2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
|
2015-03-15 20:52:43 +00:00
|
|
|
package logical
|
|
|
|
|
|
2015-10-07 21:21:41 +00:00
|
|
|
import (
|
2023-02-09 21:18:58 +00:00
|
|
|
"bufio"
|
2018-02-21 22:22:21 +00:00
|
|
|
"encoding/json"
|
2016-06-30 17:46:39 +00:00
|
|
|
"errors"
|
2019-01-18 23:12:38 +00:00
|
|
|
"fmt"
|
2023-02-09 21:18:58 +00:00
|
|
|
"net"
|
2019-09-06 17:34:36 +00:00
|
|
|
"net/http"
|
2021-11-23 19:30:25 +00:00
|
|
|
"strconv"
|
2019-06-20 19:14:58 +00:00
|
|
|
"sync/atomic"
|
2015-10-07 21:21:41 +00:00
|
|
|
|
2019-04-12 21:54:35 +00:00
|
|
|
"github.com/hashicorp/vault/sdk/helper/wrapping"
|
2015-10-07 21:21:41 +00:00
|
|
|
)
|
|
|
|
|
|
2015-05-27 21:09:47 +00:00
|
|
|
const (
|
|
|
|
|
// HTTPContentType can be specified in the Data field of a Response
|
|
|
|
|
// so that the HTTP front end can specify a custom Content-Type associated
|
|
|
|
|
// with the HTTPRawBody. This can only be used for non-secrets, and should
|
|
|
|
|
// be avoided unless absolutely necessary, such as implementing a specification.
|
|
|
|
|
// The value must be a string.
|
|
|
|
|
HTTPContentType = "http_content_type"
|
|
|
|
|
|
|
|
|
|
// HTTPRawBody is the raw content of the HTTP body that goes with the HTTPContentType.
|
|
|
|
|
// This can only be specified for non-secrets, and should should be similarly
|
|
|
|
|
// avoided like the HTTPContentType. The value must be a byte slice.
|
|
|
|
|
HTTPRawBody = "http_raw_body"
|
|
|
|
|
|
2015-08-09 19:20:06 +00:00
|
|
|
// HTTPStatusCode is the response code of the HTTP body that goes with the HTTPContentType.
|
2015-05-27 21:09:47 +00:00
|
|
|
// This can only be specified for non-secrets, and should should be similarly
|
|
|
|
|
// avoided like the HTTPContentType. The value must be an integer.
|
|
|
|
|
HTTPStatusCode = "http_status_code"
|
Fix response wrapping from K/V version 2 (#4511)
This takes place in two parts, since working on this exposed an issue
with response wrapping when there is a raw body set. The changes are (in
diff order):
* A CurrentWrappingLookupFunc has been added to return the current
value. This is necessary for the lookahead call since we don't want the
lookahead call to be wrapped.
* Support for unwrapping < 0.6.2 tokens via the API/CLI has been
removed, because we now have backends returning 404s with data and can't
rely on the 404 trick. These can still be read manually via
cubbyhole/response.
* KV preflight version request now ensures that its calls is not
wrapped, and restores any given function after.
* When responding with a raw body, instead of always base64-decoding a
string value and erroring on failure, on failure we assume that it
simply wasn't a base64-encoded value and use it as is.
* A test that fails on master and works now that ensures that raw body
responses that are wrapped and then unwrapped return the expected
values.
* A flag for response data that indicates to the wrapping handling that
the data contained therein is already JSON decoded (more later).
* RespondWithStatusCode now defaults to a string so that the value is
HMAC'd during audit. The function always JSON encodes the body, so
before now it was always returning []byte which would skip HMACing. We
don't know what's in the data, so this is a "better safe than sorry"
issue. If different behavior is needed, backends can always manually
populate the data instead of relying on the helper function.
* We now check unwrapped data after unwrapping to see if there were raw
flags. If so, we try to detect whether the value can be unbase64'd. The
reason is that if it can it was probably originally a []byte and
shouldn't be audit HMAC'd; if not, it was probably originally a string
and should be. In either case, we then set the value as the raw body and
hit the flag indicating that it's already been JSON decoded so not to
try again before auditing. Doing it this way ensures the right typing.
* There is now a check to see if the data coming from unwrapping is
already JSON decoded and if so the decoding is skipped before setting
the audit response.
2018-05-10 19:40:03 +00:00
|
|
|
|
|
|
|
|
// For unwrapping we may need to know whether the value contained in the
|
|
|
|
|
// raw body is already JSON-unmarshaled. The presence of this key indicates
|
|
|
|
|
// that it has already been unmarshaled. That way we don't need to simply
|
|
|
|
|
// ignore errors.
|
|
|
|
|
HTTPRawBodyAlreadyJSONDecoded = "http_raw_body_already_json_decoded"
|
2019-07-15 18:04:45 +00:00
|
|
|
|
2021-10-14 01:59:36 +00:00
|
|
|
// If set, HTTPCacheControlHeader will replace the default Cache-Control=no-store header
|
2019-07-15 18:04:45 +00:00
|
|
|
// set by the generic wrapping handler. The value must be a string.
|
2021-10-14 01:59:36 +00:00
|
|
|
HTTPCacheControlHeader = "http_raw_cache_control"
|
|
|
|
|
|
|
|
|
|
// If set, HTTPPragmaHeader will set the Pragma response header.
|
|
|
|
|
// The value must be a string.
|
|
|
|
|
HTTPPragmaHeader = "http_raw_pragma"
|
|
|
|
|
|
|
|
|
|
// If set, HTTPWWWAuthenticateHeader will set the WWW-Authenticate response header.
|
|
|
|
|
// The value must be a string.
|
|
|
|
|
HTTPWWWAuthenticateHeader = "http_www_authenticate"
|
2015-05-27 21:09:47 +00:00
|
|
|
)
|
|
|
|
|
|
2015-03-15 20:52:43 +00:00
|
|
|
// Response is a struct that stores the response of a request.
|
|
|
|
|
// It is used to abstract the details of the higher level request protocol.
|
|
|
|
|
type Response struct {
|
2015-03-19 22:11:42 +00:00
|
|
|
// Secret, if not nil, denotes that this response represents a secret.
|
2016-07-24 01:46:28 +00:00
|
|
|
Secret *Secret `json:"secret" structs:"secret" mapstructure:"secret"`
|
2015-03-15 20:52:43 +00:00
|
|
|
|
2015-03-30 21:23:32 +00:00
|
|
|
// Auth, if not nil, contains the authentication information for
|
|
|
|
|
// this response. This is only checked and means something for
|
|
|
|
|
// credential backends.
|
2016-07-24 01:46:28 +00:00
|
|
|
Auth *Auth `json:"auth" structs:"auth" mapstructure:"auth"`
|
2015-03-30 21:23:32 +00:00
|
|
|
|
2015-03-19 22:11:42 +00:00
|
|
|
// Response data is an opaque map that must have string keys. For
|
|
|
|
|
// secrets, this data is sent down to the user as-is. To store internal
|
|
|
|
|
// data that you don't want the user to see, store it in
|
|
|
|
|
// Secret.InternalData.
|
2016-07-24 01:46:28 +00:00
|
|
|
Data map[string]interface{} `json:"data" structs:"data" mapstructure:"data"`
|
2015-03-31 00:56:24 +00:00
|
|
|
|
|
|
|
|
// Redirect is an HTTP URL to redirect to for further authentication.
|
|
|
|
|
// This is only valid for credential backends. This will be blanked
|
|
|
|
|
// for any logical backend and ignored.
|
2016-07-24 01:46:28 +00:00
|
|
|
Redirect string `json:"redirect" structs:"redirect" mapstructure:"redirect"`
|
2015-10-07 19:30:54 +00:00
|
|
|
|
|
|
|
|
// Warnings allow operations or backends to return warnings in response
|
|
|
|
|
// to user actions without failing the action outright.
|
2017-06-05 14:52:43 +00:00
|
|
|
Warnings []string `json:"warnings" structs:"warnings" mapstructure:"warnings"`
|
2016-05-02 02:39:45 +00:00
|
|
|
|
|
|
|
|
// Information for wrapping the response in a cubbyhole
|
2017-04-24 19:15:01 +00:00
|
|
|
WrapInfo *wrapping.ResponseWrapInfo `json:"wrap_info" structs:"wrap_info" mapstructure:"wrap_info"`
|
2019-02-05 21:02:15 +00:00
|
|
|
|
|
|
|
|
// Headers will contain the http headers from the plugin that it wishes to
|
|
|
|
|
// have as part of the output
|
|
|
|
|
Headers map[string][]string `json:"headers" structs:"headers" mapstructure:"headers"`
|
2015-10-07 19:30:54 +00:00
|
|
|
}
|
|
|
|
|
|
2015-10-07 19:41:25 +00:00
|
|
|
// AddWarning adds a warning into the response's warning list
|
2015-10-07 19:30:54 +00:00
|
|
|
func (r *Response) AddWarning(warning string) {
|
2017-06-05 14:52:43 +00:00
|
|
|
if r.Warnings == nil {
|
|
|
|
|
r.Warnings = make([]string, 0, 1)
|
2015-10-07 19:30:54 +00:00
|
|
|
}
|
2017-06-05 14:52:43 +00:00
|
|
|
r.Warnings = append(r.Warnings, warning)
|
2016-05-02 04:08:07 +00:00
|
|
|
}
|
|
|
|
|
|
2015-03-20 16:59:48 +00:00
|
|
|
// IsError returns true if this response seems to indicate an error.
|
|
|
|
|
func (r *Response) IsError() bool {
|
2022-10-17 18:46:25 +00:00
|
|
|
// If the response data contains only an 'error' element, or an 'error' and a 'data' element only
|
|
|
|
|
return r != nil && r.Data != nil && r.Data["error"] != nil && (len(r.Data) == 1 || (r.Data["data"] != nil && len(r.Data) == 2))
|
2015-03-15 20:52:43 +00:00
|
|
|
}
|
|
|
|
|
|
2016-06-30 17:46:39 +00:00
|
|
|
func (r *Response) Error() error {
|
|
|
|
|
if !r.IsError() {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
switch r.Data["error"].(type) {
|
|
|
|
|
case string:
|
|
|
|
|
return errors.New(r.Data["error"].(string))
|
|
|
|
|
case error:
|
|
|
|
|
return r.Data["error"].(error)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-15 20:52:43 +00:00
|
|
|
// HelpResponse is used to format a help response
|
2018-11-05 20:24:39 +00:00
|
|
|
func HelpResponse(text string, seeAlso []string, oapiDoc interface{}) *Response {
|
2015-03-15 20:52:43 +00:00
|
|
|
return &Response{
|
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
|
"help": text,
|
|
|
|
|
"see_also": seeAlso,
|
2018-11-05 20:24:39 +00:00
|
|
|
"openapi": oapiDoc,
|
2015-03-15 20:52:43 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ErrorResponse is used to format an error response
|
2019-01-18 23:12:38 +00:00
|
|
|
func ErrorResponse(text string, vargs ...interface{}) *Response {
|
|
|
|
|
if len(vargs) > 0 {
|
|
|
|
|
text = fmt.Sprintf(text, vargs...)
|
|
|
|
|
}
|
2015-03-15 20:52:43 +00:00
|
|
|
return &Response{
|
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
|
"error": text,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-03-15 21:26:48 +00:00
|
|
|
|
|
|
|
|
// ListResponse is used to format a response to a list operation.
|
|
|
|
|
func ListResponse(keys []string) *Response {
|
2016-01-14 19:18:27 +00:00
|
|
|
resp := &Response{
|
|
|
|
|
Data: map[string]interface{}{},
|
|
|
|
|
}
|
2016-01-19 22:06:24 +00:00
|
|
|
if len(keys) != 0 {
|
2016-01-14 19:18:27 +00:00
|
|
|
resp.Data["keys"] = keys
|
2015-03-15 21:26:48 +00:00
|
|
|
}
|
2016-01-14 19:18:27 +00:00
|
|
|
return resp
|
2015-03-15 21:26:48 +00:00
|
|
|
}
|
2017-11-03 21:12:03 +00:00
|
|
|
|
|
|
|
|
// ListResponseWithInfo is used to format a response to a list operation and
|
|
|
|
|
// return the keys as well as a map with corresponding key info.
|
|
|
|
|
func ListResponseWithInfo(keys []string, keyInfo map[string]interface{}) *Response {
|
|
|
|
|
resp := ListResponse(keys)
|
|
|
|
|
|
|
|
|
|
keyInfoData := make(map[string]interface{})
|
|
|
|
|
for _, key := range keys {
|
|
|
|
|
val, ok := keyInfo[key]
|
|
|
|
|
if ok {
|
|
|
|
|
keyInfoData[key] = val
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(keyInfoData) > 0 {
|
|
|
|
|
resp.Data["key_info"] = keyInfoData
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return resp
|
|
|
|
|
}
|
2018-02-21 22:22:21 +00:00
|
|
|
|
|
|
|
|
// RespondWithStatusCode takes a response and converts it to a raw response with
|
|
|
|
|
// the provided Status Code.
|
|
|
|
|
func RespondWithStatusCode(resp *Response, req *Request, code int) (*Response, error) {
|
2018-07-11 19:45:09 +00:00
|
|
|
ret := &Response{
|
2018-02-21 22:22:21 +00:00
|
|
|
Data: map[string]interface{}{
|
|
|
|
|
HTTPContentType: "application/json",
|
2018-07-11 19:45:09 +00:00
|
|
|
HTTPStatusCode: code,
|
2018-02-21 22:22:21 +00:00
|
|
|
},
|
2018-07-11 19:45:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if resp != nil {
|
|
|
|
|
httpResp := LogicalResponseToHTTPResponse(resp)
|
2018-07-12 14:18:50 +00:00
|
|
|
|
|
|
|
|
if req != nil {
|
|
|
|
|
httpResp.RequestID = req.ID
|
|
|
|
|
}
|
2018-07-11 19:45:09 +00:00
|
|
|
|
|
|
|
|
body, err := json.Marshal(httpResp)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We default to string here so that the value is HMAC'd via audit.
|
|
|
|
|
// Since this function is always marshaling to JSON, this is
|
|
|
|
|
// appropriate.
|
|
|
|
|
ret.Data[HTTPRawBody] = string(body)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret, nil
|
2018-02-21 22:22:21 +00:00
|
|
|
}
|
2019-06-20 19:14:58 +00:00
|
|
|
|
|
|
|
|
// HTTPResponseWriter is optionally added to a request object and can be used to
|
2020-05-21 20:07:50 +00:00
|
|
|
// write directly to the HTTP response writer.
|
2019-06-20 19:14:58 +00:00
|
|
|
type HTTPResponseWriter struct {
|
2019-09-06 17:34:36 +00:00
|
|
|
http.ResponseWriter
|
2019-06-20 19:14:58 +00:00
|
|
|
written *uint32
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-21 20:07:50 +00:00
|
|
|
// NewHTTPResponseWriter creates a new HTTPResponseWriter object that wraps the
|
2019-06-20 19:14:58 +00:00
|
|
|
// provided io.Writer.
|
2019-09-06 17:34:36 +00:00
|
|
|
func NewHTTPResponseWriter(w http.ResponseWriter) *HTTPResponseWriter {
|
2019-06-20 19:14:58 +00:00
|
|
|
return &HTTPResponseWriter{
|
2019-09-06 17:34:36 +00:00
|
|
|
ResponseWriter: w,
|
|
|
|
|
written: new(uint32),
|
2019-06-20 19:14:58 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Write will write the bytes to the underlying io.Writer.
|
2021-11-23 19:30:25 +00:00
|
|
|
func (w *HTTPResponseWriter) Write(bytes []byte) (int, error) {
|
|
|
|
|
atomic.StoreUint32(w.written, 1)
|
|
|
|
|
return w.ResponseWriter.Write(bytes)
|
2019-06-20 19:14:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Written tells us if the writer has been written to yet.
|
2021-11-23 19:30:25 +00:00
|
|
|
func (w *HTTPResponseWriter) Written() bool {
|
|
|
|
|
return atomic.LoadUint32(w.written) == 1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type WrappingResponseWriter interface {
|
|
|
|
|
http.ResponseWriter
|
|
|
|
|
Wrapped() http.ResponseWriter
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type StatusHeaderResponseWriter struct {
|
|
|
|
|
wrapped http.ResponseWriter
|
|
|
|
|
wroteHeader bool
|
2021-12-08 22:34:42 +00:00
|
|
|
StatusCode int
|
2021-11-23 19:30:25 +00:00
|
|
|
headers map[string][]*CustomHeader
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewStatusHeaderResponseWriter(w http.ResponseWriter, h map[string][]*CustomHeader) *StatusHeaderResponseWriter {
|
|
|
|
|
return &StatusHeaderResponseWriter{
|
|
|
|
|
wrapped: w,
|
|
|
|
|
wroteHeader: false,
|
2021-12-08 22:34:42 +00:00
|
|
|
StatusCode: 200,
|
2021-11-23 19:30:25 +00:00
|
|
|
headers: h,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-09 21:18:58 +00:00
|
|
|
func (w *StatusHeaderResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
|
|
|
|
|
if h, ok := w.wrapped.(http.Hijacker); ok {
|
|
|
|
|
return h.Hijack()
|
|
|
|
|
}
|
|
|
|
|
return nil, nil, fmt.Errorf("could not hijack because wrapped connection is %T and it does not implement http.Hijacker", w.wrapped)
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-23 19:30:25 +00:00
|
|
|
func (w *StatusHeaderResponseWriter) Wrapped() http.ResponseWriter {
|
|
|
|
|
return w.wrapped
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (w *StatusHeaderResponseWriter) Header() http.Header {
|
|
|
|
|
return w.wrapped.Header()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (w *StatusHeaderResponseWriter) Write(buf []byte) (int, error) {
|
|
|
|
|
// It is allowed to only call ResponseWriter.Write and skip
|
|
|
|
|
// ResponseWriter.WriteHeader. An example of such a situation is
|
|
|
|
|
// "handleUIStub". The Write function will internally set the status code
|
|
|
|
|
// 200 for the response for which that call might invoke other
|
|
|
|
|
// implementations of the WriteHeader function. So, we still need to set
|
|
|
|
|
// the custom headers. In cases where both WriteHeader and Write of
|
|
|
|
|
// statusHeaderResponseWriter struct are called the internal call to the
|
|
|
|
|
// WriterHeader invoked from inside Write method won't change the headers.
|
|
|
|
|
if !w.wroteHeader {
|
2021-12-08 22:34:42 +00:00
|
|
|
w.setCustomResponseHeaders(w.StatusCode)
|
2021-11-23 19:30:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return w.wrapped.Write(buf)
|
2019-06-20 19:14:58 +00:00
|
|
|
}
|
2021-11-23 19:30:25 +00:00
|
|
|
|
|
|
|
|
func (w *StatusHeaderResponseWriter) WriteHeader(statusCode int) {
|
|
|
|
|
w.setCustomResponseHeaders(statusCode)
|
|
|
|
|
w.wrapped.WriteHeader(statusCode)
|
2021-12-08 22:34:42 +00:00
|
|
|
w.StatusCode = statusCode
|
2021-11-23 19:30:25 +00:00
|
|
|
// in cases where Write is called after WriteHeader, let's prevent setting
|
|
|
|
|
// ResponseWriter headers twice
|
|
|
|
|
w.wroteHeader = true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (w *StatusHeaderResponseWriter) setCustomResponseHeaders(status int) {
|
|
|
|
|
sch := w.headers
|
|
|
|
|
if sch == nil {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Checking the validity of the status code
|
|
|
|
|
if status >= 600 || status < 100 {
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// setter function to set the headers
|
|
|
|
|
setter := func(hvl []*CustomHeader) {
|
|
|
|
|
for _, hv := range hvl {
|
|
|
|
|
w.Header().Set(hv.Name, hv.Value)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Setting the default headers first
|
|
|
|
|
setter(sch["default"])
|
|
|
|
|
|
|
|
|
|
// setting the Xyy pattern first
|
|
|
|
|
d := fmt.Sprintf("%vxx", status/100)
|
|
|
|
|
if val, ok := sch[d]; ok {
|
|
|
|
|
setter(val)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Setting the specific headers
|
|
|
|
|
if val, ok := sch[strconv.Itoa(status)]; ok {
|
|
|
|
|
setter(val)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var _ WrappingResponseWriter = &StatusHeaderResponseWriter{}
|
2022-06-21 13:31:36 +00:00
|
|
|
|
|
|
|
|
// ResolveRoleResponse returns a standard response to be returned by functions handling a ResolveRoleOperation
|
|
|
|
|
func ResolveRoleResponse(roleName string) (*Response, error) {
|
|
|
|
|
return &Response{
|
|
|
|
|
Data: map[string]interface{}{
|
|
|
|
|
"role": roleName,
|
|
|
|
|
},
|
|
|
|
|
}, nil
|
|
|
|
|
}
|