Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] - CopyObject fails with error "the specified bucket does not exist" if versitygw is configured with an IAM backend #773

Closed
cvubrugier opened this issue Aug 29, 2024 · 2 comments
Closed

[Bug] - CopyObject fails with error "the specified bucket does not exist" if versitygw is configured with an IAM backend #773

cvubrugier opened this issue Aug 29, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@cvubrugier
Copy link
Contributor

Describe the bug

With WinSCP and Cyberduck, renaming or duplicating an object fails with error "the specified bucket does not exist" if versitygw is configured with an IAM backend.

To Reproduce

  1. Start versitygw with an IAM backend (for instance IAM Internal).
  2. Create a user.
  3. As admin, create a bucket.
  4. Change ownership of the bucket to the new user.
  5. Browse the bucket with WinSCP or Cyberduck as a user.
  6. Upload a file.
  7. Try to rename or duplicate the file. The operation fails with error "the specified bucket does not exist".

Expected behavior

The user should be able to rename or duplicate a file with WinSCP or Cyberduck.

Server and client versions

  • versitygw v1.0.5 or latest revision of the "main" branch (commit 923ee5f)
  • WinSCP 6.3.4
  • Cyberduck 8.7.3

Bug analysis

To rename or duplicate an object, WinSCP and Cyberduck send a CopyObject S3 command that contains a x-amz-copy-source header that starts with '/'.

The function VerifyObjectCopyAccess contains the following code:

srcBucket, srcObject, found := strings.Cut(copySource, "/")

If copySource starts with '/', then srcBucket is set to an empty string. Later, an error is returned because bucket "" does not exist.

The same issue was fixed in the Posix and Azure backends by the following commit:

  • 5e484f2 fix: Fixed CopySource parsing to handle the values starting with '/' in CopyObject action in posix and azure backends.

However, the issue still exist in VerifyObjectCopyAccess.

I will provide a fix for this issue.
@cvubrugier cvubrugier added the bug Something isn't working label Aug 29, 2024
@cvubrugier
Copy link
Contributor Author

cyberduck-copy-object-error winscp-copy-object-error

cvubrugier added a commit to cvubrugier/versitygw that referenced this issue Aug 29, 2024
@cvubrugier
fix: handle "x-amz-copy-source" header starting with '/' in s3api
20940f0 
The "x-amz-copy-source" header may start with '/' as observed with
WinSCP. However, '/' is also the separator between the bucket and the
object path in "x-amz-copy-source".

Consider the following code in VerifyObjectCopyAccess():

    srcBucket, srcObject, found := strings.Cut(copySource, "/")

If `copySource` starts with '/', then `srcBucket` is set to an empty
string. Later, an error is returned because bucket "" does not exist.

This issue was fixed in the Posix and Azure backends by the following
commit:

 * 5e484f2 fix: Fixed CopySource parsing to handle the values starting with '/' in CopyObject action in posix and azure backends.

But the issue was not fixed in `VerifyObjectCopyAccess`.

This commit sanitizes "x-amz-copy-source" right after the header is
extracted in `s3api/controllers/base.go`. This ensures that the
`CopySource` argument passed to the backend functions UploadPartCopy()
and CopyObject() does not start with '/'. Since the backends no longer
need to strip away any leading '/' in `CopySource`, the parts of
commit 5e484f2 modifying the Posix and Azure backends are reverted.

Fixes issue versity#773.

Signed-off-by: Christophe Vu-Brugier <christophe.vu-brugier@seagate.com>
@cvubrugier cvubrugier mentioned this issue Aug 29, 2024
Merged
@benmcclelland
Copy link
Member

fix PR merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
VersityGW Project
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benmcclelland @cvubrugier