[Openstack-security] [openstack/keystone] SecurityImpact review request change Id61e71cb3ea7c6bc51783af067fbbbe4c9bffafe
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Mon Dec 16 14:44:41 UTC 2013
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/61916
Log:
commit 4e996ec0975a28f5ceabf8d77cefe460f576cabc
Author: Steve Martinelli <stevemar at ca.ibm.com>
Date: Thu Dec 12 21:47:38 2013 -0600
trustee unable to perform role based operations on trust
There was a typo in a conditional that checked the trustor twice, instead
of trustee and trustor. The typo was preventing a trustee from being
able to list or get or check roles that were delegated.
Also, removed the spurious check of is_admin from said conditional
(_is_trustor_trustee_admin), and renamed it to _is_trustor_trustee.
An additional check, to see if a trust existed, was removed since it
was repeated unnecessarily.
Added a test to cover the gap that was discovered in the bug report.
SecurityImpact
Change-Id: Id61e71cb3ea7c6bc51783af067fbbbe4c9bffafe
Closes-Bug: 1261104
More information about the Openstack-security
mailing list