From 2f4bc8401deea77bda9bb545a9f01bf217c26548 Mon Sep 17 00:00:00 2001 From: "Javier M. Mellid" Date: Wed, 6 Apr 2016 15:23:17 +0200 Subject: [PATCH] rgw: aws4 subdomain calling bugfix Fixes: http://tracker.ceph.com/issues/15369 Signed-off-by: Javier M. Mellid --- src/rgw/rgw_common.h | 1 + src/rgw/rgw_rest.cc | 5 +++++ src/rgw/rgw_rest_s3.cc | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 90d2ae5a9379e..037703ed1ed0a 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -1081,6 +1081,7 @@ struct req_info { const char *method; string script_uri; string request_uri; + string request_uri_aws4; string effective_uri; string request_params; string domain; diff --git a/src/rgw/rgw_rest.cc b/src/rgw/rgw_rest.cc index b60999f48ab10..a165b65692f6f 100644 --- a/src/rgw/rgw_rest.cc +++ b/src/rgw/rgw_rest.cc @@ -1590,6 +1590,11 @@ int RGWREST::preprocess(struct req_state *s, RGWClientIO* cio) { req_info& info = s->info; + /* save the request uri used to hash on the client side. request_uri may suffer + modifications as part of the bucket encoding in the subdomain calling format. + request_uri_aws4 will be used under aws4 auth */ + s->info.request_uri_aws4 = s->info.request_uri; + s->cio = cio; if (info.host.size()) { ldout(s->cct, 10) << "host=" << info.host << dendl; diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index e4731ba0a0bc3..0ef62855e0929 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -3409,7 +3409,7 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s) * that SigV4 typically does. this code follows the same approach that boto library * see auth.py:canonical_uri(...) */ - s->aws4_auth->canonical_uri = s->info.request_uri; + s->aws4_auth->canonical_uri = s->info.request_uri_aws4; if (s->aws4_auth->canonical_uri.empty()) { s->aws4_auth->canonical_uri = "/"; -- 2.39.5