python-swiftclient

tempurl uses wrong HMAC with full path

Bug #1607521 reported by clayg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
python-swiftclient
Fix Released
Medium
Christian Schwede

Bug Description

It's easy to get an invalid tempurl from the swiftclient

# if you use the full uri for a resource
vagrant@saio:~$ swift tempurl GET 30 http://saio:8080/v1/AUTH_test/test/test secret
http://saio:8080/v1/AUTH_test/test/test?temp_url_sig=b5646629b0c9755d234bf033b7e23d395e2aeaae&temp_url_expires=1469736434
# you get an invalid tempurl (no error/warning to flag invalid input!?)
vagrant@saio:~$ curl "http://saio:8080/v1/AUTH_test/test/test?temp_url_sig=b5646629b0c9755d234bf033b7e23d395e2aeaae&temp_url_expires=1469736434"
401 Unauthorized: Temp URL invalid
# it expects you to use just the path
vagrant@saio:~$ swift tempurl GET 30 /v1/AUTH_test/test/test secret
/v1/AUTH_test/test/test?temp_url_sig=69ee5aef4275a45724d8da64b066057700470563&temp_url_expires=1469736458
# which works
vagrant@saio:~$ curl "http://saio:8080/v1/AUTH_test/test/test?temp_url_sig=69ee5aef4275a45724d8da64b066057700470563&temp_url_expires=1469736458"
awesome

.. but it should detect the difference and do the right thing in both cases.

A similar issue was reported/discovered in swift's own `swift-temp-url` lp bug #1607519

Revision history for this message
Christian Schwede (cschwede) wrote :

In progress: https://review.openstack.org/#/c/357063/

Changed in python-swiftclient:
assignee: nobody → Christian Schwede (cschwede)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-swiftclient (master)

Reviewed: https://review.openstack.org/357063
Committed: https://git.openstack.org/cgit/openstack/python-swiftclient/commit/?id=89ff29e788479334c218801beb0538b4a6bddf23
Submitter: Jenkins
Branch: master

commit 89ff29e788479334c218801beb0538b4a6bddf23
Author: Christian Schwede <email address hidden>
Date: Thu Aug 18 09:44:03 2016 +0000

    Make options arguments truely optional

    Currently the options help, info and debug must exist in the options
    dictionary; however it might be that this is not the case if a method is
    imported externally. This patch fixes this.

    Also support using a storage URL or path as an argument for tempurl, and
    adding a test to verify correct output in both cases.

    Related-Bug: 1607519
    Related-Bug: 1607523
    Closes-Bug: 1607521
    Change-Id: I0fb2ce125fe12d660e4deb778265016bdd5ff31b

Changed in python-swiftclient:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/python-swiftclient 3.2.0

This issue was fixed in the openstack/python-swiftclient 3.2.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.