gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add more logging for s3 signature (#6652)

Browse Source
This commit is contained in:
Tom Crasset
2025-03-21 15:37:15 +01:00
committed by GitHub
parent 43c3e80970
commit be2b389b81
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
docker/agent_pub_record
View File

Binary file not shown.

9
weed/s3api/auth_signature_v4.go
View File

@@ -37,6 +37,7 @@ import (
"time" "time"
"unicode/utf8" "unicode/utf8"
"github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
) )
@@ -168,8 +169,9 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
// Trying with prefix before main path. // Trying with prefix before main path.
// Get canonical request. // Get canonical request.
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method) glog.V(4).Infof("Forwarded Prefix: %s", forwardedPrefix)
canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method)
errCode = iam.genAndCompareSignatureV4(canonicalRequest, cred.SecretKey, t, signV4Values) errCode = iam.genAndCompareSignatureV4(canonicalRequest, cred.SecretKey, t, signV4Values)
if errCode == s3err.ErrNone { if errCode == s3err.ErrNone {
return identity, errCode return identity, errCode
@@ -191,7 +193,7 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r
func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, secretKey string, t time.Time, signV4Values signValues) s3err.ErrorCode { func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, secretKey string, t time.Time, signV4Values signValues) s3err.ErrorCode {
// Get string to sign from canonical request. // Get string to sign from canonical request.
stringToSign := getStringToSign(canonicalRequest, t, signV4Values.Credential.getScope()) stringToSign := getStringToSign(canonicalRequest, t, signV4Values.Credential.getScope())
glog.V(4).Infof("String to Sign:\n%s", stringToSign)
// Calculate signature. // Calculate signature.
newSignature := iam.getSignature( newSignature := iam.getSignature(
secretKey, secretKey,
@@ -200,6 +202,7 @@ func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest,
signV4Values.Credential.scope.service, signV4Values.Credential.scope.service,
stringToSign, stringToSign,
) )
glog.V(4).Infof("Signature:\n%s", newSignature)
// Verify if signature match. // Verify if signature match.
if !compareSignatureV4(newSignature, signV4Values.Signature) { if !compareSignatureV4(newSignature, signV4Values.Signature) {
@@ -801,6 +804,8 @@ func getCanonicalRequest(extractedSignedHeaders http.Header, payload, queryStr,
getSignedHeaders(extractedSignedHeaders), getSignedHeaders(extractedSignedHeaders),
payload, payload,
}, "\n") }, "\n")
glog.V(4).Infof("Canonical Request:\n%s", canonicalRequest)
return canonicalRequest return canonicalRequest
} }