Merge branch 'security-token' of https://github.com/sfc-gh-rnarubin/fio master
authorJens Axboe <axboe@kernel.dk>
Wed, 9 Jul 2025 22:52:06 +0000 (16:52 -0600)
committerJens Axboe <axboe@kernel.dk>
Wed, 9 Jul 2025 22:52:06 +0000 (16:52 -0600)
* 'security-token' of https://github.com/sfc-gh-rnarubin/fio:
  engines/http: Add S3 security token support

1  2 
engines/http.c

diff --combined engines/http.c
index 217aa575cb66a83cf071b43c94c9945b21b6d891,fb13aee8aeadc4e6223931f30312dd67d7ac09a0..b893ec7a49b6f2a045ec69e372fdf24c7e4a24ad
@@@ -56,6 -56,7 +56,7 @@@ struct http_options 
        char *pass;
        char *s3_key;
        char *s3_keyid;
+       char *s3_security_token;
        char *s3_region;
        char *s3_sse_customer_key;
        char *s3_sse_customer_algorithm;
@@@ -144,6 -145,16 +145,16 @@@ static struct fio_option options[] = 
                .category = FIO_OPT_C_ENGINE,
                .group    = FIO_OPT_G_HTTP,
        },
+       {
+               .name     = "http_s3_security_token",
+               .lname    = "S3 security token",
+               .type     = FIO_OPT_STR_STORE,
+               .help     = "S3 security token",
+               .off1     = offsetof(struct http_options, s3_security_token),
+               .def      = "",
+               .category = FIO_OPT_C_ENGINE,
+               .group    = FIO_OPT_G_HTTP,
+       },
        {
                .name     = "http_swift_auth_token",
                .lname    = "Swift auth token",
@@@ -419,7 -430,7 +430,7 @@@ static void _add_aws_auth_header(CURL *
        char dkey[128];
        char creq[4096];
        char sts[512];
-       char s[512];
+       char s[2048];
        char *uri_encoded = NULL;
        char *dsha = NULL;
        char *csha = NULL;
        unsigned char sse_key[33] = {0};
        char *sse_key_base64 = NULL;
        char *sse_key_md5_base64 = NULL;
+       char security_token_header[2048] = {0};
+       char security_token_list_item[24] = {0};
  
        time_t t = time(NULL);
        struct tm *gtm = gmtime(&t);
        strftime (date_iso, sizeof(date_iso), "%Y%m%dT%H%M%SZ", gtm);
        uri_encoded = _aws_uriencode(uri);
  
+       if (o->s3_security_token != NULL) {
+               snprintf(security_token_header, sizeof(security_token_header),
+                               "x-amz-security-token:%s\n", o->s3_security_token);
+               sprintf(security_token_list_item, "x-amz-security-token;");
+       }
        if (o->s3_sse_customer_key != NULL)
                strncpy((char*)sse_key, o->s3_sse_customer_key, sizeof(sse_key) - 1);
  
                        "x-amz-server-side-encryption-customer-algorithm:%s\n"
                        "x-amz-server-side-encryption-customer-key:%s\n"
                        "x-amz-server-side-encryption-customer-key-md5:%s\n"
+                       "%s" /* security token if provided */
                        "x-amz-storage-class:%s\n"
                        "\n"
                        "host;x-amz-content-sha256;x-amz-date;"
                        "x-amz-server-side-encryption-customer-algorithm;"
                        "x-amz-server-side-encryption-customer-key;"
                        "x-amz-server-side-encryption-customer-key-md5;"
+                       "%s"
                        "x-amz-storage-class\n"
                        "%s"
                        , method
                        , uri_encoded, o->host, dsha, date_iso
                        , o->s3_sse_customer_algorithm, sse_key_base64
-                       , sse_key_md5_base64, o->s3_storage_class, dsha);
+                       , sse_key_md5_base64, security_token_header
+                       , o->s3_storage_class, security_token_list_item, dsha);
        } else {
                snprintf(creq, sizeof(creq),
                        "%s\n"
                        "host:%s\n"
                        "x-amz-content-sha256:%s\n"
                        "x-amz-date:%s\n"
+                       "%s" /* security token if provided */
                        "x-amz-storage-class:%s\n"
                        "\n"
-                       "host;x-amz-content-sha256;x-amz-date;x-amz-storage-class\n"
+                       "host;x-amz-content-sha256;x-amz-date;%sx-amz-storage-class\n"
                        "%s"
                        , method
-                       , uri_encoded, o->host, dsha, date_iso, o->s3_storage_class, dsha);
+                       , uri_encoded, o->host, dsha, date_iso
+                       , security_token_header, o->s3_storage_class
+                       , security_token_list_item, dsha);
        }
  
        csha = _gen_hex_sha256(creq, strlen(creq));
                slist = curl_slist_append(slist, s);
        }
  
+       if (o->s3_security_token != NULL) {
+               snprintf(s, sizeof(s), "x-amz-security-token: %s", o->s3_security_token);
+               slist = curl_slist_append(slist, s);
+       }
        snprintf(s, sizeof(s), "x-amz-storage-class: %s", o->s3_storage_class);
        slist = curl_slist_append(slist, s);
  
                        "x-amz-date;x-amz-server-side-encryption-customer-algorithm;"
                        "x-amz-server-side-encryption-customer-key;"
                        "x-amz-server-side-encryption-customer-key-md5;"
+                       "%s"
                        "x-amz-storage-class,"
                        "Signature=%s",
-               o->s3_keyid, date_short, o->s3_region, signature);
+               o->s3_keyid, date_short, o->s3_region, security_token_list_item, signature);
        } else {
                snprintf(s, sizeof(s), "Authorization: AWS4-HMAC-SHA256 Credential=%s/%s/%s/s3/aws4_request,"
-                       "SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-storage-class,Signature=%s",
-                       o->s3_keyid, date_short, o->s3_region, signature);
+                       "SignedHeaders=host;x-amz-content-sha256;x-amz-date;%sx-amz-storage-class,Signature=%s",
+                       o->s3_keyid, date_short, o->s3_region, security_token_list_item, signature);
        }
        slist = curl_slist_append(slist, s);
  
@@@ -643,7 -674,7 +674,7 @@@ static enum fio_q_status fio_http_queue
  
        fio_ro_check(td, io_u);
        memset(&_curl_stream, 0, sizeof(_curl_stream));
 -      snprintf(object, sizeof(object), "%s_%llu_%llu", td->files[0]->file_name,
 +      snprintf(object, sizeof(object), "%s_%llu_%llu", io_u->file->file_name,
                io_u->offset, io_u->xfer_buflen);
        if (o->https == FIO_HTTPS_OFF)
                snprintf(url, sizeof(url), "http://%s%s", o->host, object);