aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/auth_credentials.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/auth_credentials.go')
-rw-r--r--weed/s3api/auth_credentials.go26
1 files changed, 19 insertions, 7 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go
index 9df1fdd29..e5d693951 100644
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@@ -26,6 +26,7 @@ type Iam interface {
type IdentityAccessManagement struct {
identities []*Identity
+ domain string
}
type Identity struct {
@@ -39,8 +40,10 @@ type Credential struct {
SecretKey string
}
-func NewIdentityAccessManagement(fileName string) *IdentityAccessManagement {
- iam := &IdentityAccessManagement{}
+func NewIdentityAccessManagement(fileName string, domain string) *IdentityAccessManagement {
+ iam := &IdentityAccessManagement{
+ domain: domain,
+ }
if fileName == "" {
return iam
}
@@ -119,17 +122,26 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, actions []Acti
var identity *Identity
var s3Err ErrorCode
switch getRequestAuthType(r) {
- case authTypeUnknown, authTypeStreamingSigned:
+ case authTypeStreamingSigned:
+ return ErrNone
+ case authTypeUnknown:
+ glog.V(3).Infof("unknown auth type")
return ErrAccessDenied
case authTypePresignedV2, authTypeSignedV2:
- return ErrNotImplemented
+ glog.V(3).Infof("v2 auth type")
+ identity, s3Err = iam.isReqAuthenticatedV2(r)
case authTypeSigned, authTypePresigned:
+ glog.V(3).Infof("v4 auth type")
identity, s3Err = iam.reqSignatureV4Verify(r)
- if s3Err != ErrNone {
- return s3Err
- }
}
+ glog.V(3).Infof("auth error: %v", s3Err)
+ if s3Err != ErrNone {
+ return s3Err
+ }
+
+ glog.V(3).Infof("user name: %v actions: %v", identity.Name, identity.Actions)
+
if !identity.canDo(actions) {
return ErrAccessDenied
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 20:43:22 +0000