Ensure comment is always a valid key (#8604)

Also fix LDAP leaky connection
master
Harshavardhana 5 years ago committed by Nitish Tiwari
parent c9940d8c3f
commit d8e3de0cae
  1. 54
      cmd/config/config.go
  2. 3
      cmd/sts-handlers.go
  3. 38
      pkg/madmin/parse-kv.go

@ -399,6 +399,12 @@ func LookupRegion(kv KVS) (string, error) {
func CheckValidKeys(subSys string, kv KVS, validKVS KVS) error {
nkv := KVS{}
for _, kv := range kv {
// Comment is a valid key, its also fully optional
// ignore it since it is a valid key for all
// sub-systems.
if kv.Key == Comment {
continue
}
if _, ok := validKVS.Lookup(kv.Key); !ok {
nkv = append(nkv, kv)
}
@ -557,23 +563,19 @@ func (c Config) SetKVS(s string, defaultKVS map[string]KVS) error {
continue
}
if len(kv) == 1 && prevK != "" {
kvs = append(kvs, KV{
Key: prevK,
Value: strings.Join([]string{
kvs.Get(prevK),
madmin.SanitizeValue(kv[0]),
}, KvSpaceSeparator),
})
value := strings.Join([]string{
kvs.Get(prevK),
madmin.SanitizeValue(kv[0]),
}, KvSpaceSeparator)
kvs.Set(prevK, value)
continue
}
if len(kv) == 1 {
return Errorf(SafeModeKind, "key '%s', cannot have empty value", kv[0])
if len(kv) == 2 {
prevK = kv[0]
kvs.Set(prevK, madmin.SanitizeValue(kv[1]))
continue
}
prevK = kv[0]
kvs = append(kvs, KV{
Key: kv[0],
Value: madmin.SanitizeValue(kv[1]),
})
return Errorf(SafeModeKind, "key '%s', cannot have empty value", kv[0])
}
tgt := Default
@ -587,25 +589,27 @@ func (c Config) SetKVS(s string, defaultKVS map[string]KVS) error {
_, defaultOk := defaultKVS[subSys].Lookup(Enable)
if !ok && defaultOk {
// implicit state "on" if not specified.
kvs = append(kvs, KV{
Key: Enable,
Value: EnableOn,
})
kvs.Set(Enable, EnableOn)
}
currKVS := c[subSys][tgt]
currKVS, ok := c[subSys][tgt]
if !ok {
currKVS = defaultKVS[subSys]
}
for _, kv := range kvs {
if kv.Key == Comment {
// Skip comment and add it later.
continue
}
currKVS.Set(kv.Key, kv.Value)
}
for _, defaultKV := range defaultKVS[subSys] {
_, ok := c[subSys][tgt].Lookup(defaultKV.Key)
if !ok {
currKVS.Set(defaultKV.Key, defaultKV.Value)
}
v, ok := kvs.Lookup(Comment)
if ok {
currKVS.Set(Comment, v)
}
copy(c[subSys][tgt], currKVS)
c[subSys][tgt] = currKVS
return nil
}

@ -484,6 +484,9 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
return
}
// Close ldap connection to avoid leaks.
defer ldapConn.Close()
usernameSubs, _ := xldap.NewSubstituter("username", ldapUsername)
// We ignore error below as we already validated the username
// format string at startup.

@ -40,6 +40,23 @@ func (kvs KVS) Empty() bool {
return len(kvs) == 0
}
// Set sets a value, if not sets a default value.
func (kvs *KVS) Set(key, value string) {
for i, kv := range *kvs {
if kv.Key == key {
(*kvs)[i] = KV{
Key: key,
Value: value,
}
return
}
}
*kvs = append(*kvs, KV{
Key: key,
Value: value,
})
}
// Get - returns the value of a key, if not found returns empty.
func (kvs KVS) Get(key string) string {
v, ok := kvs.Lookup(key)
@ -174,20 +191,19 @@ func (t *Targets) AddTarget(s string) error {
continue
}
if len(kv) == 1 && prevK != "" {
kvs = append(kvs, KV{
Key: prevK,
Value: strings.Join([]string{kvs.Get(prevK), SanitizeValue(kv[0])}, KvSpaceSeparator),
})
value := strings.Join([]string{
kvs.Get(prevK),
SanitizeValue(kv[0]),
}, KvSpaceSeparator)
kvs.Set(prevK, value)
continue
}
if len(kv) == 1 {
return fmt.Errorf("value for key '%s' cannot be empty", kv[0])
if len(kv) == 2 {
prevK = kv[0]
kvs.Set(prevK, SanitizeValue(kv[1]))
continue
}
prevK = kv[0]
kvs = append(kvs, KV{
Key: kv[0],
Value: SanitizeValue(kv[1]),
})
return fmt.Errorf("value for key '%s' cannot be empty", kv[0])
}
for i := range *t {

Loading…
Cancel
Save