18416129 neutron-l3-agent should include dependency on ipfilter service
18407503 neutron net-delete doesn't delete subnets/ports with no VM associated
18545343 nova-conductor's method shouldn't try to enable mysql
18545393 cinder-volume's method shouldn't try to enable iscsi/target
18545462 Some panels, menus, and options should be removed from Horizon
18545581 upstream bug 1187129 should be patched in
18551500 keystone's SMF method shouldn't try to enable mysql
18553610 problem in SERVICE/KEYSTONE
Upstream patch for bug 1300274.
Fixed in Havana 2013.2.4, Icehouse 2014.1
From e364ba5b12de8e4c11bd80bcca903f9615dcfc2e Mon Sep 17 00:00:00 2001
From: Florent Flament <[email protected]>
Date: Tue, 1 Apr 2014 12:48:22 +0000
Subject: Sanitizes authentication methods received in requests.
When a user authenticates against Identity V3 API, he can specify
multiple authentication methods. This patch removes duplicates, which
could have been used to achieve DoS attacks.
Closes-Bug: 1300274
(cherry picked from commit ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c)
Cherry-pick from https://review.openstack.org/#/c/84425/
Change-Id: I6e60324309baa094a5e54b012fb0fc528fea72ab
--- keystone-2013.1.4/keystone/auth/controllers.py.orig 2014-04-10 14:46:27.890585026 -0600
+++ keystone-2013.1.4/keystone/auth/controllers.py 2014-04-10 14:47:53.783687911 -0600
@@ -228,7 +228,13 @@
:returns: list of auth method names
"""
- return self.auth['identity']['methods']
+ # Sanitizes methods received in request's body
+ # Filters out duplicates, while keeping elements' order.
+ method_names = []
+ for method in self.auth['identity']['methods']:
+ if method not in method_names:
+ method_names.append(method)
+ return method_names
def get_method_data(self, method):
""" Get the auth method payload.
--- keystone-2013.1.4/tests/test_v3_auth.py.orig 2014-04-10 14:50:45.929495618 -0600
+++ keystone-2013.1.4/tests/test_v3_auth.py 2014-04-10 14:50:48.764440233 -0600
@@ -83,6 +83,17 @@
None,
auth_data)
+ def test_get_method_names_duplicates(self):
+ auth_data = self.build_authentication_request(
+ token='test',
+ user_id='test',
+ password='test')['auth']
+ auth_data['identity']['methods'] = ['password', 'token',
+ 'password', 'password']
+ context = None
+ auth_info = auth.controllers.AuthInfo(context, auth_data)
+ self.assertEqual(auth_info.get_method_names(),
+ ['password', 'token'])
class TestTokenAPIs(test_v3.RestfulTestCase):
def setUp(self):