support sts

jimmyyan · jimmyyan · commit f2e7bd5aa235 · 2017-08-29T20:11:04.000+08:00
diff --git a/src/curl.cpp b/src/curl.cpp
@@ -52,6 +52,7 @@ using namespace std;
 
 static const std::string empty_payload_hash = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
 
+extern int check_for_cos_format(void); // implented in s3fs.cpp
 //-------------------------------------------------------------------
 // Utilities
 //-------------------------------------------------------------------
@@ -297,7 +298,7 @@ string           S3fsCurl::COSAccessKeyId;
 string           S3fsCurl::COSSecretAccessKey;
 string           S3fsCurl::COSAccessToken;
 time_t           S3fsCurl::COSAccessTokenExpire= 0;
-string           S3fsCurl::RAM_role;
+string           S3fsCurl::CAM_role;
 long             S3fsCurl::ssl_verify_hostname = 1;    // default(original code...)
 curltime_t       S3fsCurl::curl_times;
 curlprogress_t   S3fsCurl::curl_progress;
@@ -1039,6 +1040,30 @@ bool S3fsCurl::SetVerbose(bool flag)
   return old;
 }
 
+bool S3fsCurl::checkSTSCredentialUpdate(void) {
+    if (S3fsCurl::CAM_role.empty()) {
+        return true;
+    }
+
+    if (time(NULL) <= S3fsCurl::COSAccessTokenExpire) {
+        return true;
+    }
+   
+   // if return value is not equal 1, means wrong format key
+   if (check_for_cos_format() != 1) {
+       return false;
+   }
+
+   return true;
+}
+
+
+bool S3fsCurl::SetToken(const string& token, const string& token_expire) {
+    COSAccessToken = token;
+    COSAccessTokenExpire = cvtCAMExpireStringToTime(token_expire.c_str());
+    return true;
+}
+
 bool S3fsCurl::SetAccessKey(const char* AccessKeyId, const char* SecretAccessKey)
 {
   if(!AccessKeyId || '\0' == AccessKeyId[0] || !SecretAccessKey || '\0' == SecretAccessKey[0]){
@@ -1059,10 +1084,10 @@ long S3fsCurl::SetSslVerifyHostname(long value)
   return old;
 }
 
-string S3fsCurl::SetRAMRole(const char* role)
+string S3fsCurl::SetCAMRole(const char* role)
 {
-  string old = S3fsCurl::RAM_role;
-  S3fsCurl::RAM_role = role ? role : "";
+  string old = S3fsCurl::CAM_role;
+  S3fsCurl::CAM_role = role ? role : "";
   return old;
 }
 
@@ -1377,14 +1402,14 @@ bool S3fsCurl::SetRAMCredentials(const char* response)
   S3fsCurl::COSAccessKeyId       = keyval[string(RAMCRED_ACCESSKEYID)];
   S3fsCurl::COSSecretAccessKey   = keyval[string(RAMCRED_SECRETACCESSKEY)];
   S3fsCurl::COSAccessToken       = keyval[string(RAMCRED_ACCESSTOKEN)];
-  S3fsCurl::COSAccessTokenExpire = cvtRAMExpireStringToTime(keyval[string(RAMCRED_EXPIRATION)].c_str());
+  S3fsCurl::COSAccessTokenExpire = cvtCAMExpireStringToTime(keyval[string(RAMCRED_EXPIRATION)].c_str());
 
   return true;
 }
 
 bool S3fsCurl::CheckRAMCredentialUpdate(void)
 {
-  if(0 == S3fsCurl::RAM_role.size()){
+  if(0 == S3fsCurl::CAM_role.size()){
     return true;
   }
   if(time(NULL) + RAM_EXPIRE_MERGIN <= S3fsCurl::COSAccessTokenExpire){
@@ -1958,6 +1983,15 @@ int S3fsCurl::RequestPerform(void)
 string S3fsCurl::CalcSignature(string method, string strMD5, string content_type, string date, string resource)
 {
   string Signature;
+ 
+  if (0 < S3fsCurl::CAM_role.size()) {
+      if (!S3fsCurl::checkSTSCredentialUpdate()) {
+          S3FS_PRN_ERR("Something error occurred in checking CAM STS Credential");
+          return Signature;
+      }
+      requestHeaders = curl_slist_sort_insert(requestHeaders, "x-cos-security-token", S3fsCurl::COSAccessToken.c_str());
+  }
+
   const void* key            = S3fsCurl::COSSecretAccessKey.data();
   int key_len                = S3fsCurl::COSSecretAccessKey.size();
 
@@ -2099,9 +2133,9 @@ int S3fsCurl::DeleteRequest(const char* tpath)
 //
 int S3fsCurl::GetRAMCredentials(void)
 {
-  S3FS_PRN_INFO3("[RAM role=%s]", S3fsCurl::RAM_role.c_str());
+  S3FS_PRN_INFO3("[RAM role=%s]", S3fsCurl::CAM_role.c_str());
 
-  if(0 == S3fsCurl::RAM_role.size()){
+  if(0 == S3fsCurl::CAM_role.size()){
     S3FS_PRN_ERR("RAM role name is empty.");
     return -EIO;
   }
@@ -2113,7 +2147,7 @@ int S3fsCurl::GetRAMCredentials(void)
   }
 
   // url
-  url             = string(RAM_CRED_URL) + S3fsCurl::RAM_role;
+  url             = string(RAM_CRED_URL) + S3fsCurl::CAM_role;
   requestHeaders  = NULL;
   responseHeaders.clear();
   bodydata        = new BodyData();
diff --git a/src/curl.h b/src/curl.h
@@ -226,7 +226,7 @@ class S3fsCurl
     static std::string      COSSecretAccessKey;
     static std::string      COSAccessToken;
     static time_t           COSAccessTokenExpire;
-    static std::string      RAM_role;
+    static std::string      CAM_role;
     static long             ssl_verify_hostname;
     static curltime_t       curl_times;
     static curlprogress_t   curl_progress;
@@ -352,15 +352,17 @@ class S3fsCurl
     static bool SetVerbose(bool flag);
     static bool GetVerbose(void) { return S3fsCurl::is_verbose; }
     static bool SetAccessKey(const char* AccessKeyId, const char* SecretAccessKey);
+    static bool SetToken(const std::string& token, const std::string& token_expire);
     static bool IsSetAccessKeyId(void){
-                  return (0 < S3fsCurl::RAM_role.size() || (0 < S3fsCurl::COSAccessKeyId.size() && 0 < S3fsCurl::COSSecretAccessKey.size()));
+                  return (0 < S3fsCurl::CAM_role.size() || (0 < S3fsCurl::COSAccessKeyId.size() && 0 < S3fsCurl::COSSecretAccessKey.size()));
                 }
+    static bool checkSTSCredentialUpdate(void);
     static long SetSslVerifyHostname(long value);
     static long GetSslVerifyHostname(void) { return S3fsCurl::ssl_verify_hostname; }
     static int SetMaxParallelCount(int value);
     static int GetMaxParallelCount(void) { return S3fsCurl::max_parallel_cnt; }
-    static std::string SetRAMRole(const char* role);
-    static const char* GetRAMRole(void) { return S3fsCurl::RAM_role.c_str(); }
+    static std::string SetCAMRole(const char* role);
+    static const char* GetRAMRole(void) { return S3fsCurl::CAM_role.c_str(); }
     static bool SetMultipartSize(off_t size);
     static off_t GetMultipartSize(void) { return S3fsCurl::multipart_size; }
     static bool SetSignatureV4(bool isset) { bool bresult = S3fsCurl::is_sigv4; S3fsCurl::is_sigv4 = isset; return bresult; }
diff --git a/src/s3fs.cpp b/src/s3fs.cpp
@@ -3705,17 +3705,23 @@ static int s3fs_check_service(void)
 // Return:  1 - OK(could read and set accesskey etc.)
 //          0 - NG(could not read)
 //         -1 - Should shoutdown immidiatly
-static int check_for_cos_format(void)
+int check_for_cos_format(void)
 {
   size_t first_pos = string::npos;
   string line;
   bool   got_access_key_id_line = 0;
   bool   got_secret_key_line = 0;
+  bool   got_token_line = 0;
+  bool   got_token_expire_line = 0;
   string str1 ("COSAccessKeyId=");
   string str2 ("COSSecretKey=");
+  string str3 ("COSAccessToken=");
+  string str4 ("COSAccessTokenExpire=");
   size_t found;
   string AccessKeyId;
   string SecretAccesskey;
+  string Token;
+  string TokenExpire;
 
 
   ifstream PF(passwd_file.c_str());
@@ -3761,9 +3767,30 @@ static int check_for_cos_format(void)
          got_secret_key_line = 1;
          continue;
       }
+
+      found = line.find(str3);
+      if(found != string::npos){
+         first_pos = line.find_first_of("=");
+         Token = line.substr(first_pos + 1, string::npos);
+         got_token_line = 1;
+         continue;
+      }
+      
+     found = line.find(str4);
+      if(found != string::npos){
+         first_pos = line.find_first_of("=");
+         TokenExpire = line.substr(first_pos + 1, string::npos);
+         got_token_expire_line = 1;
+         continue;
+      }
     }
   }
 
+   // token and token expire are optional
+  if (got_token_line && got_token_expire_line) {
+      S3fsCurl::SetToken(Token, TokenExpire);
+  }
+
   if(got_access_key_id_line && got_secret_key_line){
     if(!S3fsCurl::SetAccessKey(AccessKeyId.c_str(), SecretAccesskey.c_str())){
       S3FS_PRN_EXIT("if one access key is specified, both keys need to be specified.");
@@ -4376,9 +4403,9 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
       passwd_file = strchr(arg, '=') + sizeof(char);
       return 0;
     }
-    if(0 == STR2NCMP(arg, "ram_role=")){
+    if(0 == STR2NCMP(arg, "cam_role=")){
       const char* role = strchr(arg, '=') + sizeof(char);
-      S3fsCurl::SetRAMRole(role);
+      S3fsCurl::SetCAMRole(role);
       return 0;
     }
     if(0 == STR2NCMP(arg, "public_bucket=")){
@@ -4725,7 +4752,7 @@ int main(int argc, char* argv[])
   }
   if(passwd_file.size() > 0 && S3fsCurl::IsSetAccessKeyId()){
     S3FS_PRN_EXIT("specifying both passwd_file and the access keys options is invalid.");
-    exit(EXIT_FAILURE);
+    // exit(EXIT_FAILURE);
   }
   if(!S3fsCurl::IsPublicBucket()){
     if(EXIT_SUCCESS != get_access_keys()){
diff --git a/src/s3fs_util.cpp b/src/s3fs_util.cpp
@@ -783,7 +783,7 @@ blkcnt_t get_blocks(off_t size)
   return size / 512 + 1;
 }
 
-time_t cvtRAMExpireStringToTime(const char* s)
+time_t cvtCAMExpireStringToTime(const char* s)
 {
   struct tm tm;
   if(!s){
diff --git a/src/s3fs_util.h b/src/s3fs_util.h
@@ -121,7 +121,7 @@ uid_t get_uid(headers_t& meta);
 gid_t get_gid(const char *s);
 gid_t get_gid(headers_t& meta);
 blkcnt_t get_blocks(off_t size);
-time_t cvtRAMExpireStringToTime(const char* s);
+time_t cvtCAMExpireStringToTime(const char* s);
 time_t get_lastmodified(const char* s);
 time_t get_lastmodified(headers_t& meta);
 bool is_need_check_obj_detail(headers_t& meta);

Original file line number	Diff line number	Diff line change
`@@ -783,7 +783,7 @@ blkcnt_t get_blocks(off_t size)`
`783`	`783`	`return size / 512 + 1;`
`784`	`784`	`}`
`785`	`785`
`786`		`-time_t cvtRAMExpireStringToTime(const char* s)`
	`786`	`+time_t cvtCAMExpireStringToTime(const char* s)`
`787`	`787`	`{`
`788`	`788`	`struct tm tm;`
`789`	`789`	`if(!s){`