From c3c46d6188015cd5f75e7a6f754fd032ab30ac21 Mon Sep 17 00:00:00 2001 From: Prashanth Pai Date: Thu, 2 Jan 2014 12:20:20 +0530 Subject: Fix users not able to change their own password/key Users were not able to update their own password/key with the update operation resulting in 403 (HTTPForbidden). EXAMPLES: Command to update password/key of regular user: gswauth-add-user -U account1:user1 -K old_pass account1 user1 new_pass Command to update password/key of account admin: gswauth-add-user -U account1:admin -K old_pass -a account1 admin new_pass Command to update password/key of reseller_admin: gswauth-add-user -U account1:radmin -K old_pass -r account1 radmin new_pass BUG: https://bugs.launchpad.net/gluster-swift/+bug/1262227 Change-Id: I604da5aee67099b29541eb7e51a040a041f1961b Signed-off-by: Prashanth Pai Reviewed-on: http://review.gluster.org/6650 Reviewed-by: Luis Pabon Tested-by: Luis Pabon Reviewed-on: http://review.gluster.org/6668 Reviewed-by: Chetan Risbud Tested-by: Chetan Risbud --- .../common/middleware/gswauth/bin/gswauth-add-user | 30 ++++++++++++++-------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'gluster/swift/common/middleware/gswauth/bin/gswauth-add-user') diff --git a/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user index e32ea28..78af60d 100755 --- a/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user +++ b/gluster/swift/common/middleware/gswauth/bin/gswauth-add-user @@ -60,20 +60,28 @@ if __name__ == '__main__': parsed_path = '/' elif parsed_path[-1] != '/': parsed_path += '/' - # Ensure the account exists - path = '%sv2/%s' % (parsed_path, account) - headers = {'X-Auth-Admin-User': options.admin_user, - 'X-Auth-Admin-Key': options.admin_key} - conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, - ssl=(parsed.scheme == 'https')) - resp = conn.getresponse() - if resp.status // 100 != 2: - headers['Content-Length'] = '0' - conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers, + # Check if user is changing his own password. This is carried out by + # making sure that the user changing the password and the user whose + # password is being changed are the same. + # If not, ensure that the account exists before creating new user. + if not options.admin_user == (account + ':' + user): + # GET the account + path = '%sv2/%s' % (parsed_path, account) + headers = {'X-Auth-Admin-User': options.admin_user, + 'X-Auth-Admin-Key': options.admin_key} + conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers, ssl=(parsed.scheme == 'https')) resp = conn.getresponse() if resp.status // 100 != 2: - print 'Account creation failed: %s %s' % (resp.status, resp.reason) + # If the GET operation fails, it means the account does not exist. + # Now we create the account by sending a PUT request. + headers['Content-Length'] = '0' + conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, + headers, ssl=(parsed.scheme == 'https')) + resp = conn.getresponse() + if resp.status // 100 != 2: + print 'Account creation failed: %s %s' % \ + (resp.status, resp.reason) # Add the user path = '%sv2/%s/%s' % (parsed_path, account, user) headers = {'X-Auth-Admin-User': options.admin_user, -- cgit