poornas
1011d21416
Fix credential parsing in signature v4 ( #7377 )
...
Fixes #7376
6 years ago
Harshavardhana
c3ca954684
Implement AssumeRole API for Minio users ( #7267 )
...
For actual API reference read here
https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
Documentation is added and updated as well at docs/sts/assume-role.md
Fixes #6381
6 years ago
Harshavardhana
df35d7db9d
Introduce staticcheck for stricter builds ( #7035 )
6 years ago
Harshavardhana
bf414068a3
Parse and return proper errors with x-amz-security-token ( #6766 )
...
This PR also simplifies the token and access key validation
across our signature handling.
6 years ago
Harshavardhana
54ae364def
Introduce STS client grants API and OPA policy integration ( #6168 )
...
This PR introduces two new features
- AWS STS compatible STS API named AssumeRoleWithClientGrants
```
POST /?Action=AssumeRoleWithClientGrants&Token=<jwt>
```
This API endpoint returns temporary access credentials, access
tokens signature types supported by this API
- RSA keys
- ECDSA keys
Fetches the required public key from the JWKS endpoints, provides
them as rsa or ecdsa public keys.
- External policy engine support, in this case OPA policy engine
- Credentials are stored on disks
6 years ago
Andreas Auernhammer
267a0a3dfa
fix `X-Amz-Credential` parsing for V4 policy signature ( #6451 )
...
This commit fixes an AWS S3 incompatibility issue.
The AccessKeyID may contain one or more `/` which caused
the server to interpret parts of the AccessKeyID as
other `X-Amz-Credential` parameters (like date, region, ...)
This commit fixes this by allowing 5 or more
`X-Amz-Credential` parameter strings and only interpreting
the last 5.
Fixes #6443
6 years ago
Harshavardhana
d90985b6d8
Return authHeaderMalformed for an incorrect region in signature ( #5618 )
7 years ago
kannappanr
f460eceb6d
Check for value > 7 days in X-Amz-Expires header. ( #5163 )
...
Add a check to see if the X-Amz-Expires header in the presigned URL is less than 7 days.
Fixes #5162
7 years ago
Bala FA
32c6b62932
move credentials as separate package ( #5115 )
7 years ago
Frank Wessels
46897b1100
Name return values to prevent the need (and unnecessary code bloat) ( #4576 )
...
This is done to explicitly instantiate objects for every return statement.
8 years ago
Krishna Srinivas
5db1e9f3dd
signature: use region from Auth header if server's region not configured ( #4329 )
8 years ago
Krishna Srinivas
45d9cfa0c5
signature-v4: stringToSign and signingKey should use Scope's date. ( #3688 )
...
fixes #3676
8 years ago
Bala FA
e8ce3b64ed
Generate and use access/secret keys properly ( #3498 )
8 years ago
Harshavardhana
a8ab02a73a
v4/presign: Fix presign requests when there are more signed headers. ( #3222 )
...
This fix removes a wrong logic which fails for requests which
have more signed headers in a presign request.
Fixes #3217
8 years ago
Harshavardhana
9161016962
tests: Improve coverage on signature v4 tests. ( #3188 )
...
Fixes #3065
8 years ago
Harshavardhana
d9674f7524
Improve coverage of web-handlers.go ( #3157 )
...
This patch additionally relaxes the requirement for
accesskeys to be in a regexy set of values.
Fixes #3063
8 years ago
Harshavardhana
bccf549463
server: Move all the top level files into cmd folder. ( #2490 )
...
This change brings a change which was done for the 'mc'
package to allow for clean repo and have a cleaner
github drop in experience.
8 years ago
karthic rao
e0cf4ee9fc
presignV4: fix errors response and tests. ( #2375 )
...
- Fix error response when one of the query params in the presign URL is
missing.
- Exhasutive test coverage for presignv4.
8 years ago
Harshavardhana
02ad48466d
error: Signature errors should be returned with APIErrorCode.
...
The reasoning is that we can reply back with wide range of
S3 error responses, which would provide more richer context
to S3 client.
Fixes #1267
9 years ago
Harshavardhana
9dca46e156
signature: Use a layered approach for signature verification.
...
Signature calculation has now moved out from being a package to
top-level as a layered mechanism.
In case of payload calculation with body, go-routines are initiated
to simultaneously write and calculate shasum. Errors are sent
over the writer so that the lower layer removes the temporary files
properly.
9 years ago
Harshavardhana
653ceee9ee
signV4: Move pkg/signature to pkg/s3/signature4
...
Cleanup and move this to relevant path.
9 years ago
Harshavardhana
dd9aaa855c
web/rpc: Merge ports with API server.
...
Fixes #1081 and #1130
9 years ago
Harshavardhana
5a9333a67b
signature: Rewrite signature handling and move it into a library.
9 years ago