From 318de28e1011914dc7f3701549eb3ef227abbc3c Mon Sep 17 00:00:00 2001
From: Jing Wenjun <jingwenjun@cmss.chinamobile.com>
Date: Fri, 3 Feb 2017 19:06:31 +0800
Subject: [PATCH] rgw: swift: fix anonymous user's error code of getting object

The openstack swift will return 401 rather than 403 when
the anon user has no permission to get objects.

Fixes: http://tracker.ceph.com/issues/18806
Signed-off-by: Jing Wenjun <jingwenjun@cmss.chinamobile.com>
---
 src/rgw/rgw_rest_swift.cc | 14 ++++++++++++++
 src/rgw/rgw_rest_swift.h  |  1 +
 2 files changed, 15 insertions(+)

diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc
index 5bc9b920e78f4..f96a088838364 100644
--- a/src/rgw/rgw_rest_swift.cc
+++ b/src/rgw/rgw_rest_swift.cc
@@ -1222,6 +1222,20 @@ void RGWCopyObj_ObjStore_SWIFT::send_response()
   }
 }
 
+int RGWGetObj_ObjStore_SWIFT::verify_permission()
+{
+  op_ret = RGWGetObj_ObjStore::verify_permission();
+
+  /* We have to differentiate error codes depending on whether user is
+   * anonymous (401 Unauthorized) or he doesn't have necessary permissions
+   * (403 Forbidden). */
+  if (s->auth_identity->is_anonymous() && op_ret == -EACCES) {
+    return -EPERM;
+  } else {
+    return op_ret;
+  }
+}
+
 int RGWGetObj_ObjStore_SWIFT::get_params()
 {
   const string& mm = s->info.args.get("multipart-manifest");
diff --git a/src/rgw/rgw_rest_swift.h b/src/rgw/rgw_rest_swift.h
index d4a3f03841659..a72f7c0d5d683 100644
--- a/src/rgw/rgw_rest_swift.h
+++ b/src/rgw/rgw_rest_swift.h
@@ -17,6 +17,7 @@ public:
   RGWGetObj_ObjStore_SWIFT() {}
   ~RGWGetObj_ObjStore_SWIFT() {}
 
+  int verify_permission() override;
   int get_params();
   int send_response_data_error();
   int send_response_data(bufferlist& bl, off_t ofs, off_t len);
-- 
2.39.5