maxmustermann/minio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
5171 commits 18 branches 277 tags 146 MiB
Commit graph

13 commits

Author SHA1 Message Date
Andreas Auernhammer 267a0a3dfa fix X-Amz-Credential parsing for V4 policy signature (#6451) 
This commit fixes an AWS S3 incompatibility issue.
The AccessKeyID may contain one or more `/` which caused
the server to interpret parts of the AccessKeyID as
other `X-Amz-Credential` parameters (like date, region, ...)

This commit fixes this by allowing 5 or more
`X-Amz-Credential` parameter strings and only interpreting
the last 5.

Fixes #6443
 2018-09-11 11:17:23 -07:00
Harshavardhana d90985b6d8 Return authHeaderMalformed for an incorrect region in signature (#5618) 2018-03-09 18:18:57 -08:00
A. Elleuch da2faa19a1 Reduce Minio access key minimum length to 3 (#5478) 
This is a generic minimum value. The current reason is to support
Azure blob storage accounts name whose length is less than 5. 3 is the
minimum length for Azure.
 2018-02-02 09:13:30 +05:30
Andreas Auernhammer a6318dbdaf fix timing oracle attack against signature V2/V4 verification (#5335) 
This change replaces the non-constant time comparison of
request signatures with a constant time implementation. This
prevents a timing attack which can be used to learn a valid 
signature for a request without knowing the secret key.

Fixes #5334
 2018-01-02 12:00:02 +05:30
kannappanr f460eceb6d Check for value > 7 days in X-Amz-Expires header. (#5163) 
Add a check to see if the X-Amz-Expires header in the presigned URL is less than 7 days.

Fixes #5162
 2017-11-13 12:54:03 -08:00
Krishna Srinivas 5db1e9f3dd signature: use region from Auth header if server's region not configured (#4329) 2017-05-15 18:17:02 -07:00
Bala FA 1c97dcb10a Add UTCNow() function. (#3931) 
This patch adds UTCNow() function which returns current UTC time.

This is equivalent of UTCNow() == time.Now().UTC()
 2017-03-18 11:28:41 -07:00
Harshavardhana 47ac410ab0 Code cleanup - simplify server side code. (#3870) 
Fix all the issues reported by `gosimple` tool.
 2017-03-08 10:00:47 -08:00
Harshavardhana 62f8343879 Add constants for commonly used values. (#3588) 
This is a consolidation effort, avoiding usage
of naked strings in codebase. Whenever possible
use constants which can be repurposed elsewhere.

This also fixes `goconst ./...` reported issues.
 2017-01-18 12:24:34 -08:00
Harshavardhana 9161016962 tests: Improve coverage on signature v4 tests. (#3188) 
Fixes #3065
 2016-11-06 11:47:16 -08:00
Harshavardhana d9674f7524 Improve coverage of web-handlers.go (#3157) 
This patch additionally relaxes the requirement for
accesskeys to be in a regexy set of values.

Fixes #3063
 2016-11-02 14:45:11 -07:00
Harshavardhana 113b93346b lock: Make some cleanup and moving the code around. (#2718) 
This patch just avoids lot of ifs and inverts some logic.
 2016-09-19 13:14:55 -07:00
Harshavardhana bccf549463 server: Move all the top level files into cmd folder. (#2490) 
This change brings a change which was done for the 'mc'
package to allow for clean repo and have a cleaner
github drop in experience.
 2016-08-18 16:23:42 -07:00
Renamed from signature-v4-parser_test.go (Browse further)