You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ki...@apache.org on 2016/02/18 11:54:17 UTC

trafficserver git commit: TS-4176: add support for matrix params in s3_auth plugin. This closes #455

Repository: trafficserver
Updated Branches:
  refs/heads/master 7adb822b1 -> ef6fb54f0


TS-4176: add support for matrix params in s3_auth plugin. This closes #455


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/ef6fb54f
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/ef6fb54f
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/ef6fb54f

Branch: refs/heads/master
Commit: ef6fb54f0ffffeaaf64e0a45f2a431f0d442a76f
Parents: 7adb822
Author: Roberto Guimaraes <rr...@gmail.com>
Authored: Thu Feb 18 02:54:04 2016 -0800
Committer: Kit Chan <ki...@apache.org>
Committed: Thu Feb 18 02:54:04 2016 -0800

----------------------------------------------------------------------
 plugins/experimental/s3_auth/s3_auth.cc | 76 ++++++++++++++++++++++++----
 1 file changed, 66 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ef6fb54f/plugins/experimental/s3_auth/s3_auth.cc
----------------------------------------------------------------------
diff --git a/plugins/experimental/s3_auth/s3_auth.cc b/plugins/experimental/s3_auth/s3_auth.cc
index 507026b..3addb8a 100644
--- a/plugins/experimental/s3_auth/s3_auth.cc
+++ b/plugins/experimental/s3_auth/s3_auth.cc
@@ -34,7 +34,6 @@
 #include <ts/ts.h>
 #include <ts/remap.h>
 
-
 ///////////////////////////////////////////////////////////////////////////////
 // Some constants.
 //
@@ -216,7 +215,6 @@ class S3Request
 {
 public:
   S3Request(TSHttpTxn txnp) : _txnp(txnp), _bufp(NULL), _hdr_loc(TS_NULL_MLOC), _url_loc(TS_NULL_MLOC) {}
-
   ~S3Request()
   {
     TSHandleMLocRelease(_bufp, _hdr_loc, _url_loc);
@@ -295,6 +293,18 @@ S3Request::set_header(const char *header, int header_len, const char *val, int v
   return ret;
 }
 
+// dst poinsts to starting offset of dst buffer
+// dst_len remaining space in buffer
+static size_t
+str_concat(char *dst, size_t dst_len, const char *src, size_t src_len)
+{
+  size_t to_copy = (src_len < dst_len) ? src_len : dst_len;
+
+  if (to_copy > 0)
+    (void)strncat(dst, src, to_copy);
+
+  return to_copy;
+}
 
 // Method to authorize the S3 request:
 //
@@ -317,9 +327,9 @@ TSHttpStatus
 S3Request::authorize(S3Config *s3)
 {
   TSHttpStatus status = TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
-  TSMLoc host_loc = TS_NULL_MLOC;
-  int method_len = 0, path_len = 0, host_len = 0, date_len = 0;
-  const char *method = NULL, *path = NULL, *host = NULL, *host_endp = NULL;
+  TSMLoc host_loc = TS_NULL_MLOC, md5_loc = TS_NULL_MLOC, contype_loc = TS_NULL_MLOC;
+  int method_len = 0, path_len = 0, param_len = 0, host_len = 0, con_md5_len = 0, con_type_len = 0, date_len = 0;
+  const char *method = NULL, *path = NULL, *param = NULL, *host = NULL, *con_md5 = NULL, *con_type = NULL, *host_endp = NULL;
   char date[128]; // Plenty of space for a Date value
   time_t now = time(NULL);
   struct tm now_tm;
@@ -332,6 +342,9 @@ S3Request::authorize(S3Config *s3)
     return TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
   }
 
+  // get matrix parameters
+  param = TSUrlHttpParamsGet(_bufp, _url_loc, &param_len);
+
   // Next, setup the Date: header, it's required.
   if (NULL == gmtime_r(&now, &now_tm)) {
     return TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
@@ -355,17 +368,50 @@ S3Request::authorize(S3Config *s3)
     }
   }
 
+  // Just in case we add Content-MD5 if present
+  md5_loc = TSMimeHdrFieldFind(_bufp, _hdr_loc, TS_MIME_FIELD_CONTENT_MD5, TS_MIME_LEN_CONTENT_MD5);
+  if (md5_loc) {
+    con_md5 = TSMimeHdrFieldValueStringGet(_bufp, _hdr_loc, md5_loc, -1, &con_md5_len);
+  }
+
+  // get the Content-Type if available - (buggy) clients may send it
+  // for GET requests too
+  contype_loc = TSMimeHdrFieldFind(_bufp, _hdr_loc, TS_MIME_FIELD_CONTENT_TYPE, TS_MIME_LEN_CONTENT_TYPE);
+  if (contype_loc) {
+    con_type = TSMimeHdrFieldValueStringGet(_bufp, _hdr_loc, contype_loc, -1, &con_type_len);
+  }
+
   // For debugging, lets produce some nice output
   if (TSIsDebugTagSet(PLUGIN_NAME)) {
     TSDebug(PLUGIN_NAME, "Signature string is:");
     // ToDo: This should include the Content-MD5 and Content-Type (for POST)
-    fprintf(stderr, "%.*s\n\n\n%.*s\n/", method_len, method, date_len, date);
+    TSDebug(PLUGIN_NAME, "%.*s", method_len, method);
+    if (con_md5)
+      TSDebug(PLUGIN_NAME, "%.*s", con_md5_len, con_md5);
+
+    if (con_type)
+      TSDebug(PLUGIN_NAME, "%.*s", con_type_len, con_type);
+
+    TSDebug(PLUGIN_NAME, "%.*s", date_len, date);
+
+    const size_t left_size = 1024;
+    char left[left_size + 1] = "/";
+    size_t loff = 1;
 
     // ToDo: What to do with the CanonicalizedAmzHeaders ...
     if (host && host_endp) {
-      fprintf(stderr, "%.*s/", static_cast<int>(host_endp - host), host);
+      loff += str_concat(&left[loff], (left_size - loff), host, static_cast<int>(host_endp - host));
+      loff += str_concat(&left[loff], (left_size - loff), "/", 1);
+    }
+
+    loff += str_concat(&left[loff], (left_size - loff), path, path_len);
+
+    if (param) {
+      loff += str_concat(&left[loff], (left_size - loff), ";", 1);
+      loff += str_concat(&left[loff], (left_size - loff), param, param_len);
     }
-    fprintf(stderr, "%.*s\n", path_len, path);
+
+    TSDebug(PLUGIN_NAME, "%s", left);
   }
 
   // Produce the SHA1 MAC digest
@@ -378,7 +424,11 @@ S3Request::authorize(S3Config *s3)
   HMAC_CTX_init(&ctx);
   HMAC_Init_ex(&ctx, s3->secret(), s3->secret_len(), EVP_sha1(), NULL);
   HMAC_Update(&ctx, (unsigned char *)method, method_len);
-  HMAC_Update(&ctx, (unsigned char *)"\n\n\n", 3); // ToDo: This should be POST info (see above)
+  HMAC_Update(&ctx, (unsigned char *)"\n", 1);
+  HMAC_Update(&ctx, (unsigned char *)con_md5, con_md5_len);
+  HMAC_Update(&ctx, (unsigned char *)"\n", 1);
+  HMAC_Update(&ctx, (unsigned char *)con_type, con_type_len);
+  HMAC_Update(&ctx, (unsigned char *)"\n", 1);
   HMAC_Update(&ctx, (unsigned char *)date, date_len);
   HMAC_Update(&ctx, (unsigned char *)"\n/", 2);
 
@@ -388,6 +438,11 @@ S3Request::authorize(S3Config *s3)
   }
 
   HMAC_Update(&ctx, (unsigned char *)path, path_len);
+  if (param) {
+    HMAC_Update(&ctx, (unsigned char *)";", 1); // TSUrlHttpParamsGet() does not include ';'
+    HMAC_Update(&ctx, (unsigned char *)param, param_len);
+  }
+
   HMAC_Final(&ctx, hmac, &hmac_len);
   HMAC_CTX_cleanup(&ctx);
 
@@ -403,12 +458,13 @@ S3Request::authorize(S3Config *s3)
   }
 
   // Cleanup
+  TSHandleMLocRelease(_bufp, _hdr_loc, contype_loc);
+  TSHandleMLocRelease(_bufp, _hdr_loc, md5_loc);
   TSHandleMLocRelease(_bufp, _hdr_loc, host_loc);
 
   return status;
 }
 
-
 ///////////////////////////////////////////////////////////////////////////////
 // This is the main continuation.
 int