[one-users] EC2 API PROBABLY BUGS

Tino Vazquez tinova at fdi.ucm.es
Thu Jan 20 03:39:28 PST 2011


Dear Paolo,

First think, many thanks for the valuable feedback.

comments inline,


On Fri, Jan 14, 2011 at 6:11 PM, Paolo Smiraglia
<paolo.smiraglia at gmail.com> wrote:
> Hi! I discovered an AUTHENTICATION PROBLEM when using EC2 Tools
> provided by OpenNebula.
>
> On client-side, the HMAC algorithm used is "HmacSHA256" while the
> passed parameter is "HmacSHA1" in
>
>  $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb:144
>
> this causes an authentication failure.

Encoding method for AWS.encode [1] is HmacSHA1, am I missing something?

>
>
> I found another problem in the file
>
>  $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>
> While the issue disappeared executing the tool
>
>  econe-upload
>
> it is still present in the tools
>
>  econe-register
>  econe-describe-images
>
> This may be caused by the file
>
>  $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>
> where, in the function "signature_version_2()" definition, the
> variable "server_str" depends on the tool executed.
>
> 1. econe-upload
>
>   server_str = FQDN
>
> 2. econe-register
>
>   server_str = FQDN:PORT
>
> I think the issue is caused by the missing parameter "Version" which
> is not passed in last two utilities.

The EC2QueryServer have to work with different client tools. We found
out that with API versions 2008-12-01 and 2009-11-30, the port is
taking into account for the signature, while client tools (hybridfox,
for instance, that uses boto) that implement other versions doesn't
include this port.

>
> Best,
>
>   PAOLO

Regards,

-Tino

[1] http://rdoc.info/github/grempe/amazon-ec2/master/AWS#encode-class_method

--
Constantino Vázquez Blanco | dsa-research.org/tinova
Virtualization Technology Engineer / Researcher
OpenNebula Toolkit | opennebula.org

>
>
> --
> PAOLO SMIRAGLIA
> http://portale.isf.polito.it/paolo-smiraglia
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



More information about the Users mailing list