** Changed in: keystone Status: New => Triaged ** Changed in: keystone Importance: Undecided => Medium
** Changed in: keystone Assignee: (unassigned) => Morgan Fainberg (mdrnstm) ** Also affects: keystone/newton Importance: Undecided Status: New ** Also affects: keystone/mitaka Importance: Undecided Status: New ** Also affects: keystone/ocata Importance: Medium Assignee: Morgan Fainberg (mdrnstm) Status: Triaged ** Changed in: keystone/newton Status: New => Triaged ** Changed in: keystone/newton Importance: Undecided => Medium ** Changed in: keystone/mitaka Status: New => Triaged ** Changed in: keystone/mitaka Importance: Undecided => Medium ** Changed in: keystone/mitaka Assignee: (unassigned) => Morgan Fainberg (mdrnstm) ** Changed in: keystone/newton Assignee: (unassigned) => Morgan Fainberg (mdrnstm) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1656076 Title: The keystone server auth pluigin methods could mismatch user_id in auth_context Status in OpenStack Identity (keystone): Triaged Status in OpenStack Identity (keystone) mitaka series: Triaged Status in OpenStack Identity (keystone) newton series: Triaged Status in OpenStack Identity (keystone) ocata series: Triaged Bug description: The keystone server blindly overwrites the auth_context.user_id in each auth method that is run. This means that the last auth_method that is run for a given authentication request dictates the user_id. While this is not exploitable externally without misconfiguration of the external plugin methods and supporting services, this is a bad state that could relatively easily result in someone ending up authenticated with the wrong user_id. The simplest fix will be to have the for loop in the authentication controller (that iterates over the methods) to verify the user_id does not change between auth_methods executed. https://github.com/openstack/keystone/blob/f8ee249bf08cefd8468aa15c589dab48bd5c4cd8/keystone/auth/controllers.py#L550-L557 This has been marked as public security for hardening purposes, likely a "Class D" https://security.openstack.org/vmt-process.html#incident- report-taxonomy To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1656076/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp