Ubuntu
keystone package

  1. Bug #1006815
  2. Activity log

Activity log for bug #1006815

Date Who What changed Old value New value Message
2012-05-31 10:10:36 Jason Xu bug added bug
2012-05-31 10:10:36 Jason Xu attachment added keystone_tenant_api_bug.patch https://bugs.launchpad.net/bugs/1006815/+attachment/3169957/+files/keystone_tenant_api_bug.patch
2012-06-02 20:56:07 Dolph Mathews keystone: importance Undecided Critical
2012-06-02 20:56:15 Dolph Mathews keystone: status New Triaged
2012-06-02 20:56:15 Dolph Mathews keystone: milestone folsom-2
2012-06-03 17:17:01 Dolph Mathews keystone: status Triaged Confirmed
2012-06-03 17:17:01 Dolph Mathews keystone: assignee Dolph Mathews (dolph)
2012-06-03 17:32:00 OpenStack Infra keystone: status Confirmed In Progress
2012-06-04 09:19:31 Alan Pevec tags essex-backport
2012-06-08 17:00:05 OpenStack Infra keystone: status In Progress Fix Committed
2012-07-04 08:22:19 Thierry Carrez keystone: status Fix Committed Fix Released
2012-07-05 16:04:44 OpenStack Infra tags essex-backport essex-backport in-stable-essex
2012-07-24 20:58:01 Mark McLoughlin nominated for series keystone/essex
2012-07-24 20:58:01 Mark McLoughlin bug task added keystone/essex
2012-07-24 20:58:16 Mark McLoughlin keystone/essex: status New Fix Committed
2012-08-07 23:13:36 Mark McLoughlin keystone/essex: milestone 2012.1.2
2012-08-07 23:14:02 Mark McLoughlin keystone/essex: importance Undecided Critical
2012-08-10 06:01:52 Mark McLoughlin keystone/essex: status Fix Committed Fix Released
2012-08-21 16:50:16 Launchpad Janitor branch linked lp:~openstack-ubuntu-testing/keystone/precise-essex-proposed
2012-08-22 20:50:53 Chuck Short bug task added keystone (Ubuntu)
2012-08-22 20:51:05 Chuck Short nominated for series Ubuntu Precise
2012-08-22 20:51:05 Chuck Short bug task added keystone (Ubuntu Precise)
2012-08-22 20:51:05 Chuck Short nominated for series Ubuntu Quantal
2012-08-22 20:51:05 Chuck Short bug task added keystone (Ubuntu Quantal)
2012-08-23 00:25:55 Ubuntu Foundations Team Bug Bot tags essex-backport in-stable-essex essex-backport in-stable-essex patch
2012-08-23 00:26:03 Ubuntu Foundations Team Bug Bot bug added subscriber Ubuntu Review Team
2012-08-24 13:30:22 Dave Walker keystone (Ubuntu): status New Fix Released
2012-08-24 13:30:28 Dave Walker keystone (Ubuntu Precise): status New Confirmed
2012-08-24 19:13:00 Launchpad Janitor branch linked lp:ubuntu/precise-proposed/keystone
2012-08-30 07:25:35 Adam Gandelman attachment added 2012.1+stable~20120824-a16a0ab9-0ubuntu2.log https://bugs.launchpad.net/bugs/1006815/+attachment/3283183/+files/2012.1%2Bstable%7E20120824-a16a0ab9-0ubuntu2.log
2012-08-30 07:25:37 Adam Gandelman tags essex-backport in-stable-essex patch essex-backport in-stable-essex patch verification-done
2012-09-03 15:22:16 Launchpad Janitor keystone (Ubuntu Precise): status Confirmed Fix Released
2012-09-12 03:22:33 Jason Xu removed subscriber Jason Xu
2012-09-27 13:44:54 Russell Bryant security vulnerability no yes
2012-09-27 15:03:11 Thierry Carrez keystone: milestone folsom-2 2012.2
2012-09-27 18:10:54 Russell Bryant cve linked 2012-4456
2012-09-28 16:01:52 Joseph Heck description Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token we can get the same result without a token in HTTP head. Eg: without a token jason@ubuntu:~/project/keystone$ curl http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 72 100 72 0 0 308 0 --:--:-- --:--:-- --:--:-- 346 { "roles": [ { "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd", "name": "admin" } ] } with token jason@ubuntu:~/project/keystone$ curl -H "X-Auth-Token:ecab59a3f4e2468b9934c24f8660a809" http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 72 100 72 0 0 242 0 --:--:-- --:--:-- --:--:-- 270 { "roles": [ { "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd", "name": "admin" } ] } What we expect: without a token jason@ubuntu:~/project/keystone$ curl http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 116 100 116 0 0 848 0 --:--:-- --:--:-- --:--:-- 1026 { "error": { "code": 401, "message": "The request you have made requires authentication.", "title": "Not Authorized" } } Attached is a diff of the changes. Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate the authentication token before returning a response. i.e. we can get the same result without a token in HTTP head. Eg: without a token jason@ubuntu:~/project/keystone$ curl http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool   % Total % Received % Xferd Average Speed Time Time Time Current                                  Dload Upload Total Spent Left Speed 100 72 100 72 0 0 308 0 --:--:-- --:--:-- --:--:-- 346 {     "roles": [         {             "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd",             "name": "admin"         }     ] } with token jason@ubuntu:~/project/keystone$ curl -H "X-Auth-Token:ecab59a3f4e2468b9934c24f8660a809" http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool   % Total % Received % Xferd Average Speed Time Time Time Current                                  Dload Upload Total Spent Left Speed 100 72 100 72 0 0 242 0 --:--:-- --:--:-- --:--:-- 270 {     "roles": [         {             "id": "06906f69ffd44ad0b9fc86d1c3d1bcbd",             "name": "admin"         }     ] } What we expect: without a token jason@ubuntu:~/project/keystone$ curl http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles | python -m json.tool % Total % Received % Xferd Average Speed Time Time Time Current                                  Dload Upload Total Spent Left Speed 100 116 100 116 0 0 848 0 --:--:-- --:--:-- --:--:-- 1026 {     "error": {         "code": 401,         "message": "The request you have made requires authentication.",         "title": "Not Authorized"     } } Attached is a diff of the changes.
2013-06-07 15:40:47 Thierry Carrez summary Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token [OSSA 2012-015] Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
2013-06-07 15:41:35 Thierry Carrez bug task added ossa
2013-06-07 15:41:48 Thierry Carrez ossa: status New Fix Released
2013-06-07 15:41:48 Thierry Carrez ossa: assignee Russell Bryant (russellb)