diff options
| author | Tom Crasset <25140344+tcrasset@users.noreply.github.com> | 2025-03-21 15:37:15 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-21 07:37:15 -0700 |
| commit | be2b389b816d4b6c16d0d1993f4862e03873f037 (patch) | |
| tree | 449e169f2c256764fe88784d370912a6da0315e0 | |
| parent | 43c3e80970d29c47dea70b3c2c9179b7b6f6d9a2 (diff) | |
| download | seaweedfs-be2b389b816d4b6c16d0d1993f4862e03873f037.tar.xz seaweedfs-be2b389b816d4b6c16d0d1993f4862e03873f037.zip | |
add more logging for s3 signature (#6652)
| -rwxr-xr-x | docker/agent_pub_record | bin | 30207836 -> 0 bytes | |||
| -rw-r--r-- | weed/s3api/auth_signature_v4.go | 9 |
2 files changed, 7 insertions, 2 deletions
diff --git a/docker/agent_pub_record b/docker/agent_pub_record Binary files differdeleted file mode 100755 index 03c1a7879..000000000 --- a/docker/agent_pub_record +++ /dev/null diff --git a/weed/s3api/auth_signature_v4.go b/weed/s3api/auth_signature_v4.go index 1e0453cc4..5fce8197c 100644 --- a/weed/s3api/auth_signature_v4.go +++ b/weed/s3api/auth_signature_v4.go @@ -37,6 +37,7 @@ import ( "time" "unicode/utf8" + "github.com/seaweedfs/seaweedfs/weed/glog" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err" ) @@ -168,8 +169,9 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r // Trying with prefix before main path. // Get canonical request. - canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method) + glog.V(4).Infof("Forwarded Prefix: %s", forwardedPrefix) + canonicalRequest := getCanonicalRequest(extractedSignedHeaders, hashedPayload, queryStr, forwardedPrefix+req.URL.Path, req.Method) errCode = iam.genAndCompareSignatureV4(canonicalRequest, cred.SecretKey, t, signV4Values) if errCode == s3err.ErrNone { return identity, errCode @@ -191,7 +193,7 @@ func (iam *IdentityAccessManagement) doesSignatureMatch(hashedPayload string, r func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, secretKey string, t time.Time, signV4Values signValues) s3err.ErrorCode { // Get string to sign from canonical request. stringToSign := getStringToSign(canonicalRequest, t, signV4Values.Credential.getScope()) - + glog.V(4).Infof("String to Sign:\n%s", stringToSign) // Calculate signature. newSignature := iam.getSignature( secretKey, @@ -200,6 +202,7 @@ func (iam *IdentityAccessManagement) genAndCompareSignatureV4(canonicalRequest, signV4Values.Credential.scope.service, stringToSign, ) + glog.V(4).Infof("Signature:\n%s", newSignature) // Verify if signature match. if !compareSignatureV4(newSignature, signV4Values.Signature) { @@ -801,6 +804,8 @@ func getCanonicalRequest(extractedSignedHeaders http.Header, payload, queryStr, getSignedHeaders(extractedSignedHeaders), payload, }, "\n") + + glog.V(4).Infof("Canonical Request:\n%s", canonicalRequest) return canonicalRequest } |