From e76aad24ce8a9b1b7de1b2f874c22c9995f3071f Mon Sep 17 00:00:00 2001
From: Soren Hansen <soren@linux2go.dk>
Date: Thu, 10 Mar 2011 14:30:17 +0100
Subject: Only include ramdisk and kernel id if they are actually set.

---
 nova/api/ec2/cloud.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'nova/api')

diff --git a/nova/api/ec2/cloud.py b/nova/api/ec2/cloud.py
index b1917e9ea..1d2254225 100644
--- a/nova/api/ec2/cloud.py
+++ b/nova/api/ec2/cloud.py
@@ -147,8 +147,6 @@ class CloudController(object):
                                                        instance_ref['id'])
         ec2_id = ec2utils.id_to_ec2_id(instance_ref['id'])
         image_ec2_id = self._image_ec2_id(instance_ref['image_id'], 'machine')
-        k_ec2_id = self._image_ec2_id(instance_ref['kernel_id'], 'kernel')
-        r_ec2_id = self._image_ec2_id(instance_ref['ramdisk_id'], 'ramdisk')
         data = {
             'user-data': base64.b64decode(instance_ref['user_data']),
             'meta-data': {
@@ -167,8 +165,6 @@ class CloudController(object):
                 'instance-type': instance_ref['instance_type'],
                 'local-hostname': hostname,
                 'local-ipv4': address,
-                'kernel-id': k_ec2_id,
-                'ramdisk-id': r_ec2_id,
                 'placement': {'availability-zone': availability_zone},
                 'public-hostname': hostname,
                 'public-ipv4': floating_ip or '',
@@ -176,6 +172,13 @@ class CloudController(object):
                 'reservation-id': instance_ref['reservation_id'],
                 'security-groups': '',
                 'mpi': mpi}}
+
+        for image_type in ['kernel', 'ramdisk']:
+            if '%s_id' % image_type in instance_ref:
+                ec2_id = self._image_ec2_id(instance_ref['%s_id' % image_type],
+                                            image_type)
+                data['meta-data']['%s-id' % image_type] = ec2_id
+
         if False:  # TODO(vish): store ancestor ids
             data['ancestor-ami-ids'] = []
         if False:  # TODO(vish): store product codes
-- 
cgit 


From be9734b03bce871d32e21da2ba341dfa42aa020a Mon Sep 17 00:00:00 2001
From: Brian Lamar <brian.lamar@rackspace.com>
Date: Fri, 11 Mar 2011 17:19:14 -0500
Subject: Fixed lp732866 by catching relevant `exception.NotFound` exception.
 Tests did not uncover this vulnerability due to "incorrect" FakeAuthManager.
 I say "incorrect" because potentially different implementations (LDAP or
 Database driven) of AuthManager might return different errors from
 `get_user_from_access_key`.

Also, removed all references to 'bacon', 'ham', 'herp', and 'derp' and replaced them with hopefully more helpful terms.
---
 nova/api/openstack/auth.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'nova/api')

diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index 4c6b58eff..f3a9bdeca 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -135,7 +135,11 @@ class AuthMiddleware(wsgi.Middleware):
         req - wsgi.Request object
         """
         ctxt = context.get_admin_context()
-        user = self.auth.get_user_from_access_key(key)
+
+        try:
+            user = self.auth.get_user_from_access_key(key)
+        except exception.NotFound:
+            user = None
 
         if user and user.name == username:
             token_hash = hashlib.sha1('%s%s%f' % (username, key,
-- 
cgit