[Openstack-security] [openstack/keystone] SecurityImpact review request change I8cb3326952d6e379a457c19d7f8f5f9ee4b29eb0
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Dec 11 22:15:14 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/141101
Log:
commit e9a2f8cfc5c9535db1c04d3cb19176405dfd9b84
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Thu Dec 11 10:40:16 2014 -0600
Fix disabling entities when enabled is ignored
When LDAP is configured so that the `enabled` attribute was ignored
for an entity (user, group, role, project) and a client attempts to
disable the entity, it remains enabled, so a user might think that the
entity was disabled when it's not.
With this change, attempting to disable an entity where `enabled` is
ignored will return a 403 Forbidden error.
Closes-Bug: #1241134
SecurityImpact
This is for security hardening.
Change-Id: I8cb3326952d6e379a457c19d7f8f5f9ee4b29eb0
More information about the Openstack-security
mailing list