From c9225f29e9652b9f642a7f5fe4a48b1c5a0cd2f7 Mon Sep 17 00:00:00 2001
From: Dolph Mathews <dolph.mathews@gmail.com>
Date: Fri, 17 May 2013 10:38:25 -0500
Subject: [PATCH] Default signing_dir to secure temp dir (bug 1181157)
Change-Id: I1a29f50b07a60de3d0519bf40074dbea92fa8656
---
keystoneclient/middleware/auth_token.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 985ee6f..71b4d15 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -150,6 +150,7 @@ import json
import logging
import os
import stat
+import tempfile
import time
import urllib
import webob.exc
@@ -211,8 +212,7 @@ opts = [
cfg.StrOpt('cache', default=None), # env key for the swift cache
cfg.StrOpt('certfile'),
cfg.StrOpt('keyfile'),
- cfg.StrOpt('signing_dir',
- default=os.path.expanduser('~/keystone-signing')),
+ cfg.StrOpt('signing_dir'),
cfg.ListOpt('memcache_servers'),
cfg.IntOpt('token_cache_time', default=300),
cfg.IntOpt('revocation_cache_time', default=1),
@@ -292,8 +292,10 @@ class AuthProtocol(object):
self.cert_file = self._conf_get('certfile')
self.key_file = self._conf_get('keyfile')
- #signing
+ # signing
self.signing_dirname = self._conf_get('signing_dir')
+ if self.signing_dirname is None:
+ self.signing_dirname = tempfile.mkdtemp(prefix='keystone-signing-')
self.LOG.info('Using %s as cache directory for signing certificate' %
self.signing_dirname)
if (os.path.exists(self.signing_dirname) and
distrib
>
Fedora
>
19
>
i386
>
media
>
updates-src
>
by-pkgid
>
ba59a791bd2083edb232ab94febba914
>
files
>
5
