From 43cc2e547c361fe1a28e72bd860fbf87fb5500f1 Mon Sep 17 00:00:00 2001 From: JinmingHu Date: Thu, 12 Nov 2020 16:29:24 +0800 Subject: [PATCH] customers cannot change sas version anymore (#957) --- .../azure/storage/blobs/blob_sas_builder.hpp | 7 ------- .../src/blob_sas_builder.cpp | 20 +++++++++++-------- .../storage/common/account_sas_builder.hpp | 7 ------- .../src/account_sas_builder.cpp | 7 ++++--- .../files/datalake/datalake_sas_builder.hpp | 7 ------- .../src/datalake_sas_builder.cpp | 18 ++++++++++------- .../files/shares/share_sas_builder.hpp | 7 ------- .../src/share_sas_builder.cpp | 9 +++++---- 8 files changed, 32 insertions(+), 50 deletions(-) diff --git a/sdk/storage/azure-storage-blobs/inc/azure/storage/blobs/blob_sas_builder.hpp b/sdk/storage/azure-storage-blobs/inc/azure/storage/blobs/blob_sas_builder.hpp index c0638ed82..cf8a7784e 100644 --- a/sdk/storage/azure-storage-blobs/inc/azure/storage/blobs/blob_sas_builder.hpp +++ b/sdk/storage/azure-storage-blobs/inc/azure/storage/blobs/blob_sas_builder.hpp @@ -177,13 +177,6 @@ namespace Azure { namespace Storage { namespace Blobs { */ struct BlobSasBuilder { - /** - * @brief The storage service version to use to authenticate requests made with this - * shared access signature, and the service version to use when handling requests made with this - * shared access signature. - */ - std::string Version = Storage::Details::c_defaultSasVersion; - /** * @brief The optional signed protocol field specifies the protocol permitted for a * request made with the SAS. diff --git a/sdk/storage/azure-storage-blobs/src/blob_sas_builder.cpp b/sdk/storage/azure-storage-blobs/src/blob_sas_builder.cpp index f925c803f..52e5c12d6 100644 --- a/sdk/storage/azure-storage-blobs/src/blob_sas_builder.cpp +++ b/sdk/storage/azure-storage-blobs/src/blob_sas_builder.cpp @@ -130,15 +130,17 @@ namespace Azure { namespace Storage { namespace Blobs { std::string stringToSign = Permissions + "\n" + (StartsOn.HasValue() ? StartsOn.GetValue() : "") + "\n" + ExpiresOn + "\n" + canonicalName + "\n" + Identifier + "\n" - + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + Version + "\n" - + resource + "\n" + snapshotVersion + "\n" + CacheControl + "\n" + ContentDisposition + "\n" - + ContentEncoding + "\n" + ContentLanguage + "\n" + ContentType; + + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + + Storage::Details::c_defaultSasVersion + "\n" + resource + "\n" + snapshotVersion + "\n" + + CacheControl + "\n" + ContentDisposition + "\n" + ContentEncoding + "\n" + ContentLanguage + + "\n" + ContentType; std::string signature = Base64Encode( Storage::Details::HmacSha256(stringToSign, Base64Decode(credential.GetAccountKey()))); Azure::Core::Http::Url builder; - builder.AppendQueryParameter("sv", Storage::Details::UrlEncodeQueryParameter(Version)); + builder.AppendQueryParameter( + "sv", Storage::Details::UrlEncodeQueryParameter(Storage::Details::c_defaultSasVersion)); builder.AppendQueryParameter("spr", Storage::Details::UrlEncodeQueryParameter(protocol)); if (StartsOn.HasValue()) { @@ -219,15 +221,17 @@ namespace Azure { namespace Storage { namespace Blobs { + userDelegationKey.SignedTenantId + "\n" + userDelegationKey.SignedStartsOn + "\n" + userDelegationKey.SignedExpiresOn + "\n" + userDelegationKey.SignedService + "\n" + userDelegationKey.SignedVersion + "\n\n\n\n" - + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + Version + "\n" - + resource + "\n" + snapshotVersion + "\n" + CacheControl + "\n" + ContentDisposition + "\n" - + ContentEncoding + "\n" + ContentLanguage + "\n" + ContentType; + + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + + Storage::Details::c_defaultSasVersion + "\n" + resource + "\n" + snapshotVersion + "\n" + + CacheControl + "\n" + ContentDisposition + "\n" + ContentEncoding + "\n" + ContentLanguage + + "\n" + ContentType; std::string signature = Base64Encode( Storage::Details::HmacSha256(stringToSign, Base64Decode(userDelegationKey.Value))); Azure::Core::Http::Url builder; - builder.AppendQueryParameter("sv", Storage::Details::UrlEncodeQueryParameter(Version)); + builder.AppendQueryParameter( + "sv", Storage::Details::UrlEncodeQueryParameter(Storage::Details::c_defaultSasVersion)); builder.AppendQueryParameter("sr", Storage::Details::UrlEncodeQueryParameter(resource)); if (StartsOn.HasValue()) { diff --git a/sdk/storage/azure-storage-common/inc/azure/storage/common/account_sas_builder.hpp b/sdk/storage/azure-storage-common/inc/azure/storage/common/account_sas_builder.hpp index 7d1b24470..d554b81f8 100644 --- a/sdk/storage/azure-storage-common/inc/azure/storage/common/account_sas_builder.hpp +++ b/sdk/storage/azure-storage-common/inc/azure/storage/common/account_sas_builder.hpp @@ -202,13 +202,6 @@ namespace Azure { namespace Storage { */ struct AccountSasBuilder { - /** - * @brief The storage service version to use to authenticate requests made with this - * shared access signature, and the service version to use when handling requests made with this - * shared access signature. - */ - std::string Version = Details::c_defaultSasVersion; - /** * @brief The optional signed protocol field specifies the protocol permitted for a * request made with the SAS. diff --git a/sdk/storage/azure-storage-common/src/account_sas_builder.cpp b/sdk/storage/azure-storage-common/src/account_sas_builder.cpp index e37bdc632..412ca4938 100644 --- a/sdk/storage/azure-storage-common/src/account_sas_builder.cpp +++ b/sdk/storage/azure-storage-common/src/account_sas_builder.cpp @@ -98,14 +98,15 @@ namespace Azure { namespace Storage { std::string stringToSign = credential.AccountName + "\n" + Permissions + "\n" + services + "\n" + resourceTypes + "\n" + (StartsOn.HasValue() ? StartsOn.GetValue() : "") + "\n" + ExpiresOn - + "\n" + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + Version - + "\n"; + + "\n" + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + + Details::c_defaultSasVersion + "\n"; std::string signature = Base64Encode(Details::HmacSha256(stringToSign, Base64Decode(credential.GetAccountKey()))); Azure::Core::Http::Url builder; - builder.AppendQueryParameter("sv", Details::UrlEncodeQueryParameter(Version)); + builder.AppendQueryParameter( + "sv", Details::UrlEncodeQueryParameter(Details::c_defaultSasVersion)); builder.AppendQueryParameter("ss", Details::UrlEncodeQueryParameter(services)); builder.AppendQueryParameter("srt", Details::UrlEncodeQueryParameter(resourceTypes)); builder.AppendQueryParameter("sp", Details::UrlEncodeQueryParameter(Permissions)); diff --git a/sdk/storage/azure-storage-files-datalake/inc/azure/storage/files/datalake/datalake_sas_builder.hpp b/sdk/storage/azure-storage-files-datalake/inc/azure/storage/files/datalake/datalake_sas_builder.hpp index eb75aa126..172bccd32 100644 --- a/sdk/storage/azure-storage-files-datalake/inc/azure/storage/files/datalake/datalake_sas_builder.hpp +++ b/sdk/storage/azure-storage-files-datalake/inc/azure/storage/files/datalake/datalake_sas_builder.hpp @@ -178,13 +178,6 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake { */ struct DataLakeSasBuilder { - /** - * @brief The storage service version to use to authenticate requests made with this - * shared access signature, and the service version to use when handling requests made with this - * shared access signature. - */ - std::string Version = Storage::Details::c_defaultSasVersion; - /** * @brief The optional signed protocol field specifies the protocol permitted for a * request made with the SAS. diff --git a/sdk/storage/azure-storage-files-datalake/src/datalake_sas_builder.cpp b/sdk/storage/azure-storage-files-datalake/src/datalake_sas_builder.cpp index 5b750fb6f..684f22e60 100644 --- a/sdk/storage/azure-storage-files-datalake/src/datalake_sas_builder.cpp +++ b/sdk/storage/azure-storage-files-datalake/src/datalake_sas_builder.cpp @@ -125,15 +125,17 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake { std::string stringToSign = Permissions + "\n" + (StartsOn.HasValue() ? StartsOn.GetValue() : "") + "\n" + ExpiresOn + "\n" + canonicalName + "\n" + Identifier + "\n" - + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + Version + "\n" - + resource + "\n" + "\n" + CacheControl + "\n" + ContentDisposition + "\n" + ContentEncoding - + "\n" + ContentLanguage + "\n" + ContentType; + + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + + Storage::Details::c_defaultSasVersion + "\n" + resource + "\n" + "\n" + CacheControl + + "\n" + ContentDisposition + "\n" + ContentEncoding + "\n" + ContentLanguage + "\n" + + ContentType; std::string signature = Base64Encode( Storage::Details::HmacSha256(stringToSign, Base64Decode(credential.GetAccountKey()))); Azure::Core::Http::Url builder; - builder.AppendQueryParameter("sv", Storage::Details::UrlEncodeQueryParameter(Version)); + builder.AppendQueryParameter( + "sv", Storage::Details::UrlEncodeQueryParameter(Storage::Details::c_defaultSasVersion)); builder.AppendQueryParameter("spr", Storage::Details::UrlEncodeQueryParameter(protocol)); if (StartsOn.HasValue()) { @@ -204,14 +206,16 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake { + userDelegationKey.SignedExpiresOn + "\n" + userDelegationKey.SignedService + "\n" + userDelegationKey.SignedVersion + "\n" + PreauthorizedAgentObjectId + "\n" + AgentObjectId + "\n" + CorrelationId + "\n" + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" - + protocol + "\n" + Version + "\n" + resource + "\n" + "\n" + CacheControl + "\n" - + ContentDisposition + "\n" + ContentEncoding + "\n" + ContentLanguage + "\n" + ContentType; + + protocol + "\n" + Storage::Details::c_defaultSasVersion + "\n" + resource + "\n" + "\n" + + CacheControl + "\n" + ContentDisposition + "\n" + ContentEncoding + "\n" + ContentLanguage + + "\n" + ContentType; std::string signature = Base64Encode( Storage::Details::HmacSha256(stringToSign, Base64Decode(userDelegationKey.Value))); Azure::Core::Http::Url builder; - builder.AppendQueryParameter("sv", Storage::Details::UrlEncodeQueryParameter(Version)); + builder.AppendQueryParameter( + "sv", Storage::Details::UrlEncodeQueryParameter(Storage::Details::c_defaultSasVersion)); builder.AppendQueryParameter("sr", Storage::Details::UrlEncodeQueryParameter(resource)); if (StartsOn.HasValue()) { diff --git a/sdk/storage/azure-storage-files-shares/inc/azure/storage/files/shares/share_sas_builder.hpp b/sdk/storage/azure-storage-files-shares/inc/azure/storage/files/shares/share_sas_builder.hpp index e34bd7b4a..ff8c2bcff 100644 --- a/sdk/storage/azure-storage-files-shares/inc/azure/storage/files/shares/share_sas_builder.hpp +++ b/sdk/storage/azure-storage-files-shares/inc/azure/storage/files/shares/share_sas_builder.hpp @@ -128,13 +128,6 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares { */ struct ShareSasBuilder { - /** - * @brief The storage service version to use to authenticate requests made with this - * shared access signature, and the service version to use when handling requests made with this - * shared access signature. - */ - std::string Version = Azure::Storage::Details::c_defaultSasVersion; - /** * @brief The optional signed protocol field specifies the protocol permitted for a * request made with the SAS. diff --git a/sdk/storage/azure-storage-files-shares/src/share_sas_builder.cpp b/sdk/storage/azure-storage-files-shares/src/share_sas_builder.cpp index 071fdd63b..f7181532a 100644 --- a/sdk/storage/azure-storage-files-shares/src/share_sas_builder.cpp +++ b/sdk/storage/azure-storage-files-shares/src/share_sas_builder.cpp @@ -86,15 +86,16 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares { std::string stringToSign = Permissions + "\n" + (StartsOn.HasValue() ? StartsOn.GetValue() : "") + "\n" + ExpiresOn + "\n" + canonicalName + "\n" + Identifier + "\n" - + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + Version + "\n" - + CacheControl + "\n" + ContentDisposition + "\n" + ContentEncoding + "\n" + ContentLanguage - + "\n" + ContentType; + + (IPRange.HasValue() ? IPRange.GetValue() : "") + "\n" + protocol + "\n" + + Details::c_defaultSasVersion + "\n" + CacheControl + "\n" + ContentDisposition + "\n" + + ContentEncoding + "\n" + ContentLanguage + "\n" + ContentType; std::string signature = Base64Encode(Details::HmacSha256(stringToSign, Base64Decode(credential.GetAccountKey()))); Azure::Core::Http::Url builder; - builder.AppendQueryParameter("sv", Details::UrlEncodeQueryParameter(Version)); + builder.AppendQueryParameter( + "sv", Details::UrlEncodeQueryParameter(Details::c_defaultSasVersion)); builder.AppendQueryParameter("spr", Details::UrlEncodeQueryParameter(protocol)); if (StartsOn.HasValue()) {