Merge branch 'master' into release

Makefile

@@ -61,11 +61,11 @@ checks:
 	@(env bash $(PWD)/buildscripts/checkgopath.sh)
 
 getdeps: checks
-	@go get -u github.com/golang/lint/golint && echo "Installed golint:"
-	@go get -u github.com/fzipp/gocyclo && echo "Installed gocyclo:"
-	@go get -u github.com/remyoudompheng/go-misc/deadcode && echo "Installed deadcode:"
-	@go get -u github.com/client9/misspell/cmd/misspell && echo "Installed misspell:"
-	@go get -u github.com/gordonklaus/ineffassign && echo "Installed ineffassign:"
+	@echo "Installing golint:" && go get -u github.com/golang/lint/golint
+	@echo "Installing gocyclo:" && go get -u github.com/fzipp/gocyclo
+	@echo "Installing deadcode:" && go get -u github.com/remyoudompheng/go-misc/deadcode
+	@echo "Installing misspell:" && go get -u github.com/client9/misspell/cmd/misspell
+	@echo "Installing ineffassign:" && go get -u github.com/gordonklaus/ineffassign
 
 verifiers: vet fmt lint cyclo spelling
 

cmd/lock-rpc-server.go

@@ -34,7 +34,6 @@ const lockCheckValidityInterval = 2 * time.Minute
 // LockArgs besides lock name, holds Token and Timestamp for session
 // authentication and validation server restart.
 type LockArgs struct {
-	loginServer
 	Name      string
 	Token     string
 	Timestamp time.Time
@@ -70,6 +69,7 @@ func isWriteLock(lri []lockRequesterInfo) bool {
 
 // lockServer is type for RPC handlers
 type lockServer struct {
+	loginServer
 	rpcPath string
 	mutex   sync.Mutex
 	lockMap map[string][]lockRequesterInfo

cmd/lock-rpc-server_test.go

@@ -48,26 +48,20 @@ func createLockTestServer(t *testing.T) (string, *lockServer, string) {
 		t.Fatalf("unable initialize config file, %s", err)
 	}
 
-	jwt, err := newJWT(defaultJWTExpiry, serverConfig.GetCredential())
-	if err != nil {
-		t.Fatalf("unable to get new JWT, %s", err)
-	}
-
-	err = jwt.Authenticate(serverConfig.GetCredential().AccessKeyID, serverConfig.GetCredential().SecretAccessKey)
-	if err != nil {
-		t.Fatalf("unable for JWT to authenticate, %s", err)
-	}
-
-	token, err := jwt.GenerateToken(serverConfig.GetCredential().AccessKeyID)
-	if err != nil {
-		t.Fatalf("unable for JWT to generate token, %s", err)
-	}
-
 	locker := &lockServer{
-		rpcPath: "rpc-path",
-		mutex:   sync.Mutex{},
-		lockMap: make(map[string][]lockRequesterInfo),
+		loginServer: loginServer{},
+		rpcPath:     "rpc-path",
+		mutex:       sync.Mutex{},
+		lockMap:     make(map[string][]lockRequesterInfo),
 	}
+	creds := serverConfig.GetCredential()
+	loginArgs := RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey}
+	loginReply := RPCLoginReply{}
+	err = locker.LoginHandler(&loginArgs, &loginReply)
+	if err != nil {
+		t.Fatalf("Failed to login to lock server - %v", err)
+	}
+	token := loginReply.Token
 
 	return testPath, locker, token
 }

cmd/signature-v4.go

@@ -250,7 +250,9 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
 
 	query.Set("X-Amz-Algorithm", signV4Algorithm)
 
-	if pSignValues.Date.After(time.Now().UTC()) {
+	// If the host which signed the request is slightly ahead in time (by less than globalMaxSkewTime) the
+	// request should still be allowed.
+	if pSignValues.Date.After(time.Now().UTC().Add(globalMaxSkewTime)) {
 		return ErrRequestNotReadyYet
 	}