summaryrefslogtreecommitdiffstats
path: root/src/rgw/rgw_rest_s3.h
diff options
context:
space:
mode:
authorJavier M. Mellid <jmunhoz@igalia.com>2016-08-01 21:00:28 +0200
committerJavier M. Mellid <jmunhoz@igalia.com>2016-12-16 00:59:49 +0100
commit078c513b6bc6b1d1da50db1d51fbbb65bddd44b9 (patch)
tree8c27a3a3906f9e233ffcd10cb422106fe38af275 /src/rgw/rgw_rest_s3.h
parentMerge remote-tracking branch 'upstream/pull/10514/head' (diff)
downloadceph-078c513b6bc6b1d1da50db1d51fbbb65bddd44b9.tar.xz
ceph-078c513b6bc6b1d1da50db1d51fbbb65bddd44b9.zip
rgw: aws4: add rgw_s3_auth_aws4_force_boto2_compat conf option
Runtime bugfix to handle presigned urls computed with canonical requests using the port number once. Boto2 computes canonical requests using the port number twice although it should be used once only. This behaviour is a bug supported by AWS S3. Boto2 is used in RGW S3 as reference implementation. The client-side tools not supporting this boto2 bug will fail although they should work too. In order to support both presigned url implementations this patch adds a config option to compute a second signature. With this option disabled, the code will compute two signatures when the first signature is not valid. The aws4 auth succeed if some of the two signatures is valid. The config option rgw_s3_auth_aws4_force_boto2_compat, is enabled by default so one signature, working with boto2, is computed only. Fixes: http://tracker.ceph.com/issues/16463 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Diffstat (limited to '')
-rw-r--r--src/rgw/rgw_rest_s3.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h
index c48b2eb1f69..b7f49306d56 100644
--- a/src/rgw/rgw_rest_s3.h
+++ b/src/rgw/rgw_rest_s3.h
@@ -449,7 +449,7 @@ private:
static rgw::LDAPHelper* ldh;
static int authorize_v2(RGWRados *store, struct req_state *s);
- static int authorize_v4(RGWRados *store, struct req_state *s);
+ static int authorize_v4(RGWRados *store, struct req_state *s, bool force_boto2_compat = true);
static int authorize_v4_complete(RGWRados *store, struct req_state *s,
const string& request_payload,
bool unsigned_payload);