From: Javier M. Mellid Date: Mon, 11 Apr 2016 13:33:37 +0000 (+0200) Subject: rgw: aws4: handle UNSIGNED-PAYLOAD under header auth X-Git-Tag: v10.2.0~11^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ecf4572aa2aaafc6a69529048202f545651cce1e;p=ceph.git rgw: aws4: handle UNSIGNED-PAYLOAD under header auth Fixes: http://tracker.ceph.com/issues/15499 Signed-off-by: Javier M. Mellid --- diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index c912fc24e21d..088e11ef1b10 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -3523,24 +3523,33 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s) /* handle request payload */ - /* from rfc2616 - 4.3 Message Body - * - * "The presence of a message-body in a request is signaled by the inclusion of a - * Content-Length or Transfer-Encoding header field in the request's message-headers." - */ - s->aws4_auth->payload_hash = ""; string request_payload; bool unsigned_payload = false; + if (using_qs) { + /* query parameters auth */ unsigned_payload = true; + } else { + /* header auth */ + const char *request_payload_hash = s->info.env->get("HTTP_X_AMZ_CONTENT_SHA256"); + if (request_payload_hash && string("UNSIGNED-PAYLOAD").compare(request_payload_hash) == 0) { + unsigned_payload = true; + } } - if (using_qs || ((s->content_length == 0) && s->info.env->get("HTTP_TRANSFER_ENCODING") == NULL)) { + /* from rfc2616 - 4.3 Message Body + * + * "The presence of a message-body in a request is signaled by the inclusion of a + * Content-Length or Transfer-Encoding header field in the request's message-headers." + */ + bool body_available = s->content_length != 0 || s->info.env->get("HTTP_TRANSFER_ENCODING") != NULL; + + if (unsigned_payload || !body_available) { - /* requests lacking of body are authenticated now */ + /* requests lacking of body or shipping with 'UNSIGNED-PAYLOAD' are authenticated now */ /* complete aws4 auth */