Bug #8621
civetweb frontend fails authentication if URL has special chars
100%
Description
For example trying to initiate a multipart to a 'test:multi' key.
Logs from an attempt through fast cgi :
2014-06-17 11:19:08.837350 7f9808778700 10 auth_hdr: POST application/x-test Tue, 17 Jun 2014 09:19:29 GMT /test/test%3Amulti?uploads 2014-06-17 11:19:08.837438 7f9808778700 15 calculated digest=KNi7aibfXbT91TAUHBckk8KFGWk= 2014-06-17 11:19:08.837441 7f9808778700 15 auth_sign=KNi7aibfXbT91TAUHBckk8KFGWk= 2014-06-17 11:19:08.837444 7f9808778700 15 compare=0
Logs directly to civetweb frontend :
2014-06-17 11:18:59.629318 7f98d6ffd700 10 auth_hdr: POST application/x-test Tue, 17 Jun 2014 09:19:19 GMT /test/test:multi?uploads 2014-06-17 11:18:59.629360 7f98d6ffd700 15 calculated digest=j3b5HPoa6W9PXGYtXaVz2/XrhMw= 2014-06-17 11:18:59.629363 7f98d6ffd700 15 auth_sign=WgFrsBRHmIhOc0i6sDn0cCKQmyA= 2014-06-17 11:18:59.629364 7f98d6ffd700 15 compare=-19
The URL part is clearly wrong. It's been urldecoded by civetweb somewhere and shouldn't have been.
Subtasks
Associated revisions
rgw: disable civetweb url decoding
Fixes: #8621
We want to have the raw request uri, as we do the decoding ourselves.
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
rgw: disable civetweb url decoding
Fixes: #8621
We want to have the raw request uri, as we do the decoding ourselves.
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
(cherry picked from commit ffac52b316e7022796d44ae58804d9c20b9c3df9)
History
#1 Updated by Sylvain Munaut almost 10 years ago
The problem is that civetweb only give the url-decoded URI in the struct mg_request_info
. I don't see how you can get the original version at all. And you can't just re-encode it because there is several url-encoded version that match the same url-decoded version and the S3 auth relies on the original one in the request, however it was encoded.
I don't see how to resolve this without patching civetweb to not URL decode.
#2 Updated by Sage Weil over 9 years ago
- Priority changed from Normal to Urgent
- Source changed from other to Community (dev)
#3 Updated by Tamilarasi muthamizhan over 9 years ago
- Status changed from New to 7
tested wip-8621 by executing s3tests, there are still a few failures,
logs are copied to ubuntu@mira042.front.sepia.ceph.com:/home/ubuntu/civetweb_s3tests
#4 Updated by Tamilarasi muthamizhan over 9 years ago
s3tests passed with recent changes to wip-8621.
#5 Updated by Sage Weil over 9 years ago
- Status changed from 7 to Pending Backport
#6 Updated by Sage Weil over 9 years ago
- Status changed from Pending Backport to Resolved
a953b313f1e2f884be6ee2ce356780f4f70849dd