Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add more logging for s3 signature (#6652)

pull/6654/head
Tom Crasset 1 month ago
committed by GitHub
parent
43c3e80970
commit
be2b389b81
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. BIN
      docker/agent_pub_record
  2. 9
      weed/s3api/auth_signature_v4.go

BIN
docker/agent_pub_record
View File

9
weed/s3api/auth_signature_v4.go
View File

@ -37,6 +37,7 @@ import (
"time"
"unicode/utf8"
"github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
)
@ -168,8 +169,9 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
// Trying with prefix before main path.
// Get canonical request.
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method)
glog.V(4).Infof("Forwarded Prefix: %s", forwardedPrefix)
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method)
errCode = iam.genAndCompareSignatureV4(canonicalRequest, cred.SecretKey, t, signV4Values)
if errCode == s3err.ErrNone {
return identity, errCode
@ -191,7 +193,7 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, secretKey string, t time.Time, signV4Values signValues) s3err.ErrorCode {
// Get string to sign from canonical request.
stringToSign := getStringToSign(canonicalRequest, t, signV4Values.Credential.getScope())
glog.V(4).Infof("String to Sign:\n%s", stringToSign)
// Calculate signature.
newSignature := iam.getSignature(
secretKey,
@ -200,6 +202,7 @@ func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest,
signV4Values.Credential.scope.service,
stringToSign,
)
glog.V(4).Infof("Signature:\n%s", newSignature)
// Verify if signature match.
if !compareSignatureV4(newSignature, signV4Values.Signature) {
@ -801,6 +804,8 @@ func getCanonicalRequest(extractedSignedHeaders http.Header, payload, queryStr,
getSignedHeaders(extractedSignedHeaders),
payload,
}, "\n")
glog.V(4).Infof("Canonical Request:\n%s", canonicalRequest)
return canonicalRequest
}

Write Preview
Loading…
Cancel
Save