New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rgw: fix the signature mismatch of FormPost in swift API #15564

Merged
merged 1 commit into from Jun 13, 2017

Conversation

Projects
None yet
2 participants
@Jing-Scott
Contributor

Jing-Scott commented Jun 8, 2017

@Jing-Scott

This comment has been minimized.

Contributor

Jing-Scott commented Jun 8, 2017

The blow are the test steps, which also can be found here.

  • Firstly, we should post Temp-URL-Key to your account (eg: swift post -m "Temp-URL-Key:mykey").

  • we can use the python code to generate Expires and Signature in ceph.

 import hmac
 from hashlib import sha1
 from time import time
 path = '/swift/v1/form-1/'
 redirect = ''
 max_file_size = 5373952000
 max_file_count = 2
 expires = int(time() + 30000)
 key = 'mykey'
 hmac_body = '%s\n%s\n%s\n%s\n%s' % (path, redirect,
                 max_file_size, max_file_count, expires)
 signature = hmac.new(key, hmac_body, sha1).hexdigest()
 print 'Expires: ' + str(expires)
 print 'Signature: ' + signature
  • then copy the values of Expires and Signature to the blow xml script.
<form action="http://<you_domain>/swift/v1/form-1/" method="POST" enctype="multipart/form-data">
  <input type="hidden" name="max_file_size" value="5373952000" />
  <input type="hidden" name="max_file_count" value="2" />
  <input type="hidden" name="expires" value="1496934665" />
  <input type="hidden" name="signature" value="c53d96db1b341db8b76168e487d956d307ea7cb5" />
  <!-- This signature allows for at most 2 files, -->
  <!-- but it may also have any smaller number. -->
  <!-- Remove file inputs as needed. -->
  <input type="file" name="file0" />
  <br />
  <input type="file" name="file1" />
  <br />
  <input type="submit" />
</form>
  • At last, we can open the upper xml directly by your browser to upload objects.
@Jing-Scott

This comment has been minimized.

Contributor

Jing-Scott commented Jun 9, 2017

@rzarzynski hi, how about this fix? thanks!

@rzarzynski rzarzynski self-assigned this Jun 9, 2017

@rzarzynski

Thanks for bringing this fix, @Jing-Scott! The patch looks fine. I will test it locally in the morning.

if (std::end(params) != params.find("filename")) {
if (std::end(params) != params.find("filename") && ! params["filename"].empty()) {

This comment has been minimized.

@rzarzynski

rzarzynski Jun 12, 2017

Contributor

The operator[] can unnecessarily modify the params. Maybe replace with something like that:

      const auto& params = field_iter->second.params;
      const auto& filename_iter = params.find("filename");
      if (std::end(params) != filename_iter && ! filename_iter->empty()) {

This comment has been minimized.

@Jing-Scott

This comment has been minimized.

@Jing-Scott

Jing-Scott Jun 12, 2017

Contributor

change from filename_iter->empty() to filename_iter->second.empty()

@rzarzynski

This comment has been minimized.

Contributor

rzarzynski commented Jun 12, 2017

jenkins retest this please

@rzarzynski

LGTM. Tempest nor s3-tests haven't found any regression here. Tempest additionally confirmed the FormPost status:

$ ./run_tempest.sh -V tempest.api.object_storage.test_object_formpost
WARNING: This script is deprecated and will be removed in the near future. Please migrate to tempest run or another method of launching a test runner
running=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \
OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \
OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-500} \
OS_TEST_LOCK_PATH=${OS_TEST_LOCK_PATH:-${TMPDIR:-'/tmp'}} \
${PYTHON:-python} -m subunit.run discover -t ${OS_TOP_LEVEL:-./} ${OS_TEST_PATH:-./tempest/test_discover} --list 
running=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \
OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \
OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-500} \
OS_TEST_LOCK_PATH=${OS_TEST_LOCK_PATH:-${TMPDIR:-'/tmp'}} \
${PYTHON:-python} -m subunit.run discover -t ${OS_TOP_LEVEL:-./} ${OS_TEST_PATH:-./tempest/test_discover}  --load-list /tmp/tmpJkXSej
running=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \
OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \
OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-500} \
OS_TEST_LOCK_PATH=${OS_TEST_LOCK_PATH:-${TMPDIR:-'/tmp'}} \
${PYTHON:-python} -m subunit.run discover -t ${OS_TOP_LEVEL:-./} ${OS_TEST_PATH:-./tempest/test_discover}  --load-list /tmp/tmpD8O4HO
{1} tempest.api.object_storage.test_object_formpost.ObjectFormPostTest.test_post_object_using_form [0.053191s] ... ok
{0} tempest.api.object_storage.test_object_formpost_negative.ObjectFormPostNegativeTest.test_post_object_using_form_expired [2.018859s] ... ok
{0} tempest.api.object_storage.test_object_formpost_negative.ObjectFormPostNegativeTest.test_post_object_using_form_invalid_signature [0.009917s] ... ok

======
Totals
======
Ran: 3 tests in 5.0000 sec.
 - Passed: 3
 - Skipped: 0
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 2.0820 sec.

==============
Worker Balance
==============
 - Worker 0 (2 tests) => 0:00:02.029188
 - Worker 1 (1 tests) => 0:00:00.053191

Waiting for the builders. Teuthology run doesn't seem to be necessary here as we don't have any FormPost related test in the suite.

@rzarzynski

This comment has been minimized.

Contributor

rzarzynski commented Jun 12, 2017

jenkins retest this please (Agent went offline during the build)

@rzarzynski

This comment has been minimized.

Contributor

rzarzynski commented Jun 12, 2017

Shaman is fine with the changes (the commit has been put on top of the AWSv4 rework).

@Jing-Scott

This comment has been minimized.

Contributor

Jing-Scott commented Jun 13, 2017

jenkins retest this please

@rzarzynski

This comment has been minimized.

Contributor

rzarzynski commented Jun 13, 2017

@Jing-Scott: it seems that the branch is experiencing an unrelated but permanent error in cephtool-test-mds.sh. Could you please rebase to the current master?

rgw: fix the signature mismatch of FormPost in swift API
Fixes: http://tracker.ceph.com/issues/20220
Signed-off-by: Jing Wenjun <jingwenjun@cmss.chinamobile.com>

@rzarzynski rzarzynski merged commit 7369880 into ceph:master Jun 13, 2017

3 checks passed

Signed-off-by all commits in this PR are signed
Details
Unmodified Submodules submodules for project are unmodified
Details
make check make check succeeded
Details
@Jing-Scott

This comment has been minimized.

Contributor

Jing-Scott commented Jun 13, 2017

@rzarzynski thanks for your review again!

@Jing-Scott Jing-Scott deleted the Jing-Scott:fix-formpost-auth branch Jun 13, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment