From bda0fe3150eb58b40ecddcc0b3b015e999fc0358 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Fri, 11 Sep 2020 23:02:32 -0700 Subject: [PATCH] fix: allow LDAP identity to support form body POST (#10468) similar to other STS APIs --- cmd/signals.go | 6 +++++- cmd/sts-handlers.go | 13 ++++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/cmd/signals.go b/cmd/signals.go index cd76e7b71..fb8ff8549 100644 --- a/cmd/signals.go +++ b/cmd/signals.go @@ -18,6 +18,8 @@ package cmd import ( "context" + "errors" + "net/http" "os" "strings" @@ -53,7 +55,9 @@ func handleSignals() { if httpServer := newHTTPServerFn(); httpServer != nil { err = httpServer.Shutdown() - logger.LogIf(context.Background(), err) + if !errors.Is(err, http.ErrServerClosed) { + logger.LogIf(context.Background(), err) + } } if objAPI := newObjectLayerWithoutSafeModeFn(); objAPI != nil { diff --git a/cmd/sts-handlers.go b/cmd/sts-handlers.go index 152536e29..b266b4006 100644 --- a/cmd/sts-handlers.go +++ b/cmd/sts-handlers.go @@ -88,7 +88,7 @@ func registerSTSRouter(router *mux.Router) { ctypeOk := wildcard.MatchSimple("application/x-www-form-urlencoded*", r.Header.Get(xhttp.ContentType)) noQueries := len(r.URL.Query()) == 0 return ctypeOk && noQueries - }).HandlerFunc(httpTraceAll(sts.AssumeRoleWithJWT)) + }).HandlerFunc(httpTraceAll(sts.AssumeRoleWithSSO)) // AssumeRoleWithClientGrants stsRouter.Methods(http.MethodPost).HandlerFunc(httpTraceAll(sts.AssumeRoleWithClientGrants)). @@ -258,8 +258,8 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) { writeSuccessResponseXML(w, encodeResponse(assumeRoleResponse)) } -func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Request) { - ctx := newContext(r, w, "AssumeRoleJWTCommon") +func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Request) { + ctx := newContext(r, w, "AssumeRoleSSOCommon") // Parse the incoming form data. if err := r.ParseForm(); err != nil { @@ -274,6 +274,9 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ action := r.Form.Get(stsAction) switch action { + case ldapIdentity: + sts.AssumeRoleWithLDAPIdentity(w, r) + return case clientGrants, webIdentity: default: writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("Unsupported action %s", action)) @@ -417,7 +420,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ // Eg:- // $ curl https://minio:9000/?Action=AssumeRoleWithWebIdentity&WebIdentityToken= func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *http.Request) { - sts.AssumeRoleWithJWT(w, r) + sts.AssumeRoleWithSSO(w, r) } // AssumeRoleWithClientGrants - implementation of AWS STS extension API supporting @@ -426,7 +429,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithWebIdentity(w http.ResponseWriter, r *h // Eg:- // $ curl https://minio:9000/?Action=AssumeRoleWithClientGrants&Token= func (sts *stsAPIHandlers) AssumeRoleWithClientGrants(w http.ResponseWriter, r *http.Request) { - sts.AssumeRoleWithJWT(w, r) + sts.AssumeRoleWithSSO(w, r) } // AssumeRoleWithLDAPIdentity - implements user auth against LDAP server