Lowercase query parameter keys when parsing #753

Closed

asonix wants to merge 2 commits from asonix/garage:main into main

pull from: asonix/garage:main

merge into: Deuxfleurs:main

Deuxfleurs:main

Deuxfleurs:main-0.9.x

Deuxfleurs:db-no-unsafe

Deuxfleurs:main-0.8.x

Deuxfleurs:k2v/shared_http_client

Deuxfleurs:feat/website-redir

Deuxfleurs:smithy2

Deuxfleurs:test/compilation

Deuxfleurs:poc/nomad-ci

Deuxfleurs:test-ci-wait

Deuxfleurs:pnet_datalink-0.33.0

Deuxfleurs:optimal-layout

Deuxfleurs:k2v-watch-range

Deuxfleurs:db-debug-log

Deuxfleurs:build-convert-db

Deuxfleurs:demonstrate-cargo2nix-bug

Deuxfleurs:dangerous/no-fsync

Deuxfleurs:dev0.7.3

Deuxfleurs:doc/benchmarks

Deuxfleurs:bug/check_static

Deuxfleurs:bucket-cors-more

Deuxfleurs:storage-optimizations

Deuxfleurs:old-main

Conversation 6 Commits 2 Files Changed 1 +23 -10

asonix commented 2024-03-03 20:36:32 +00:00

Contributor

Copy Link

fixes #752

fixes https://git.deuxfleurs.fr/Deuxfleurs/garage/issues/752

asonix added 1 commit 2024-03-03 20:36:33 +00:00

6a57827da9 Lowercase query parameter keys when parsing

asonix commented 2024-03-03 21:36:54 +00:00

Author

Contributor

Copy Link

Just this isn't enough. Getting the following now:

2024-03-03T21:28:18.033798Z  INFO garage_api::generic_server: [::ffff:10.42.7.110]:41580 HEAD /pict-rs/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=[redacted]&X-Amz-Date=20240303T212818Z&X-Amz-Expires=15&X-Amz-SignedHeaders=host&X-Amz-Signature=[redacted]
2024-03-03T21:28:18.034944Z  INFO garage_api::generic_server: Response: error 403 Forbidden, Forbidden: Invalid signature

Just this isn't enough. Getting the following now: ``` 2024-03-03T21:28:18.033798Z INFO garage_api::generic_server: [::ffff:10.42.7.110]:41580 HEAD /pict-rs/?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=[redacted]&X-Amz-Date=20240303T212818Z&X-Amz-Expires=15&X-Amz-SignedHeaders=host&X-Amz-Signature=[redacted] 2024-03-03T21:28:18.034944Z INFO garage_api::generic_server: Response: error 403 Forbidden, Forbidden: Invalid signature ```

asonix commented 2024-03-03 21:57:41 +00:00

Author

Contributor

Copy Link

it seems the canonical_request has lowercased keys, which ends up generating a different signing string than the client which has title-cased keys

it seems the `canonical_request` has lowercased keys, which ends up generating a different signing string than the client which has title-cased keys

asonix commented 2024-03-03 21:59:04 +00:00

Author

Contributor

Copy Link

garage 0.9.1's canonical request:

HEAD
/pict-rs/
X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=[redacted]&X-Amz-Date=20240303T215113Z&X-Amz-Expires=15&X-Amz-SignedHeaders=host
host:garage-daemon.garage.svc:3900

garage 0.9.2's canonical request:

HEAD
/pict-rs/
x-amz-algorithm=AWS4-HMAC-SHA256&x-amz-credential=[redacted]&x-amz-date=20240303T215553Z&x-amz-expires=15&x-amz-signedheaders=host
host:garage-daemon.garage.svc:3900

garage 0.9.1's canonical request: ``` HEAD /pict-rs/ X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=[redacted]&X-Amz-Date=20240303T215113Z&X-Amz-Expires=15&X-Amz-SignedHeaders=host host:garage-daemon.garage.svc:3900 ``` garage 0.9.2's canonical request: ``` HEAD /pict-rs/ x-amz-algorithm=AWS4-HMAC-SHA256&x-amz-credential=[redacted]&x-amz-date=20240303T215553Z&x-amz-expires=15&x-amz-signedheaders=host host:garage-daemon.garage.svc:3900 ```

asonix added 1 commit 2024-03-03 22:27:05 +00:00

4990460808 Store original-cased query keys alongside query values

asonix commented 2024-03-03 22:28:19 +00:00

Author

Contributor

Copy Link

I've deployed this on my network and it seems to be working

I've deployed this on my network and it seems to be working

lx commented 2024-03-04 10:26:42 +00:00

Owner

Copy Link

Hello, sorry for breaking this and thanks for fixing it.

@asonix Can you make your fork of the repo public? The CI is refusing to run currently as it cannot access your code.

Hello, sorry for breaking this and thanks for fixing it. @asonix Can you make your fork of the repo public? The CI is refusing to run currently as it cannot access your code.

lx referenced this pull request 2024-03-04 12:29:51 +00:00

Add API test + fix presigned requests #756

lx commented 2024-03-04 12:30:16 +00:00

Owner

Copy Link

Closing in favor of #756. I've kept your comits for the fix, thank you.

Closing in favor of #756. I've kept your comits for the fix, thank you.

lx closed this pull request 2024-03-04 12:30:16 +00:00

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

AdminAPI

Issues concerning the administration API

  

Bug

  

Check AWS

The behaviour should be checked against AWS S3

  

CI

Issues with Nix, Drone, Rust Compiler, etc.

  

Correctness

Issues of theoretical correctness that may impact edge-case scenarios

  

Critical

  

Documentation

  

Ideas

For abstract ideas/proposal to make Garage better, to better communicate our not yet achieved aims

  

Improvement

  

Low priority

For issues that we don't want to spend time on until made absolutely necessary

  

Newcomer

A bug that should be newcomer friendly.

  

Performance

  

S3 Compatibility

  

Testing

  

Usability

Propositions to make Garage easier to operate, by improving error reporting, CLI, etc.

No Label

AdminAPI

Bug

Check AWS

CI

Correctness

Critical

Documentation

Ideas

Improvement

Low priority

Newcomer

Performance

S3 Compatibility

Testing

Usability

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/garage#753

No description provided.