Opened 9 months ago

Closed 9 months ago

#12397 closed Bug report (rejected)

Connecting to third party S3 provider

Reported by: loleg Owned by:
Priority: normal Component: FileZilla Client
Keywords: s3 Cc:
Component version: Operating system type: Linux
Operating system version:

Description

After fiddling ..a lot!.. with the S3 connection and site settings, and having successfully connected to official Amazon S3 buckets, I cannot manage to connect to a Linode Object Storage S3 provider which works completely fine using the s3cmd tool. There is always a 403 user access denied error. I tried rotating my access keys and various ACL and permission settings to no avail.

If anybody else has managed to use FileZilla with Linode or another third-party S3 provider, I would appreciate a tip. They recommend the CyberDuck client, which is not supported on Linux.

See https://www.linode.com/docs/guides/how-to-use-object-storage/#cyberduck

Change History (2)

comment:1 by loleg, 9 months ago

They look exactly the same if I include the bucket subdomain. Here are my detailed (Debug level 3) logs:

Trace: CHttpControlSocket::ResetSocket()
Trace: CControlSocket::ResetOperation(66)
Trace: CHttpControlSocket::ResetSocket()
Trace: CControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Trace: CS3ControlSocket::Connect(eu-central-1.linodeobjects.com)
Trace: CControlSocket::SendNextCommand()
Trace: CHttpConnectOpData::Send() in state 0
Trace: CControlSocket::ResetOperation(0)
Trace: CHttpConnectOpData::Reset(0) in state 0
Trace: CS3ControlSocket::List()
Status: Retrieving directory listing...
Trace: CControlSocket::SendNextCommand()
Trace: CS3ListOp::Send() in state 0
Trace: CS3ControlSocket::DoRequest
Trace: S3RequestOp::Send() in state 0
Trace: S3RequestOp::Send() in state 1
Trace: S3RequestOp::Send() in state 2
Trace: Requesting https://eu-central-1.linodeobjects.com:443/
Trace: CHttpControlSocket::Request()
Trace: CHttpRequestOpData::Send() in state 17
Trace: CHttpRequestOpData::Send() in state 18
Trace: CHttpControlSocket::InternalConnect()
Trace: CHttpControlSocket::ResetSocket()
Trace: CHttpInternalConnectOpData::Send() in state 0
Trace: CHttpControlSocket::ResetSocket()
Status: Resolving address of eu-central-1.linodeobjects.com
Status: Connecting to 139.162.182.14:443...
Status: Connection established, initializing TLS...
Trace: tls_layer_impl::client_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: tls_layer_impl::continue_handshake()
Trace: TLS Handshake successful
Trace: Protocol: TLS1.2, Key exchange: ECDHE-SECP384R1-RSA-SHA384, Cipher: AES-256-GCM, MAC: AEAD
Trace: tls_layer_impl::verify_certificate()
Status: Verifying certificate...
Trace: CS3ControlSocket::SetAsyncRequestReply
Trace: CHttpControlSocket::SetAsyncRequestReply
Status: TLS connection established, sending HTTP request
Trace: CControlSocket::ResetOperation(0)
Trace: CHttpInternalConnectOpData::Reset(0) in state 0
Trace: CHttpRequestOpData::SubcommandResult(0) in state 18
Trace: CControlSocket::SendNextCommand()
Trace: CHttpRequestOpData::Send() in state 20
Command: GET / HTTP/1.1
Command: Authorization:
Command: Connection: keep-alive
Command: Host: eu-central-1.linodeobjects.com:443
Command: Keep-Alive: 300
Command: User-Agent: FileZilla/3.52.2
Command: x-amz-content-sha256: e3b0c44298...........
Command: x-amz-date: 20210312T110642Z
Trace: Finished sending request header. Request has no body
Trace: CHttpRequestOpData::Send() in state 16
Trace: CHttpRequestOpData::ParseHeader()
Response: HTTP/1.1 403 Forbidden
Response: Date: Fri, 12 Mar 2021 11:06:42 GMT
Response: Content-Type: application/xml
Response: Content-Length: 200
Response: Connection: keep-alive
Response: x-amz-request-id: tx000000000000002ab31ae-00604b4b42-153e462-default
Response: Accept-Ranges: bytes
Trace: CHttpRequestOpData::ProcessCompleteHeader()
Trace: S3RequestOp::OnHeader with response code 403
Trace: Finished a response
Trace: Done reading last response
Trace: CControlSocket::ResetOperation(0)
Trace: CHttpRequestOpData::Reset(0) in state 0
Trace: S3RequestOp::SubcommandResult(0) in state 3
Trace: CControlSocket::ResetOperation(2)
Trace: S3RequestOp::Reset(2) in state 3
Trace: CS3ListOp::SubcommandResult(2) in state 0
Error: Please verify the user name and password used to connect.
Trace: CControlSocket::ResetOperation(1026)
Trace: CS3ListOp::Reset(1026) in state 0
Error: Failed to retrieve directory listing

comment:2 by Tim Kosse, 9 months ago

Resolution: rejected
Status: newclosed

Not a bug in FileZilla Pro.

It's a confirmed bug in Linode's third-party S3 implementation. They are working on the issue, no ETA has been given.

From what I understand, they are wrongly checking the S3 request signature not against the Host header as sent by the client, but by a host header mangled by some reverse proxy, which results in an authentication failure.

Please contact Linode support for further assistance.

Note: See TracTickets for help on using tickets.