Bug #13598
closedradosgw-admin: inconsistency in uid/email handling
0%
Description
Hi,
when using radosgw-admin to create users, the 'uid' is not treated as sole unique constraint of the to-be-added user in question, but the email is.
Now while this looks systematically broken, it gets worse: the uniqueness of an 'email'-address of a rgw-user is not enforced properly, since radosgw-admin distinguishes between case sensitivity.
Although RFC 5321, section: 2.3.11 states that the local-part@ can be case-sensitive, the current implementations out there in fact do diverge from that! ;-) .. but, the real bummer is: RFC1035, section 2.3.3, stating:
(...)
For all parts of the DNS that are part of the official protocol, all
comparisons between character strings (e.g., labels, domain names, etc.)
are done in a case-insensitive manner
(...)
So, creating a user with:
a) different uid
b) same email, but a different case (i.e. a@b.cd vs. a@B.CD)
c) same display-name
will work - but, creating a user with:
a) different uid
b) same email (and same case)
c) same display-name
does not. This is quite inconsistent! :-|
Examples of even more inconsistent/broken behavior of radosgw-admin:
radosgw-admin user create --uid=test1 --email="a@b.cd" --display-name="test1"
=> works as expected
radosgw-admin user create --uid=test2 --email="a@b.cd" --display-name="test1"
=> returns just the JSON of user1
radosgw-admin user create --uid=test2 --email="a@b.cd" --display-name="test2"
=> could not create user: unable to create user, user: test1 exists
radosgw-admin user create --uid=test2 --email="a@B.cd" --display-name="test2"
=> creates the user 'test2'
Updated by Samuel Just over 8 years ago
- Project changed from Ceph to rgw
- Category deleted (
22)
Updated by Yehuda Sadeh over 8 years ago
- Assignee set to Casey Bodley
- Affected Versions deleted (
v0.20, v0.21, v0.21.1, v0.21.2, v0.21.3, v0.21.4, v0.22, v0.22.1, v0.22.2, v0.22.3, v0.23, v0.23.1, v0.23.2, v0.24, v0.24.1, v0.24.2, v0.24.3, v0.25, v0.25.1, v0.25.2, v0.25.3, v0.26, v0.26.1, v0.27, v0.27.1, v0.28, v0.29, v0.30, v0.31, v0.32, v0.33, v0.34, v0.35, v0.36, v0.37, v0.38, v0.39, v0.40, v0.41, v0.42, v0.43, v0.44, v0.45, v0.46, v0.47, v0.48, v0.49, v0.50, v0.51, v0.52a, v0.53a, v0.53b, v0.53c, v0.54a, v0.54b, v0.55a, v0.55b, v0.55c, v0.55d, v0.56, v0.57a, v0.57b, v0.57c, v0.58, v0.59, v0.60, v0.61 - Cuttlefish, v0.62a, v0.62b, v0.63, v0.64, v0.65, v0.66, v0.67 - Dumpling, v0.67rc, v0.67rc - continued, v0.68, v0.68 - continued, v0.69, v0.70, v0.71, v0.72 Emperor, v0.73, v0.74, v0.75, v0.76a, v0.76b, v0.77, 0.78, 0.79, 0.80rc, 0.80, v0.81, 0.82, 0.83, 0.83 cont., 0.84, 0.84 cont., 0.85, 0.85 cont., 0.86, 0.88, 0.89, 0.90, v.91, v.actually90, v.actually91, v0.92, v0.93 - Last Hammer Sprint, v0.94, v0.95, v9.0.2, v9.0.3, v9.0.4, v9.0.5, v9.0.6, v9.0.7, v9.0.8, v0.80.10, v0.80.11, v0.94.2, v0.94.3, v0.94.4)
Updated by Yehuda Sadeh over 8 years ago
- Assignee changed from Casey Bodley to Matt Benjamin
Two different issues here:
- when email is used, there's no check to see whether the uid matches
- email should be canonicalized
Updated by Matt Benjamin over 8 years ago
Pushed PR #7273 addressing the material issues here, as discussed on #ceph-devel.
That is, it seems that
1. email addresses should be case normalized (lower)
2. email addresses should be enforced unique, but should err explicitly (not process an update of the conflicting user, returning its json)
Matt
Updated by Orit Wasserman almost 8 years ago
- Status changed from New to Pending Backport
- Backport set to hammer, jewel
Updated by Nathan Cutler almost 8 years ago
- Copied to Backport #16318: hammer: radosgw-admin: inconsistency in uid/email handling added
Updated by Nathan Cutler almost 8 years ago
- Copied to Backport #16319: jewel: radosgw-admin: inconsistency in uid/email handling added
Updated by Nathan Cutler over 7 years ago
- Status changed from Pending Backport to Resolved