From 5a334aee0a54af3948a164cef1af2c21bfe25ad1 Mon Sep 17 00:00:00 2001 From: Abhishek Lekshmanan Date: Mon, 20 Aug 2018 17:45:04 +0200 Subject: [PATCH] rgw: s3: awsv4 drop special handling for x-amz-credential While s3 docs mention that every byte must be urlencoded, they are relaxed in its implementation, when testing this behaviour on aws s3 itself, they seem to be relaxed in handling aws credentials of the form X-Amz-Credential=access1/20180817T123456Z/us-east-1... wherein X-Amz-Credential=access1%2F2018... is expected. This allows for clients requesting the urls in both forms to succeed as aws s3 does at the moment Fixes: http://tracker.ceph.com/issues/26965 Signed-off-by: Abhishek Lekshmanan (cherry picked from commit 25e1d2a32074254e9ebd780f3a41b2ff6469370f) --- src/rgw/rgw_auth_s3.cc | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc index 9a9c24e0735..e80baf7d298 100644 --- a/src/rgw/rgw_auth_s3.cc +++ b/src/rgw/rgw_auth_s3.cc @@ -509,14 +509,10 @@ std::string get_v4_canonical_qs(const req_info& info, const bool using_qs) continue; } - if (key == "X-Amz-Credential") { - /* FIXME(rzarzynski): I can't find any comment in the previously linked - * Amazon's docs saying that X-Amz-Credential should be handled in this - * way. */ - canonical_qs_map[key.to_string()] = val.to_string(); - } else { - canonical_qs_map[aws4_uri_recode(key, true)] = aws4_uri_recode(val, true); - } + // while awsv4 specs ask for all slashes to be encoded, s3 itself is relaxed + // in its implementation allowing non-url-encoded slashes to be present in + // presigned urls for instance + canonical_qs_map[aws4_uri_recode(key, true)] = aws4_uri_recode(val, true); } /* Thanks to the early exist we have the guarantee that canonical_qs_map has -- 2.47.3