From 2d43ecf1cb66c3f8a2bba4282f68a77ca293547c Mon Sep 17 00:00:00 2001 From: Pritha Srivastava Date: Thu, 9 Oct 2025 11:35:13 +0530 Subject: [PATCH] rgw/sts: correct error code to 400 (from 403) for expires sts credentials. Fixes: https://tracker.ceph.com/issues/73441 Signed-off-by: Pritha Srivastava --- src/rgw/rgw_common.cc | 1 + src/rgw/rgw_common.h | 3 ++- src/rgw/rgw_rest_s3.cc | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc index 7d102224d87..faf80be64bc 100644 --- a/src/rgw/rgw_common.cc +++ b/src/rgw/rgw_common.cc @@ -145,6 +145,7 @@ rgw_http_errors rgw_http_s3_errors({ { ERR_ACLS_NOT_SUPPORTED, {400, "AccessControlListNotSupported"}}, { ERR_INVALID_BUCKET_ACL, {400, "InvalidBucketAclWithObjectOwnership"}}, { ERR_NO_SUCH_OWNERSHIP_CONTROLS, {404, "OwnershipControlsNotFoundError"}}, + { ERR_EXPIRED_TOKEN, {400, "ExpiredToken"}}, }); rgw_http_errors rgw_http_swift_errors({ diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index 87219399678..bf2ec99a73d 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -369,7 +369,8 @@ inline constexpr const char* RGW_REST_STS_XMLNS = #define ERR_ACCOUNT_EXISTS 2403 #define ERR_RESTORE_ALREADY_IN_PROGRESS 2500 - +#define ERR_EXPIRED_TOKEN 2501 + #ifndef UINT32_MAX #define UINT32_MAX (0xffffffffu) #endif diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 7aef4284ce9..250d9872aa6 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -7250,7 +7250,7 @@ rgw::auth::s3::STSEngine::authenticate( real_clock::time_point now = real_clock::now(); if (now >= *exp) { ldpp_dout(dpp, 0) << "ERROR: Token expired" << dendl; - return result_t::reject(-EPERM); + return result_t::reject(-ERR_EXPIRED_TOKEN); } } else { ldpp_dout(dpp, 0) << "ERROR: Invalid expiration: " << expiration << dendl; -- 2.47.3