From 40176698ef7c62cddfd9e7d093bb38ddd879fab8 Mon Sep 17 00:00:00 2001
From: Pritha Srivastava <prsrivas@redhat.com>
Date: Thu, 20 Jul 2023 11:35:09 +0530
Subject: [PATCH] rgw/auth: Fix the return code returned by AuthStrategy, in
 case of LocalEngine authentication, when the previous auth engine is Not
 Applicable. The error code now returned is the one returned by LocalEngine.

fixes: https://tracker.ceph.com/issues/61916

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit 6f7ef8620e52be776ef633bb962a4309996529df)
---
 src/rgw/rgw_auth.cc    | 2 +-
 src/rgw/rgw_rest_s3.cc | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index 369627c6d7b8b..869bef6c6aaa2 100644
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -172,7 +172,7 @@ strategy_handle_rejected(rgw::auth::Engine::result_t&& engine_result,
 
     case Control::FALLBACK:
       /* Don't try next. */
-      return std::make_pair(false, std::move(strategy_result));
+      return std::make_pair(false, std::move(engine_result));
 
     default:
       /* Huh, memory corruption? */
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index cb15834a1620b..4a4b5ad97b0bf 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -6118,7 +6118,7 @@ rgw::auth::s3::LocalEngine::authenticate(
   if (store->get_user_by_access_key(dpp, access_key_id, y, &user) < 0) {
       ldpp_dout(dpp, 5) << "error reading user info, uid=" << access_key_id
               << " can't authenticate" << dendl;
-      return result_t::deny(-ERR_INVALID_ACCESS_KEY);
+      return result_t::reject(-ERR_INVALID_ACCESS_KEY);
   }
   //TODO: Uncomment, when we have a migration plan in place.
   /*else {
@@ -6132,7 +6132,7 @@ rgw::auth::s3::LocalEngine::authenticate(
   const auto iter = user->get_info().access_keys.find(access_key_id);
   if (iter == std::end(user->get_info().access_keys)) {
     ldpp_dout(dpp, 0) << "ERROR: access key not encoded in user info" << dendl;
-    return result_t::deny(-EPERM);
+    return result_t::reject(-EPERM);
   }
   const RGWAccessKey& k = iter->second;
 
@@ -6148,7 +6148,7 @@ rgw::auth::s3::LocalEngine::authenticate(
   ldpp_dout(dpp, 15) << "compare=" << compare << dendl;
 
   if (compare != 0) {
-    return result_t::deny(-ERR_SIGNATURE_NO_MATCH);
+    return result_t::reject(-ERR_SIGNATURE_NO_MATCH);
   }
 
   auto apl = apl_factory->create_apl_local(cct, s, user->get_info(),
-- 
2.39.5