[Openstack-security] [openstack/keystone] SecurityImpact review request change I8cb3326952d6e379a457c19d7f8f5f9ee4b29eb0

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Thu Dec 11 16:56:33 UTC 2014


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/141101

Log:
commit cc4a31358a0979c009b75812f6776b4ba6dd99f8
Author: Brant Knudson <bknudson at us.ibm.com>
Date:   Thu Dec 11 10:40:16 2014 -0600

    Fix disabling entities when enabled is ignored
    
    When LDAP is configured so that the `enabled` attribute was ignored
    for an entity (user, group, role, project) and a client attempts to
    disable the entity, it remains enabled, so a user might think that the
    entity was disabled when it's not.
    
    With this change, attempting to disable an entity where `enabled` is
    ignored will return a 403 Forbidden error.
    
    Closes-Bug: #1241134
    
    SecurityImpact
    This is for security hardening.
    
    Change-Id: I8cb3326952d6e379a457c19d7f8f5f9ee4b29eb0





More information about the Openstack-security mailing list