From 1736e2ffb12f70eeebed019448bc14def48aa036 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Wed, 8 May 2013 10:49:20 -0500 Subject: [PATCH] Securely create signing_dir (bug 1174608) Also verifies the security of an existing signing_dir. Change-Id: I0685b4274a94ad3974a2b2a7ab3f45830d3934bb --- keystoneclient/middleware/auth_token.py | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index 0d0e124..e6cf99f 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -296,15 +296,20 @@ class AuthProtocol(object): self.signing_dirname = self._conf_get('signing_dir') self.LOG.info('Using %s as cache directory for signing certificate' % self.signing_dirname) - if (os.path.exists(self.signing_dirname) and - not os.access(self.signing_dirname, os.W_OK)): - raise ConfigurationError("unable to access signing dir %s" % - self.signing_dirname) - - if not os.path.exists(self.signing_dirname): - os.makedirs(self.signing_dirname) - #will throw IOError if it cannot change permissions - os.chmod(self.signing_dirname, stat.S_IRWXU) + if os.path.exists(self.signing_dirname): + if not os.access(self.signing_dirname, os.W_OK): + raise ConfigurationError( + 'unable to access signing_dir %s' % self.signing_dirname) + if os.stat(self.signing_dirname).st_uid != os.getuid(): + self.LOG.warning( + 'signing_dir is not owned by %s' % os.getlogin()) + current_mode = stat.S_IMODE(os.stat(self.signing_dirname).st_mode) + if current_mode != stat.S_IRWXU: + self.LOG.warning( + 'signing_dir mode is %s instead of %s' % + (oct(current_mode), oct(stat.S_IRWXU))) + else: + os.makedirs(self.signing_dirname, stat.S_IRWXU) val = '%s/signing_cert.pem' % self.signing_dirname self.signing_cert_file_name = val -- 1.8.1.5