Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rgw: Keystone PKI token expiration is not enforced #11367 #4429

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
5 participants
@aakso
Copy link
Member

commented Apr 22, 2015

rgw: always check if token is expired
Fixes: #11367

Currently token expiration is only checked by the token cache. With PKI
tokens no expiration check is done after decoding the token. This causes
PKI tokens to be valid indefinitely. UUID tokens are validated by
keystone after cache miss so they are not affected by this bug.

This commit adds explicit token expiration check to
RGWSwift::validate_keystone_token()

Signed-off-by: Anton Aksola <anton.aksola@nebula.fi>
Reported-by: Riku Lehto <riku.lehto@nexetic.com>

@ghost ghost added bug fix rgw labels Apr 22, 2015

@ghost ghost added this to the firefly milestone Apr 22, 2015

@ghost ghost assigned xinxinsh Apr 22, 2015

@ghost

This comment has been minimized.

Copy link

commented Apr 22, 2015

@aakso could you please update http://tracker.ceph.com/issues/11367 with a link to this backport as suggested at http://tracker.ceph.com/projects/ceph-releases/wiki/HOWTO_backport_commits ?

Add a link to the pull request in the issue formatted as follows :
* $release backport http://github.com/ceph/ceph/pull/XXX*
@gregsfortytwo

This comment has been minimized.

Copy link
Member

commented Apr 22, 2015

Uh, shouldn't this patch go to master and get backported from there?

@gregsfortytwo

This comment has been minimized.

Copy link
Member

commented Apr 22, 2015

@aakso

This comment has been minimized.

Copy link
Member Author

commented Apr 29, 2015

@gregsfortytwo Should I recreate this pull request and create patch for master branch?

@yehudasa

This comment has been minimized.

Copy link
Member

commented Apr 29, 2015

@aakso yes

@ghost

This comment has been minimized.

Copy link

commented Apr 29, 2015

closing according to comments

@ghost ghost closed this Apr 29, 2015

@ghost

This comment has been minimized.

Copy link

commented May 7, 2015

@aakso would you have time to re-create this pull request against the master branch please ?

@aakso

This comment has been minimized.

Copy link
Member Author

commented May 8, 2015

new pull request: #4617

This issue was closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.