diff options
| author | Brian Lamar <brian.lamar@rackspace.com> | 2011-03-11 17:19:14 -0500 |
|---|---|---|
| committer | Brian Lamar <brian.lamar@rackspace.com> | 2011-03-11 17:19:14 -0500 |
| commit | be9734b03bce871d32e21da2ba341dfa42aa020a (patch) | |
| tree | 1117c1426829507237f711558bb9e964698bdf4f /nova/api | |
| parent | 271692fd80aaf3a045849ef8a87060e15ab8c69e (diff) | |
| download | nova-be9734b03bce871d32e21da2ba341dfa42aa020a.tar.gz nova-be9734b03bce871d32e21da2ba341dfa42aa020a.tar.xz nova-be9734b03bce871d32e21da2ba341dfa42aa020a.zip | |
Fixed lp732866 by catching relevant `exception.NotFound` exception. Tests did not uncover this vulnerability due to "incorrect" FakeAuthManager. I say "incorrect" because potentially different implementations (LDAP or Database driven) of AuthManager might return different errors from `get_user_from_access_key`.
Also, removed all references to 'bacon', 'ham', 'herp', and 'derp' and replaced them with hopefully more helpful terms.
Diffstat (limited to 'nova/api')
| -rw-r--r-- | nova/api/openstack/auth.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py index 4c6b58eff..f3a9bdeca 100644 --- a/nova/api/openstack/auth.py +++ b/nova/api/openstack/auth.py @@ -135,7 +135,11 @@ class AuthMiddleware(wsgi.Middleware): req - wsgi.Request object """ ctxt = context.get_admin_context() - user = self.auth.get_user_from_access_key(key) + + try: + user = self.auth.get_user_from_access_key(key) + except exception.NotFound: + user = None if user and user.name == username: token_hash = hashlib.sha1('%s%s%f' % (username, key, |