Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws.go ParseSigV4 fails to parse the Authorization unless extra spaces are added #50866

Closed
superbet-t2 opened this issue Jan 8, 2025 · 0 comments · Fixed by #50973
Closed

aws.go ParseSigV4 fails to parse the Authorization unless extra spaces are added #50866

superbet-t2 opened this issue Jan 8, 2025 · 0 comments · Fixed by #50973
Assignees
@GavinFrazar
Labels
application-access aws Used for AWS Related Issues. bug c-spb Internal Customer Reference

Comments

@superbet-t2
Copy link

Expected behavior:
The aws.go ParseSigV4 method should handle the Authorization header being a single continuous string as mentioned here: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-authentication-methods.html
Examples of authorization headers not having spaces in are here: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
As an example
ParseSigV4("AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=fea454ca298b7da1c68078a5d1bdbfbbe0d65c699e0f91ac7a200a0136783543")
Should succeed and not return an error.

Current behavior:
The current logic requires a space after every every comma. So the above Header in that format works:
ParseSigV4("AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=fea454ca298b7da1c68078a5d1bdbfbbe0d65c699e0f91ac7a200a0136783543")

Bug details:

  • Teleport version: Latest
  • Recreation steps: My personal use case comes from using aws-beam library for erlang but any 'technically correct' implementation of aws apis will run into issues.
@superbet-t2 superbet-t2 added the bug label Jan 8, 2025
@greedy52 greedy52 added aws Used for AWS Related Issues. application-access labels Jan 8, 2025
@milos-teleport milos-teleport added the c-spb Internal Customer Reference label Jan 9, 2025
@GavinFrazar GavinFrazar mentioned this issue Jan 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GavinFrazar GavinFrazar

Labels
application-access aws Used for AWS Related Issues. bug c-spb Internal Customer Reference
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix AWS SigV4 parsing gravitational/teleport
4 participants
@greedy52 @GavinFrazar @superbet-t2 @milos-teleport