diff options
| author | Prashanth Pai <ppai@redhat.com> | 2014-01-02 12:20:20 +0530 |
|---|---|---|
| committer | Chetan Risbud <crisbud@redhat.com> | 2014-01-08 03:30:36 -0800 |
| commit | c3c46d6188015cd5f75e7a6f754fd032ab30ac21 (patch) | |
| tree | a40987f9ddc5b5a130eee4ac5bb29e4f1898989b /gluster/swift/common/middleware/gswauth/bin | |
| parent | f81f652899b9fd46114ce9089f6b9a97ea9584a1 (diff) | |
Fix users not able to change their own password/key
Users were not able to update their own password/key
with the update operation resulting in 403 (HTTPForbidden).
EXAMPLES:
Command to update password/key of regular user:
gswauth-add-user -U account1:user1 -K old_pass account1 user1 new_pass
Command to update password/key of account admin:
gswauth-add-user -U account1:admin -K old_pass -a account1 admin new_pass
Command to update password/key of reseller_admin:
gswauth-add-user -U account1:radmin -K old_pass -r account1 radmin new_pass
BUG: https://bugs.launchpad.net/gluster-swift/+bug/1262227
Change-Id: I604da5aee67099b29541eb7e51a040a041f1961b
Signed-off-by: Prashanth Pai <ppai@redhat.com>
Reviewed-on: http://review.gluster.org/6650
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6668
Reviewed-by: Chetan Risbud <crisbud@redhat.com>
Tested-by: Chetan Risbud <crisbud@redhat.com>
Diffstat (limited to 'gluster/swift/common/middleware/gswauth/bin')
| -rwxr-xr-x | gluster/swift/common/middleware/gswauth/bin/gswauth-add-user | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user index e32ea28..78af60d 100755 --- a/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user @@ -60,20 +60,28 @@ if __name__ == '__main__': parsed_path = '/' elif parsed_path[-1] != '/': parsed_path += '/' - # Ensure the account exists - path = '%sv2/%s' % (parsed_path, account) - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key} - conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - headers['Content-Length'] = '0' - conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + # Check if user is changing his own password. This is carried out by + # making sure that the user changing the password and the user whose + # password is being changed are the same. + # If not, ensure that the account exists before creating new user. + if not options.admin_user == (account + ':' + user): + # GET the account + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, ssl=(parsed.scheme == 'https')) resp = conn.getresponse() if resp.status // 100 != 2: - print 'Account creation failed: %s %s' % (resp.status, resp.reason) + # If the GET operation fails, it means the account does not exist. + # Now we create the account by sending a PUT request. + headers['Content-Length'] = '0' + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, + headers, ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + print 'Account creation failed: %s %s' % \ + (resp.status, resp.reason) # Add the user path = '%sv2/%s/%s' % (parsed_path, account, user) headers = {'X-Auth-Admin-User': options.admin_user, |