rgw: return SignatureDoesNotMatch instead of AccessDenied

author Yehuda Sadeh <yehuda@redhat.com>

Tue, 16 Dec 2014 17:11:20 +0000 (09:11 -0800)

committer Yehuda Sadeh <yehuda@redhat.com>

Fri, 9 Jan 2015 23:13:43 +0000 (15:13 -0800)
author Yehuda Sadeh <yehuda@redhat.com>
Tue, 16 Dec 2014 17:11:20 +0000 (09:11 -0800)
committer Yehuda Sadeh <yehuda@redhat.com>
Fri, 9 Jan 2015 23:13:43 +0000 (15:13 -0800)
diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h

index 9574981a0066edde6f2aeb2031ec8a52081dca57..2020191e1669a7c27826017a219d3213d292aaef 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -135,6 +135,7 @@ using ceph::crypto::MD5;
  #define ERR_PERMANENT_REDIRECT   2024
  #define ERR_LOCKED               2025
  #define ERR_QUOTA_EXCEEDED       2026
+#define ERR_SIGNATURE_NO_MATCH   2027
  #define ERR_USER_SUSPENDED       2100
  #define ERR_INTERNAL_ERROR       2200
  
diff --git a/src/rgw/rgw_http_errors.h b/src/rgw/rgw_http_errors.h

index 9261df476ab852046901b6a71759b23852fb6e0e..dc66956a51f519e3a8e350c7d17f6e0f7c4d9c18 100644 (file)
--- a/src/rgw/rgw_http_errors.h
+++ b/src/rgw/rgw_http_errors.h
@@ -37,6 +37,7 @@ const static struct rgw_http_errors RGW_HTTP_ERRORS[] = {
      { ERR_LENGTH_REQUIRED, 411, "MissingContentLength" },
      { EACCES, 403, "AccessDenied" },
      { EPERM, 403, "AccessDenied" },
+    { ERR_SIGNATURE_NO_MATCH, 403, "SignatureDoesNotMatch" },
      { ERR_USER_SUSPENDED, 403, "UserSuspended" },
      { ERR_REQUEST_TIME_SKEWED, 403, "RequestTimeTooSkewed" },
      { ERR_QUOTA_EXCEEDED, 403, "QuotaExceeded" },
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc

index 1228b351cc945ffa0b1dc9af6d951a82b1281b82..aa8a5f9c7e81098c329c087c6b29ec015c80876a 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -2224,8 +2224,9 @@ int RGW_Auth_S3::authorize(RGWRados *store, struct req_state *s)
      dout(15) << "auth_sign=" << auth_sign << dendl;
      dout(15) << "compare=" << auth_sign.compare(digest) << dendl;
  
-    if (auth_sign != digest)
-      return -EPERM;
+    if (auth_sign != digest) {
+      return -ERR_SIGNATURE_NO_MATCH;
+    }
  
      if (s->user.system) {
        s->system_request = true;
author	Yehuda Sadeh <yehuda@redhat.com>
	Tue, 16 Dec 2014 17:11:20 +0000 (09:11 -0800)
committer	Yehuda Sadeh <yehuda@redhat.com>
	Fri, 9 Jan 2015 23:13:43 +0000 (15:13 -0800)
src/rgw/rgw_common.h		patch \| blob \| history
src/rgw/rgw_http_errors.h		patch \| blob \| history
src/rgw/rgw_rest_s3.cc		patch \| blob \| history