PSARC/2014/207 OpenStack Glance Update to Havana
PSARC/2014/208 OpenStack Cinder Update to Havana
PSARC/2014/209 OpenStack Keystone Update to Havana
PSARC/2014/210 OpenStack Nova Update to Havana
18416146 Neutron agents (L3 and DHCP) should cleanup resources when they are disabled
18562372 Failed to create a new project under Horizon
18645763 ZFSSA Cinder Driver support
18686327 evs agent silently ignores user-specified pool allocation ranges
18702697 fibre channel volumes should be supported in the cinder volume driver
18734289 nova won't terminate failed kz deployments
18738371 cinder-volume:setup should account for commented-out zfs_volume_base
18738374 cinder-volume:setup should check for existence of configuration file
18826190 nova-compute fails due to nova.utils.to_bytes
18855698 Update OpenStack to Havana 2013.2.3
18855710 Update python-cinderclient to 1.0.9
18855743 Update python-keystoneclient to 0.8.0
18855754 Update python-neutronclient to 2.3.4
18855764 Update python-novaclient to 2.17.0
18855793 Update python-swiftclient to 2.1.0
18856992 External networks can be deleted even when floating IP addresses are in use
18857784 bake in some more openstack configuration
18884923 Incorrect locale facets in python modules for openstack
18913890 the error in _get_view_and_lun may cause the failure of deleting volumes
18943044 Disable 'Security Groups' tab in Horizon dashboard
18969275 problem in SERVICE/KEYSTONE
Upstream patch for bug 1300274.
Fixed in Havana 2013.2.4, Icehouse 2014.1
From: Florent Flament <[email protected]>
Date: Tue, 1 Apr 2014 12:48:22 +0000 (+0000)
Subject: Sanitizes authentication methods received in requests.
X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff_plain;h=e364ba5b12de8e4c11bd80bcca903f9615dcfc2e
Sanitizes authentication methods received in requests.
When a user authenticates against Identity V3 API, he can specify
multiple authentication methods. This patch removes duplicates, which
could have been used to achieve DoS attacks.
Closes-Bug: 1300274
(cherry picked from commit ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c)
Cherry-pick from https://review.openstack.org/#/c/84425/
Change-Id: I6e60324309baa094a5e54b012fb0fc528fea72ab
---
diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py
index c3399df..4944316 100644
--- a/keystone/auth/controllers.py
+++ b/keystone/auth/controllers.py
@@ -225,7 +225,13 @@ class AuthInfo(object):
:returns: list of auth method names
"""
- return self.auth['identity']['methods'] or []
+ # Sanitizes methods received in request's body
+ # Filters out duplicates, while keeping elements' order.
+ method_names = []
+ for method in self.auth['identity']['methods']:
+ if method not in method_names:
+ method_names.append(method)
+ return method_names
def get_method_data(self, method):
"""Get the auth method payload.
diff --git a/keystone/tests/test_v3_auth.py b/keystone/tests/test_v3_auth.py
index d07e6ae..e89e29f 100644
--- a/keystone/tests/test_v3_auth.py
+++ b/keystone/tests/test_v3_auth.py
@@ -81,6 +81,18 @@ class TestAuthInfo(test_v3.RestfulTestCase):
None,
auth_data)
+ def test_get_method_names_duplicates(self):
+ auth_data = self.build_authentication_request(
+ token='test',
+ user_id='test',
+ password='test')['auth']
+ auth_data['identity']['methods'] = ['password', 'token',
+ 'password', 'password']
+ context = None
+ auth_info = auth.controllers.AuthInfo(context, auth_data)
+ self.assertEqual(auth_info.get_method_names(),
+ ['password', 'token'])
+
def test_get_method_data_invalid_method(self):
auth_data = self.build_authentication_request(
user_id='test',