Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[azure-storage-blob] wrong sas permission string caused authentication failure #13099

Closed
Juliehzl opened this issue Aug 13, 2020 · 2 comments
Closed

[azure-storage-blob] wrong sas permission string caused authentication failure #13099

Juliehzl opened this issue Aug 13, 2020 · 2 comments
Assignees
@xiafu-msft
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. Storage Storage Service (Queues, Blobs, Files)

Comments

@Juliehzl
Copy link

Juliehzl commented Aug 13, 2020
edited
Loading

  • Package Name: azure-stroage-blob
  • Package Version: 12.4.0b1
  • Operating System: Win 10
  • Python Version: 3.7.7

Describe the bug
A clear and concise description of what the bug is.
When specify permission with string, it passes the permission string to _str as shown here:

azure-sdk-for-python/sdk/storage/azure-storage-blob/azure/storage/blob/_models.py

Line 930 in 1216acf

parsed._str = permission # pylint: disable = protected-access

but what we expect is that it should be format with the following method:

azure-sdk-for-python/sdk/storage/azure-storage-blob/azure/storage/blob/_models.py

Lines 899 to 904 in 1216acf

self._str = (('r' if self.read else '') +
('w' if self.write else '') +
('d' if self.delete else '') +
('x' if self.delete_previous_version else '') +
('l' if self.list else '') +
('t' if self.tag else ''))

If the permission string sequence changes, it will cause signed signature change and authentication failure.

Removing this line could fix it.

azure-sdk-for-python/sdk/storage/azure-storage-blob/azure/storage/blob/_models.py

Line 930 in 1216acf

parsed._str = permission # pylint: disable = protected-access

Same for other sas permissions.

To Reproduce
Steps to reproduce the behavior:

  1. generate sas token with specifying container sas permission with string like 'dlrw'
  2. upload blob with generated sas

but if you are using rwdl, it will work.

Expected behavior
A clear and concise description of what you expected to happen.

Authentication failed.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.
@ghost ghost added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Aug 13, 2020
@Juliehzl Juliehzl added the Storage Storage Service (Queues, Blobs, Files) label Aug 13, 2020
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Aug 13, 2020
@kaerm kaerm added the Client This issue points to a problem in the data-plane of the library. label Aug 13, 2020
@xiafu-msft xiafu-msft mentioned this issue Aug 21, 2020
Merged
@xiafu-msft
Copy link
Contributor

This will be addressed in the pr, thanks for catching this!

@xiafu-msft xiafu-msft added the bug This issue requires a change to an existing behavior in the product in order to be resolved. label Aug 21, 2020
@tasherif-msft
Copy link
Contributor

Hi @Juliehzl, the PR related to this issue has been merged. I will proceed to close this issue. Let us know if anything else comes up!

@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@xiafu-msft xiafu-msft

Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kaerm @Juliehzl @xiafu-msft @tasherif-msft