root
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
8,872 Commits 4 Branches 523 Tags 188 MiB
Commit Graph

27 Commits

Author SHA1 Message Date
Harshavardhana 8f2a3efa85
disallow sub-credentials based on root credentials to gain priviledges (#12947) 
This happens because of a change added where any sub-credential
with parentUser == rootCredential i.e (MINIO_ROOT_USER) will
always be an owner, you cannot generate credentials with lower
session policy to restrict their access.

This doesn't affect user service accounts created with regular
users, LDAP or OpenID
 2021-08-12 18:07:08 -07:00
Harshavardhana a2cd3c9a1d
use ParseForm() to allow query param lookups once (#12900) 
```
cpu: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
BenchmarkURLQueryForm
BenchmarkURLQueryForm-4         247099363                4.809 ns/op           0 B/op          0 allocs/op
BenchmarkURLQuery
BenchmarkURLQuery-4              2517624               462.1 ns/op           432 B/op          4 allocs/op
PASS
ok      github.com/minio/minio/cmd      3.848s
```
 2021-08-07 22:43:01 -07:00
Harshavardhana 1f262daf6f
rename all remaining packages to internal/ (#12418) 
This is to ensure that there are no projects
that try to import `minio/minio/pkg` into
their own repo. Any such common packages should
go to `https://github.com/minio/pkg`
 2021-06-01 14:59:40 -07:00
Harshavardhana 069432566f update license change for MinIO 
Signed-off-by: Harshavardhana <harsha@minio.io>
 2021-04-23 11:58:53 -07:00
Harshavardhana 11aa393ba7
Allow region errors to be dynamic (#10323) 
remove other FIXMEs as we are not planning to fix these, 
instead we will add dynamism case by case basis.

fixes #10250
 2020-08-23 22:06:22 -07:00
KevinSmile 0ebb73ee2e
use const instead of literals (#10292) 2020-08-19 16:43:52 -07:00
Harshavardhana 09d35d3b4c
fix: sts to return appropriate errors (#9161) 2020-03-18 17:25:45 -07:00
Ashish Kumar Sinha fa5a1cebd9 support space character in access key (#8335) 2019-10-01 02:25:37 +05:30
Harshavardhana e6d8e272ce
Use const slashSeparator instead of "/" everywhere (#8028) 2019-08-06 12:08:58 -07:00
kannappanr 5ecac91a55
Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 11:39:42 -07:00
poornas 1011d21416 Fix credential parsing in signature v4 (#7377) 
Fixes #7376
 2019-03-16 22:45:42 -07:00
Harshavardhana c3ca954684 Implement AssumeRole API for Minio users (#7267) 
For actual API reference read here

https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

Documentation is added and updated as well at docs/sts/assume-role.md

Fixes #6381
 2019-02-27 17:46:55 -08:00
Harshavardhana df35d7db9d Introduce staticcheck for stricter builds (#7035) 2019-02-13 18:29:36 +05:30
Harshavardhana bf414068a3 Parse and return proper errors with x-amz-security-token (#6766) 
This PR also simplifies the token and access key validation
across our signature handling.
 2018-11-07 20:10:03 +05:30
Harshavardhana 54ae364def Introduce STS client grants API and OPA policy integration (#6168) 
This PR introduces two new features

- AWS STS compatible STS API named AssumeRoleWithClientGrants

```
POST /?Action=AssumeRoleWithClientGrants&Token=<jwt>
```

This API endpoint returns temporary access credentials, access
tokens signature types supported by this API

  - RSA keys
  - ECDSA keys

Fetches the required public key from the JWKS endpoints, provides
them as rsa or ecdsa public keys.

- External policy engine support, in this case OPA policy engine

- Credentials are stored on disks
 2018-10-09 14:00:01 -07:00
Andreas Auernhammer 267a0a3dfa fix `X-Amz-Credential` parsing for V4 policy signature (#6451) 
This commit fixes an AWS S3 incompatibility issue.
The AccessKeyID may contain one or more `/` which caused
the server to interpret parts of the AccessKeyID as
other `X-Amz-Credential` parameters (like date, region, ...)

This commit fixes this by allowing 5 or more
`X-Amz-Credential` parameter strings and only interpreting
the last 5.

Fixes #6443
 2018-09-11 11:17:23 -07:00
Harshavardhana d90985b6d8 Return authHeaderMalformed for an incorrect region in signature (#5618) 2018-03-09 18:18:57 -08:00
kannappanr f460eceb6d Check for value > 7 days in X-Amz-Expires header. (#5163) 
Add a check to see if the X-Amz-Expires header in the presigned URL is less than 7 days.

Fixes #5162
 2017-11-13 12:54:03 -08:00
Bala FA 32c6b62932 move credentials as separate package (#5115) 2017-10-31 11:54:32 -07:00
Frank Wessels 46897b1100 Name return values to prevent the need (and unnecessary code bloat) (#4576) 
This is done to explicitly instantiate objects for every return statement.
 2017-06-21 19:53:09 -07:00
Krishna Srinivas 5db1e9f3dd signature: use region from Auth header if server's region not configured (#4329) 2017-05-15 18:17:02 -07:00
Krishna Srinivas 45d9cfa0c5 signature-v4: stringToSign and signingKey should use Scope's date. (#3688) 
fixes #3676
 2017-02-06 13:09:09 -08:00
Bala FA e8ce3b64ed Generate and use access/secret keys properly (#3498) 2016-12-26 10:21:23 -08:00
Harshavardhana a8ab02a73a v4/presign: Fix presign requests when there are more signed headers. (#3222) 
This fix removes a wrong logic which fails for requests which
have more signed headers in a presign request.

Fixes #3217
 2016-11-10 21:57:15 -08:00
Harshavardhana 9161016962 tests: Improve coverage on signature v4 tests. (#3188) 
Fixes #3065
 2016-11-06 11:47:16 -08:00
Harshavardhana d9674f7524 Improve coverage of web-handlers.go (#3157) 
This patch additionally relaxes the requirement for
accesskeys to be in a regexy set of values.

Fixes #3063
 2016-11-02 14:45:11 -07:00
Harshavardhana bccf549463 server: Move all the top level files into cmd folder. (#2490) 
This change brings a change which was done for the 'mc'
package to allow for clean repo and have a cleaner
github drop in experience.
 2016-08-18 16:23:42 -07:00