summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--gluster/swift/common/middleware/gswauth/swauth/middleware.py6
-rw-r--r--test/unit/common/middleware/gswauth/swauth/test_middleware.py25
2 files changed, 30 insertions, 1 deletions
diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
index 745c6f1..48f1d71 100644
--- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py
+++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
@@ -318,7 +318,7 @@ class Swauth(object):
account_id, 1)
detail = json.loads(resp.body)
- password = detail['auth'].split(':')[-1]
+ password_type, password = detail['auth'].split(':')
msg = base64.urlsafe_b64decode(unquote(token))
# https://bugs.python.org/issue5285
@@ -327,6 +327,10 @@ class Swauth(object):
if isinstance(msg, unicode):
msg = msg.encode('utf-8')
+ if password_type != 'plaintext':
+ # Password isn't plaintext, contains salt string
+ password = password.split('$')[-1]
+
s = base64.encodestring(hmac.new(password,
msg, sha1).digest()).strip()
if s != sign:
diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
index 2d30082..e8c2001 100644
--- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py
+++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
@@ -17,6 +17,7 @@ try:
import simplejson as json
except ImportError:
import json
+import hashlib
import unittest
from contextlib import contextmanager
import mock
@@ -4857,6 +4858,30 @@ class TestAuth(unittest.TestCase):
'ozNCArMDAwMAovY29udGFpbmVyMw=='
self.assertEqual(self.test_auth.get_groups(env, token), None)
+ def test_s3_only_hash_passed_to_hmac(self):
+ key = 'dadada'
+ salt = 'zuck'
+ key_hash = hashlib.sha1('%s%s' % (salt, key)).hexdigest()
+ auth_stored = "sha1:%s$%s" % (salt, key_hash)
+ self.test_auth.app = FakeApp(iter([
+ ('200 Ok', {},
+ json.dumps({"auth": auth_stored,
+ "groups": [{'name': "act:usr"}, {'name': "act"},
+ {'name': ".admin"}]})),
+ ('204 Ok', {'X-Container-Meta-Account-Id': 'AUTH_act'}, '')]))
+ env = \
+ {'HTTP_AUTHORIZATION': 'AWS act:user:whatever',
+ 'PATH_INFO': '/v1/AUTH_act/c1'}
+ token = 'UFVUCgoKRnJpLCAyNiBGZWIgMjAxNiAwNjo0NT'\
+ 'ozNCArMDAwMAovY29udGFpbmVyMw=='
+ mock_hmac_new = mock.MagicMock()
+ with mock.patch('hmac.new', mock_hmac_new):
+ self.test_auth.get_groups(env, token)
+ self.assertTrue(mock_hmac_new.called)
+ # Assert that string passed to hmac.new is only the hash
+ self.assertEqual(mock_hmac_new.call_args[0][0], key_hash)
+
+
if __name__ == '__main__':
unittest.main()