
return nil |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// resetAuth reset auth keys for a user
|
|
|
|
|
|
|
|
func resetAuth(args *AuthArgs, reply *AuthReply) *probe.Error { |
|
|
|
|
|
|
|
config, err := auth.LoadConfig() |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return err.Trace() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if _, ok := config.Users[args.User]; !ok { |
|
|
|
|
|
|
|
return probe.NewError(errors.New("User not found")) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
accessKeyID, err := auth.GenerateAccessKeyID() |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return err.Trace() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
reply.AccessKeyID = string(accessKeyID) |
|
|
|
|
|
|
|
secretAccessKey, err := auth.GenerateSecretAccessKey() |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
return err.Trace() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
reply.SecretAccessKey = string(secretAccessKey) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
config.Users[args.User] = &auth.User{ |
|
|
|
|
|
|
|
Name: args.User, |
|
|
|
|
|
|
|
AccessKeyID: string(accessKeyID), |
|
|
|
|
|
|
|
SecretAccessKey: string(secretAccessKey), |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return auth.SaveConfig(config).Trace() |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Generate auth keys
|
|
|
|
|
|
|
|
func (s *AuthService) Generate(r *http.Request, args *AuthArgs, reply *AuthReply) error { |
|
|
|
|
|
|
|
if strings.TrimSpace(args.User) == "" { |
|
|
|
|
|
|
|
return errors.New("Invalid argument") |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if err := generateAuth(args, reply); err != nil { |
|
|
|
|
|
|
|
return probe.WrapError(err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return nil |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Fetch auth keys
|
|
|
|
|
|
|
|
func (s *AuthService) Fetch(r *http.Request, args *AuthArgs, reply *AuthReply) error { |
|
|
|
|
|
|
|
if strings.TrimSpace(args.User) == "" { |
|
|
|
|
|
|
|
return errors.New("Invalid argument") |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if err := fetchAuth(args, reply); err != nil { |
|
|
|
|
|
|
|
return probe.WrapError(err) |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return nil |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Reset auth keys, generates new set of auth keys
|
|
|
|
|
|
|
|
func (s *AuthService) Reset(r *http.Request, args *AuthArgs, reply *AuthReply) error { |
|
|
|
|
|
|
|
if strings.TrimSpace(args.User) == "" { |
|
|
|
|
|
|
|
return errors.New("Invalid argument") |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if err := resetAuth(args, reply); err != nil { |
|
|
|
return probe.WrapError(err) |
|
|
|
return probe.WrapError(err) |
|
|
|
} |
|
|
|
} |
|
|
|
return nil |
|
|
|
return nil |
|
|
|