https://tracker.ceph.com/https://tracker.ceph.com/favicon.ico2020-01-20T22:10:46ZCeph rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1563462020-01-20T22:10:46ZGreg Farnumgfarnum@redhat.com
<ul><li><strong>Project</strong> changed from <i>Ceph</i> to <i>rgw</i></li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1567062020-01-23T15:26:21ZCasey Bodleycbodley@redhat.com
<ul><li><strong>Priority</strong> changed from <i>Normal</i> to <i>High</i></li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1574722020-01-30T15:12:56ZCasey Bodleycbodley@redhat.com
<ul><li><strong>Assignee</strong> set to <i>Adam Emerson</i></li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1592102020-02-21T06:16:47ZMatthew Olivermoliver@suse.com
<ul></ul><p>I've confirmed this is an issue.</p>
<p>And worked my way through the code. And think I see the problem. The swift anon engine is "Auth" the user. When there is an object it will then fail with a 401 as they don't have access to the object. But in the case of a missing object, the user is "authed" and there are no params of the object to check (<a class="external" href="https://github.com/ceph/ceph/blob/master/src/rgw/rgw_process.cc#L113-L117">https://github.com/ceph/ceph/blob/master/src/rgw/rgw_process.cc#L113-L117</a>) so it returns a 404.</p>
<p>I'll have a play and see if I can rework the code to do the right thing. I'll next confirm to see what the s3 side does. Seeing as this seems to happen in the shared area of code.</p>
<p>Stay tuned :)</p> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1594992020-02-25T05:37:45ZMatthew Olivermoliver@suse.com
<ul></ul><p>Lol, managed to get it from a 401 for an object and 403 for an object that doesn't exist.. still just as bad as this means you can use it leak object existence out of the cluster, not data, but if an object exists.</p>
<p>But it means there is progress, will continue to dig.</p> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1595842020-02-26T04:32:21ZMatthew Olivermoliver@suse.com
<ul></ul><p>OK, have it giving me 401's in both instances now. Now just to work backwards see what minimal change I need to make. Might have hacked a bit to get used to the how this works in ceph :)</p> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1595852020-02-26T06:30:43ZMatthew Olivermoliver@suse.com
<ul></ul><p>I have an initial PR: <a class="external" href="https://github.com/ceph/ceph/pull/33546">https://github.com/ceph/ceph/pull/33546</a></p> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1608872020-03-12T14:07:25ZAbhishek Lekshmananabhishek.lekshmanan@gmail.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li><li><strong>Pull request ID</strong> set to <i>33546</i></li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1617552020-03-26T14:07:36ZCasey Bodleycbodley@redhat.com
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Fix Under Review</i></li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1633502020-04-16T14:06:38ZCasey Bodleycbodley@redhat.com
<ul><li><strong>Assignee</strong> changed from <i>Adam Emerson</i> to <i>Casey Bodley</i></li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1633522020-04-16T14:09:50ZCasey Bodleycbodley@redhat.com
<ul><li><strong>Assignee</strong> changed from <i>Casey Bodley</i> to <i>Or Friedmann</i></li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1650052020-05-05T19:03:02ZCasey Bodleycbodley@redhat.com
<ul><li><strong>Status</strong> changed from <i>Fix Under Review</i> to <i>Pending Backport</i></li><li><strong>Backport</strong> set to <i>nautilus octopus</i></li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1655082020-05-11T14:28:02ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-9 status-3 priority-4 priority-default closed" href="/issues/45500">Backport #45500</a>: octopus: RGW check object exists before auth?</i> added</li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1655102020-05-11T14:28:09ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Copied to</strong> <i><a class="issue tracker-9 status-3 priority-4 priority-default closed" href="/issues/45501">Backport #45501</a>: nautilus: RGW check object exists before auth?</i> added</li></ul> rgw - Bug #43617: RGW check object exists before auth?https://tracker.ceph.com/issues/43617?journal_id=1663312020-05-21T17:39:34ZNathan Cutlerncutler@suse.cz
<ul><li><strong>Status</strong> changed from <i>Pending Backport</i> to <i>Resolved</i></li></ul><p>While running with --resolve-parent, the script "backport-create-issue" noticed that all backports of this issue are in status "Resolved" or "Rejected".</p>