From: Tobias Urdin <tobias.urdin@binero.com>
Date: Wed, 25 Sep 2024 16:33:28 +0000 (+0200)
Subject: rgw/auth: fix internal server error for presigned urls
X-Git-Tag: v20.0.0~895^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=c01b5b179e2323bb4459da8e78d26cc9a1bbaff2;p=ceph.git

rgw/auth: fix internal server error for presigned urls

We have special error handling for these cases but we
don't check the negative value of the error so it
instead gets caught as an error not defined with a
response and throws a http 500.

This was implement by [1] and the same way done
with [2].

[1] https://github.com/ceph/ceph/pull/55371
[2] https://github.com/ceph/ceph/pull/56044

Signed-off-by: Tobias Urdin <tobias.urdin@binero.com>
---

diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index 290b9bb46b355..ac1ed8b75d611 100644
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -505,12 +505,12 @@ rgw::auth::Strategy::apply(const DoutPrefixProvider *dpp, const rgw::auth::Strat
       ldpp_dout(dpp, 5) << "Failed the auth strategy, reason="
                        << result.get_reason() << dendl;
       // Special handling for expired pre-signed URL
-      if (result.get_reason() == ERR_PRESIGNED_URL_EXPIRED) {
+      if (result.get_reason() == -ERR_PRESIGNED_URL_EXPIRED) {
         result = result_t::deny(-EPERM);
         set_req_state_err(s, -EPERM, "The pre-signed URL has expired");
       }
       // Special handling for disabled presigned URL
-      if (result.get_reason() == ERR_PRESIGNED_URL_DISABLED) {
+      if (result.get_reason() == -ERR_PRESIGNED_URL_DISABLED) {
         result = result_t::deny(-EPERM);
         set_req_state_err(s, -EPERM, "Presigned URLs are disabled by admin");
       }