Project

General

Profile

Actions
Copy link

Feature #18800

closed

rgw: support AWS4 authentication for S3 Post Object API

Added by Osamu KIMURA about 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Javier M. Mellid
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:

Description

S3 Post Object API requires different form data for v4 authentication than v2.
http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-authentication-HTTPPOST.html

Current code expects form data for v2 authentication:

int RGWPostObj_ObjStore_S3::get_policy()
{
  bufferlist encoded_policy;

  if (part_bl("policy", &encoded_policy)) {

    // check that the signature matches the encoded policy
    string s3_access_key;
    if (!part_str("AWSAccessKeyId", &s3_access_key)) {
      ldout(s->cct, 0) << "No S3 access key found!" << dendl;
      err_msg = "Missing access key";
      return -EINVAL;
    }
    string received_signature_str;
    if (!part_str("signature", &received_signature_str)) {
      ldout(s->cct, 0) << "No signature found!" << dendl;
      err_msg = "Missing signature";
      return -EINVAL;
    }
...
}

Files

rgw-s3-aws4-form.py (1.21 KB) rgw-s3-aws4-form.py Javier M. Mellid, 03/10/2017 01:13 PM
Actions
Copy link

Also available in: Atom PDF