Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 618257 Details for
Bug 861179
CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
CVE-2012-4456-keystone-1006822.patch
CVE-2012-4456-keystone-1006822.patch (text/plain), 3.79 KB, created by
Kurt Seifried
on 2012-09-27 19:21:16 UTC
(
hide
)
Description:
CVE-2012-4456-keystone-1006822.patch
Filename:
MIME Type:
Creator:
Kurt Seifried
Created:
2012-09-27 19:21:16 UTC
Size:
3.79 KB
patch
obsolete
>commit 1d146f5c32e58a73a677d308370f147a3271c2cb >Author: Dolph Mathews <dolph.mathews@gmail.com> >Date: Sun Jun 3 11:00:54 2012 -0500 > > Require authz for service CRUD (bug 1006822) > > Change-Id: Ia90f0aa2b856b9a9874d4865fb92ee913e8125c5 > >diff --git a/keystone/catalog/core.py b/keystone/catalog/core.py >index 68bcae2..afff7cf 100644 >--- a/keystone/catalog/core.py >+++ b/keystone/catalog/core.py >@@ -116,29 +116,36 @@ class Driver(object): > class ServiceController(wsgi.Application): > def __init__(self): > self.catalog_api = Manager() >+ self.identity_api = identity.Manager() >+ self.policy_api = policy.Manager() >+ self.token_api = token.Manager() > super(ServiceController, self).__init__() > > # CRUD extensions > # NOTE(termie): this OS-KSADM stuff is not very consistent > def get_services(self, context): >+ self.assert_admin(context) > service_list = self.catalog_api.list_services(context) > service_refs = [self.catalog_api.get_service(context, x) > for x in service_list] > return {'OS-KSADM:services': service_refs} > > def get_service(self, context, service_id): >+ self.assert_admin(context) > service_ref = self.catalog_api.get_service(context, service_id) > if not service_ref: > raise exception.ServiceNotFound(service_id=service_id) > return {'OS-KSADM:service': service_ref} > > def delete_service(self, context, service_id): >+ self.assert_admin(context) > service_ref = self.catalog_api.get_service(context, service_id) > if not service_ref: > raise exception.ServiceNotFound(service_id=service_id) > self.catalog_api.delete_service(context, service_id) > > def create_service(self, context, OS_KSADM_service): >+ self.assert_admin(context) > service_id = uuid.uuid4().hex > service_ref = OS_KSADM_service.copy() > service_ref['id'] = service_id >diff --git a/tests/test_content_types.py b/tests/test_content_types.py >index 639a03d..df73dff 100644 >--- a/tests/test_content_types.py >+++ b/tests/test_content_types.py >@@ -16,6 +16,7 @@ > > import httplib > import json >+import uuid > > from lxml import etree > import nose.exc >@@ -554,6 +555,38 @@ class JsonTestCase(RestfulTestCase, CoreApiTests): > def assertValidVersionResponse(self, r): > self.assertValidVersion(r.body.get('version')) > >+ def test_service_crud_requires_auth(self): >+ """Service CRUD should 401 without an X-Auth-Token (bug 1006822).""" >+ # values here don't matter because we should 401 before they're checked >+ service_path = '/v2.0/OS-KSADM/services/%s' % uuid.uuid4().hex >+ service_body = { >+ 'OS-KSADM:service': { >+ 'name': uuid.uuid4().hex, >+ 'type': uuid.uuid4().hex, >+ }, >+ } >+ >+ r = self.admin_request(method='GET', >+ path='/v2.0/OS-KSADM/services', >+ expected_status=401) >+ self.assertValidErrorResponse(r) >+ >+ r = self.admin_request(method='POST', >+ path='/v2.0/OS-KSADM/services', >+ body=service_body, >+ expected_status=401) >+ self.assertValidErrorResponse(r) >+ >+ r = self.admin_request(method='GET', >+ path=service_path, >+ expected_status=401) >+ self.assertValidErrorResponse(r) >+ >+ r = self.admin_request(method='DELETE', >+ path=service_path, >+ expected_status=401) >+ self.assertValidErrorResponse(r) >+ > > class XmlTestCase(RestfulTestCase, CoreApiTests): > xmlns = 'http://docs.openstack.org/identity/api/v2.0'
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=618257">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 861179
:
618256
| 618257