From 8d883f011c586f0e79c56f0f70f9455997d70012 Mon Sep 17 00:00:00 2001 From: Bence Romsics Date: Mon, 29 Aug 2022 16:03:44 +0200 Subject: Fix host:port handling When we check the EC2 signature without the port part of the host value received, we should properly split host:port. Keep in mind the splitting should work for values like [fc00::]:123 too. Change-Id: I1d90dfcea3568e2a9b22069daa428ea6a2a38bd6 Closes-Bug: #1988168 (cherry picked from commit 6c35b366e3c8c6d7f47471b93f5315582301c5ef) (cherry picked from commit d39790ac4e9dc25af09cdddc6217e36bacbc2bb1) (cherry picked from commit 0bb9cdee71805af1a7cb0a7db110b336eae5da1e) (cherry picked from commit aa50b963cce20a76db0c4834b3716d3658c784af) (cherry picked from commit fe837d87c949f6a2347cf79d81b66214f0a449b3) (cherry picked from commit 1ab860a08e527ca9e0c82a49fbf004d415fec991) --- keystone/api/ec2tokens.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/keystone/api/ec2tokens.py b/keystone/api/ec2tokens.py index d10b429b9..60007f93f 100644 --- a/keystone/api/ec2tokens.py +++ b/keystone/api/ec2tokens.py @@ -12,6 +12,8 @@ # This file handles all flask-restful resources for /v3/ec2tokens +from six.moves.urllib import parse as urllib_parse + import flask from keystoneclient.contrib.ec2 import utils as ec2_utils from oslo_serialization import jsonutils @@ -42,8 +44,8 @@ class EC2TokensResource(EC2_S3_Resource.ResourceBase): # NOTE(vish): Some client libraries don't use the port when # signing requests, so try again without the port. elif ':' in credentials['host']: - hostname, _port = credentials.split(':') - credentials['host'] = hostname + parsed = urllib_parse.urlsplit('//' + credentials['host']) + credentials['host'] = parsed.hostname # NOTE(davechen): we need to reinitialize 'signer' to avoid # contaminated status of signature, this is similar with # other programming language libraries, JAVA for example. -- cgit v1.2.1