Bug 1759582 - rgw: fix ipv6 signature calculation
Summary: rgw: fix ipv6 signature calculation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Ceph Storage
Classification: Red Hat Storage
Component: RGW
Version: 3.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 5.0
Assignee: Matt Benjamin (redhat)
QA Contact: Tejas
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-08 14:48 UTC by Matt Benjamin (redhat)
Modified: 2021-08-30 08:23 UTC (History)
8 users (show)

Fixed In Version: ceph-16.0.0-8633.el8cp
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-08-30 08:22:57 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Ceph Project Bug Tracker 42218 0 None None None 2019-10-08 14:48:52 UTC
Red Hat Issue Tracker RHCEPH-1117 0 None None None 2021-08-30 00:11:38 UTC
Red Hat Product Errata RHBA-2021:3294 0 None None None 2021-08-30 08:23:31 UTC

Description Matt Benjamin (redhat) 2019-10-08 14:48:52 UTC 
From upstream tracker:
"""


here is my s3 java sdk test ipv6

AWSCredentials credentials = new BasicAWSCredentials("yly", "yly");
        ClientConfiguration s3_opts = new ClientConfiguration();
        s3_opts.setSignerOverride("S3SignerType");
        AmazonS3 s3_client = new AmazonS3Client(credentials, s3_opts);
        s3_client.setEndpoint("http://[2409:8050:3000:5000:1400::238]");
        s3_client.setS3ClientOptions(new S3ClientOptions().withPathStyleAccess(true));
        s3_client.listObjects("test1");
and it is 403 SignatureDoesNotMatch error

the rgw log below

2019-10-08T15:00:45.853+0800 7f5571da4700 15 req 1 0.007999973s s3:get_obj string_to_sign=GET

application/octet-stream
Tue, 08 Oct 2019 07:00:45 GMT
/[2409/test1/
2019-10-08T15:00:45.853+0800 7f5571da4700 15 req 1 0.007999973s s3:get_obj server signature=uWtjhLmR4ADsAdmrRWgTnJrRObI=
2019-10-08T15:00:45.853+0800 7f5571da4700 15 req 1 0.007999973s s3:get_obj client signature=3Ad+klS9c4Irf+A/D/4YGgUgE4M=
2019-10-08T15:00:45.853+0800 7f5571da4700 15 req 1 0.007999973s s3:get_obj compare=-66
2019-10-08T15:00:45.853+0800 7f5571da4700 20 req 1 0.007999973s s3:get_obj rgw::auth::s3::LocalEngine denied with reason=-2027
2019-10-08T15:00:45.853+0800 7f5571da4700 20 req 1 0.007999973s s3:get_obj rgw::auth::s3::AWSAuthStrategy denied with reason=-2027
2019-10-08T15:00:45.853+0800 7f5571da4700 20 req 1 0.007999973s s3:get_obj rgw::auth::StrategyRegistry::s3_main_strategy_t: trying rgw::auth::s3::AWSAuthStrategy
2019-10-08T15:00:45.853+0800 7f5571da4700 20 req 1 0.007999973s s3:get_obj rgw::auth::s3::AWSAuthStrategy: trying rgw::auth::s3::LocalEngine
2019-10-08T15:00:45.853+0800 7f5571da4700 10 get_canon_resource(): dest=/[2409/test1/
2019-10-08T15:00:45.853+0800 7f5571da4700 10 req 1 0.007999973s string_to_sign:
GET

application/octet-stream
Tue, 08 Oct 2019 07:00:45 GMT
/[2409/test1/ <== wrong here
2019-10-08T15:00:45.853+0800 7f5571da4700 15 req 1 0.007999973s s3:get_obj string_to_sign=GET

application/octet-stream
Tue, 08 Oct 2019 07:00:45 GMT
/[2409/test1/
"""
Comment 2 Jane smith 2020-11-04 10:01:01 UTC Comment hidden (spam)
Comment 3 Ken Dreyer (Red Hat) 2021-01-12 23:30:44 UTC 
upstream tracker says this was resolved back in v14.2.10, so the code is available in ceph-14.2.11-95 that we shipped in http://access.redhat.com/errata/RHSA-2021:0081 today.

Marking this TestOnly for QE verification.
Comment 7 errata-xmlrpc 2021-08-30 08:22:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 5.0 bug fix and enhancement), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3294
Note You need to log in before you can comment on or make changes to this bug.