mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2024-05-31 16:10:50 +00:00
Allow setting signature V4-only
Default to allowing V2 or V4.
This commit is contained in:
parent
757f4caee8
commit
081d6c1245
|
@ -221,8 +221,11 @@ If the s3fs could not connect to the region specified by this option, s3fs could
|
|||
But if you do not specify this option, and if you can not connect with the default region, s3fs will retry to automatically connect to the other region.
|
||||
So s3fs can know the correct region name, because s3fs can find it in an error from the S3 server.
|
||||
.TP
|
||||
\fB\-o\fR sigv2 (default is signature version 4)
|
||||
sets signing AWS requests by using Signature Version 2.
|
||||
\fB\-o\fR sigv2 (default is signature version 4 falling back to version 2)
|
||||
sets signing AWS requests by using only signature version 2.
|
||||
.TP
|
||||
\fB\-o\fR sigv4 (default is signature version 4 falling back to version 2)
|
||||
sets signing AWS requests by using only signature version 4.
|
||||
.TP
|
||||
\fB\-o\fR mp_umask (default is "0000")
|
||||
sets umask for the mount point directory.
|
||||
|
|
|
@ -127,7 +127,7 @@ std::string S3fsCurl::userAgent;
|
|||
int S3fsCurl::max_parallel_cnt = 5; // default
|
||||
int S3fsCurl::max_multireq = 20; // default
|
||||
off_t S3fsCurl::multipart_size = MULTIPART_SIZE; // default
|
||||
bool S3fsCurl::is_sigv4 = true; // default
|
||||
signature_type_t S3fsCurl::signature_type = V2_OR_V4; // default
|
||||
bool S3fsCurl::is_ua = true; // default
|
||||
bool S3fsCurl::is_use_session_token= false; // default
|
||||
bool S3fsCurl::requester_pays = false; // default
|
||||
|
@ -889,7 +889,7 @@ bool S3fsCurl::FinalCheckSse()
|
|||
S3FS_PRN_ERR("sse type is SSE-KMS, but there is no specified kms id.");
|
||||
return false;
|
||||
}
|
||||
if(!S3fsCurl::IsSignatureV4()){
|
||||
if(S3fsCurl::GetSignatureType() == V2_ONLY){
|
||||
S3FS_PRN_ERR("sse type is SSE-KMS, but signature type is not v4. SSE-KMS require signature v4.");
|
||||
return false;
|
||||
}
|
||||
|
@ -2621,7 +2621,7 @@ void S3fsCurl::insertAuthHeaders()
|
|||
|
||||
if(S3fsCurl::is_ibm_iam_auth){
|
||||
insertIBMIAMHeaders();
|
||||
}else if(!S3fsCurl::is_sigv4){
|
||||
}else if(S3fsCurl::signature_type == V2_ONLY){
|
||||
insertV2Headers();
|
||||
}else{
|
||||
insertV4Headers();
|
||||
|
|
|
@ -153,7 +153,7 @@ class S3fsCurl
|
|||
static int max_parallel_cnt;
|
||||
static int max_multireq;
|
||||
static off_t multipart_size;
|
||||
static bool is_sigv4;
|
||||
static signature_type_t signature_type;
|
||||
static bool is_ua; // User-Agent
|
||||
static bool requester_pays;
|
||||
|
||||
|
@ -339,8 +339,8 @@ class S3fsCurl
|
|||
static const char* GetIAMRole() { return S3fsCurl::IAM_role.c_str(); }
|
||||
static bool SetMultipartSize(off_t size);
|
||||
static off_t GetMultipartSize() { return S3fsCurl::multipart_size; }
|
||||
static bool SetSignatureV4(bool isset) { bool bresult = S3fsCurl::is_sigv4; S3fsCurl::is_sigv4 = isset; return bresult; }
|
||||
static bool IsSignatureV4() { return S3fsCurl::is_sigv4; }
|
||||
static signature_type_t SetSignatureType(signature_type_t signature_type) { signature_type_t bresult = S3fsCurl::signature_type; S3fsCurl::signature_type = signature_type; return bresult; }
|
||||
static signature_type_t GetSignatureType() { return S3fsCurl::signature_type; }
|
||||
static bool SetUserAgentFlag(bool isset) { bool bresult = S3fsCurl::is_ua; S3fsCurl::is_ua = isset; return bresult; }
|
||||
static bool IsUserAgentFlag() { return S3fsCurl::is_ua; }
|
||||
static void InitUserAgent();
|
||||
|
|
17
src/s3fs.cpp
17
src/s3fs.cpp
|
@ -881,9 +881,9 @@ static int do_create_bucket()
|
|||
int res = s3fscurl.PutRequest("/", meta, tmpfd);
|
||||
if(res < 0){
|
||||
long responseCode = s3fscurl.GetLastResponseCode();
|
||||
if((responseCode == 400 || responseCode == 403) && S3fsCurl::IsSignatureV4()){
|
||||
if((responseCode == 400 || responseCode == 403) && S3fsCurl::GetSignatureType() == V2_OR_V4){
|
||||
S3FS_PRN_ERR("Could not connect, so retry to connect by signature version 2.");
|
||||
S3fsCurl::SetSignatureV4(false);
|
||||
S3fsCurl::SetSignatureType(V2_ONLY);
|
||||
|
||||
// retry to check
|
||||
s3fscurl.DestroyCurlHandle();
|
||||
|
@ -3390,7 +3390,8 @@ static int s3fs_check_service()
|
|||
// current endpoint is wrong, so try to connect to expected region.
|
||||
S3FS_PRN_CRIT("Failed to connect region '%s'(default), so retry to connect region '%s'.", endpoint.c_str(), expectregion.c_str());
|
||||
endpoint = expectregion;
|
||||
if(S3fsCurl::IsSignatureV4()){
|
||||
if(S3fsCurl::GetSignatureType() == V4_ONLY ||
|
||||
S3fsCurl::GetSignatureType() == V2_OR_V4){
|
||||
if(s3host == "http://s3.amazonaws.com"){
|
||||
s3host = "http://s3-" + endpoint + ".amazonaws.com";
|
||||
}else if(s3host == "https://s3.amazonaws.com"){
|
||||
|
@ -3407,10 +3408,10 @@ static int s3fs_check_service()
|
|||
}
|
||||
|
||||
// try signature v2
|
||||
if(0 > res && (responseCode == 400 || responseCode == 403) && S3fsCurl::IsSignatureV4()){
|
||||
if(0 > res && (responseCode == 400 || responseCode == 403) && S3fsCurl::GetSignatureType() == V2_OR_V4){
|
||||
// switch sigv2
|
||||
S3FS_PRN_CRIT("Failed to connect by sigv4, so retry to connect by signature version 2.");
|
||||
S3fsCurl::SetSignatureV4(false);
|
||||
S3fsCurl::SetSignatureType(V2_ONLY);
|
||||
|
||||
// retry to check with sigv2
|
||||
s3fscurl.DestroyCurlHandle();
|
||||
|
@ -4502,7 +4503,11 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
|
|||
return 0;
|
||||
}
|
||||
if(0 == strcmp(arg, "sigv2")){
|
||||
S3fsCurl::SetSignatureV4(false);
|
||||
S3fsCurl::SetSignatureType(V2_ONLY);
|
||||
return 0;
|
||||
}
|
||||
if(0 == strcmp(arg, "sigv4")){
|
||||
S3fsCurl::SetSignatureType(V4_ONLY);
|
||||
return 0;
|
||||
}
|
||||
if(0 == strcmp(arg, "createbucket")){
|
||||
|
|
|
@ -274,8 +274,11 @@ static const char help_string[] =
|
|||
" can know the correct region name, because s3fs can find it in an\n"
|
||||
" error from the S3 server.\n"
|
||||
"\n"
|
||||
" sigv2 (default is signature version 4)\n"
|
||||
" - sets signing AWS requests by using Signature Version 2\n"
|
||||
" sigv2 (default is signature version 4 falling back to version 2)\n"
|
||||
" - sets signing AWS requests by using only signature version 2\n"
|
||||
"\n"
|
||||
" sigv4 (default is signature version 4 falling back to version 2)\n"
|
||||
" - sets signing AWS requests by using only signature version 4\n"
|
||||
"\n"
|
||||
" mp_umask (default is \"0000\")\n"
|
||||
" - sets umask for the mount point directory.\n"
|
||||
|
|
|
@ -234,6 +234,12 @@ class sse_type_t{
|
|||
Value value_;
|
||||
};
|
||||
|
||||
enum signature_type_t {
|
||||
V2_ONLY,
|
||||
V4_ONLY,
|
||||
V2_OR_V4
|
||||
};
|
||||
|
||||
//----------------------------------------------
|
||||
// etaglist_t / filepart
|
||||
//----------------------------------------------
|
||||
|
|
|
@ -63,6 +63,7 @@ FLAGS=(
|
|||
nomultipart
|
||||
notsup_compat_dir
|
||||
sigv2
|
||||
sigv4
|
||||
singlepart_copy_limit=$((10 * 1024)) # limit size to exercise multipart code paths
|
||||
#use_sse # TODO: S3Proxy does not support SSE
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue
Block a user