You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ki...@apache.org on 2016/02/18 11:54:17 UTC
trafficserver git commit: TS-4176: add support for matrix params in
s3_auth plugin. This closes #455
Repository: trafficserver
Updated Branches:
refs/heads/master 7adb822b1 -> ef6fb54f0
TS-4176: add support for matrix params in s3_auth plugin. This closes #455
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/ef6fb54f
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/ef6fb54f
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/ef6fb54f
Branch: refs/heads/master
Commit: ef6fb54f0ffffeaaf64e0a45f2a431f0d442a76f
Parents: 7adb822
Author: Roberto Guimaraes <rr...@gmail.com>
Authored: Thu Feb 18 02:54:04 2016 -0800
Committer: Kit Chan <ki...@apache.org>
Committed: Thu Feb 18 02:54:04 2016 -0800
----------------------------------------------------------------------
plugins/experimental/s3_auth/s3_auth.cc | 76 ++++++++++++++++++++++++----
1 file changed, 66 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/ef6fb54f/plugins/experimental/s3_auth/s3_auth.cc
----------------------------------------------------------------------
diff --git a/plugins/experimental/s3_auth/s3_auth.cc b/plugins/experimental/s3_auth/s3_auth.cc
index 507026b..3addb8a 100644
--- a/plugins/experimental/s3_auth/s3_auth.cc
+++ b/plugins/experimental/s3_auth/s3_auth.cc
@@ -34,7 +34,6 @@
#include <ts/ts.h>
#include <ts/remap.h>
-
///////////////////////////////////////////////////////////////////////////////
// Some constants.
//
@@ -216,7 +215,6 @@ class S3Request
{
public:
S3Request(TSHttpTxn txnp) : _txnp(txnp), _bufp(NULL), _hdr_loc(TS_NULL_MLOC), _url_loc(TS_NULL_MLOC) {}
-
~S3Request()
{
TSHandleMLocRelease(_bufp, _hdr_loc, _url_loc);
@@ -295,6 +293,18 @@ S3Request::set_header(const char *header, int header_len, const char *val, int v
return ret;
}
+// dst poinsts to starting offset of dst buffer
+// dst_len remaining space in buffer
+static size_t
+str_concat(char *dst, size_t dst_len, const char *src, size_t src_len)
+{
+ size_t to_copy = (src_len < dst_len) ? src_len : dst_len;
+
+ if (to_copy > 0)
+ (void)strncat(dst, src, to_copy);
+
+ return to_copy;
+}
// Method to authorize the S3 request:
//
@@ -317,9 +327,9 @@ TSHttpStatus
S3Request::authorize(S3Config *s3)
{
TSHttpStatus status = TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
- TSMLoc host_loc = TS_NULL_MLOC;
- int method_len = 0, path_len = 0, host_len = 0, date_len = 0;
- const char *method = NULL, *path = NULL, *host = NULL, *host_endp = NULL;
+ TSMLoc host_loc = TS_NULL_MLOC, md5_loc = TS_NULL_MLOC, contype_loc = TS_NULL_MLOC;
+ int method_len = 0, path_len = 0, param_len = 0, host_len = 0, con_md5_len = 0, con_type_len = 0, date_len = 0;
+ const char *method = NULL, *path = NULL, *param = NULL, *host = NULL, *con_md5 = NULL, *con_type = NULL, *host_endp = NULL;
char date[128]; // Plenty of space for a Date value
time_t now = time(NULL);
struct tm now_tm;
@@ -332,6 +342,9 @@ S3Request::authorize(S3Config *s3)
return TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
}
+ // get matrix parameters
+ param = TSUrlHttpParamsGet(_bufp, _url_loc, ¶m_len);
+
// Next, setup the Date: header, it's required.
if (NULL == gmtime_r(&now, &now_tm)) {
return TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
@@ -355,17 +368,50 @@ S3Request::authorize(S3Config *s3)
}
}
+ // Just in case we add Content-MD5 if present
+ md5_loc = TSMimeHdrFieldFind(_bufp, _hdr_loc, TS_MIME_FIELD_CONTENT_MD5, TS_MIME_LEN_CONTENT_MD5);
+ if (md5_loc) {
+ con_md5 = TSMimeHdrFieldValueStringGet(_bufp, _hdr_loc, md5_loc, -1, &con_md5_len);
+ }
+
+ // get the Content-Type if available - (buggy) clients may send it
+ // for GET requests too
+ contype_loc = TSMimeHdrFieldFind(_bufp, _hdr_loc, TS_MIME_FIELD_CONTENT_TYPE, TS_MIME_LEN_CONTENT_TYPE);
+ if (contype_loc) {
+ con_type = TSMimeHdrFieldValueStringGet(_bufp, _hdr_loc, contype_loc, -1, &con_type_len);
+ }
+
// For debugging, lets produce some nice output
if (TSIsDebugTagSet(PLUGIN_NAME)) {
TSDebug(PLUGIN_NAME, "Signature string is:");
// ToDo: This should include the Content-MD5 and Content-Type (for POST)
- fprintf(stderr, "%.*s\n\n\n%.*s\n/", method_len, method, date_len, date);
+ TSDebug(PLUGIN_NAME, "%.*s", method_len, method);
+ if (con_md5)
+ TSDebug(PLUGIN_NAME, "%.*s", con_md5_len, con_md5);
+
+ if (con_type)
+ TSDebug(PLUGIN_NAME, "%.*s", con_type_len, con_type);
+
+ TSDebug(PLUGIN_NAME, "%.*s", date_len, date);
+
+ const size_t left_size = 1024;
+ char left[left_size + 1] = "/";
+ size_t loff = 1;
// ToDo: What to do with the CanonicalizedAmzHeaders ...
if (host && host_endp) {
- fprintf(stderr, "%.*s/", static_cast<int>(host_endp - host), host);
+ loff += str_concat(&left[loff], (left_size - loff), host, static_cast<int>(host_endp - host));
+ loff += str_concat(&left[loff], (left_size - loff), "/", 1);
+ }
+
+ loff += str_concat(&left[loff], (left_size - loff), path, path_len);
+
+ if (param) {
+ loff += str_concat(&left[loff], (left_size - loff), ";", 1);
+ loff += str_concat(&left[loff], (left_size - loff), param, param_len);
}
- fprintf(stderr, "%.*s\n", path_len, path);
+
+ TSDebug(PLUGIN_NAME, "%s", left);
}
// Produce the SHA1 MAC digest
@@ -378,7 +424,11 @@ S3Request::authorize(S3Config *s3)
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, s3->secret(), s3->secret_len(), EVP_sha1(), NULL);
HMAC_Update(&ctx, (unsigned char *)method, method_len);
- HMAC_Update(&ctx, (unsigned char *)"\n\n\n", 3); // ToDo: This should be POST info (see above)
+ HMAC_Update(&ctx, (unsigned char *)"\n", 1);
+ HMAC_Update(&ctx, (unsigned char *)con_md5, con_md5_len);
+ HMAC_Update(&ctx, (unsigned char *)"\n", 1);
+ HMAC_Update(&ctx, (unsigned char *)con_type, con_type_len);
+ HMAC_Update(&ctx, (unsigned char *)"\n", 1);
HMAC_Update(&ctx, (unsigned char *)date, date_len);
HMAC_Update(&ctx, (unsigned char *)"\n/", 2);
@@ -388,6 +438,11 @@ S3Request::authorize(S3Config *s3)
}
HMAC_Update(&ctx, (unsigned char *)path, path_len);
+ if (param) {
+ HMAC_Update(&ctx, (unsigned char *)";", 1); // TSUrlHttpParamsGet() does not include ';'
+ HMAC_Update(&ctx, (unsigned char *)param, param_len);
+ }
+
HMAC_Final(&ctx, hmac, &hmac_len);
HMAC_CTX_cleanup(&ctx);
@@ -403,12 +458,13 @@ S3Request::authorize(S3Config *s3)
}
// Cleanup
+ TSHandleMLocRelease(_bufp, _hdr_loc, contype_loc);
+ TSHandleMLocRelease(_bufp, _hdr_loc, md5_loc);
TSHandleMLocRelease(_bufp, _hdr_loc, host_loc);
return status;
}
-
///////////////////////////////////////////////////////////////////////////////
// This is the main continuation.
int