s3api: Allow clients to upload with UNSIGNED-PAYLOAD

(Some versions of?) awscli/boto3 will do v4 signatures but send a Content-MD5 for end-to-end validation. Since a X-Amz-Content-SHA256 is still required to calculate signatures, it uses UNSIGNED-PAYLOAD similar to how signatures work for pre-signed URLs. Look for UNSIGNED-PAYLOAD and skip SHA256 validation if set. Change-Id: I571c16c196dae4e4f8fb41904c8850d0054b1fe9 Related-Change: I61eb12455c37376be4d739eee55a5f439216f0e9
author: Tim Burke <tim.burke@gmail.com> 2019-05-20 11:44:21 -0700
committer: Tim Burke <tim.burke@gmail.com> 2019-05-20 11:44:21 -0700
commit: 82e446a8a0c0fd6a81f06717b76ed3d1be26a281 (patch)
tree: 7f25c240cfc62e951f0c2e1f4e215035f979be68 /swift/common/middleware/s3api/s3request.py
parent: f17b9d2e24b22c29dcf09265d7c59d2550262385 (diff)
download: swift-82e446a8a0c0fd6a81f06717b76ed3d1be26a281.tar.gz
1 files changed, 15 insertions, 14 deletions
diff --git a/swift/common/middleware/s3api/s3request.py b/swift/common/middleware/s3api/s3request.py
index 6173ecd03..1caca1f34 100644
--- a/swift/common/middleware/s3api/s3request.py
+++ b/swift/common/middleware/s3api/s3request.py
@@ -434,20 +434,21 @@ class SigV4Mixin(object):
             raise InvalidRequest(msg)
         else:
             hashed_payload = self.headers['X-Amz-Content-SHA256']
-            if self.content_length == 0:
-                if hashed_payload != sha256().hexdigest():
-                    raise BadDigest(
-                        'The X-Amz-Content-SHA56 you specified did not match '
-                        'what we received.')
-            elif self.content_length:
-                self.environ['wsgi.input'] = HashingInput(
-                    self.environ['wsgi.input'],
-                    self.content_length,
-                    sha256,
-                    hashed_payload)
-            # else, not provided -- Swift will kick out a 411 Length Required
-            # which will get translated back to a S3-style response in
-            # S3Request._swift_error_codes
+            if hashed_payload != 'UNSIGNED-PAYLOAD':
+                if self.content_length == 0:
+                    if hashed_payload != sha256().hexdigest():
+                        raise BadDigest(
+                            'The X-Amz-Content-SHA56 you specified did not '
+                            'match what we received.')
+                elif self.content_length:
+                    self.environ['wsgi.input'] = HashingInput(
+                        self.environ['wsgi.input'],
+                        self.content_length,
+                        sha256,
+                        hashed_payload)
+                # else, length not provided -- Swift will kick out a
+                # 411 Length Required which will get translated back
+                # to a S3-style response in S3Request._swift_error_codes
         cr.append(swob.wsgi_to_bytes(hashed_payload))
         return b'\n'.join(cr)
author	Tim Burke <tim.burke@gmail.com>	2019-05-20 11:44:21 -0700
committer	Tim Burke <tim.burke@gmail.com>	2019-05-20 11:44:21 -0700
commit	82e446a8a0c0fd6a81f06717b76ed3d1be26a281 (patch)
tree	7f25c240cfc62e951f0c2e1f4e215035f979be68 /swift/common/middleware/s3api/s3request.py
parent	f17b9d2e24b22c29dcf09265d7c59d2550262385 (diff)
download	swift-82e446a8a0c0fd6a81f06717b76ed3d1be26a281.tar.gz