rgw: aws4 subdomain calling bugfix

Fixes: http://tracker.ceph.com/issues/15369
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 90d2ae5a9379edc56ded8e419127a079e0ff501f..037703ed1ed0a54d2a2bc67d4675a058cf0fb177 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -1081,6 +1081,7 @@ struct req_info {
   const char *method;
   string script_uri;
   string request_uri;
+  string request_uri_aws4;
   string effective_uri;
   string request_params;
   string domain;

diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc
index b60999f48ab10d25a3da5a456b86bf7116696792..a165b65692f6fde293585b60d52406e3d3e761bf 100644 (file)
--- a/src/rgw/rgw_rest.cc
+++ b/src/rgw/rgw_rest.cc
@@ -1590,6 +1590,11 @@ int RGWREST::preprocess(struct req_state *s, RGWClientIO* cio)
 {
   req_info& info = s->info;
 
+  /* save the request uri used to hash on the client side. request_uri may suffer
+     modifications as part of the bucket encoding in the subdomain calling format.
+     request_uri_aws4 will be used under aws4 auth */
+  s->info.request_uri_aws4 = s->info.request_uri;
+
   s->cio = cio;
   if (info.host.size()) {
     ldout(s->cct, 10) << "host=" << info.host << dendl;

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index e4731ba0a0bc3cd3efc7ae1007c76c3a006c8cdd..0ef62855e092976ba42e4fb188da2fb15339a661 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3409,7 +3409,7 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s)
    * that SigV4 typically does. this code follows the same approach that boto library
    * see auth.py:canonical_uri(...) */
 
-  s->aws4_auth->canonical_uri = s->info.request_uri;
+  s->aws4_auth->canonical_uri = s->info.request_uri_aws4;
 
   if (s->aws4_auth->canonical_uri.empty()) {
     s->aws4_auth->canonical_uri = "/";