[Openstack-security] [openstack/keystone] SecurityImpact review request change I8cb3326952d6e379a457c19d7f8f5f9ee4b29eb0
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri Dec 12 15:08:49 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/141101
Log:
commit e62de2c91b5755149146a47e84e61d3642095998
Author: Brant Knudson <bknudson at us.ibm.com>
Date: Thu Dec 11 10:40:16 2014 -0600
Fix disabling entities when enabled is ignored
When LDAP is configured so that the `enabled` attribute was ignored
for an entity (user, group, role, project) and a client attempts to
disable the entity, it remains enabled, so a user might think that the
entity was disabled when it's not.
With this change, attempting to disable an entity where `enabled` is
ignored will return a 403 Forbidden error.
Since entities are always enabled when the `enabled` attribute is
ignored, there's no change to reject changes that attempt to enable
the entity.
Closes-Bug: #1241134
SecurityImpact
This is for security hardening.
Change-Id: I8cb3326952d6e379a457c19d7f8f5f9ee4b29eb0
More information about the Openstack-security
mailing list