Mercurial Mercurial > upstream > oracle > userland-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openstack/keystone/patches/07-CVE-2014-2828.patch
author Drew Fisher <drew.fisher@oracle.com>
Tue, 15 Apr 2014 07:31:13 -0700
branchs11-update
changeset 3077 3e8d5f02f4a0
permissions -rw-r--r--
18416129 neutron-l3-agent should include dependency on ipfilter service 18407503 neutron net-delete doesn't delete subnets/ports with no VM associated 18545343 nova-conductor's method shouldn't try to enable mysql 18545393 cinder-volume's method shouldn't try to enable iscsi/target 18545462 Some panels, menus, and options should be removed from Horizon 18545581 upstream bug 1187129 should be patched in 18551500 keystone's SMF method shouldn't try to enable mysql 18553610 problem in SERVICE/KEYSTONE
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
3077
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
diff changeset 
     1
 
Upstream patch for bug 1300274.
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service
Drew Fisher <drew.fisher@oracle.com>
parents:
diff changeset 
     2
 












3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     3


Fixed in Havana 2013.2.4, Icehouse 2014.1













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     4














3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     5


From e364ba5b12de8e4c11bd80bcca903f9615dcfc2e Mon Sep 17 00:00:00 2001













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     6


From: Florent Flament <[email protected]>













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     7


Date: Tue, 1 Apr 2014 12:48:22 +0000













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     8


Subject: Sanitizes authentication methods received in requests.













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




     9














3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    10


When a user authenticates against Identity V3 API, he can specify













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    11


multiple authentication methods. This patch removes duplicates, which













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    12


could have been used to achieve DoS attacks.













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    13














3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    14


Closes-Bug: 1300274













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    15


(cherry picked from commit ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c)













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    16


Cherry-pick from https://review.openstack.org/#/c/84425/













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    17














3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    18


Change-Id: I6e60324309baa094a5e54b012fb0fc528fea72ab













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    19














3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    20


--- keystone-2013.1.4/keystone/auth/controllers.py.orig	2014-04-10 14:46:27.890585026 -0600













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    21


+++ keystone-2013.1.4/keystone/auth/controllers.py	2014-04-10 14:47:53.783687911 -0600













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    22


@@ -228,7 +228,13 @@













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    23


         :returns: list of auth method names













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    24


 













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    25


         """













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    26


-        return self.auth['identity']['methods']













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    27


+        # Sanitizes methods received in request's body













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    28


+        # Filters out duplicates, while keeping elements' order.













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    29


+        method_names = []













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    30


+        for method in self.auth['identity']['methods']:













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    31


+            if method not in method_names:













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    32


+                method_names.append(method)













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    33


+        return method_names













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    34


 













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    35


     def get_method_data(self, method):













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    36


         """ Get the auth method payload.













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    37


--- keystone-2013.1.4/tests/test_v3_auth.py.orig	2014-04-10 14:50:45.929495618 -0600













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    38


+++ keystone-2013.1.4/tests/test_v3_auth.py	2014-04-10 14:50:48.764440233 -0600













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    39


@@ -83,6 +83,17 @@













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    40


                           None,













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    41


                           auth_data)













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    42


 













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    43


+    def test_get_method_names_duplicates(self):













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    44


+        auth_data = self.build_authentication_request(













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    45


+            token='test',













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    46


+            user_id='test',













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    47


+            password='test')['auth']













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    48


+        auth_data['identity']['methods'] = ['password', 'token',













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    49


+                                            'password', 'password']













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    50


+        context = None













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    51


+        auth_info = auth.controllers.AuthInfo(context, auth_data)













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    52


+        self.assertEqual(auth_info.get_method_names(),













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    53


+                         ['password', 'token'])













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    54


 













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    55


 class TestTokenAPIs(test_v3.RestfulTestCase):













3e8d5f02f4a0
18416129 neutron-l3-agent should include dependency on ipfilter service



Drew Fisher <drew.fisher@oracle.com>


parents: 

diff
changeset




    56


     def setUp(self):















upstream/oracle/userland-gate