Bug #20463: rgw: AWSv4 encoding/signature problem, can happen with listobjects marker. - rgw - Ceph

Actions

Copy link

Bug #20463

closed

rgw: AWSv4 encoding/signature problem, can happen with listobjects marker.

Added by Marcus Watts almost 7 years ago. Updated about 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Marcus Watts

Target version:

% Done:

Source:

Tags:

Backport:

jewel kraken

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

For buckets containing object names that contain / and %, it is
possible in some circumstances (at least with boto) for "listobjects"
operations to attempt to fetch additional objects using 'marker=' and
a value containing both / and %. When this happens, when using AWSv4,
radosgw then returns a signature validation error.

It is not actually necessary have a bucket with lots of strange objects
to order to reproduce this. It can be more simply done on any bucket
by constructing a marker value.

Following is a way to do this with boto.

export S3_USE_SIGV4=1
python
import boto
import boto.s3.connection
access_key = '40JV0D93WB9U33YNQ0L4'
secret_key = '8GjwnD4iocK3gUuOAbIj9G/9QFeXgIt+n9rJk06O'

conn = boto.connect_s3(
aws_access_key_id = access_key,
aws_secret_access_key = secret_key,
host = 'hybodus', port = 80,
is_secure=False, calling_format = boto.s3.connection.OrdinaryCallingFormat(), )

conn._auth_handler.region_name = "default"

bucket = conn.get_bucket('my-new-bucket')
#these fail:
s=bucket.get_all_keys(marker='level1/8e%25%25FAH3')
s=bucket.get_all_keys(marker='level18e%25/FAH3')
#these work:
s=bucket.get_all_keys(marker='level1/3')
s=bucket.get_all_keys(marker='level18e%25FAH3')

I'm including a patch to ceph here that makes the above work.

Files

ceph-fix-badmarker-1 (599 Bytes) ceph-fix-badmarker-1

Marcus Watts, 06/28/2017 10:22 PM

Related issues 2 (0 open — 2 closed)