Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rgw: Keystone PKI token expiration is not enforced #4884

Merged
1 commit merged into from Jul 8, 2015
Merged

rgw: Keystone PKI token expiration is not enforced #4884

1 commit merged into from Jul 8, 2015

Conversation

theanalyst
Copy link
Member

@theanalyst
rgw: always check if token is expired
9dfef60 
Fixes: ceph#11367

Currently token expiration is only checked by the token cache. With PKI
tokens no expiration check is done after decoding the token. This causes
PKI tokens to be valid indefinitely. UUID tokens are validated by
keystone after cache miss so they are not affected by this bug.

This commit adds explicit token expiration check to
RGWSwift::validate_keystone_token()

Signed-off-by: Anton Aksola <anton.aksola@nebula.fi>
Reported-by: Riku Lehto <riku.lehto@nexetic.com>
(cherry picked from commit 2df0693)
@theanalyst theanalyst self-assigned this Jun 7, 2015
@theanalyst theanalyst added this to the hammer milestone Jun 7, 2015
@loic-bot
Copy link

loic-bot commented Jun 7, 2015

SUCCESS: http://jenkins.ceph.dachary.org/job/ceph/5724/

@theanalyst theanalyst assigned yehudasa and theanalyst and unassigned theanalyst and yehudasa Jul 6, 2015
@theanalyst
Copy link
Member Author

@yehudasa This has passed the first run of integration tests for hammer backports, tracked at http://tracker.ceph.com/issues/11990#rgw Do you think it is ready to merge?

@yehudasa
Copy link
Member

yehudasa commented Jul 6, 2015

@theanalyst yes

ghost pushed a commit that referenced this pull request Jul 8, 2015
Merge pull request #4884 from theanalyst/wip-11722-hammer
e33af22 
Keystone PKI token expiration is not enforced

Reviewed-by: Yehuda Sadeh <yehuda@redhat.com>
@ghost ghost merged commit e33af22 into ceph:hammer Jul 8, 2015
@ghost ghost changed the title Keystone PKI token expiration is not enforced rgw: Keystone PKI token expiration is not enforced Aug 4, 2015
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@theanalyst theanalyst

Labels
bug-fix rgw
Projects
None yet
Milestone
hammer
3 participants
@theanalyst @loic-bot @yehudasa