Actions
Bug #36545
openAws v4 signature is wrong if request does not contain x-amz-content-sha256
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
When using CloudMounter on macOS via S3 with Ceph Rados, all requests fail with error SignatureDoesNotMatch.
When CloudMounter if configured with Amazon AWS, same requests work properly.
Other Windows and macOS clients that we tried, did not have problem with Rados.
When comparing the HTTP traffic of all, I found out that CloudMounter does not set HTTP header x-amz-content-sha256.
GET /mk-s3fs?location= HTTP/1.1 Host: rados.topit.ng Accept-Encoding: gzip, deflate Connection: keep-alive Accept: */* User-Agent: aws-sdk-iOS/2.6.0 Unknown/Unknown en_SI Authorization: AWS4-HMAC-SHA256 Credential=59DVM5AM2BEFR5A7ZL0J/20181022/us-east-1/s3/aws4_request, SignedHeaders=host;user-agent;x-amz-date, Signature=d6533eca0cbb817e796b5b9d35a8f41ceb0a3914714b3ff1fb75242f74cad686 Accept-Language: en-us X-Amz-Date: 20181022T124039Z
Value for content SHA256 is expected to be SHA of an empty string then: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.
Rados GW replied with this following response:
HTTP/1.1 403 Forbidden Content-Length: 194 x-amz-request-id: tx000000000000000000003-005bcdc547-5e7d-default Accept-Ranges: bytes Content-Type: application/xml Date: Mon, 22 Oct 2018 12:40:39 GMT Connection: Keep-Alive <?xml version="1.0" encoding="UTF-8"?> <Error> <Code>SignatureDoesNotMatch</Code> <RequestId>tx000000000000000000003-005bcdc547-5e7d-default</RequestId> <HostId>5e7d-default-default</HostId> </Error>
Updated by Matt Benjamin over 5 years ago
- Status changed from New to In Progress
- Assignee set to Matt Benjamin
- Priority changed from High to Normal
Actions