swift_auth validates the tenant:user acl incorrectly
Bug #963546 reported by
Maru Newby
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Maru Newby | ||
keystone (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
One of Swift's standard authorization checks is whether 'tenant_name:user' is one of the acl's for the resource being accessed. swift_auth fails to authorize allow tenant_name:user, and instead allows tenant_id:user.
Changed in keystone: | |
assignee: | nobody → Maru Newby (maru) |
status: | New → In Progress |
tags: | removed: essex-rc-potential |
Changed in keystone: | |
milestone: | essex-rc2 → 2012.1 |
Changed in keystone (Ubuntu Precise): | |
status: | New → Fix Released |
Changed in keystone (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
Maru - I'm thinking that this should potentially in the list of elements to be backported into RC2/essex release of Keystone. What are you thoughts?