RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2024-12-27 14:03:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #53680 from cbodley/wip-62989

Browse Source 
rgw/keystone: EC2Engine uses reject() for ERR_SIGNATURE_NO_MATCH

Reviewed-by: Daniel Gryniewicz <dang@redhat.com>
This commit is contained in:
Casey Bodley 2023-10-02 15:35:47 +01:00 committed by GitHub
commit 98cdc09608
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/rgw/rgw_auth_keystone.cc
View File

@ -682,6 +682,12 @@ rgw::auth::Engine::result_t EC2Engine::authenticate(
get_access_token(dpp, access_key_id, string_to_sign,
signature, signature_factory, y);
if (! t) {
if (failure_reason == -ERR_SIGNATURE_NO_MATCH) {
// we looked up a secret but it didn't generate the same signature as
// the client. since we found this access key in keystone, we should
// reject the request instead of trying other engines
return result_t::reject(failure_reason);
}
return result_t::deny(failure_reason);
}