[Openstack-security] [openstack/keystone] SecurityImpact review request change I8cb3326952d6e379a457c19d7f8f5f9ee4b29eb0
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri Dec 12 01:38:10 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/141101
Log:
commit 54e48da48e2e4ff5ad3e7acf639048e5f985d5a0
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Thu Dec 11 10:40:16 2014 -0600
Fix disabling entities when enabled is ignored
When LDAP is configured so that the `enabled` attribute was ignored
for an entity (user, group, role, project) and a client attempts to
disable the entity, it remains enabled, so a user might think that the
entity was disabled when it's not.
With this change, attempting to disable an entity where `enabled` is
ignored will return a 403 Forbidden error.
Since entities are always enabled when the `enabled` attribute is
ignored, there's no change to reject changes that attempt to enable
the entity.
Closes-Bug: #1241134
SecurityImpact
This is for security hardening.
Change-Id: I8cb3326952d6e379a457c19d7f8f5f9ee4b29eb0
More information about the Openstack-security
mailing list