Browse Source

add more logging for s3 signature (#6652)

pull/6654/head
Tom Crasset 3 weeks ago
committed by GitHub
parent
commit
be2b389b81
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
  1. BIN
      docker/agent_pub_record
  2. 9
      weed/s3api/auth_signature_v4.go

BIN
docker/agent_pub_record

9
weed/s3api/auth_signature_v4.go

@ -37,6 +37,7 @@ import (
"time"
"unicode/utf8"
"github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
)
@ -168,8 +169,9 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
// Trying with prefix before main path.
// Get canonical request.
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method)
glog.V(4).Infof("Forwarded Prefix: %s", forwardedPrefix)
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method)
errCode = iam.genAndCompareSignatureV4(canonicalRequest, cred.SecretKey, t, signV4Values)
if errCode == s3err.ErrNone {
return identity, errCode
@ -191,7 +193,7 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, secretKey string, t time.Time, signV4Values signValues) s3err.ErrorCode {
// Get string to sign from canonical request.
stringToSign := getStringToSign(canonicalRequest, t, signV4Values.Credential.getScope())
glog.V(4).Infof("String to Sign:\n%s", stringToSign)
// Calculate signature.
newSignature := iam.getSignature(
secretKey,
@ -200,6 +202,7 @@ func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest,
signV4Values.Credential.scope.service,
stringToSign,
)
glog.V(4).Infof("Signature:\n%s", newSignature)
// Verify if signature match.
if !compareSignatureV4(newSignature, signV4Values.Signature) {
@ -801,6 +804,8 @@ func getCanonicalRequest(extractedSignedHeaders http.Header, payload, queryStr,
getSignedHeaders(extractedSignedHeaders),
payload,
}, "\n")
glog.V(4).Infof("Canonical Request:\n%s", canonicalRequest)
return canonicalRequest
}

Loading…
Cancel
Save