keystone.git - OpenStack's keystone patches.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Isolate eventlet code into environment.	Jamie Lennox	2013-06-18	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The environment module will be configured once, during code initialization. Subsequently all other possibly-evented modules will retrieve from environment and transparently obtain either the eventlet or standard library modules. If eventlet, httplib, subprocess or other environment dependant module is referenced outside of the environment module it should be considered a bug. The changes to tests are required to ensure that test is imported first to setup the environment. Hopefully these can all be replaced with an __init__.py in a post-nose keystone. Implements: blueprint extract-eventlet Change-Id: Icacd6f2ee0906ac5d303777c1f87a184f38283bf
*	Reorder test imports by full import path	Zhongyue Luo	2012-07-03	1	-1/+1
\| \| \| \| \| \| \| \|	Fixes bug #1020182 Reorder imports of modules in keystone/tests. Change-Id: I2ff61dd3d9486281b4a2a889e4dc8b9105c87d49
*	Keystone should use openstack.common.timeutils	Zhongyue Luo	2012-06-29	1	-9/+0
\| \| \| \| \| \| \| \| \| \| \|	Implements blueprint use-common-timeutils 1. Edit openstack-common.conf and import keystone/openstack/common/timeutils.py 2. Replace datetime.utcnow with timeutils.utcnow 3. Replace utils.isotime with timeutils.isotime 4. Remove utils.isotime in common/utils.py and datetime related unittest Change-Id: I4f5a63a368fde8787a0dc0a817c940de685b9ca2
*	Add check for MAX_PASSWORD_LENGTH to utils.	Dan Prince	2012-03-19	1	-0/+5
\| \| \| \| \| \| \| \| \|	Updates to keystone password hashing and checking functions so that a max password length is enforced. Fixes LP Bug #959288. Change-Id: Id3048f3c916e92c59ac5b063d09c3d612d51c97c
*	Improve auth_str_equal().	Russell Bryant	2012-03-06	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch is to improve auth_str_equal() a bit. The whole point of this function is to do a string comparison in constant time to help protect against timing attacks. The original implementation had a bit of a silly property in that it would exit early if the strings were not of the same length. This would theoretically still allow someone to discover the proper length of a password. This patch moves the length verification to the end. It also makes it so the main loop time to run is a function of the provided password length instead of the length of the shorter of the two strings. Change-Id: I6dbe076818b7e3e8a313544ebd5c5734b5a025e5
*	Use constant time string comparisons for auth.	Russell Bryant	2012-02-29	1	-0/+5
\| \| \| \| \| \| \| \| \|	Fix bug 942644. Use constant time string comparisons when doing authentication to help guard against timing attacks. Change-Id: I5fa5c8f07e57201e129903f71b3dea19071cac5e
*	Added Apache 2.0 License information.	Monty Taylor	2012-02-15	1	-0/+14
\| \| \| \| \| \|	Fixes bug 932819 Change-Id: I58e0c2ad704e2e8ff1924a01791694a5e02a154b
*	Add token expiration	Brian Waldon	2012-02-14	1	-0/+9
\| \| \| \| \| \| \|	* Config option token.expiration defines amount of time tokens should be valid * Fixes bug 928545 Change-Id: I3dff7a1ebf03bb44fc6e5247f976baea0581de08
*	Cope with unicode passwords or None	Justin Santa Barbara	2012-02-08	1	-0/+40
	If the password has a unicode character in it, bcrypt breaks. So encode it using utf-8. utf-8 should mean that existing hashes still work. Change-Id: I4f9f3b636c8728234ada87de62d22bed2ff8eb60