trafficserver-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jrushf...@apache.org
Subject trafficserver git commit: TS-4133: Update the url_sig plugin so that application query parameters are left intact on the request.
Date Tue, 22 Mar 2016 16:50:36 GMT
Repository: trafficserver
Updated Branches:
  refs/heads/master 0e6e5c151 -> dcb2ede1a


TS-4133: Update the url_sig plugin so that application query parameters are left intact on
the request.

Signed-off-by: John J. Rushford <John_Rushford@cable.comcast.com>


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/dcb2ede1
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/dcb2ede1
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/dcb2ede1

Branch: refs/heads/master
Commit: dcb2ede1ae09dd7348e375f2730cc58b77312bd7
Parents: 0e6e5c1
Author: John J. Rushford <John_Rushford@cable.comcast.com>
Authored: Thu Jan 14 19:22:35 2016 +0000
Committer: John J. Rushford <John_Rushford@cable.comcast.com>
Committed: Tue Mar 22 16:40:49 2016 +0000

----------------------------------------------------------------------
 plugins/experimental/url_sig/README    |  9 ++++
 plugins/experimental/url_sig/sign.pl   | 28 ++++++++++--
 plugins/experimental/url_sig/url_sig.c | 67 +++++++++++++++++++++++++++--
 plugins/experimental/url_sig/url_sig.h |  1 +
 4 files changed, 98 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/dcb2ede1/plugins/experimental/url_sig/README
----------------------------------------------------------------------
diff --git a/plugins/experimental/url_sig/README b/plugins/experimental/url_sig/README
index aa9a650..b5d8792 100644
--- a/plugins/experimental/url_sig/README
+++ b/plugins/experimental/url_sig/README
@@ -41,6 +41,15 @@ Edge cache debugging
 	to traffic.out.  Failed transactions (signature check fails
 	that is) will be logged in to error.log.
 
+Application Query Parameters.
+  If a request to be signed has application query parameters, the signing
+  parameters must be concatenated to the end of the requests application
+  query parameters.  The application query parameters will be included in
+  the signing calculation as determined by the 'Parts' signing explained
+  below.  At the edge after verification of the signing by this plugin,
+  the signing parameters are removed and the application query parameters
+  are preserved in the request.
+
 Signing a URL
 	At the signing portal take the full URL, without any query string, and
 	add on a query string with the following parameters:

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/dcb2ede1/plugins/experimental/url_sig/sign.pl
----------------------------------------------------------------------
diff --git a/plugins/experimental/url_sig/sign.pl b/plugins/experimental/url_sig/sign.pl
index d3fbdeb..7f2cc7b 100755
--- a/plugins/experimental/url_sig/sign.pl
+++ b/plugins/experimental/url_sig/sign.pl
@@ -65,12 +65,24 @@ foreach my $part ( split( /\//, $url ) ) {
 	}
 	$j++;
 }
+my $urlHasParams = index($string,"?");
+
 chop($string);
 if ( defined($client) ) {
-	$string .= "?C=" . $client . "&E=" . ( time() + $duration ) . "&A=" . $algorithm
. "&K=" . $keyindex . "&P=" . $useparts . "&S=";
+  if ($urlHasParams > 0) {
+	  $string .= "&C=" . $client . "&E=" . ( time() + $duration ) . "&A=" . $algorithm
. "&K=" . $keyindex . "&P=" . $useparts . "&S=";
+  }
+  else {
+	  $string .= "?C=" . $client . "&E=" . ( time() + $duration ) . "&A=" . $algorithm
. "&K=" . $keyindex . "&P=" . $useparts . "&S=";
+  }
 }
 else {
-	$string .= "?E=" . ( time() + $duration ) . "&A=" . $algorithm . "&K=" . $keyindex
. "&P=" . $useparts . "&S=";
+  if ($urlHasParams > 0) {
+	  $string .= "&E=" . ( time() + $duration ) . "&A=" . $algorithm . "&K=" . $keyindex
. "&P=" . $useparts . "&S=";
+  }
+  else {
+	  $string .= "?E=" . ( time() + $duration ) . "&A=" . $algorithm . "&K=" . $keyindex
. "&P=" . $useparts . "&S=";
+  }
 }
 
 $verbose && print "signed string = " . $string . "\n";
@@ -82,9 +94,17 @@ if ( $algorithm == 1 ) {
 else {
 	$digest = hmac_md5_hex( $string, $key );
 }
-my $qstring = ( split( /\?/, $string ) )[1];
+if ($urlHasParams == -1) {
+  my $qstring = ( split( /\?/, $string ) )[1];
 
-print "curl -s -o /dev/null -v --max-redirs 0 'http://" . $url . "?" . $qstring . $digest
. "'\n";
+  print "curl -s -o /dev/null -v --max-redirs 0 'http://" . $url . "?" . $qstring . $digest
. "'\n";
+}
+else {
+  my $url_noparams = ( split( /\?/, $url ) )[0];
+  my $qstring = ( split( /\?/, $string ) )[1];
+
+  print "curl -s -o /dev/null -v --max-redirs 0 'http://" . $url_noparams . "?" . $qstring
. $digest . "'\n";
+}
 
 sub help {
 	print "sign.pl - Example signing utility in perl for signed URLs\n";

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/dcb2ede1/plugins/experimental/url_sig/url_sig.c
----------------------------------------------------------------------
diff --git a/plugins/experimental/url_sig/url_sig.c b/plugins/experimental/url_sig/url_sig.c
index 96a5521..70a3f00 100644
--- a/plugins/experimental/url_sig/url_sig.c
+++ b/plugins/experimental/url_sig/url_sig.c
@@ -245,6 +245,60 @@ err_log(char *url, char *msg)
   }
 }
 
+// See the README.  All Signing parameters must be concatenated to the end
+// of the url and any application query parameters.
+static char *
+getAppQueryString(char *query_string, int query_length)
+{
+  int done = 0;
+  char *p;
+  char buf[MAX_QUERY_LEN];
+
+  if (query_length > MAX_QUERY_LEN) {
+    TSDebug(PLUGIN_NAME, "Cannot process the query string as the length exceeds %d bytes.",
MAX_QUERY_LEN);
+    return NULL;
+  }
+  memset(buf, 0, MAX_QUERY_LEN);
+  strncpy(buf, query_string, query_length);
+  p = buf;
+
+  TSDebug(PLUGIN_NAME, "query_string: %s, query_length: %d", query_string, query_length);
+  if (p == NULL) {
+    return NULL;
+  }
+
+  do {
+    switch (*p) {
+    case 'A':
+    case 'C':
+    case 'E':
+    case 'K':
+    case 'P':
+    case 'S':
+      done = 1;
+      if (*(p - 1) == '&') {
+        *(p - 1) = '\0';
+      } else
+        (*p = '\0');
+      break;
+    default:
+      p = strchr(p, '&');
+      if (p == NULL)
+        done = 1;
+      else
+        p++;
+      break;
+    }
+  } while (!done);
+
+  if (strlen(buf) > 0) {
+    p = TSstrdup(buf);
+    return p;
+  } else {
+    return NULL;
+  }
+}
+
 TSRemapStatus
 TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
 {
@@ -275,7 +329,7 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp, TSRemapRequestInfo *rri)
   char *parts = NULL;
   char *part = NULL;
   char *p = NULL, *pp = NULL;
-  char *query = NULL;
+  char *query = NULL, *app_qry = NULL;
 
   int retval, sockfd;
   socklen_t peer_len;
@@ -510,11 +564,18 @@ deny:
 
 /* ********* Allow ********* */
 allow:
+  app_qry = getAppQueryString(query, strlen(query));
+
   TSfree(url);
   /* drop the query string so we can cache-hit */
-  rval = TSUrlHttpQuerySet(rri->requestBufp, rri->requestUrl, NULL, 0);
+  if (app_qry != NULL) {
+    rval = TSUrlHttpQuerySet(rri->requestBufp, rri->requestUrl, app_qry, strlen(app_qry));
+    TSfree(app_qry);
+  } else {
+    rval = TSUrlHttpQuerySet(rri->requestBufp, rri->requestUrl, NULL, 0);
+  }
   if (rval != TS_SUCCESS) {
-    TSError("[url_sig] Error stripping query string: %d.", rval);
+    TSError("[url_sig] Error setting the query string: %d.", rval);
   }
   return TSREMAP_NO_REMAP;
 }

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/dcb2ede1/plugins/experimental/url_sig/url_sig.h
----------------------------------------------------------------------
diff --git a/plugins/experimental/url_sig/url_sig.h b/plugins/experimental/url_sig/url_sig.h
index 6e22600..46e8e72 100644
--- a/plugins/experimental/url_sig/url_sig.h
+++ b/plugins/experimental/url_sig/url_sig.h
@@ -45,6 +45,7 @@
 #define MAX_REQ_LEN 8192
 #define MAX_KEY_LEN 256
 #define MAX_KEY_NUM 16
+#define MAX_QUERY_LEN 4096
 
 #define USIG_HMAC_SHA1 1
 #define USIG_HMAC_MD5 2


Mime
View raw message