Authorization header not validated against secret on objectstore
Bug #607512 reported by
justinsb
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Soren Hansen |
Bug Description
Currently nova/objectstor
There's a "# FIXME: check signature here!" around line 113
(Splitting this bug out from bug 607501)
Related branches
lp:~soren/nova/twisted-web-s3-server
- Eric Day (community): Approve
- Vish Ishaya (community): Approve
-
Diff: 381 lines (+185/-24)5 files modifiednova/auth/manager.py (+19/-4)
nova/auth/signer.py (+8/-0)
nova/compute/node.py (+22/-3)
nova/objectstore/handler.py (+27/-17)
nova/tests/objectstore_unittest.py (+109/-0)
visibility: | private → public |
summary: |
- Authorization not checked on objectstore + Authorization header not validated against secret on objectstore |
Changed in nova: | |
assignee: | nobody → Soren Hansen (soren) |
status: | New → Fix Committed |
importance: | Undecided → Medium |
Changed in nova: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I'm wondering about this bug..
We clearly do check the signature in the line just above it, so what exactly is this comment referring to? Was the comment just not removed after it had been adressed or is it referring to an RBAC ACL check that needs to be added?