Project

General

Profile

Fix #15499

Fix UNSIGNED-PAYLOAD under aws4 header auth

Added by Javier M. Mellid almost 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

The Apache Libcloud's AWS S3 object storage provider uses unsigned payloads in PUT methods as part of the header auth. It fails when used with RGW S3 with '400 Bad Request'.

The driver.upload_object method raises the following bad request (XAmzContentSHA256Mismatch) with RGW S3:

PUT /my-container-2038u234234234/my-name-2038u234234234 HTTP/1.1
X-AMZ-Content-SHA256: UNSIGNED-PAYLOAD
Content-Length: 12
Accept-Encoding: gzip,deflate
X-AMZ-Date: 20160414T123159Z
x-amz-storage-class: STANDARD
Content-Type: text/plain
Host: xxx.com
Authorization: AWS4-HMAC-SHA256 Credential=ABCDEFGTAZLOBF43WNQA/20160414/eu-west-1/s3/aws4_request, SignedHeaders=accept-encoding;content-length;content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-storage-class, Signature=576d530ac8966883beeb24ac0a0d27db236250a52fa052cc03af0b8abad30cac
User-Agent: libcloud/1.0.0-rc2

Hello test!
HTTP/1.1 400 Bad Request
x-amz-request-id: tx000000000000000000005-00570f8dbf-1016-default
Content-Length: 250
Accept-Ranges: bytes
Content-Type: application/xml
Date: Thu, 14 Apr 2016 12:31:59 GMT

<?xml version="1.0" encoding="UTF-8"?><Error><Code>XAmzContentSHA256Mismatch</Code><BucketName>my-container-2038u234234234</BucketName><RequestId>tx000000000000000000005-00570f8dbf-1016-default</RequestId><HostId>1016-default-default</HostId></Error>

The same code works fine with Amazon S3:

PUT /my-container-2038u234234234/my-name-2038u234234234 HTTP/1.1
X-AMZ-Content-SHA256: UNSIGNED-PAYLOAD
Content-Length: 12
Accept-Encoding: gzip,deflate
X-AMZ-Date: 20160414T123715Z
x-amz-storage-class: STANDARD
Content-Type: text/plain
Host: s3.eu-central-1.amazonaws.com
Authorization: AWS4-HMAC-SHA256 Credential=ABCDEFGTAZLOBF43WNQA/20160414/eu-central-1/s3/aws4_request, SignedHeaders=accept-encoding;content-length;content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-storage-class, Signature=20913a4eac838fe99aac04788696ab43bdc4465fd84907a09661f6c1ff0211f9
User-Agent: libcloud/1.0.0-rc2 

Hello test!
HTTP/1.1 200 OK
x-amz-id-2: wtVQWvIm0mi5vhnlBCNv7wi6nbYjxvMQV/qvrLps3kfVPlLKlUFxiRIkofIAG8peMdLoGdG5PJk=
x-amz-request-id: ED54923CE345E92A
Date: Thu, 14 Apr 2016 12:37:16 GMT
ETag: "8ac91dd17dd64e95271601b773859aaa" 
Content-Length: 0
Server: AmazonS3

Note: we should add this combo (PUT + UNSIGNED-PAYLOAD + header auth) in s3-tests.

I will ask for PR in a while.

History

#2 Updated by Sage Weil almost 8 years ago

  • Status changed from In Progress to Resolved

Also available in: Atom PDF