diff --git a/Makefile b/Makefile index 1f2af664d..772032d07 100644 --- a/Makefile +++ b/Makefile @@ -61,11 +61,11 @@ checks: @(env bash $(PWD)/buildscripts/checkgopath.sh) getdeps: checks - @go get -u github.com/golang/lint/golint && echo "Installed golint:" - @go get -u github.com/fzipp/gocyclo && echo "Installed gocyclo:" - @go get -u github.com/remyoudompheng/go-misc/deadcode && echo "Installed deadcode:" - @go get -u github.com/client9/misspell/cmd/misspell && echo "Installed misspell:" - @go get -u github.com/gordonklaus/ineffassign && echo "Installed ineffassign:" + @echo "Installing golint:" && go get -u github.com/golang/lint/golint + @echo "Installing gocyclo:" && go get -u github.com/fzipp/gocyclo + @echo "Installing deadcode:" && go get -u github.com/remyoudompheng/go-misc/deadcode + @echo "Installing misspell:" && go get -u github.com/client9/misspell/cmd/misspell + @echo "Installing ineffassign:" && go get -u github.com/gordonklaus/ineffassign verifiers: vet fmt lint cyclo spelling diff --git a/cmd/lock-rpc-server.go b/cmd/lock-rpc-server.go index 5ee4a7312..42cba5303 100644 --- a/cmd/lock-rpc-server.go +++ b/cmd/lock-rpc-server.go @@ -34,7 +34,6 @@ const lockCheckValidityInterval = 2 * time.Minute // LockArgs besides lock name, holds Token and Timestamp for session // authentication and validation server restart. type LockArgs struct { - loginServer Name string Token string Timestamp time.Time @@ -70,6 +69,7 @@ func isWriteLock(lri []lockRequesterInfo) bool { // lockServer is type for RPC handlers type lockServer struct { + loginServer rpcPath string mutex sync.Mutex lockMap map[string][]lockRequesterInfo diff --git a/cmd/lock-rpc-server_test.go b/cmd/lock-rpc-server_test.go index 050192fc0..30519b5b1 100644 --- a/cmd/lock-rpc-server_test.go +++ b/cmd/lock-rpc-server_test.go @@ -48,26 +48,20 @@ func createLockTestServer(t *testing.T) (string, *lockServer, string) { t.Fatalf("unable initialize config file, %s", err) } - jwt, err := newJWT(defaultJWTExpiry, serverConfig.GetCredential()) - if err != nil { - t.Fatalf("unable to get new JWT, %s", err) - } - - err = jwt.Authenticate(serverConfig.GetCredential().AccessKeyID, serverConfig.GetCredential().SecretAccessKey) - if err != nil { - t.Fatalf("unable for JWT to authenticate, %s", err) - } - - token, err := jwt.GenerateToken(serverConfig.GetCredential().AccessKeyID) - if err != nil { - t.Fatalf("unable for JWT to generate token, %s", err) - } - locker := &lockServer{ - rpcPath: "rpc-path", - mutex: sync.Mutex{}, - lockMap: make(map[string][]lockRequesterInfo), + loginServer: loginServer{}, + rpcPath: "rpc-path", + mutex: sync.Mutex{}, + lockMap: make(map[string][]lockRequesterInfo), } + creds := serverConfig.GetCredential() + loginArgs := RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey} + loginReply := RPCLoginReply{} + err = locker.LoginHandler(&loginArgs, &loginReply) + if err != nil { + t.Fatalf("Failed to login to lock server - %v", err) + } + token := loginReply.Token return testPath, locker, token } diff --git a/cmd/signature-v4.go b/cmd/signature-v4.go index 333d4ecf3..2e6a0dda4 100644 --- a/cmd/signature-v4.go +++ b/cmd/signature-v4.go @@ -250,7 +250,9 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s query.Set("X-Amz-Algorithm", signV4Algorithm) - if pSignValues.Date.After(time.Now().UTC()) { + // If the host which signed the request is slightly ahead in time (by less than globalMaxSkewTime) the + // request should still be allowed. + if pSignValues.Date.After(time.Now().UTC().Add(globalMaxSkewTime)) { return ErrRequestNotReadyYet }