From 014cb50937c939ad063045a1396f2a8ad4109063 Mon Sep 17 00:00:00 2001
From: Casey Bodley <cbodley@redhat.com>
Date: Wed, 10 Aug 2016 16:23:32 -0400
Subject: [PATCH] rgw: don't overwrite auth result if ldap is not applicable

this was causing the following s3tests failure:

======================================================================
FAIL: s3tests.functional.test_s3.test_list_buckets_invalid_auth
----------------------------------------------------------------------
AssertionError: u'AccessDenied' != 'InvalidAccessKeyId'

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---
 src/rgw/rgw_rest_s3.cc | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index c181b703930a..eb20db812d7a 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3895,7 +3895,7 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
   }
 
   /* try keystone auth first */
-  int external_auth_result = -ERR_INVALID_ACCESS_KEY;;
+  int external_auth_result = -ERR_INVALID_ACCESS_KEY;
   if (store->ctx()->_conf->rgw_s3_auth_use_keystone
       && !store->ctx()->_conf->rgw_keystone_url.empty()) {
     dout(20) << "s3 keystone: trying keystone auth" << dendl;
@@ -3952,9 +3952,7 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
   RGWLDAPTokenExtractor token_extr(s);
   RGWLDAPAuthEngine ldap(s->cct, store, token_extr, &aplfact);
 
-  if (! ldap.is_applicable()) {
-    external_auth_result = -EACCES;
-  } else {
+  if (ldap.is_applicable()) {
     auto applier = ldap.authenticate();
     if (!applier) {
       external_auth_result = -EACCES;
-- 
2.47.3