summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatt Thode <prometheanfire@gentoo.org>2013-05-10 04:00:52 +0000
committerMatt Thode <prometheanfire@gentoo.org>2013-05-10 04:00:52 +0000
commite440999c3ce2ba0e4136ad38b0b2bdc7dad0ebca (patch)
tree70138a8087b7900835e3e16a4be4c7b6a53259d6
parentRestricting pypy1.9 as webob doesn't support it (diff)
downloadhistorical-e440999c3ce2ba0e4136ad38b0b2bdc7dad0ebca.tar.gz
historical-e440999c3ce2ba0e4136ad38b0b2bdc7dad0ebca.tar.bz2
historical-e440999c3ce2ba0e4136ad38b0b2bdc7dad0ebca.zip
CVE-2013-2030 fix for keystone folsom
Package-Manager: portage-2.1.11.55/cvs/Linux x86_64 Manifest-Sign-Key: 0x2471EB3E40AC5AC3
-rw-r--r--sys-auth/keystone/ChangeLog13
-rw-r--r--sys-auth/keystone/Manifest38
-rw-r--r--sys-auth/keystone/files/keystone-CVE-2013-0270.patch230
-rw-r--r--sys-auth/keystone/files/keystone-CVE-2013-0282.patch91
-rw-r--r--sys-auth/keystone/files/keystone-CVE-2013-1664_1665.patch52
-rw-r--r--sys-auth/keystone/files/keystone-folsom-3-CVE-2013-1865.patch107
-rw-r--r--sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2030.patch50
-rw-r--r--sys-auth/keystone/files/keystone-grizzly-1-CVE-2013-2006.patch41
-rw-r--r--sys-auth/keystone/keystone-2012.2.4-r1.ebuild (renamed from sys-auth/keystone/keystone-2012.2.4.ebuild)3
-rw-r--r--sys-auth/keystone/keystone-2013.1-r1.ebuild89
10 files changed, 80 insertions, 634 deletions
diff --git a/sys-auth/keystone/ChangeLog b/sys-auth/keystone/ChangeLog
index 9057ae3ff554..f94a340e1440 100644
--- a/sys-auth/keystone/ChangeLog
+++ b/sys-auth/keystone/ChangeLog
@@ -1,6 +1,17 @@
# ChangeLog for sys-auth/keystone
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.15 2013/05/10 02:47:10 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.16 2013/05/10 04:00:42 prometheanfire Exp $
+
+*keystone-2012.2.4-r1 (10 May 2013)
+
+ 10 May 2013; Matthew Thode <prometheanfire@gentoo.org>
+ +files/keystone-folsom-4-CVE-2013-2030.patch, +keystone-2012.2.4-r1.ebuild,
+ -files/keystone-CVE-2013-0270.patch, -files/keystone-CVE-2013-0282.patch,
+ -files/keystone-CVE-2013-1664_1665.patch,
+ -files/keystone-folsom-3-CVE-2013-1865.patch,
+ -files/keystone-grizzly-1-CVE-2013-2006.patch, -keystone-2012.2.4.ebuild,
+ -keystone-2013.1-r1.ebuild:
+ CVE-2013-2030 fix for keystone folsom
*keystone-2012.2.4 (10 May 2013)
*keystone-2013.1.1 (10 May 2013)
diff --git a/sys-auth/keystone/Manifest b/sys-auth/keystone/Manifest
index 89e54c4384f9..9ac5df9110c0 100644
--- a/sys-auth/keystone/Manifest
+++ b/sys-auth/keystone/Manifest
@@ -1,37 +1,31 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
-AUX keystone-CVE-2013-0270.patch 9329 SHA256 f6ca6b82a50569f897f8eb68a7d6e2663beade3e45cce04ae3cdd8013491bd13 SHA512 93525ac26022fd21ef94bee8ed7326bc3822f61f349cf9b1b27ef9b446b8feb1ff3e57360c7262c03577dca4a38be7bcb221d7192307700541ae667060114eb4 WHIRLPOOL 89669011b426196fd81157c2f7f1447b4b1028b65e742bf94560a0825ec71b925e88b93fbc224b1eba08cfceafbaf96b380d93092eedf0c3f52d51c86c3d3947
-AUX keystone-CVE-2013-0282.patch 3774 SHA256 3e916e5212d61c1384967dbab24c8a56fe0c4d37b3c6baf36e822ed5fb3b0b56 SHA512 c44dd5b6222986ba8a0c5af745de819f2c40fbfee51958b3553a491495b4f72a42c9a7d6a152f11ebfd579cf2cac40752ea4e0c919e2435c7df118cb487ae3f5 WHIRLPOOL dcb0bdba74aa37e191227589bdafbb724e2e7b50c8218a3d0be1c023361aa14f2dc327672463d1d5589685c89cbab796e880b590a97747f4210d717f05fd7ec2
-AUX keystone-CVE-2013-1664_1665.patch 1959 SHA256 b52bb0cbb5e6fb575ab609f59b043f149278fa3df83dfdbd43d0294270393a7c SHA512 12332bce7265923ae1881ceabb57d054b6083e83abd8f92c45be6688aa88ae8d9be8596a1df49e49d9d9244c6cef3bef14f8a1f8468086fe70eaea8f98dc067f WHIRLPOOL 2e10804a80c2b8d10293bc9d784cbb77c64da58ef75957706421529722df943d0213062f99ade56d45c8ad61f1c655c2fafa6cddc0ec07186681ae729113e614
-AUX keystone-folsom-3-CVE-2013-1865.patch 4100 SHA256 9b463052b78ec724c5ed7aa398552edc0ba2592d976b88ef2ba1b26269da82d8 SHA512 e5f92f6b8a4d29b28f248d77830e5828f2544d48c38b6eb45a0c130b77a88b49a31323e58bf79b2419ab0a23cb0e95a65e7ca50c5b39f482c52b3da8df91eac5 WHIRLPOOL f127a79d1cf48a9b44e0c5c68e7bb2e40578523d7026ad5ce42d80a49d2349e0b0168adc32d4950aec60828d3d2fa15335e817c75619b06d2b451f8034ea8da7
-AUX keystone-grizzly-1-CVE-2013-2006.patch 1614 SHA256 b403d024eed366f1cff844d93aa734d40bb6ab3ea5ad74c025c28820e695aa3b SHA512 b17ef5dbd065f75f3f3757746e3696d09e94be9fdda4f3d2a87daed4bde99a1224722248a4bd1a1b9b140504406ff4e3fa0417130fb70e982f4728966c757308 WHIRLPOOL 67028752b48759ff752b8798000d0d9d3f4a5fe8688b0d817a27bb48a2d16f0cff62a25abff9ff75f52854d44eed1202e9ec5ca2d7e8cc98513de77f0f6e0c9a
+AUX keystone-folsom-4-CVE-2013-2030.patch 2318 SHA256 fd824a4000da663568f26dbcfa6de031911ebdca1dea2c0958b3d5398d4d9ba6 SHA512 6b00a6d9062dd418299f9f02891fbfaa86f8f69db394ccfff31367555d1d7dbad1cf0d5a8647b61addeaabd2107b9f75cdc1986df8186de5c428f33533abffab WHIRLPOOL 842c4adb14c4a4501ea84c0082c0f28295027e27fee9957eafea6db9397a26c4955eb355b955d625bf5df818c1178af2267270aedec93bc47da8f17b59eaeca2
AUX keystone.confd 67 SHA256 8faa32d3354df30b1d1c98cf481be162c27583b84e387f8da57611b689bc2448 SHA512 75b040eda6ef8701e8dac8f34b3dd3c96aedde3b005fac01f20592b3d8afb8bbce57fadc466cda69d7192f96460a5c704d941a16b96d02f3e80f1a3e264c2efe WHIRLPOOL 8e8cb4e8991ca8d8cf1e874bd2286900ca63379c73793bca906ecfc1318ee63a8af6d1f6090e9ef296bfbe5abf018368a5ad6430de1efdea0db626d8c697f3c4
AUX keystone.initd 1177 SHA256 fcf7e532f2f3fad8413455f67d8e9c4c0522ff99e69bd95d4fff49d2dfa243ac SHA512 a0281f5fdd96963d9479a3463e6b5f1947a2c3c8694e464d4d293ef237392bed796ec7b8431e1add7b73334ed5e11158347f35ab562edda5f7aa7bdb9b05e51e WHIRLPOOL d819103e6f2bdd7ca4d5ab2f645f8ca168cc46567ff7c2d00cb2d536c08319aaa472b06b8f98cf2b6de940089f444e7aa752e4c9deeb849a834108394dfe1862
AUX keystone_test-requires.patch 1082 SHA256 6c91814d1a6aea942f23767b13a9ad77fb08ae16255887d974abd9db852c563a SHA512 d6fc133b44555e50895b9d82f9240aff284e1668ef35823a3e82900ccf9e6a7e11a448f4998c1d8f0938f5d45ce1506bd27417f576ee99aa7738ae74424ec343 WHIRLPOOL 0689d244f94a5489c7ca4551c5fb7c436f6012a932b4fb0142a759c734d5ce24a1aa813c9c1a5356dc38f4b4b342c85703413656139085155f9c5ab89dd012c5
DIST keystone-2012.2.4.tar.gz 555448 SHA256 ab3a9a6c1f8ef9b95a73920883294f888f298db6330b8d4ed43e28354e8ca7af SHA512 481bde4372525c92144059c94d95ddac95dc720e486428f2e7ad1d5e0c6c2b6eb9a17be40f83c5866b522a512a2a3d331a08498c6704b794fea343fc2c0c1d93 WHIRLPOOL 243d9fe82988fd6057ffdae7971b570cb129a168fba3f6a38ea105fadc51e7e9fbfd29d88bb389572fc00cfbe0cc17e9e4c4f4ebf9d61ff589148b1b0c171558
DIST keystone-2013.1.1.tar.gz 791324 SHA256 a00664dd20adf36e1e78a6b29f49f7947e2f2426c0ae375f8acde01e75bdb579 SHA512 7d4fd0cd649f783214dc3aad48853682db529fa336631e601d55c6b45355dbc670bcabf76f642db6808c5d46aae70062eb8fe5c5e3a20247954beb5a6c4fda7b WHIRLPOOL 96df00049325cc96c1b54ebecbb95cf8d47f0e580703ce8b8942e1e4f75604a98fc33f2972a1b1dffbba2225c502a692d7f84241ffc1f66da27f6a325789e08c
-DIST keystone-2013.1.tar.gz 789365 SHA256 34347a3242a40d93b98c3722e6f3fbc112bc1c9ef20c045c3d40637e459b4574 SHA512 2f9d9ecb3cb0b2f282be31d280e0c202a5e818cdcd057919445bf8899827af59856b6e3e75000f83b1a97aefdf3d9454fa0dc16a2d4819a68e8f899c865c2a20 WHIRLPOOL b306ffafe3345225496e6e1505fa691f312b0ef6cea42cc7d78224da7569c2498997e74efe6c5b82d8bb20d2d2653aaeb8ec8c79703db10f97c72b04046153c7
-EBUILD keystone-2012.2.4.ebuild 2481 SHA256 b458e900d3410c79fe3c4286bebc9bb9315ff1a854e7daf9a5fb062c5ed5b34f SHA512 15f3b57f8b92e0a8d8593e8b0c40813796fa152e9e76d9e61b7e7ac7025b7a1165247353247471bfb057b019bc54c308430e0f6243ea1b7fe4ec13c86c20a88a WHIRLPOOL 670313f15a762a16bcbfba122530cc91f7830ff3f61c81a2322ab323042f3c313865f5a3a3f8e45cbd52890168a010da4eb73da1bb071a2491c7229ba4554544
-EBUILD keystone-2013.1-r1.ebuild 2974 SHA256 2abcfe8de51dcd00267177149abd02bea966c65f4acbf505476d968623e2a4d5 SHA512 549f3c839c037688d1a779fc1e28a234af6e18cdc3c68ac1bf7da254cbb27b4bf79b97aa794c62f42b908995f8e22864791c11550bb63f36097a97d4425c88f8 WHIRLPOOL 2df5d7e440d719b09c805c14e3064947de9f8929d27747a22980eecbc12edef0f0cff89bd284afc9d05f1ce2f4ed3ddd9274c9838998cbc4472466ce2d55316b
+EBUILD keystone-2012.2.4-r1.ebuild 2537 SHA256 0bc4c0569924fe102b2ac51eabccf34fc4ec2604bbbf7489ab49ee3bf8e8f385 SHA512 8afbb76a747eb23457c7c9ba8ca01bbbd581020e50e3d6c95a85910179adc785260e5606cacd90bde180facd286ed255c22cacb1373cc885083ff1e44bc5ebac WHIRLPOOL 4ba13422e3192ec45570951903ae84a4ad0b4e37c05884cf37a12b93965f46370eb6811b1e99dd718fa565b3f8278661fef6044800babac3a82528f53c265a68
EBUILD keystone-2013.1.1.ebuild 2920 SHA256 e6290cedad04b9c6801ce9c73a1b4e2b25cce8a53b3057c51b8880cabd36d2d3 SHA512 283de4603b1788135cbbe0ff31c26fa9290067cd945941093cbcd844ae37388577775c6e320db6353e8e3b1c664700a06a00c73584396c1a135fc1bf27ab6aed WHIRLPOOL 06fde096d6a034a1d2e2e5dd3ead39c4c6a63faa5bc741b18ef31b7a38809b6696aabc9b7f3cf342f03efe28ca149c8fea8c318e48e42dca0e5e150c7ade113b
EBUILD keystone-9999.ebuild 2942 SHA256 048862e16792a3de401129f16b01fdfedbbcebc0f126dd1a39fb63c0118cd030 SHA512 767dccb4ce53d3162156f965c97bb4d33ff6d1d7dfd5efaa3a223d66915694f2d946e6e7774b73ac1c4f5a42af6228dafd3f30d3fb57da59bc293bae141a18a7 WHIRLPOOL 944e87af5b6a7f4276d49751d0b578052257c833350a568e7dd031f138b20a1714e38874f4992486fd8ca51d83e01516c055a244c634ec35e931149d120fdbc2
-MISC ChangeLog 3064 SHA256 0eaa8ab87c7f96259f079b29a078577fb074a888805d9bd4d6d59f9cbf4e23d7 SHA512 bad6510e1d53ba9ee035a3ba013c775da79c280dfc79e614330443d4c140a8c4854307bda987a665d881ff45d7db4b9e2323431d42364a823de54deb9c447235 WHIRLPOOL 929c4e5151c7975f9d376e2e0afa50c330f3fcffb882b6fbdc03e37a201002319f6c718ec86ca73ee659c7e55b56ea736df7ea5e7d736f74e2ef306cfde174be
+MISC ChangeLog 3551 SHA256 c4c81a5230b085402a66a8e2480c992704e15c4d5837fbcd54c03d8ebcfe7918 SHA512 74a501fefec57991fe566a792328db7bb97189217924542d4aecdaab63ce76bd2806e7b3937c372772e254038ffedab1c74c8015e62d469a6386078becd387e9 WHIRLPOOL dfcf875e011d62bee441f5fd03909fb4bdeb21e5c889851a996499bbca5a864538ff0f0e25ad7698e8d0c44f4171642165d2d982b318a2005e04da7ae920fb47
MISC metadata.xml 399 SHA256 7f8946a43a8187a3901e53e0e3b4293e49bb2a1d1785c472b1d0ffd83e0ba2a8 SHA512 9448005b3be5621b302b4c71d190c621f245163a2c7aa8277a3af8132558543c774e9bb20b39bcb0ad896db5d2feac7649b107d7850f68e437f18214891ab16f WHIRLPOOL b46a5eadc17d5e38d23efed9620772e6d5e2cbd7733e1c0a8d15a506cacc8a31e9b26a354a1b749a7c64bff08722658b2feb651679a6a6054cd3b551839ddb38
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-iQIcBAEBCAAGBQJRjF/pAAoJECRx6z5ArFrDBGsQAL7Rjn1Lz/g1xD5CRO/iQJJi
-TWUfthEz3+yA7ubGuIyZc6CBVSqkMRkd9mYGFHL5lPs/6dxkb4kx6tuoG+KW/hD1
-m0M2e6rI9x77IK90LGFnZnbVdUpjXZ5dhubVjN0C0ZIblabC4keD/+dWWieHkPMf
-i+j+USlxXwqfk+b2uNKGsuNnfDyGEU4b1UedG8Et4PuiO2xtwBcdBIJQmhB67dyt
-4Pa/5hqnzl/4M4T1VZwRWl6fL32D7qgnR36kNTosfA5OtRT8nvdthMvp4Te8zpvf
-3xGM8UGDx9S+Cugor9LYFQmnJnKe8OSpfCI/CSMjxwMWDZuIsj3hCxrHwqQHh2i6
-lrwgx6fbnuOr2Voqqx+l+Aq82l4DSuNnC7PrpaD6ToiusiE6+Qbr8a5NxdWCnYRi
-D2C6Yh0G3ntSh/oQp2Y17wxIuDCfWAKW1FG6XCHWp26UfNKDj+SSBG3FFEmg2/bz
-gfWAO5EjTYLukN9PYQm8HxK/UCjUcI8fh8Nef4sHWkOBjH99s9qv+Ie3+pD6oJQi
-JfSWMNUAfTfiTz6SY7+0Y7mcw0XtusXp+WgPwUDLrjCWgR5VexMnnG9j8IRc8wsX
-atH6CnhJvs/mpAAgFuWaUUXw/jxAKKG87TUqkklRj2gHlABnFKzlz8TbryEsnALE
-ZbshAd0DphN7mbTUuJcF
-=/650
+iQIcBAEBCAAGBQJRjHEnAAoJECRx6z5ArFrDy7UQAIihf8NHVDk2Aaw81RohFCZZ
+SK4ir+gekJ7cfMZ+fChTzv/feGcAL3H+GgrLfVMjziDLtvEkUk45YoR4uBL9OePk
+H8lIBtEm9wZSK1k8Stiuknx8oLJVDY7NLW/br+bF2PO4mc4cOvpCJfAR2HBbKh2p
+h0Lk8vaY7sOUT0+w1+Ok+QkHy5h/B9IfEydUK475NVCpxpufVu/zIjfaAo5UBT1j
+ZrAaAXreyHsstaUGcMVo00i+vG8Kg6a3EvLxcVHBGID5foo91hG2UvaeMkvhZyjo
+S3fTaNFNI3MEnDgDhP4f5yx1y39979/jsExBRMyN+pL11fpIC19y4NMYvFsK4rsF
+qd5qgMAMbNS9VB75kX14qEg5/SU9boQqRLOeEiPpBDXfl1MhsNHnNd4U9uGm0XZ/
+jSHmL2HgdCQnTJODCmBRwkJcHZBQLPsSmnbQLS5Wlbl+t5REftk9bOMpd9iop0wb
+3zbdcQZ7i7A5sBsDCsG0qzX6AoMKDBPEm9S+1PUp4xd3oR1Ygb84dxxi91rm8UE0
+Fd8LL8nAzdz9HC9uk0EfVLdDOSTgIRvMpgDfrPbYOtc66jrikjaiKcGFlJgPDLJn
+JoFQ0xP8ODu6NULb0gqeNjPwWGkWH+QlUXl9TYTfTMRn+51YsHvm5ZvJ18YIkFcF
+LTXNKfkGrPEqklJcGp7g
+=duff
-----END PGP SIGNATURE-----
diff --git a/sys-auth/keystone/files/keystone-CVE-2013-0270.patch b/sys-auth/keystone/files/keystone-CVE-2013-0270.patch
deleted file mode 100644
index 41b77c571d64..000000000000
--- a/sys-auth/keystone/files/keystone-CVE-2013-0270.patch
+++ /dev/null
@@ -1,230 +0,0 @@
-From bb2226f944aaa38beb7fc08ce0a78796e51e2680 Mon Sep 17 00:00:00 2001
-From: Dan Prince <dprince@redhat.com>
-Date: Thu, 10 Jan 2013 15:31:28 -0500
-Subject: [PATCH] Add size validations for /tokens.
-
-Updates /tokens controller so that it explicitly checks the max
-size of userId, username, tenantId, tenantname, token, and password
-before continuing with a request.
-
-Previously, when used with the SQL keystone backend an unauthenticated
-user could send in *really* large requests which would ultimately
-log large SQL exceptions and could thus fill up keystone logs on the
-disk.
-
-Change-Id: I0904d307bf79a3bf851ac052c11101f8380a12a7
----
- keystone/config.py | 3 ++
- keystone/exception.py | 13 +++++++++
- keystone/service.py | 27 ++++++++++++++++++
- tests/test_service.py | 75 +++++++++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 118 insertions(+)
-
-diff --git a/keystone/config.py b/keystone/config.py
-index 5fed916..c7d2f79 100644
---- a/keystone/config.py
-+++ b/keystone/config.py
-@@ -117,6 +117,9 @@ register_str('admin_port', default=35357)
- register_str('public_port', default=5000)
- register_str('onready')
- register_str('auth_admin_prefix', default='')
-+register_int('max_param_size', default=64)
-+# we allow tokens to be a bit larger to accomidate PKI
-+register_int('max_token_size', default=8192)
-
- #ssl options
- register_bool('enable', group='ssl', default=False)
-diff --git a/keystone/exception.py b/keystone/exception.py
-index c3b3ec8..bb4da37 100644
---- a/keystone/exception.py
-+++ b/keystone/exception.py
-@@ -51,6 +51,19 @@ class ValidationError(Error):
- title = 'Bad Request'
-
-
-+class ValidationSizeError(Error):
-+ """Request attribute %(attribute)s must be less than or equal to %(size)i.
-+
-+ The server could not comply with the request because the attribute
-+ size is invalid (too large).
-+
-+ The client is assumed to be in error.
-+
-+ """
-+ code = 400
-+ title = 'Bad Request'
-+
-+
- class Unauthorized(Error):
- """The request you have made requires authentication."""
- code = 401
-diff --git a/keystone/service.py b/keystone/service.py
-index d54c073..c088986 100644
---- a/keystone/service.py
-+++ b/keystone/service.py
-@@ -22,6 +22,7 @@ from keystone import config
- from keystone import catalog
- from keystone.common import cms
- from keystone.common import logging
-+from keystone.common import utils
- from keystone.common import wsgi
- from keystone import exception
- from keystone import identity
-@@ -31,6 +32,8 @@ from keystone import token
-
-
- LOG = logging.getLogger(__name__)
-+MAX_PARAM_SIZE = config.CONF.max_param_size
-+MAX_TOKEN_SIZE = config.CONF.max_token_size
-
-
- class AdminRouter(wsgi.ComposingRouter):
-@@ -288,9 +291,23 @@ class TokenController(wsgi.Application):
-
- if 'passwordCredentials' in auth:
- user_id = auth['passwordCredentials'].get('userId', None)
-+ if user_id and len(user_id) > MAX_PARAM_SIZE:
-+ raise exception.ValidationSizeError(attribute='userId',
-+ size=MAX_PARAM_SIZE)
- username = auth['passwordCredentials'].get('username', '')
-+ if len(username) > MAX_PARAM_SIZE:
-+ raise exception.ValidationSizeError(attribute='username',
-+ size=MAX_PARAM_SIZE)
- password = auth['passwordCredentials'].get('password', '')
-+ max_pw_size = utils.MAX_PASSWORD_LENGTH
-+ if len(password) > max_pw_size:
-+ raise exception.ValidationSizeError(attribute='password',
-+ size=max_pw_size)
-+
- tenant_name = auth.get('tenantName', None)
-+ if tenant_name and len(tenant_name) > MAX_PARAM_SIZE:
-+ raise exception.ValidationSizeError(attribute='tenantName',
-+ size=MAX_PARAM_SIZE)
-
- if username:
- try:
-@@ -302,6 +319,9 @@ class TokenController(wsgi.Application):
-
- # more compat
- tenant_id = auth.get('tenantId', None)
-+ if tenant_id and len(tenant_id) > MAX_PARAM_SIZE:
-+ raise exception.ValidationSizeError(attribute='tenantId',
-+ size=MAX_PARAM_SIZE)
- if tenant_name:
- try:
- tenant_ref = self.identity_api.get_tenant_by_name(
-@@ -342,7 +362,14 @@ class TokenController(wsgi.Application):
- catalog_ref = {}
- elif 'token' in auth:
- old_token = auth['token'].get('id', None)
-+
-+ if len(old_token) > MAX_TOKEN_SIZE:
-+ raise exception.ValidationSizeError(attribute='token',
-+ size=MAX_TOKEN_SIZE)
- tenant_name = auth.get('tenantName')
-+ if tenant_name and len(tenant_name) > MAX_PARAM_SIZE:
-+ raise exception.ValidationSizeError(attribute='tenantName',
-+ size=MAX_PARAM_SIZE)
-
- try:
- old_token_ref = self.token_api.get_token(context=context,
-diff --git a/tests/test_service.py b/tests/test_service.py
-index 6fb98c6..f48bd9a 100644
---- a/tests/test_service.py
-+++ b/tests/test_service.py
-@@ -17,6 +17,7 @@ import time
- import default_fixtures
-
- from keystone import config
-+from keystone import exception
- from keystone import service
- from keystone import test
- from keystone.identity.backends import kvs as kvs_identity
-@@ -25,6 +26,31 @@ from keystone.identity.backends import kvs as kvs_identity
- CONF = config.CONF
-
-
-+def _build_user_auth(token=None, user_id=None, username=None,
-+ password=None, tenant_id=None, tenant_name=None):
-+ """Build auth dictionary.
-+
-+ It will create an auth dictionary based on all the arguments
-+ that it receives.
-+ """
-+ auth_json = {}
-+ if token is not None:
-+ auth_json['token'] = token
-+ if username or password:
-+ auth_json['passwordCredentials'] = {}
-+ if username is not None:
-+ auth_json['passwordCredentials']['username'] = username
-+ if user_id is not None:
-+ auth_json['passwordCredentials']['userId'] = user_id
-+ if password is not None:
-+ auth_json['passwordCredentials']['password'] = password
-+ if tenant_name is not None:
-+ auth_json['tenantName'] = tenant_name
-+ if tenant_id is not None:
-+ auth_json['tenantId'] = tenant_id
-+ return auth_json
-+
-+
- class TokenExpirationTest(test.TestCase):
- def setUp(self):
- super(TokenExpirationTest, self).setUp()
-@@ -75,3 +101,52 @@ class TokenExpirationTest(test.TestCase):
- def test_maintain_uuid_token_expiration(self):
- self.opt_in_group('signing', token_format='UUID')
- self._maintain_token_expiration()
-+
-+
-+class AuthTest(test.TestCase):
-+ def setUp(self):
-+ super(AuthTest, self).setUp()
-+
-+ CONF.identity.driver = 'keystone.identity.backends.kvs.Identity'
-+ self.load_backends()
-+ self.load_fixtures(default_fixtures)
-+ self.api = service.TokenController()
-+
-+ def test_authenticate_user_id_too_large(self):
-+ """Verify sending large 'userId' raises the right exception."""
-+ body_dict = _build_user_auth(user_id='0' * 65, username='FOO',
-+ password='foo2')
-+ self.assertRaises(exception.ValidationSizeError, self.api.authenticate,
-+ {}, body_dict)
-+
-+ def test_authenticate_username_too_large(self):
-+ """Verify sending large 'username' raises the right exception."""
-+ body_dict = _build_user_auth(username='0' * 65, password='foo2')
-+ self.assertRaises(exception.ValidationSizeError, self.api.authenticate,
-+ {}, body_dict)
-+
-+ def test_authenticate_tenant_id_too_large(self):
-+ """Verify sending large 'tenantId' raises the right exception."""
-+ body_dict = _build_user_auth(username='FOO', password='foo2',
-+ tenant_id='0' * 65)
-+ self.assertRaises(exception.ValidationSizeError, self.api.authenticate,
-+ {}, body_dict)
-+
-+ def test_authenticate_tenant_name_too_large(self):
-+ """Verify sending large 'tenantName' raises the right exception."""
-+ body_dict = _build_user_auth(username='FOO', password='foo2',
-+ tenant_name='0' * 65)
-+ self.assertRaises(exception.ValidationSizeError, self.api.authenticate,
-+ {}, body_dict)
-+
-+ def test_authenticate_token_too_large(self):
-+ """Verify sending large 'token' raises the right exception."""
-+ body_dict = _build_user_auth(token={'id': '0' * 8193})
-+ self.assertRaises(exception.ValidationSizeError, self.api.authenticate,
-+ {}, body_dict)
-+
-+ def test_authenticate_password_too_large(self):
-+ """Verify sending large 'password' raises the right exception."""
-+ body_dict = _build_user_auth(username='FOO', password='0' * 8193)
-+ self.assertRaises(exception.ValidationSizeError, self.api.authenticate,
-+ {}, body_dict)
---
-1.7.9.5
-
diff --git a/sys-auth/keystone/files/keystone-CVE-2013-0282.patch b/sys-auth/keystone/files/keystone-CVE-2013-0282.patch
deleted file mode 100644
index d411847c3fe0..000000000000
--- a/sys-auth/keystone/files/keystone-CVE-2013-0282.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From: Nathanael Burton <nathanael.i.burton.work@gmail.com>
-Date: Tue, 19 Feb 2013 15:27:04 +0000 (-0600)
-Subject: Ensure user and tenant enabled in EC2
-X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff_plain;h=f0b4d300db5cc61d4f079f8bce9da8e8bea1081a
-
-Ensure user and tenant enabled in EC2
-
-Fixes bug 1121494.
-
-Change-Id: Icc90d581691b5aa63754e076ce983dfa2885a1dc
----
-
-diff --git a/keystone/contrib/ec2/core.py b/keystone/contrib/ec2/core.py
-index 064474c..ffc0eee 100644
---- a/keystone/contrib/ec2/core.py
-+++ b/keystone/contrib/ec2/core.py
-@@ -37,6 +37,7 @@ glance to list images needed to perform the requested task.
- import uuid
-
- from keystone import catalog
-+from keystone.common import logging
- from keystone.common import manager
- from keystone.common import utils
- from keystone.common import wsgi
-@@ -49,6 +50,7 @@ from keystone import token
-
-
- CONF = config.CONF
-+LOG = logging.getLogger(__name__)
-
-
- class Manager(manager.Manager):
-@@ -117,9 +119,9 @@ class Ec2Controller(wsgi.Application):
- credentials['host'] = hostname
- signature = signer.generate(credentials)
- if not utils.auth_str_equal(credentials.signature, signature):
-- raise exception.Unauthorized(message='Invalid EC2 signature.')
-+ raise exception.Unauthorized()
- else:
-- raise exception.Unauthorized(message='EC2 signature not supplied.')
-+ raise exception.Unauthorized()
-
- def authenticate(self, context, credentials=None, ec2Credentials=None):
- """Validate a signed EC2 request and provide a token.
-@@ -149,7 +151,7 @@ class Ec2Controller(wsgi.Application):
- credentials = ec2Credentials
-
- if not 'access' in credentials:
-- raise exception.Unauthorized(message='EC2 signature not supplied.')
-+ raise exception.Unauthorized()
-
- creds_ref = self._get_credentials(context,
- credentials['access'])
-@@ -161,9 +163,19 @@ class Ec2Controller(wsgi.Application):
- tenant_ref = self.identity_api.get_tenant(
- context=context,
- tenant_id=creds_ref['tenant_id'])
-+ # If the tenant is disabled don't allow them to authenticate
-+ if tenant_ref and not tenant_ref.get('enabled', True):
-+ msg = 'Tenant %s is disabled' % tenant_ref['id']
-+ LOG.warning(msg)
-+ raise exception.Unauthorized()
- user_ref = self.identity_api.get_user(
- context=context,
- user_id=creds_ref['user_id'])
-+ # If the user is disabled don't allow them to authenticate
-+ if not user_ref.get('enabled', True):
-+ msg = 'User %s is disabled' % user_ref['id']
-+ LOG.warning(msg)
-+ raise exception.Unauthorized()
- metadata_ref = self.identity_api.get_metadata(
- context=context,
- user_id=user_ref['id'],
-@@ -174,7 +186,7 @@ class Ec2Controller(wsgi.Application):
- # fill out the roles in the metadata
- roles = metadata_ref.get('roles', [])
- if not roles:
-- raise exception.Unauthorized(message='User not valid for tenant.')
-+ raise exception.Unauthorized()
- roles_ref = [self.identity_api.get_role(context, role_id)
- for role_id in roles]
-
-@@ -279,7 +291,7 @@ class Ec2Controller(wsgi.Application):
- creds = self.ec2_api.get_credential(context,
- credential_id)
- if not creds:
-- raise exception.Unauthorized(message='EC2 access key not found.')
-+ raise exception.Unauthorized()
- return creds
-
- def _assert_identity(self, context, user_id):
diff --git a/sys-auth/keystone/files/keystone-CVE-2013-1664_1665.patch b/sys-auth/keystone/files/keystone-CVE-2013-1664_1665.patch
deleted file mode 100644
index e87ca0be3cff..000000000000
--- a/sys-auth/keystone/files/keystone-CVE-2013-1664_1665.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From: Dolph Mathews <dolph.mathews@gmail.com>
-Date: Tue, 19 Feb 2013 15:04:11 +0000 (-0600)
-Subject: Disable XML entity parsing
-X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fkeystone.git;a=commitdiff_plain;h=8a2274595ac628b2373eab0cb14690f866b7a024
-
-Disable XML entity parsing
-
-Fixes bug 1100282 and bug 1100279.
-
-Change-Id: Ibf2d73bca17b689cfa2dfd29eb15ea6e7458a123
----
-
-diff --git a/keystone/common/serializer.py b/keystone/common/serializer.py
-index 734f7d1..72fe7f1 100644
---- a/keystone/common/serializer.py
-+++ b/keystone/common/serializer.py
-@@ -29,6 +29,16 @@ import re
- DOCTYPE = '<?xml version="1.0" encoding="UTF-8"?>'
- XMLNS = 'http://docs.openstack.org/identity/api/v2.0'
-
-+PARSER = etree.XMLParser(
-+ resolve_entities=False,
-+ remove_comments=True,
-+ remove_pis=True)
-+
-+# NOTE(dolph): lxml.etree.Entity() is just a callable that currently returns an
-+# lxml.etree._Entity instance, which doesn't appear to be part of the
-+# public API, so we discover the type dynamically to be safe
-+ENTITY_TYPE = type(etree.Entity('x'))
-+
-
- def from_xml(xml):
- """Deserialize XML to a dictionary."""
-@@ -51,7 +61,7 @@ def to_xml(d, xmlns=None):
- class XmlDeserializer(object):
- def __call__(self, xml_str):
- """Returns a dictionary populated by decoding the given xml string."""
-- dom = etree.fromstring(xml_str.strip())
-+ dom = etree.fromstring(xml_str.strip(), PARSER)
- return self.walk_element(dom)
-
- @staticmethod
-@@ -87,7 +97,8 @@ class XmlDeserializer(object):
- # current spec does not have attributes on an element with text
- values = values or text or {}
-
-- for child in [self.walk_element(x) for x in element]:
-+ for child in [self.walk_element(x) for x in element
-+ if not isinstance(x, ENTITY_TYPE)]:
- values = dict(values.items() + child.items())
-
- return {XmlDeserializer._tag_name(element.tag): values}
diff --git a/sys-auth/keystone/files/keystone-folsom-3-CVE-2013-1865.patch b/sys-auth/keystone/files/keystone-folsom-3-CVE-2013-1865.patch
deleted file mode 100644
index 49660f291869..000000000000
--- a/sys-auth/keystone/files/keystone-folsom-3-CVE-2013-1865.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 255b1d43500f5d98ec73a0056525b492b14fec05 Mon Sep 17 00:00:00 2001
-From: Adam Young <ayoung@redhat.com>
-Date: Wed, 20 Mar 2013 09:49:32 -0500
-Subject: [PATCH] validate from backend (bug 1129713)
-
-In certain cases we were depending on CMS to validate PKI tokens
-but that is not necessary, and by passes the revocation check
-
-Change-Id: I9d7e60b074aa8c8859971618fed20c8cde2220c4
----
- keystone/service.py | 19 ++++++-------------
- tests/test_service.py | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 57 insertions(+), 13 deletions(-)
-
-diff --git a/keystone/service.py b/keystone/service.py
-index c088986..9799e3a 100644
---- a/keystone/service.py
-+++ b/keystone/service.py
-@@ -490,20 +490,13 @@ class TokenController(wsgi.Application):
- """
- # TODO(termie): this stuff should probably be moved to middleware
- self.assert_admin(context)
-+ data = self.token_api.get_token(context=context, token_id=token_id)
-+ if belongs_to:
-+ if (not data.get('tenant') or data['tenant'].get('id') !=
-+ belongs_to):
-+ raise exception.Unauthorized()
-
-- if cms.is_ans1_token(token_id):
-- data = json.loads(cms.cms_verify(cms.token_to_cms(token_id),
-- config.CONF.signing.certfile,
-- config.CONF.signing.ca_certs))
-- data['access']['token']['user'] = data['access']['user']
-- data['access']['token']['metadata'] = data['access']['metadata']
-- if belongs_to:
-- assert data['access']['token']['tenant']['id'] == belongs_to
-- token_ref = data['access']['token']
-- else:
-- token_ref = self.token_api.get_token(context=context,
-- token_id=token_id)
-- return token_ref
-+ return data
-
- # admin only
- def validate_token_head(self, context, token_id):
-diff --git a/tests/test_service.py b/tests/test_service.py
-index f48bd9a..487e5ac 100644
---- a/tests/test_service.py
-+++ b/tests/test_service.py
-@@ -150,3 +150,54 @@ class AuthTest(test.TestCase):
- body_dict = _build_user_auth(username='FOO', password='0' * 8193)
- self.assertRaises(exception.ValidationSizeError, self.api.authenticate,
- {}, body_dict)
-+
-+
-+class AuthWithToken(AuthTest):
-+ def setUp(self):
-+ super(AuthWithToken, self).setUp()
-+
-+ def test_belongs_to_no_tenant(self):
-+ r = self.api.authenticate(
-+ {},
-+ auth={
-+ 'passwordCredentials': {
-+ 'username': self.user_foo['name'],
-+ 'password': self.user_foo['password']
-+ }
-+ })
-+ unscoped_token_id = r['access']['token']['id']
-+ self.assertRaises(
-+ exception.Unauthorized,
-+ self.api.validate_token,
-+ dict(is_admin=True, query_string={'belongsTo': 'BAR'}),
-+ token_id=unscoped_token_id)
-+
-+ def test_belongs_to_wrong_tenant(self):
-+ body_dict = _build_user_auth(
-+ username='FOO',
-+ password='foo2',
-+ tenant_name="BAR")
-+
-+ scoped_token = self.api.authenticate({}, body_dict)
-+ scoped_token_id = scoped_token['access']['token']['id']
-+
-+ self.assertRaises(
-+ exception.Unauthorized,
-+ self.api.validate_token,
-+ dict(is_admin=True, query_string={'belongsTo': 'me'}),
-+ token_id=scoped_token_id)
-+
-+ def test_belongs_to(self):
-+ body_dict = _build_user_auth(
-+ username='FOO',
-+ password='foo2',
-+ tenant_name="BAR")
-+
-+ scoped_token = self.api.authenticate({}, body_dict)
-+ scoped_token_id = scoped_token['access']['token']['id']
-+
-+ self.assertRaises(
-+ exception.Unauthorized,
-+ self.api.validate_token,
-+ dict(is_admin=True, query_string={'belongsTo': 'BAR'}),
-+ token_id=scoped_token_id)
---
-1.8.1.5
-
diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2030.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2030.patch
new file mode 100644
index 000000000000..616143be18c9
--- /dev/null
+++ b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2030.patch
@@ -0,0 +1,50 @@
+From 24c25b38ed6fc95ed919ab34463cdb10bdcc57fd Mon Sep 17 00:00:00 2001
+From: Dolph Mathews <dolph.mathews@gmail.com>
+Date: Wed, 8 May 2013 10:49:20 -0500
+Subject: [PATCH] Securely create signing_dir (bug 1174608)
+
+Also verifies the security of an existing signing_dir.
+
+Change-Id: I0685b4274a94ad3974a2b2a7ab3f45830d3934bb
+(cherry picked from python-keystoneclient 1736e2ffb12f70eeebed019448bc14def48aa036)
+---
+ keystone/middleware/auth_token.py | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
+
+diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
+index ddadf9f..01e6c58 100644
+--- a/keystone/middleware/auth_token.py
++++ b/keystone/middleware/auth_token.py
+@@ -219,15 +219,20 @@ class AuthProtocol(object):
+ self.signing_dirname = '%s/keystone-signing' % os.environ['HOME']
+ LOG.info('Using %s as cache directory for signing certificate' %
+ self.signing_dirname)
+- if (os.path.exists(self.signing_dirname) and
+- not os.access(self.signing_dirname, os.W_OK)):
+- raise ConfigurationError("unable to access signing dir %s" %
+- self.signing_dirname)
+-
+- if not os.path.exists(self.signing_dirname):
+- os.makedirs(self.signing_dirname)
+- #will throw IOError if it cannot change permissions
+- os.chmod(self.signing_dirname, stat.S_IRWXU)
++ if os.path.exists(self.signing_dirname):
++ if not os.access(self.signing_dirname, os.W_OK):
++ raise ConfigurationError(
++ 'unable to access signing_dir %s' % self.signing_dirname)
++ if os.stat(self.signing_dirname).st_uid != os.getuid():
++ LOG.warning(
++ 'signing_dir is not owned by %s' % os.getlogin())
++ current_mode = stat.S_IMODE(os.stat(self.signing_dirname).st_mode)
++ if current_mode != stat.S_IRWXU:
++ LOG.warning(
++ 'signing_dir mode is %s instead of %s' %
++ (oct(current_mode), oct(stat.S_IRWXU)))
++ else:
++ os.makedirs(self.signing_dirname, stat.S_IRWXU)
+
+ val = '%s/signing_cert.pem' % self.signing_dirname
+ self.signing_cert_file_name = val
+--
+1.8.1.5
+
diff --git a/sys-auth/keystone/files/keystone-grizzly-1-CVE-2013-2006.patch b/sys-auth/keystone/files/keystone-grizzly-1-CVE-2013-2006.patch
deleted file mode 100644
index d9b0b3472ceb..000000000000
--- a/sys-auth/keystone/files/keystone-grizzly-1-CVE-2013-2006.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd Mon Sep 17 00:00:00 2001
-From: Xuhan Peng <xuhanp@cn.ibm.com>
-Date: Fri, 12 Apr 2013 16:19:37 +0800
-Subject: [PATCH] Mark LDAP password and admin_token secret
-
-Add secret=True to LDAP password and admin_token
-of keystone configuration.
-
-Fix bug #1172195
-
-Change-Id: I8ef7f705e3f6b374ff427c20eb761892d5146a75
-(cherry picked from commit d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8)
----
- keystone/common/config.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/keystone/common/config.py b/keystone/common/config.py
-index edecee0..82c31e6 100644
---- a/keystone/common/config.py
-+++ b/keystone/common/config.py
-@@ -188,7 +188,7 @@ def configure():
- register_cli_str('pydev-debug-host', default=None)
- register_cli_int('pydev-debug-port', default=None)
-
-- register_str('admin_token', default='ADMIN')
-+ register_str('admin_token', secret=True, default='ADMIN')
- register_str('bind_host', default='0.0.0.0')
- register_int('compute_port', default=8774)
- register_int('admin_port', default=35357)
-@@ -271,7 +271,7 @@ def configure():
- # ldap
- register_str('url', group='ldap', default='ldap://localhost')
- register_str('user', group='ldap', default=None)
-- register_str('password', group='ldap', default=None)
-+ register_str('password', group='ldap', secret=True, default=None)
- register_str('suffix', group='ldap', default='cn=example,cn=com')
- register_bool('use_dumb_member', group='ldap', default=False)
- register_str('dumb_member', group='ldap', default='cn=dumb,dc=nonexistent')
---
-1.8.1.5
-
diff --git a/sys-auth/keystone/keystone-2012.2.4.ebuild b/sys-auth/keystone/keystone-2012.2.4-r1.ebuild
index ccde2c02c823..b138eb805c28 100644
--- a/sys-auth/keystone/keystone-2012.2.4.ebuild
+++ b/sys-auth/keystone/keystone-2012.2.4-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2013 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2012.2.4.ebuild,v 1.1 2013/05/10 02:47:10 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2012.2.4-r1.ebuild,v 1.1 2013/05/10 04:00:42 prometheanfire Exp $
EAPI=5
#test restricted becaues of bad requirements given (old webob for instance)
@@ -70,6 +70,7 @@ RDEPEND="${DEPEND}
#}
PATCHES=(
+ "${FILESDIR}/keystone-folsom-4-CVE-2013-2030.patch"
)
python_install() {
diff --git a/sys-auth/keystone/keystone-2013.1-r1.ebuild b/sys-auth/keystone/keystone-2013.1-r1.ebuild
deleted file mode 100644
index cf05507f7dbc..000000000000
--- a/sys-auth/keystone/keystone-2013.1-r1.ebuild
+++ /dev/null
@@ -1,89 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.1-r1.ebuild,v 1.1 2013/05/06 15:57:35 prometheanfire Exp $
-
-EAPI=5
-#test restricted becaues of bad requirements given (old webob for instance)
-RESTRICT="test"
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1
-
-DESCRIPTION="Keystone is the Openstack authentication, authorization, and
-service catalog written in Python."
-HOMEPAGE="https://launchpad.net/keystone"
-SRC_URI="http://launchpad.net/${PN}/grizzly/${PV}/+download/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="folsom"
-KEYWORDS="~amd64 ~x86"
-IUSE="+sqlite mysql postgres ldap"
-#IUSE="+sqlite mysql postgres ldap test"
-REQUIRED_USE="|| ( ldap mysql postgres sqlite )"
-
-#todo, seperate out rdepend via use flags
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]"
-RDEPEND="${DEPEND}
- dev-python/eventlet[${PYTHON_USEDEP}]
- dev-python/greenlet[${PYTHON_USEDEP}]
- >=dev-python/iso8601-0.1.4[${PYTHON_USEDEP}]
- >=dev-python/python-keystoneclient-0.2.1[${PYTHON_USEDEP}]
- <=dev-python/python-keystoneclient-0.3[${PYTHON_USEDEP}]
- dev-python/lxml[${PYTHON_USEDEP}]
- >=dev-python/oslo-config-1.1.0[${PYTHON_USEDEP}]
- dev-python/passlib[${PYTHON_USEDEP}]
- dev-python/paste[${PYTHON_USEDEP}]
- dev-python/pastedeploy[${PYTHON_USEDEP}]
- dev-python/python-daemon
- >=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
- dev-python/routes[${PYTHON_USEDEP}]
- >=dev-python/sqlalchemy-migrate-0.7.2
- =dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
- virtual/python-argparse[${PYTHON_USEDEP}]
- sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite]
- <=dev-python/sqlalchemy-0.7.9[sqlite] )
- mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql]
- <=dev-python/sqlalchemy-0.7.9[mysql] )
- postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres]
- <=dev-python/sqlalchemy-0.7.9[postgres] )
- ldap? ( dev-python/python-ldap[${PYTHON_USEDEP}] )"
-# test? ( dev-python/Babel
-# dev-python/decorator
-# dev-python/eventlet
-# dev-python/greenlet
-# dev-python/httplib2
-# dev-python/iso8601
-# dev-python/lxml
-# dev-python/netifaces
-# dev-python/nose
-# dev-python/nosexcover
-# dev-python/passlib
-# dev-python/paste
-# dev-python/pastedeploy
-# dev-python/python-pam
-# dev-python/repoze-lru
-# dev-python/routes
-# dev-python/sphinx
-# >=dev-python/sqlalchemy-migrate-0.7
-# dev-python/tempita
-# >=dev-python/webob-1.0.8
-# dev-python/webtest
-# )
-PATCHES=( "${FILESDIR}"/keystone-grizzly-1-CVE-2013-2006.patch )
-#
-#python_test() {
-# "${PYTHON}" setup.py nosetests || die
-#}
-
-python_install() {
- distutils-r1_python_install
- newconfd "${FILESDIR}/keystone.confd" keystone
- newinitd "${FILESDIR}/keystone.initd" keystone
-
- diropts -m 0750
- dodir /var/run/keystone /var/log/keystone /etc/keystone
- keepdir /etc/keystone
- insinto /etc/keystone
- doins etc/keystone.conf.sample etc/logging.conf.sample
- doins etc/default_catalog.templates etc/policy.json
-}