Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-auth/keystone/files/keystone-CVE-2013-0282.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-auth/keystone/files/keystone-CVE-2013-0282.patch')
-rw-r--r--sys-auth/keystone/files/keystone-CVE-2013-0282.patch91
1 files changed, 0 insertions, 91 deletions
diff --git a/sys-auth/keystone/files/keystone-CVE-2013-0282.patch b/sys-auth/keystone/files/keystone-CVE-2013-0282.patch
deleted file mode 100644
index d411847c3fe0..000000000000
--- a/sys-auth/keystone/files/keystone-CVE-2013-0282.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From: Nathanael Burton <nathanael.i.burton.work@gmail.com>
-Date: Tue, 19 Feb 2013 15:27:04 +0000 (-0600)
-Subject: Ensure user and tenant enabled in EC2
-X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff_plain;h=f0b4d300db5cc61d4f079f8bce9da8e8bea1081a
-
-Ensure user and tenant enabled in EC2
-
-Fixes bug 1121494.
-
-Change-Id: Icc90d581691b5aa63754e076ce983dfa2885a1dc
----
-
-diff --git a/keystone/contrib/ec2/core.py b/keystone/contrib/ec2/core.py
-index 064474c..ffc0eee 100644
---- a/keystone/contrib/ec2/core.py
-+++ b/keystone/contrib/ec2/core.py
-@@ -37,6 +37,7 @@ glance to list images needed to perform the requested task.
- import uuid
-
- from keystone import catalog
-+from keystone.common import logging
- from keystone.common import manager
- from keystone.common import utils
- from keystone.common import wsgi
-@@ -49,6 +50,7 @@ from keystone import token
-
-
- CONF = config.CONF
-+LOG = logging.getLogger(__name__)
-
-
- class Manager(manager.Manager):
-@@ -117,9 +119,9 @@ class Ec2Controller(wsgi.Application):
- credentials['host'] = hostname
- signature = signer.generate(credentials)
- if not utils.auth_str_equal(credentials.signature, signature):
-- raise exception.Unauthorized(message='Invalid EC2 signature.')
-+ raise exception.Unauthorized()
- else:
-- raise exception.Unauthorized(message='EC2 signature not supplied.')
-+ raise exception.Unauthorized()
-
- def authenticate(self, context, credentials=None, ec2Credentials=None):
- """Validate a signed EC2 request and provide a token.
-@@ -149,7 +151,7 @@ class Ec2Controller(wsgi.Application):
- credentials = ec2Credentials
-
- if not 'access' in credentials:
-- raise exception.Unauthorized(message='EC2 signature not supplied.')
-+ raise exception.Unauthorized()
-
- creds_ref = self._get_credentials(context,
- credentials['access'])
-@@ -161,9 +163,19 @@ class Ec2Controller(wsgi.Application):
- tenant_ref = self.identity_api.get_tenant(
- context=context,
- tenant_id=creds_ref['tenant_id'])
-+ # If the tenant is disabled don't allow them to authenticate
-+ if tenant_ref and not tenant_ref.get('enabled', True):
-+ msg = 'Tenant %s is disabled' % tenant_ref['id']
-+ LOG.warning(msg)
-+ raise exception.Unauthorized()
- user_ref = self.identity_api.get_user(
- context=context,
- user_id=creds_ref['user_id'])
-+ # If the user is disabled don't allow them to authenticate
-+ if not user_ref.get('enabled', True):
-+ msg = 'User %s is disabled' % user_ref['id']
-+ LOG.warning(msg)
-+ raise exception.Unauthorized()
- metadata_ref = self.identity_api.get_metadata(
- context=context,
- user_id=user_ref['id'],
-@@ -174,7 +186,7 @@ class Ec2Controller(wsgi.Application):
- # fill out the roles in the metadata
- roles = metadata_ref.get('roles', [])
- if not roles:
-- raise exception.Unauthorized(message='User not valid for tenant.')
-+ raise exception.Unauthorized()
- roles_ref = [self.identity_api.get_role(context, role_id)
- for role_id in roles]
-
-@@ -279,7 +291,7 @@ class Ec2Controller(wsgi.Application):
- creds = self.ec2_api.get_credential(context,
- credential_id)
- if not creds:
-- raise exception.Unauthorized(message='EC2 access key not found.')
-+ raise exception.Unauthorized()
- return creds
-
- def _assert_identity(self, context, user_id):