rgw_rest_admin: return -EINVAL for improper user info requests

for /admin/user GET requests, if a uid is not given, we ultimately
return an AccessDenied error, as we initialize an anon user by default
where operations like key initialization will throw an -EACCESS. Since
the actual failure here is that uid was not specified, return an
-EINVAL, HTTP 400 error instead which is more clearer.

Fixes: http://tracker.ceph.com/issues/15455
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>

diff --git a/src/rgw/rgw_rest_user.cc b/src/rgw/rgw_rest_user.cc
index 587e6d00db202759fd116a25c3e16e7be468c9a4..995ea61b3106dcb3222b1bd7c72004bb1e29b703 100644 (file)
--- a/src/rgw/rgw_rest_user.cc
+++ b/src/rgw/rgw_rest_user.cc
@@ -34,6 +34,15 @@ void RGWOp_User_Info::execute()
   bool fetch_stats;
 
   RESTArgs::get_string(s, "uid", uid_str, &uid_str);
+
+  // if uid was not supplied in rest argument, error out now, otherwise we'll
+  // end up initializing anonymous user, for which keys.init will eventually
+  // return -EACESS
+  if (uid_str.empty()){
+    http_ret=-EINVAL;
+    return;
+  }
+
   rgw_user uid(uid_str);
 
   RESTArgs::get_bool(s, "stats", false, &fetch_stats);