git-server-git.apps.pok.os.sepia.ceph.com Git

author	Javier M. Mellid <jmunhoz@igalia.com>
	Mon, 1 Aug 2016 19:00:28 +0000 (21:00 +0200)
committer	Robin H. Johnson <robin.johnson@dreamhost.com>
	Sun, 13 Aug 2017 15:50:58 +0000 (08:50 -0700)
commit	3adbc35205f663c8c312476f3694d2c14294c5d0
tree	e8aea51325d63d6755afb1d7b58067cea26df94a	tree \| snapshot
parent	e6f86ba31d3092dbb45bdd35f344aba7b2c5a61b	commit \| diff

rgw: aws4: add rgw_s3_auth_aws4_force_boto2_compat conf option

Runtime bugfix to handle presigned urls computed with canonical requests using
the port number once.

Boto2 computes canonical requests using the port number twice although it
should be used once only. This behaviour is a bug supported by AWS S3. Boto2 is
used in RGW S3 as reference implementation.

The client-side tools not supporting this boto2 bug will fail although they
should work too.

In order to support both presigned url implementations this patch adds a config
option to compute a second signature. With this option disabled, the code will
compute two signatures when the first signature is not valid. The aws4 auth
succeed if some of the two signatures is valid.

The config option rgw_s3_auth_aws4_force_boto2_compat, is enabled by default so
one signature, working with boto2, is computed only.

Fixes: http://tracker.ceph.com/issues/16463
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
(cherry picked from commit 078c513b6bc6b1d1da50db1d51fbbb65bddd44b9)

src/common/config_opts.h		diff \| blob \| history
src/rgw/rgw_rest_s3.cc		diff \| blob \| history
src/rgw/rgw_rest_s3.h		diff \| blob \| history