From bcdb467af45bc6f8d08ad361de02565e9feb7388 Mon Sep 17 00:00:00 2001
From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Tue, 22 Mar 2016 15:27:49 +0100
Subject: [PATCH] rgw: return -EACCESS for system requests also

In a multisite scenario, if a user created in a secondary zone tries to
create a bucket, fail with AccessDenied instead of a NoSuchKey, which
doesn't make sense for a create Bucket request for eg.

Fixes: #15234
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
---
 src/rgw/rgw_rest_s3.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 9c525d15adea..a0365bdbbb26 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3600,7 +3600,7 @@ int RGW_Auth_S3::authorize_v4(RGWRados *store, struct req_state *s)
       int ret = rgw_get_user_info_by_uid(store, effective_uid, effective_user);
       if (ret < 0) {
         ldout(s->cct, 0) << "User lookup failed!" << dendl;
-        return -ENOENT;
+        return -EACCES;
       }
       *(s->user) = effective_user;
     }
@@ -3808,7 +3808,7 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
         ret = rgw_get_user_info_by_uid(store, euid, effective_user);
         if (ret < 0) {
           ldout(s->cct, 0) << "User lookup failed!" << dendl;
-          return -ENOENT;
+          return -EACCES;
         }
         *(s->user) = effective_user;
       }
-- 
2.47.3