s3api authentication doesn't work for users with the same account
Bug #703444 reported by
FUJITA Tomonori
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Sorry, seems that I messed up with the authentication scheme.
We use cfaccount as AWSAccessKeyId (something like
AUTH_89308df71f
account use the same cfaccount. In such case, we can't know which
password should be used as a secret key to calculate the HMAC.
Related branches
lp:~fujita-tomonori-deactivatedaccount/swift/devauth-fix-id-2
- Chuck Thier (community): Approve
-
Diff: 244 lines (+37/-29)4 files modifiedswift/auth/server.py (+11/-9)
swift/common/middleware/auth.py (+8/-2)
swift/common/middleware/swift3.py (+2/-2)
test/unit/common/middleware/test_swift3.py (+16/-16)
Changed in swift: | |
status: | New → Fix Committed |
Changed in swift: | |
milestone: | none → 1.2.0 |
Changed in swift: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I've uploaded a fix to change AWSAccessKeyId to the combination of account and user:
Authorization: AWS test/tester: xQE0diMbLRepdf3 YB+FIEXAMPLE=
The auth validates the HMAC and sends a cfaccount back to the
proxy. The proxy rewrites the path with the cfaccount.
Any thoughts?