OpenStack Identity (keystone)

  1. Bug #1711883
  2. Comment #0

Comment 0 for bug 1711883

Revision history for this message
Lei Lei (leilei) wrote : A logic error in function get_user_unique_id_and_display_name()

Firstly, see the code of function get_user_unique_id_and_display_name() of keystone/auth/plugins/mapped.py

    # keystone/auth/plugins/mapped.py

    def get_user_unique_id_and_display_name(request, mapped_properties):

        user = mapped_properties['user']

        user_id = user.get('id')
        user_name = user.get('name') or request.remote_user

        if not any([user_id, user_name]):
            msg = _("Could not map user while setting ephemeral user identity. "
                    "Either mapping rules must specify user id/name or "
                    "REMOTE_USER environment variable must be set.")
            raise exception.Unauthorized(msg)

        elif not user_name:
            user['name'] = user_id

        elif not user_id:
            user_id = user_name

        user['id'] = parse.quote(user_id)
        return (user['id'], user['name'])

There is an error inside above function.
If user.get('name') is None, but request.remote_user is not None, e.g. request.remote_user is "fed_user", then user_name will be "fed_user".
So, the execution path will not go into "elif not user_name". So, for last line "return (user['id'], user['name'])", user['name'] will raise KeyError exception.