}
std::string auth_url = g_conf->rgw_swift_auth_url;
- if (auth_url[auth_url.length() - 1] != '/') {
+ if (auth_url.back() != '/') {
auth_url.append("/");
}
",", swift_groups);
if (0 == swift_groups.size()) {
- return result_t::deny();
+ return result_t::deny(-EPERM);
} else {
swift_user = std::move(swift_groups[0]);
}
} catch (std::out_of_range) {
/* The X-Auth-Groups header isn't present in the response. */
- return result_t::deny();
+ return result_t::deny(-EPERM);
}
if (swift_user.empty()) {
- return result_t::deny();
+ return result_t::deny(-EPERM);
}
ldout(cct, 10) << "swift user=" << swift_user << dendl;
const req_state* const s) const
{
if (! is_applicable(token)) {
- return result_t::deny();
+ return result_t::deny(-EPERM);
}
/* Effective token string is the part after the prefix. */
ldout(cct, 0) << "NOTICE: old timed out token was used now=" << now
<< " token.expiration=" << expiration
<< dendl;
- return result_t::deny();
+ return result_t::deny(-EPERM);
}
RGWUserInfo user_info;
const auto siter = user_info.swift_keys.find(swift_user);
if (siter == std::end(user_info.swift_keys)) {
- return result_t::deny();
+ return result_t::deny(-EPERM);
}
const auto swift_key = siter->second;
<< " tok_bl.length()=" << tok_bl.length()
<< " local_tok_bl.length()=" << local_tok_bl.length()
<< dendl;
- return result_t::deny();
+ return result_t::deny(-EPERM);
}
if (memcmp(local_tok_bl.c_str(), tok_bl.c_str(),
local_tok_bl.length(), buf);
ldout(cct, 0) << "NOTICE: tokens mismatch tok=" << buf << dendl;
- return result_t::deny();
+ return result_t::deny(-EPERM);
}
auto apl = apl_factory->create_apl_local(cct, s, user_info,