Project

General

Profile

Bug #8621

civetweb frontend fails authentication if URL has special chars

Added by Sylvain Munaut about 5 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Target version:
-
Start date:
07/30/2014
Due date:
% Done:

100%

Source:
Community (dev)
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

For example trying to initiate a multipart to a 'test:multi' key.

Logs from an attempt through fast cgi :

2014-06-17 11:19:08.837350 7f9808778700 10 auth_hdr:
POST

application/x-test
Tue, 17 Jun 2014 09:19:29 GMT
/test/test%3Amulti?uploads
2014-06-17 11:19:08.837438 7f9808778700 15 calculated digest=KNi7aibfXbT91TAUHBckk8KFGWk=
2014-06-17 11:19:08.837441 7f9808778700 15 auth_sign=KNi7aibfXbT91TAUHBckk8KFGWk=
2014-06-17 11:19:08.837444 7f9808778700 15 compare=0

Logs directly to civetweb frontend :

2014-06-17 11:18:59.629318 7f98d6ffd700 10 auth_hdr:
POST

application/x-test
Tue, 17 Jun 2014 09:19:19 GMT
/test/test:multi?uploads
2014-06-17 11:18:59.629360 7f98d6ffd700 15 calculated digest=j3b5HPoa6W9PXGYtXaVz2/XrhMw=
2014-06-17 11:18:59.629363 7f98d6ffd700 15 auth_sign=WgFrsBRHmIhOc0i6sDn0cCKQmyA=
2014-06-17 11:18:59.629364 7f98d6ffd700 15 compare=-19

The URL part is clearly wrong. It's been urldecoded by civetweb somewhere and shouldn't have been.


Subtasks

Bug #8971: rgw: s3 test failures with civetweb DuplicateYehuda Sadeh

Associated revisions

Revision ffac52b3 (diff)
Added by Yehuda Sadeh almost 5 years ago

rgw: disable civetweb url decoding

Fixes: #8621

We want to have the raw request uri, as we do the decoding ourselves.

Signed-off-by: Yehuda Sadeh <>

Revision a953b313 (diff)
Added by Yehuda Sadeh almost 5 years ago

rgw: disable civetweb url decoding

Fixes: #8621

We want to have the raw request uri, as we do the decoding ourselves.

Signed-off-by: Yehuda Sadeh <>
(cherry picked from commit ffac52b316e7022796d44ae58804d9c20b9c3df9)

History

#1 Updated by Sylvain Munaut about 5 years ago

The problem is that civetweb only give the url-decoded URI in the struct mg_request_info. I don't see how you can get the original version at all. And you can't just re-encode it because there is several url-encoded version that match the same url-decoded version and the S3 auth relies on the original one in the request, however it was encoded.

I don't see how to resolve this without patching civetweb to not URL decode.

#2 Updated by Sage Weil almost 5 years ago

  • Priority changed from Normal to Urgent
  • Source changed from other to Community (dev)

#3 Updated by Tamilarasi muthamizhan almost 5 years ago

  • Status changed from New to Testing

tested wip-8621 by executing s3tests, there are still a few failures,

logs are copied to :/home/ubuntu/civetweb_s3tests

#4 Updated by Tamilarasi muthamizhan almost 5 years ago

s3tests passed with recent changes to wip-8621.

#5 Updated by Sage Weil almost 5 years ago

  • Status changed from Testing to Pending Backport

#6 Updated by Sage Weil over 4 years ago

  • Status changed from Pending Backport to Resolved

a953b313f1e2f884be6ee2ce356780f4f70849dd

Also available in: Atom PDF