diff --git a/controller-main.go b/controller-main.go index ba64a9a91..8ec103327 100644 --- a/controller-main.go +++ b/controller-main.go @@ -194,6 +194,7 @@ func getControllerConfig(c *cli.Context) minioConfig { CertFile: certFile, KeyFile: keyFile, RateLimit: c.GlobalInt("ratelimit"), + Anonymous: c.GlobalBool("anonymous"), } } diff --git a/controller-rpc-signature-handler.go b/controller-rpc-signature-handler.go index 6654dcc72..c4390b86a 100644 --- a/controller-rpc-signature-handler.go +++ b/controller-rpc-signature-handler.go @@ -20,6 +20,7 @@ import ( "bytes" "encoding/hex" "io" + "io/ioutil" "net/http" "sort" "strings" @@ -35,7 +36,7 @@ type rpcSignatureHandler struct { // RPCSignatureHandler to validate authorization header for the incoming request. func RPCSignatureHandler(h http.Handler) http.Handler { - return signatureHandler{h} + return rpcSignatureHandler{h} } type rpcSignature struct { @@ -114,7 +115,7 @@ func (r rpcSignature) extractSignedHeaders() map[string][]string { // // func (r *rpcSignature) getCanonicalRequest() string { - payload := r.Request.Header.Get(http.CanonicalHeaderKey("x-amz-content-sha256")) + payload := r.Request.Header.Get(http.CanonicalHeaderKey("x-minio-content-sha256")) r.Request.URL.RawQuery = strings.Replace(r.Request.URL.Query().Encode(), "+", "%20", -1) encodedPath := getURLEncodedName(r.Request.URL.Path) // convert any space strings back to "+" @@ -143,7 +144,7 @@ func (r rpcSignature) getScope(t time.Time) string { // getStringToSign a string based on selected query values func (r rpcSignature) getStringToSign(canonicalRequest string, t time.Time) string { - stringToSign := authHeaderPrefix + "\n" + t.Format(iso8601Format) + "\n" + stringToSign := rpcAuthHeaderPrefix + "\n" + t.Format(iso8601Format) + "\n" stringToSign = stringToSign + r.getScope(t) + "\n" stringToSign = stringToSign + hex.EncodeToString(sha256.Sum256([]byte(canonicalRequest))) return stringToSign @@ -236,8 +237,10 @@ func (s rpcSignatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) return } + // Copy the buffer back into request body to be read by the RPC service callers + r.Body = ioutil.NopCloser(buffer) s.handler.ServeHTTP(w, r) - return + } else { + writeErrorResponse(w, r, AccessDenied, r.URL.Path) } - writeErrorResponse(w, r, AccessDenied, r.URL.Path) } diff --git a/controller-rpc-signature.go b/controller-rpc-signature.go index c0453c1f9..e557b436f 100644 --- a/controller-rpc-signature.go +++ b/controller-rpc-signature.go @@ -78,25 +78,24 @@ func isValidRPCRegion(authHeaderValue string) *probe.Error { // stripRPCAccessKeyID - strip only access key id from auth header func stripRPCAccessKeyID(authHeaderValue string) (string, *probe.Error) { - if err := isValidRegion(authHeaderValue); err != nil { + if err := isValidRPCRegion(authHeaderValue); err != nil { return "", err.Trace() } credentialElements, err := getRPCCredentialsFromAuth(authHeaderValue) if err != nil { return "", err.Trace() } - accessKeyID := credentialElements[0] - if !IsValidAccessKey(accessKeyID) { + if credentialElements[0] != "admin" { return "", probe.NewError(errAccessKeyIDInvalid) } - return accessKeyID, nil + return credentialElements[0], nil } // initSignatureRPC initializing rpc signature verification func initSignatureRPC(req *http.Request) (*rpcSignature, *probe.Error) { // strip auth from authorization header authHeaderValue := req.Header.Get("Authorization") - accessKeyID, err := stripAccessKeyID(authHeaderValue) + accessKeyID, err := stripRPCAccessKeyID(authHeaderValue) if err != nil { return nil, err.Trace() } diff --git a/rpc-client.go b/rpc-client.go index be54f4520..08cdd7065 100644 --- a/rpc-client.go +++ b/rpc-client.go @@ -19,7 +19,6 @@ package main import ( "bytes" "encoding/hex" - "fmt" "net/http" "sort" "strings" @@ -64,7 +63,7 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht hashedPayload := hash() req.Header.Set("Content-Type", "application/json") - req.Header.Set("x-amz-content-sha256", hashedPayload) + req.Header.Set("x-minio-content-sha256", hashedPayload) var headers []string vals := make(map[string][]string) @@ -133,7 +132,6 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht stringToSign = stringToSign + scope + "\n" stringToSign = stringToSign + hex.EncodeToString(sum256([]byte(canonicalRequest))) - fmt.Println(config) date := sumHMAC([]byte("MINIO"+config.Users["admin"].SecretAccessKey), []byte(t.Format(yyyymmdd))) region := sumHMAC(date, []byte("milkyway")) service := sumHMAC(region, []byte("rpc")) @@ -143,7 +141,7 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht // final Authorization header parts := []string{ - rpcAuthHeaderPrefix + " Credential=" + config.Users["admin"].AccessKeyID + "/" + scope, + rpcAuthHeaderPrefix + " Credential=admin/" + scope, "SignedHeaders=" + signedHeaders, "Signature=" + signature, }