From: Casey Bodley <cbodley@redhat.com>
Date: Wed, 10 Aug 2016 20:23:32 +0000 (-0400)
Subject: rgw: don't overwrite auth result if ldap is not applicable
X-Git-Tag: ses5-milestone5~149^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F10669%2Fhead;p=ceph.git

rgw: don't overwrite auth result if ldap is not applicable

this was causing the following s3tests failure:

======================================================================
FAIL: s3tests.functional.test_s3.test_list_buckets_invalid_auth
----------------------------------------------------------------------
AssertionError: u'AccessDenied' != 'InvalidAccessKeyId'

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index c181b703930a..eb20db812d7a 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3895,7 +3895,7 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
   }
 
   /* try keystone auth first */
-  int external_auth_result = -ERR_INVALID_ACCESS_KEY;;
+  int external_auth_result = -ERR_INVALID_ACCESS_KEY;
   if (store->ctx()->_conf->rgw_s3_auth_use_keystone
       && !store->ctx()->_conf->rgw_keystone_url.empty()) {
     dout(20) << "s3 keystone: trying keystone auth" << dendl;
@@ -3952,9 +3952,7 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
   RGWLDAPTokenExtractor token_extr(s);
   RGWLDAPAuthEngine ldap(s->cct, store, token_extr, &aplfact);
 
-  if (! ldap.is_applicable()) {
-    external_auth_result = -EACCES;
-  } else {
+  if (ldap.is_applicable()) {
     auto applier = ldap.authenticate();
     if (!applier) {
       external_auth_result = -EACCES;