Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rgw: refuse to calculate digest when the s3 secret key is empty #6045

Merged
merged 1 commit into from Oct 30, 2015

Conversation

Projects
None yet
3 participants
@Sandy4999
Copy link
Contributor

Sandy4999 commented Sep 23, 2015

Fixes: #13133

Refuse to calculate the s3 header digest when the secret key is empty so that it cannot pass authentication.

Signed-off-by: Sangdi Xu xu.sangdi@h3c.com

rgw: refuse to calculate digest when the s3 secret key is empty
Fixes: #13133

Refuse to calculate the s3 header digest when the secret key is empty so that it cannot pass authentication.

Signed-off-by: Sangdi Xu <xu.sangdi@h3c.com>

@ghost ghost added the rgw label Oct 16, 2015

@Sandy4999

This comment has been minimized.

Copy link
Contributor Author

Sandy4999 commented Oct 29, 2015

An empty secret key would not be accepted at the creating time after the this PR (
#5694) merged

@Sandy4999 Sandy4999 closed this Oct 29, 2015

@yehudasa

This comment has been minimized.

Copy link
Member

yehudasa commented Oct 29, 2015

@Sandy4999 any reason why you closed this PR?

@Sandy4999

This comment has been minimized.

Copy link
Contributor Author

Sandy4999 commented Oct 30, 2015

@yehudasa Because I believe after #5694 is merged in, we can no longer create an empty secrety key, as every time it is created without explicitly specified the secret key would be set as a random series of chars, or prompts an error message. That is to say, the check added by this PR would probably be redundant, though it might forbid existed empty keys to pass the authentication. What do you think?

@yehudasa

This comment has been minimized.

Copy link
Member

yehudasa commented Oct 30, 2015

@Sandy4999 I think we still need to have this check, as both handle existing keys, and guard from future potential bugs

@Sandy4999

This comment has been minimized.

Copy link
Contributor Author

Sandy4999 commented Oct 30, 2015

@yehudasa Cool if you believe it is useful. At least I see no defect to do this check.

@Sandy4999 Sandy4999 reopened this Oct 30, 2015

@yehudasa yehudasa added the bug fix label Oct 30, 2015

yehudasa added a commit that referenced this pull request Oct 30, 2015

Merge pull request #6045 from Sandy4999/wip-13133
rgw: refuse to calculate digest when the s3 secret key is empty

Reviewed-by: Yehuda Sadeh <yehuda@redhat.com>

@yehudasa yehudasa merged commit 7f8ab91 into ceph:master Oct 30, 2015

@Sandy4999 Sandy4999 deleted the Sandy4999:wip-13133 branch Oct 30, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.