Fix some bugs in controller rpc

master
Harshavardhana 9 years ago
parent 05de60a598
commit 7cde4577d0
  1. 1
      controller-main.go
  2. 13
      controller-rpc-signature-handler.go
  3. 9
      controller-rpc-signature.go
  4. 6
      rpc-client.go

@ -194,6 +194,7 @@ func getControllerConfig(c *cli.Context) minioConfig {
CertFile: certFile, CertFile: certFile,
KeyFile: keyFile, KeyFile: keyFile,
RateLimit: c.GlobalInt("ratelimit"), RateLimit: c.GlobalInt("ratelimit"),
Anonymous: c.GlobalBool("anonymous"),
} }
} }

@ -20,6 +20,7 @@ import (
"bytes" "bytes"
"encoding/hex" "encoding/hex"
"io" "io"
"io/ioutil"
"net/http" "net/http"
"sort" "sort"
"strings" "strings"
@ -35,7 +36,7 @@ type rpcSignatureHandler struct {
// RPCSignatureHandler to validate authorization header for the incoming request. // RPCSignatureHandler to validate authorization header for the incoming request.
func RPCSignatureHandler(h http.Handler) http.Handler { func RPCSignatureHandler(h http.Handler) http.Handler {
return signatureHandler{h} return rpcSignatureHandler{h}
} }
type rpcSignature struct { type rpcSignature struct {
@ -114,7 +115,7 @@ func (r rpcSignature) extractSignedHeaders() map[string][]string {
// <HashedPayload> // <HashedPayload>
// //
func (r *rpcSignature) getCanonicalRequest() string { func (r *rpcSignature) getCanonicalRequest() string {
payload := r.Request.Header.Get(http.CanonicalHeaderKey("x-amz-content-sha256")) payload := r.Request.Header.Get(http.CanonicalHeaderKey("x-minio-content-sha256"))
r.Request.URL.RawQuery = strings.Replace(r.Request.URL.Query().Encode(), "+", "%20", -1) r.Request.URL.RawQuery = strings.Replace(r.Request.URL.Query().Encode(), "+", "%20", -1)
encodedPath := getURLEncodedName(r.Request.URL.Path) encodedPath := getURLEncodedName(r.Request.URL.Path)
// convert any space strings back to "+" // convert any space strings back to "+"
@ -143,7 +144,7 @@ func (r rpcSignature) getScope(t time.Time) string {
// getStringToSign a string based on selected query values // getStringToSign a string based on selected query values
func (r rpcSignature) getStringToSign(canonicalRequest string, t time.Time) string { func (r rpcSignature) getStringToSign(canonicalRequest string, t time.Time) string {
stringToSign := authHeaderPrefix + "\n" + t.Format(iso8601Format) + "\n" stringToSign := rpcAuthHeaderPrefix + "\n" + t.Format(iso8601Format) + "\n"
stringToSign = stringToSign + r.getScope(t) + "\n" stringToSign = stringToSign + r.getScope(t) + "\n"
stringToSign = stringToSign + hex.EncodeToString(sha256.Sum256([]byte(canonicalRequest))) stringToSign = stringToSign + hex.EncodeToString(sha256.Sum256([]byte(canonicalRequest)))
return stringToSign return stringToSign
@ -236,8 +237,10 @@ func (s rpcSignatureHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path) writeErrorResponse(w, r, SignatureDoesNotMatch, r.URL.Path)
return return
} }
// Copy the buffer back into request body to be read by the RPC service callers
r.Body = ioutil.NopCloser(buffer)
s.handler.ServeHTTP(w, r) s.handler.ServeHTTP(w, r)
return } else {
}
writeErrorResponse(w, r, AccessDenied, r.URL.Path) writeErrorResponse(w, r, AccessDenied, r.URL.Path)
} }
}

@ -78,25 +78,24 @@ func isValidRPCRegion(authHeaderValue string) *probe.Error {
// stripRPCAccessKeyID - strip only access key id from auth header // stripRPCAccessKeyID - strip only access key id from auth header
func stripRPCAccessKeyID(authHeaderValue string) (string, *probe.Error) { func stripRPCAccessKeyID(authHeaderValue string) (string, *probe.Error) {
if err := isValidRegion(authHeaderValue); err != nil { if err := isValidRPCRegion(authHeaderValue); err != nil {
return "", err.Trace() return "", err.Trace()
} }
credentialElements, err := getRPCCredentialsFromAuth(authHeaderValue) credentialElements, err := getRPCCredentialsFromAuth(authHeaderValue)
if err != nil { if err != nil {
return "", err.Trace() return "", err.Trace()
} }
accessKeyID := credentialElements[0] if credentialElements[0] != "admin" {
if !IsValidAccessKey(accessKeyID) {
return "", probe.NewError(errAccessKeyIDInvalid) return "", probe.NewError(errAccessKeyIDInvalid)
} }
return accessKeyID, nil return credentialElements[0], nil
} }
// initSignatureRPC initializing rpc signature verification // initSignatureRPC initializing rpc signature verification
func initSignatureRPC(req *http.Request) (*rpcSignature, *probe.Error) { func initSignatureRPC(req *http.Request) (*rpcSignature, *probe.Error) {
// strip auth from authorization header // strip auth from authorization header
authHeaderValue := req.Header.Get("Authorization") authHeaderValue := req.Header.Get("Authorization")
accessKeyID, err := stripAccessKeyID(authHeaderValue) accessKeyID, err := stripRPCAccessKeyID(authHeaderValue)
if err != nil { if err != nil {
return nil, err.Trace() return nil, err.Trace()
} }

@ -19,7 +19,6 @@ package main
import ( import (
"bytes" "bytes"
"encoding/hex" "encoding/hex"
"fmt"
"net/http" "net/http"
"sort" "sort"
"strings" "strings"
@ -64,7 +63,7 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht
hashedPayload := hash() hashedPayload := hash()
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
req.Header.Set("x-amz-content-sha256", hashedPayload) req.Header.Set("x-minio-content-sha256", hashedPayload)
var headers []string var headers []string
vals := make(map[string][]string) vals := make(map[string][]string)
@ -133,7 +132,6 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht
stringToSign = stringToSign + scope + "\n" stringToSign = stringToSign + scope + "\n"
stringToSign = stringToSign + hex.EncodeToString(sum256([]byte(canonicalRequest))) stringToSign = stringToSign + hex.EncodeToString(sum256([]byte(canonicalRequest)))
fmt.Println(config)
date := sumHMAC([]byte("MINIO"+config.Users["admin"].SecretAccessKey), []byte(t.Format(yyyymmdd))) date := sumHMAC([]byte("MINIO"+config.Users["admin"].SecretAccessKey), []byte(t.Format(yyyymmdd)))
region := sumHMAC(date, []byte("milkyway")) region := sumHMAC(date, []byte("milkyway"))
service := sumHMAC(region, []byte("rpc")) service := sumHMAC(region, []byte("rpc"))
@ -143,7 +141,7 @@ func newRPCRequest(config *AuthConfig, url string, op rpcOperation, transport ht
// final Authorization header // final Authorization header
parts := []string{ parts := []string{
rpcAuthHeaderPrefix + " Credential=" + config.Users["admin"].AccessKeyID + "/" + scope, rpcAuthHeaderPrefix + " Credential=admin/" + scope,
"SignedHeaders=" + signedHeaders, "SignedHeaders=" + signedHeaders,
"Signature=" + signature, "Signature=" + signature,
} }

Loading…
Cancel
Save