From: Pritha Srivastava <prsrivas@redhat.com>
Date: Wed, 18 Jul 2018 16:06:45 +0000 (+0530)
Subject: rgw: STS authentication correction.
X-Git-Tag: v14.0.1~113^2~14
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c627ef5295a84fced1b21fe0519d4d72df5f25f6;p=ceph.git

rgw: STS authentication correction.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 6ae089913d6d..38c00944be68 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -4473,17 +4473,16 @@ rgw::auth::s3::STSEngine::authenticate(
       return result_t::deny(-EPERM);
     }
   }
-  if (token.acct_type == TYPE_RGW) {
-    string subuser;
-    auto apl = local_apl_factory->create_apl_local(cct, s, user_info, subuser, role_policies);
-    return result_t::grant(std::move(apl), completer_factory(token.secret_access_key));
-  } else if (token.acct_type == TYPE_KEYSTONE || token.acct_type == TYPE_LDAP) {
+
+  if (token.acct_type == TYPE_KEYSTONE || token.acct_type == TYPE_LDAP) {
     auto apl = remote_apl_factory->create_apl_remote(cct, s, get_acl_strategy(),
                                             get_creds_info(token));
     return result_t::grant(std::move(apl), completer_factory(boost::none));
+  } else {
+    string subuser;
+    auto apl = local_apl_factory->create_apl_local(cct, s, user_info, subuser, role_policies);
+    return result_t::grant(std::move(apl), completer_factory(token.secret_access_key));
   }
-
-  return result_t::deny(-EPERM);
 }
 
 bool rgw::auth::s3::S3AnonymousEngine::is_applicable(