rgw: aws4: handle UNSIGNED-PAYLOAD under header auth

Fixes: http://tracker.ceph.com/issues/15499
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index c912fc24e21d5ed034fb890fae02503a48b3f55a..088e11ef1b1084616053b0b9ef066ce739a759bf 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3523,24 +3523,33 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s)
 
   /* handle request payload */
 
-  /* from rfc2616 - 4.3 Message Body
-   *
-   * "The presence of a message-body in a request is signaled by the inclusion of a
-   *  Content-Length or Transfer-Encoding header field in the request's message-headers."
-   */
-
   s->aws4_auth->payload_hash = "";
 
   string request_payload;
 
   bool unsigned_payload = false;
+
   if (using_qs) {
+    /* query parameters auth */
     unsigned_payload = true;
+  } else {
+    /* header auth */
+    const char *request_payload_hash = s->info.env->get("HTTP_X_AMZ_CONTENT_SHA256");
+    if (request_payload_hash && string("UNSIGNED-PAYLOAD").compare(request_payload_hash) == 0) {
+      unsigned_payload = true;
+    }
   }
 
-  if (using_qs || ((s->content_length == 0) && s->info.env->get("HTTP_TRANSFER_ENCODING") == NULL)) {
+  /* from rfc2616 - 4.3 Message Body
+   *
+   * "The presence of a message-body in a request is signaled by the inclusion of a
+   *  Content-Length or Transfer-Encoding header field in the request's message-headers."
+   */
+  bool body_available = s->content_length != 0 || s->info.env->get("HTTP_TRANSFER_ENCODING") != NULL;
+
+  if (unsigned_payload || !body_available) {
 
-    /* requests lacking of body are authenticated now */
+    /* requests lacking of body or shipping with 'UNSIGNED-PAYLOAD' are authenticated now */
 
     /* complete aws4 auth */