http: improve AWS HTTP v4 Signature auth

- Add support services without region and service prefixes in the URL endpoint (ex. Min.IO, GCP, Yandex Cloud, Mail.Ru Cloud Solutions, etc) by providing region and service parameters via aws-sigv4 option. - Add [:region[:service]] suffix to aws-sigv4 option; - Fix memory allocation errors. - Refactor memory management. - Use Curl_http_method instead() STRING_CUSTOMREQUEST. - Refactor canonical headers generating. - Remove repeated sha256_to_hex() usage. - Add some docs fixes. - Add some codestyle fixes. - Add overloaded strndup() for debug - curl_dbg_strndup(). - Update tests. Closes #6524
2026-06-04 12:14:15 +03:00 · 2021-01-25 17:02:09 +03:00 · 2021-01-25 17:02:09 +03:00 · 796ce293de
commit 796ce293de
parent 3c2210713e
21 changed files with 740 additions and 255 deletions
--- a/src/tool_cfgable.c
+++ b/src/tool_cfgable.c
@ -169,7 +169,7 @@ static void free_config_fields(struct OperationConfig *config)
  Curl_safefree(config->ftp_account);
  Curl_safefree(config->ftp_alternative_to_user);

-  Curl_safefree(config->aws_sigv4_provider);
+  Curl_safefree(config->aws_sigv4);
 }

 void config_free(struct OperationConfig *config)
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@ -284,7 +284,7 @@ struct OperationConfig {
                                     0 is valid. default: CURL_HET_DEFAULT. */
  bool haproxy_protocol;          /* whether to send HAProxy protocol v1 */
  bool disallow_username_in_url;  /* disallow usernames in URLs */
-  char *aws_sigv4_provider;
+  char *aws_sigv4;
  struct GlobalConfig *global;
  struct OperationConfig *prev;
  struct OperationConfig *next;   /* Always last in the struct */
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@ -113,7 +113,7 @@ static const struct LongShort aliases[]= {
  {"*t", "proxy-ntlm",               ARG_BOOL},
  {"*u", "crlf",                     ARG_BOOL},
  {"*v", "stderr",                   ARG_FILENAME},
-  {"*V", "aws-sigv4",             ARG_STRING},
+  {"*V", "aws-sigv4",                ARG_STRING},
  {"*w", "interface",                ARG_STRING},
  {"*x", "krb",                      ARG_STRING},
  {"*x", "krb4",                     ARG_STRING},
@ -806,8 +806,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */

      case 'V': /* --aws-sigv4 */
        config->authtype |= CURLAUTH_AWS_SIGV4;
-        GetStr(&config->aws_sigv4_provider, nextarg);
+        GetStr(&config->aws_sigv4, nextarg);
        break;
+
      case 'v': /* --stderr */
        if(strcmp(nextarg, "-")) {
          FILE *newfile = fopen(nextarg, FOPEN_WRITETEXT);
--- a/src/tool_help.c
+++ b/src/tool_help.c
@ -133,7 +133,7 @@ static const struct helptxt helptext[] = {
  {"-a, --append",
   "Append to target file when uploading",
   CURLHELP_FTP | CURLHELP_SFTP},
-  {"    --aws-sigv4 <provider1[:provider2]>",
+  {"    --aws-sigv4 <provider1[:provider2[:region[:service]]]>",
   "Use AWS V4 signature authentication",
   CURLHELP_AUTH | CURLHELP_HTTP},
  {"    --basic",
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@ -1662,7 +1662,7 @@ static CURLcode single_transfer(struct GlobalConfig *global,
          my_setopt_str(curl, CURLOPT_PROXY_SSLKEYTYPE,
                        config->proxy_key_type);
          my_setopt_str(curl, CURLOPT_AWS_SIGV4,
-                        config->aws_sigv4_provider);
+                        config->aws_sigv4);

          if(config->insecure_ok) {
            my_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L);